summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorJakub Hrozek <jhrozek@redhat.com>2016-06-20 21:30:05 +0200
committerJakub Hrozek <jhrozek@redhat.com>2016-06-20 21:31:00 +0200
commitf45a20d6ba9e8d695ec3ab707f0cc082999aa4a3 (patch)
tree7dcf1cb35736e6b06bc7a9b82225077da74ba262 /src
parenta9aa70887985d37985093f1299fc15b2e060b2a0 (diff)
downloadsssd-f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3.tar.gz
sssd-f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3.tar.xz
sssd-f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3.zip
Updating the translations for the 1.14 alpha releasesssd-1_14_0_alpha1sssd-1_13_90
Diffstat (limited to 'src')
-rw-r--r--src/man/po/br.po2633
-rw-r--r--src/man/po/ca.po4667
-rw-r--r--src/man/po/cs.po2621
-rw-r--r--src/man/po/de.po2821
-rw-r--r--src/man/po/es.po2795
-rw-r--r--src/man/po/eu.po2615
-rw-r--r--src/man/po/fr.po3012
-rw-r--r--src/man/po/ja.po2765
-rw-r--r--src/man/po/lv.po2627
-rw-r--r--src/man/po/nl.po2639
-rw-r--r--src/man/po/po4a.cfg2
-rw-r--r--src/man/po/pt.po2656
-rw-r--r--src/man/po/pt_BR.po11506
-rw-r--r--src/man/po/ru.po2621
-rw-r--r--src/man/po/sssd-docs.pot2560
-rw-r--r--src/man/po/tg.po2617
-rw-r--r--src/man/po/uk.po2895
-rw-r--r--src/man/po/zh_CN.po2629
18 files changed, 38704 insertions, 17977 deletions
diff --git a/src/man/po/br.po b/src/man/po/br.po
index 471f30e51..677a7f1b6 100644
--- a/src/man/po/br.po
+++ b/src/man/po/br.po
@@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: sssd-docs 1.12.90\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2015-09-30 11:58+0200\n"
+"POT-Creation-Date: 2016-06-20 21:22+0200\n"
"PO-Revision-Date: 2014-06-04 02:04-0400\n"
"Last-Translator: jhrozek <jhrozek@redhat.com>\n"
"Language-Team: Breton (http://www.transifex.com/projects/p/sssd/language/"
@@ -18,7 +18,7 @@ msgstr ""
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=2; plural=(n > 1);\n"
-"X-Generator: Zanata 3.7.2\n"
+"X-Generator: Zanata 3.8.4\n"
#. type: Content of: <reference><title>
#: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5
@@ -64,7 +64,7 @@ msgstr ""
"arg>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:53
+#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:56
#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21
#: sssd-ad.5.xml:21 sssd-sudo.5.xml:21 sssd.8.xml:29 sss_obfuscate.8.xml:30
#: sss_override.8.xml:30 sss_useradd.8.xml:30 sssd-krb5.5.xml:21
@@ -83,11 +83,11 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:39 pam_sss.8.xml:60 sssd.8.xml:42 sss_obfuscate.8.xml:58
+#: sss_groupmod.8.xml:39 pam_sss.8.xml:63 sssd.8.xml:42 sss_obfuscate.8.xml:58
#: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
#: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
#: sss_cache.8.xml:38 sss_debuglevel.8.xml:38 sss_seed.8.xml:42
-#: sss_ssh_authorizedkeys.1.xml:76 sss_ssh_knownhostsproxy.1.xml:62
+#: sss_ssh_authorizedkeys.1.xml:66 sss_ssh_knownhostsproxy.1.xml:62
msgid "OPTIONS"
msgstr "DIBARZHIOÙ"
@@ -220,113 +220,128 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:73
-msgid "debug_timestamps (bool)"
+msgid "debug (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:76
msgid ""
+"SSSD 1.14 and later also includes the <replaceable>debug</replaceable> alias "
+"for <replaceable>debug_level</replaceable> as a convenience feature. If both "
+"are specified, the value of <replaceable>debug_level</replaceable> will be "
+"used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:86
+msgid "debug_timestamps (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:89
+msgid ""
"Add a timestamp to the debug messages. If journald is enabled for SSSD "
"debug logging this option is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:81 sssd.conf.5.xml:605 sssd.conf.5.xml:1081
-#: sssd-ldap.5.xml:1647 sssd-ldap.5.xml:1744 sssd-ldap.5.xml:1806
-#: sssd-ldap.5.xml:2363 sssd-ldap.5.xml:2428 sssd-ldap.5.xml:2446
-#: sssd-ipa.5.xml:405 sssd-ipa.5.xml:440 sssd-ad.5.xml:166 sssd-ad.5.xml:264
-#: sssd-ad.5.xml:733 sssd-ad.5.xml:852 sssd-krb5.5.xml:499
+#: sssd.conf.5.xml:94 sssd.conf.5.xml:672 sssd.conf.5.xml:1207
+#: sssd-ldap.5.xml:1665 sssd-ldap.5.xml:1762 sssd-ldap.5.xml:1824
+#: sssd-ldap.5.xml:2381 sssd-ldap.5.xml:2446 sssd-ldap.5.xml:2464
+#: sssd-ipa.5.xml:405 sssd-ipa.5.xml:440 sssd-ad.5.xml:174 sssd-ad.5.xml:272
+#: sssd-ad.5.xml:809 sssd-ad.5.xml:928 sssd-krb5.5.xml:499
msgid "Default: true"
msgstr "Dre ziouer : true"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:86
+#: sssd.conf.5.xml:99
msgid "debug_microseconds (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:89
+#: sssd.conf.5.xml:102
msgid ""
"Add microseconds to the timestamp in debug messages. If journald is enabled "
"for SSSD debug logging this option is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:94 sssd.conf.5.xml:1035 sssd.conf.5.xml:2164
-#: sssd-ldap.5.xml:692 sssd-ldap.5.xml:1521 sssd-ldap.5.xml:1540
-#: sssd-ldap.5.xml:1716 sssd-ldap.5.xml:2133 sssd-ipa.5.xml:139
+#: sssd.conf.5.xml:107 sssd.conf.5.xml:1161 sssd.conf.5.xml:2456
+#: sssd-ldap.5.xml:692 sssd-ldap.5.xml:1539 sssd-ldap.5.xml:1558
+#: sssd-ldap.5.xml:1734 sssd-ldap.5.xml:2151 sssd-ipa.5.xml:139
#: sssd-ipa.5.xml:211 sssd-ipa.5.xml:542 sssd-krb5.5.xml:266
#: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471
msgid "Default: false"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:67 sssd.conf.5.xml:105 sssd-ldap.5.xml:2171
+#: sssd.conf.5.xml:67 sssd.conf.5.xml:118 sssd-ldap.5.xml:2189
msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:103
+#: sssd.conf.5.xml:116
msgid "Options usable in SERVICE and DOMAIN sections"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:107
+#: sssd.conf.5.xml:120
msgid "timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:110
+#: sssd.conf.5.xml:123
msgid ""
"Timeout in seconds between heartbeats for this service. This is used to "
"ensure that the process is alive and capable of answering requests."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:115 sssd.conf.5.xml:999 sssd-ldap.5.xml:1392
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:128 sssd.conf.5.xml:1125 sssd-ldap.5.xml:1410
+#: include/ldap_id_mapping.xml:264
msgid "Default: 10"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:125
+#: sssd.conf.5.xml:138
msgid "SPECIAL SECTIONS"
msgstr "RANNOÙ DIBAR"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:128
+#: sssd.conf.5.xml:141
msgid "The [sssd] section"
msgstr "Ar rann [sssd]"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:137 sssd.conf.5.xml:2272
+#: sssd.conf.5.xml:150 sssd.conf.5.xml:2472
msgid "Section parameters"
msgstr "Arventennoù ar rann"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:139
+#: sssd.conf.5.xml:152
msgid "config_file_version (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:142
+#: sssd.conf.5.xml:155
msgid ""
"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use "
"version 2."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:148
+#: sssd.conf.5.xml:161
msgid "services"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:151
+#: sssd.conf.5.xml:164
msgid ""
"Comma separated list of services that are started when sssd itself starts."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:155
+#: sssd.conf.5.xml:168
msgid ""
"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> "
"<phrase condition=\"with_autofs\">, autofs</phrase> <phrase condition="
@@ -335,29 +350,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:165 sssd.conf.5.xml:390
+#: sssd.conf.5.xml:178 sssd.conf.5.xml:468
msgid "reconnection_retries (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:168 sssd.conf.5.xml:393
+#: sssd.conf.5.xml:181 sssd.conf.5.xml:471
msgid ""
"Number of times services should attempt to reconnect in the event of a Data "
"Provider crash or restart before they give up"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:173 sssd.conf.5.xml:398
+#: sssd.conf.5.xml:186 sssd.conf.5.xml:476
msgid "Default: 3"
msgstr "Dre ziouer : 3"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:178
+#: sssd.conf.5.xml:191
msgid "domains"
msgstr "domanioù"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:181
+#: sssd.conf.5.xml:194
msgid ""
"A domain is a database containing user information. SSSD can use more "
"domains at the same time, but at least one must be configured or SSSD won't "
@@ -367,19 +382,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:193 sssd.conf.5.xml:1947
+#: sssd.conf.5.xml:206 sssd.conf.5.xml:2105
msgid "re_expression (string)"
msgstr "re_expression (neudennad)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:196
+#: sssd.conf.5.xml:209
msgid ""
"Default regular expression that describes how to parse the string containing "
"user name and domain into these components."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:201
+#: sssd.conf.5.xml:214
msgid ""
"Each domain can have an individual regular expression configured. For some "
"ID providers there are also default regular expressions. See DOMAIN "
@@ -387,12 +402,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:210 sssd.conf.5.xml:1998
+#: sssd.conf.5.xml:223 sssd.conf.5.xml:2156
msgid "full_name_format (string)"
msgstr "full_name_format (neudennad)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:213 sssd.conf.5.xml:2001
+#: sssd.conf.5.xml:226 sssd.conf.5.xml:2159
msgid ""
"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
"manvolnum> </citerefentry>-compatible format that describes how to compose a "
@@ -400,58 +415,58 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:224 sssd.conf.5.xml:2012
+#: sssd.conf.5.xml:237 sssd.conf.5.xml:2170
msgid "%1$s"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:225 sssd.conf.5.xml:2013
+#: sssd.conf.5.xml:238 sssd.conf.5.xml:2171
msgid "user name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:228 sssd.conf.5.xml:2016
+#: sssd.conf.5.xml:241 sssd.conf.5.xml:2174
msgid "%2$s"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:231 sssd.conf.5.xml:2019
+#: sssd.conf.5.xml:244 sssd.conf.5.xml:2177
msgid "domain name as specified in the SSSD config file."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:237 sssd.conf.5.xml:2025
+#: sssd.conf.5.xml:250 sssd.conf.5.xml:2183
msgid "%3$s"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:240 sssd.conf.5.xml:2028
+#: sssd.conf.5.xml:253 sssd.conf.5.xml:2186
msgid ""
"domain flat name. Mostly usable for Active Directory domains, both directly "
"configured or discovered via IPA trusts."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:221 sssd.conf.5.xml:2009
+#: sssd.conf.5.xml:234 sssd.conf.5.xml:2167
msgid ""
"The following expansions are supported: <placeholder type=\"variablelist\" "
"id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:250
+#: sssd.conf.5.xml:263
msgid ""
"Each domain can have an individual format string configured. see DOMAIN "
"SECTIONS for more info on this option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:256
+#: sssd.conf.5.xml:269
msgid "try_inotify (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:259
+#: sssd.conf.5.xml:272
msgid ""
"SSSD monitors the state of resolv.conf to identify when it needs to update "
"its internal DNS resolver. By default, we will attempt to use inotify for "
@@ -460,7 +475,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:267
+#: sssd.conf.5.xml:280
msgid ""
"There are some limited situations where it is preferred that we should skip "
"even trying to use inotify. In these rare cases, this option should be set "
@@ -468,69 +483,69 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:273
+#: sssd.conf.5.xml:286
msgid ""
"Default: true on platforms where inotify is supported. False on other "
"platforms."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:277
+#: sssd.conf.5.xml:290
msgid ""
"Note: this option will have no effect on platforms where inotify is "
"unavailable. On these platforms, polling will always be used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:284
+#: sssd.conf.5.xml:297
msgid "krb5_rcache_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:287
+#: sssd.conf.5.xml:300
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:291
+#: sssd.conf.5.xml:304
msgid ""
"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct "
"SSSD to let libkrb5 decide the appropriate location for the replay cache."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:297
+#: sssd.conf.5.xml:310
msgid ""
"Default: Distribution-specific and specified at build-time. "
"(__LIBKRB5_DEFAULTS__ if not configured)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:304
+#: sssd.conf.5.xml:317
msgid "user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:307
+#: sssd.conf.5.xml:320
msgid ""
"The user to drop the privileges to where appropriate to avoid running as the "
"root user."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:312
+#: sssd.conf.5.xml:325
msgid "Default: not set, process will run as root"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:317
+#: sssd.conf.5.xml:330
msgid "default_domain_suffix (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:320
+#: sssd.conf.5.xml:333
msgid ""
"This string will be used as a default domain name for all names without a "
"domain name component. The main use case is environments where the primary "
@@ -540,7 +555,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:330
+#: sssd.conf.5.xml:343
msgid ""
"Please note that if this option is set all users from the primary domain "
"have to use their fully qualified name, e.g. user@domain.name, to log in. "
@@ -550,20 +565,20 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:339 sssd-ldap.5.xml:663 sssd-ldap.5.xml:1480
-#: sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1574 sssd-ad.5.xml:576
-#: sssd-ad.5.xml:646 sssd-krb5.5.xml:410 sssd-krb5.5.xml:550
-#: include/ldap_id_mapping.xml:203 include/ldap_id_mapping.xml:214
+#: sssd.conf.5.xml:352 sssd-ldap.5.xml:663 sssd-ldap.5.xml:1498
+#: sssd-ldap.5.xml:1510 sssd-ldap.5.xml:1592 sssd-ad.5.xml:614
+#: sssd-ad.5.xml:689 sssd-krb5.5.xml:410 sssd-krb5.5.xml:550
+#: include/ldap_id_mapping.xml:205 include/ldap_id_mapping.xml:216
msgid "Default: not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:344
+#: sssd.conf.5.xml:357
msgid "override_space (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:347
+#: sssd.conf.5.xml:360
msgid ""
"This parameter will replace spaces (space bar) with the given character for "
"user and group names. e.g. (_). User name &quot;john doe&quot; will be "
@@ -573,7 +588,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:356
+#: sssd.conf.5.xml:369
msgid ""
"Please note it is a configuration error to use a replacement character that "
"might be used in user or group names. If a name contains the replacement "
@@ -582,12 +597,99 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:364
+#: sssd.conf.5.xml:377
msgid "Default: not set (spaces will not be replaced)"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:382
+#, fuzzy
+#| msgid "re_expression (string)"
+msgid "certificate_verification (string)"
+msgstr "re_expression (neudennad)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:390
+msgid "no_ocsp"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:392
+msgid ""
+"Disables Online Certificate Status Protocol (OCSP) checks. This might be "
+"needed if the OCSP servers defined in the certificate are not reachable from "
+"the client."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:400
+msgid "no_verification"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:402
+msgid ""
+"Disables verification completely. This option should only be used for "
+"testing."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:408
+msgid "ocsp_default_responder=URL"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:410
+msgid ""
+"Sets the OCSP default responder which should be used instead of the one "
+"mentioned in the certificate. URL must be replaced with the URL of the OCSP "
+"default responder e.g. http://example.com:80/ocsp."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:416
+msgid ""
+"This option must be used together with ocsp_default_responder_signing_cert."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:424
+msgid "ocsp_default_responder_signing_cert=NAME"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:426
+msgid ""
+"The nickname of the cert to trust (expected) to sign the OCSP responses. "
+"The certificate with the given nickname must be availble in the systems NSS "
+"database."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:431
+msgid "This option must be used together with ocsp_default_responder."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:385
+msgid ""
+"With this parameter the certificate verification can be tuned with a comma "
+"separated list of options. Supported options are: <placeholder type="
+"\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:438
+msgid "Unknown options are reported but ignored."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:441
+msgid "Default: not set, i.e. do not restrict certificate vertification"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:130
+#: sssd.conf.5.xml:143
msgid ""
"Individual pieces of SSSD functionality are provided by special SSSD "
"services that are started and stopped together with SSSD. The services are "
@@ -598,12 +700,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:375
+#: sssd.conf.5.xml:453
msgid "SERVICES SECTIONS"
msgstr "RANNOÙ SERVIJOÙ"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:377
+#: sssd.conf.5.xml:455
msgid ""
"Settings that can be used to configure different services are described in "
"this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -612,22 +714,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:384
+#: sssd.conf.5.xml:462
msgid "General service configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:386
+#: sssd.conf.5.xml:464
msgid "These options can be used to configure any service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:403
+#: sssd.conf.5.xml:481
msgid "fd_limit"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:406
+#: sssd.conf.5.xml:484
msgid ""
"This option specifies the maximum number of file descriptors that may be "
"opened at one time by this SSSD process. On systems where SSSD is granted "
@@ -637,17 +739,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:415
+#: sssd.conf.5.xml:493
msgid "Default: 8192 (or limits.conf \"hard\" limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:420
+#: sssd.conf.5.xml:498
msgid "client_idle_timeout"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:423
+#: sssd.conf.5.xml:501
msgid ""
"This option specifies the number of seconds that a client of an SSSD process "
"can hold onto a file descriptor without communicating on it. This value is "
@@ -655,19 +757,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:430 sssd.conf.5.xml:446 sssd.conf.5.xml:478
-#: sssd.conf.5.xml:736 sssd.conf.5.xml:922 sssd.conf.5.xml:1289
-#: sssd-ldap.5.xml:1219
+#: sssd.conf.5.xml:508 sssd.conf.5.xml:524 sssd.conf.5.xml:556
+#: sssd.conf.5.xml:803 sssd.conf.5.xml:995 sssd.conf.5.xml:1428
+#: sssd-ldap.5.xml:1237
msgid "Default: 60"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:435 sssd.conf.5.xml:1278
+#: sssd.conf.5.xml:513 sssd.conf.5.xml:1417
msgid "force_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:438 sssd.conf.5.xml:1281
+#: sssd.conf.5.xml:516 sssd.conf.5.xml:1420
msgid ""
"If a service is not responding to ping checks (see the <quote>timeout</"
"quote> option), it is first sent the SIGTERM signal that instructs it to "
@@ -677,12 +779,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:451
+#: sssd.conf.5.xml:529
msgid "offline_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:454
+#: sssd.conf.5.xml:532
msgid ""
"When SSSD switches to offline mode the amount of time before it tries to go "
"back online will increase based upon the time spent disconnected. This "
@@ -690,117 +792,65 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:461
+#: sssd.conf.5.xml:539
msgid "offline_timeout + random_offset"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:464
+#: sssd.conf.5.xml:542
msgid ""
"The random offset can increment up to 30 seconds. After each unsuccessful "
"attempt to go online, the new interval is recalculated by the following:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:469
+#: sssd.conf.5.xml:547
msgid "new_interval = old_interval*2 + random_offset"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:472
+#: sssd.conf.5.xml:550
msgid ""
"Note that the maximum length of each interval is currently limited to one "
"hour. If the calculated length of new_interval is greater than an hour, it "
"will be forced to one hour."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:483
-msgid "subdomain_inherit (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:486
-msgid ""
-"Specifies a list of configuration parameters that should be inherited by a "
-"subdomain. Please note that only selected parameters can be inherited. "
-"Currently the following options can be inherited:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:492
-msgid "ignore_group_members"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:495
-msgid "ldap_purge_cache_timeout"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:498 sssd-ldap.5.xml:1036
-msgid "ldap_use_tokengroups"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:501
-msgid "ldap_user_principal"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:506
-#, no-wrap
-msgid ""
-"subdomain_inherit = ldap_purge_cache_timeout\n"
-" "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:504
-msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:510 sssd.conf.5.xml:966 sssd.conf.5.xml:987
-#: sssd.conf.5.xml:1272 sssd-ldap.5.xml:1775
-msgid "Default: none"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:518
+#: sssd.conf.5.xml:564
msgid "NSS configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:520
+#: sssd.conf.5.xml:566
msgid ""
"These options can be used to configure the Name Service Switch (NSS) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:525
+#: sssd.conf.5.xml:571
msgid "enum_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:528
+#: sssd.conf.5.xml:574
msgid ""
"How many seconds should nss_sss cache enumerations (requests for info about "
"all users)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:532
+#: sssd.conf.5.xml:578
msgid "Default: 120"
msgstr "Dre ziouer : 120"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:537
+#: sssd.conf.5.xml:583
msgid "entry_cache_nowait_percentage (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
+#: sssd.conf.5.xml:586
msgid ""
"The entry cache can be set to automatically update entries in the background "
"if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -808,7 +858,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:546
+#: sssd.conf.5.xml:592
msgid ""
"For example, if the domain's entry_cache_timeout is set to 30s and "
"entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -818,7 +868,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:556
+#: sssd.conf.5.xml:602
msgid ""
"Valid values for this option are 0-99 and represent a percentage of the "
"entry_cache_timeout for each domain. For performance reasons, this "
@@ -827,17 +877,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:564
+#: sssd.conf.5.xml:610
msgid "Default: 50"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:569
+#: sssd.conf.5.xml:615
msgid "entry_negative_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:572
+#: sssd.conf.5.xml:618
msgid ""
"Specifies for how many seconds nss_sss should cache negative cache hits "
"(that is, queries for invalid database entries, like nonexistent ones) "
@@ -845,60 +895,86 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:578 sssd.conf.5.xml:1059
+#: sssd.conf.5.xml:624 sssd.conf.5.xml:1185
msgid "Default: 15"
msgstr "Dre ziouer : 15"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:583
+#: sssd.conf.5.xml:629
+msgid "local_negative_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:632
+msgid ""
+"Specifies for how many seconds nss_sss should keep local users and groups in "
+"negative cache before trying to look it up in the back end again."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:637 sssd.conf.5.xml:983 sssd.conf.5.xml:2406 sssd.8.xml:79
+msgid "Default: 0"
+msgstr "Dre ziouer : 0"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:642
msgid "filter_users, filter_groups (string)"
msgstr "filter_users, filter_groups (neudennad)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:586
+#: sssd.conf.5.xml:645
msgid ""
-"Exclude certain users from being fetched from the sss NSS database. This is "
-"particularly useful for system accounts. This option can also be set per-"
-"domain or include fully-qualified names to filter only users from the "
-"particular domain."
+"Exclude certain users or groups from being fetched from the sss NSS "
+"database. This is particularly useful for system accounts. This option can "
+"also be set per-domain or include fully-qualified names to filter only users "
+"from the particular domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:593
+#: sssd.conf.5.xml:652
+msgid ""
+"NOTE: The filter_groups option doesn't affect inheritance of nested group "
+"members, since filtering happens after they are propagated for returning via "
+"NSS. E.g. a group having a member group filtered out will still have the "
+"member users of the latter listed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:660
msgid "Default: root"
msgstr "Dre zoiuer : root"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:598
+#: sssd.conf.5.xml:665
msgid "filter_users_in_groups (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:601
+#: sssd.conf.5.xml:668
msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:612
+#: sssd.conf.5.xml:679
msgid "fallback_homedir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:615
+#: sssd.conf.5.xml:682
msgid ""
"Set a default template for a user's home directory if one is not specified "
"explicitly by the domain's data provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:620
+#: sssd.conf.5.xml:687
msgid ""
"The available values for this option are the same as for override_homedir."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:626
+#: sssd.conf.5.xml:693
#, no-wrap
msgid ""
"fallback_homedir = /home/%u\n"
@@ -906,23 +982,23 @@ msgid ""
msgstr ""
#. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:624 sssd.conf.5.xml:981 sssd-krb5.5.xml:533
-#: include/override_homedir.xml:55
+#: sssd.conf.5.xml:691 sssd.conf.5.xml:1062 sssd.conf.5.xml:1081
+#: sssd-krb5.5.xml:533 include/override_homedir.xml:55
msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:630
+#: sssd.conf.5.xml:697
msgid "Default: not set (no substitution for unset home directories)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:636
+#: sssd.conf.5.xml:703
msgid "override_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:639
+#: sssd.conf.5.xml:706
msgid ""
"Override the login shell for all users. This option supersedes any other "
"shell options if it takes effect and can be set either in the [nss] section "
@@ -930,47 +1006,47 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:645
+#: sssd.conf.5.xml:712
msgid "Default: not set (SSSD will use the value retrieved from LDAP)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:651
+#: sssd.conf.5.xml:718
msgid "allowed_shells (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:654
+#: sssd.conf.5.xml:721
msgid ""
"Restrict user shell to one of the listed values. The order of evaluation is:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:657
+#: sssd.conf.5.xml:724
msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:661
+#: sssd.conf.5.xml:728
msgid ""
"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
"quote>, use the value of the shell_fallback parameter."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:666
+#: sssd.conf.5.xml:733
msgid ""
"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
"shells</quote>, a nologin shell is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:671
+#: sssd.conf.5.xml:738
msgid "The wildcard (*) can be used to allow any shell."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:674
+#: sssd.conf.5.xml:741
msgid ""
"The (*) is useful if you want to use shell_fallback in case that user's "
"shell is not in <quote>/etc/shells</quote> and maintaining list of all "
@@ -978,103 +1054,110 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:681
+#: sssd.conf.5.xml:748
msgid "An empty string for shell is passed as-is to libc."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:684
+#: sssd.conf.5.xml:751
msgid ""
"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
"that a restart of the SSSD is required in case a new shell is installed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:688
+#: sssd.conf.5.xml:755
msgid "Default: Not set. The user shell is automatically used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:693
+#: sssd.conf.5.xml:760
msgid "vetoed_shells (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:696
+#: sssd.conf.5.xml:763
msgid "Replace any instance of these shells with the shell_fallback"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:701
+#: sssd.conf.5.xml:768
msgid "shell_fallback (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:704
+#: sssd.conf.5.xml:771
msgid ""
"The default shell to use if an allowed shell is not installed on the machine."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:708
+#: sssd.conf.5.xml:775
msgid "Default: /bin/sh"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:713
+#: sssd.conf.5.xml:780
msgid "default_shell"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:716
+#: sssd.conf.5.xml:783
msgid ""
"The default shell to use if the provider does not return one during lookup. "
"This option can be specified globally in the [nss] section or per-domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:722
+#: sssd.conf.5.xml:789
msgid ""
"Default: not set (Return NULL if no shell is specified and rely on libc to "
"substitute something sensible when necessary, usually /bin/sh)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:729 sssd.conf.5.xml:915
+#: sssd.conf.5.xml:796 sssd.conf.5.xml:988
msgid "get_domains_timeout (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:732 sssd.conf.5.xml:918
+#: sssd.conf.5.xml:799 sssd.conf.5.xml:991
msgid ""
"Specifies time in seconds for which the list of subdomains will be "
"considered valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:741
+#: sssd.conf.5.xml:808
msgid "memcache_timeout (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:744
+#: sssd.conf.5.xml:811
msgid ""
"Specifies time in seconds for which records in the in-memory cache will be "
-"valid"
+"valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:748 sssd-ldap.5.xml:706
+#: sssd.conf.5.xml:815 sssd.conf.5.xml:1299 sssd-ldap.5.xml:706
msgid "Default: 300"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:818
+msgid ""
+"NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", "
+"client applications will not use the fast in-memory cache."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:753 sssd-ifp.5.xml:74
+#: sssd.conf.5.xml:826 sssd-ifp.5.xml:74
msgid "user_attributes (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:829
msgid ""
"Some of the additional NSS responder requests can return more attributes "
"than just the POSIX ones defined by the NSS interface. The list of "
@@ -1085,72 +1168,72 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:769
+#: sssd.conf.5.xml:842
msgid ""
"To make configuration more easy the NSS responder will check the InfoPipe "
"option if it is not set for the NSS responder."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:774
+#: sssd.conf.5.xml:847
msgid "Default: not set, fallback to InfoPipe option"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:781
+#: sssd.conf.5.xml:854
msgid "PAM configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:856
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:788
+#: sssd.conf.5.xml:861
msgid "offline_credentials_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:791
+#: sssd.conf.5.xml:864
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:796 sssd.conf.5.xml:809
+#: sssd.conf.5.xml:869 sssd.conf.5.xml:882
msgid "Default: 0 (No limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:802
+#: sssd.conf.5.xml:875
msgid "offline_failed_login_attempts (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:805
+#: sssd.conf.5.xml:878
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:815
+#: sssd.conf.5.xml:888
msgid "offline_failed_login_delay (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:818
+#: sssd.conf.5.xml:891
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:823
+#: sssd.conf.5.xml:896
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -1158,59 +1241,59 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:829 sssd.conf.5.xml:882
+#: sssd.conf.5.xml:902 sssd.conf.5.xml:955
msgid "Default: 5"
msgstr "Dre zoiuer : 5"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:835
+#: sssd.conf.5.xml:908
msgid "pam_verbosity (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:838
+#: sssd.conf.5.xml:911
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:843
+#: sssd.conf.5.xml:916
msgid "Currently sssd supports the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:846
+#: sssd.conf.5.xml:919
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:849
+#: sssd.conf.5.xml:922
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:853
+#: sssd.conf.5.xml:926
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:856
+#: sssd.conf.5.xml:929
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:860 sssd.8.xml:63
+#: sssd.conf.5.xml:933 sssd.8.xml:63
msgid "Default: 1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:865
+#: sssd.conf.5.xml:938
msgid "pam_id_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:941
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -1218,7 +1301,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:874
+#: sssd.conf.5.xml:947
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
@@ -1227,17 +1310,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:888
+#: sssd.conf.5.xml:961
msgid "pam_pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:891 sssd.conf.5.xml:1492
+#: sssd.conf.5.xml:964 sssd.conf.5.xml:1631
msgid "Display a warning N days before the password expires."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:894
+#: sssd.conf.5.xml:967
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -1245,117 +1328,185 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:900 sssd.conf.5.xml:1495
+#: sssd.conf.5.xml:973 sssd.conf.5.xml:1634
msgid ""
"If zero is set, then this filter is not applied, i.e. if the expiration "
"warning was received from backend server, it will automatically be displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:905
+#: sssd.conf.5.xml:978
msgid ""
"This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
"emphasis> for a particular domain."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:910 sssd.conf.5.xml:2224 sssd.8.xml:79
-msgid "Default: 0"
-msgstr "Dre ziouer : 0"
-
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:927
+#: sssd.conf.5.xml:1000
msgid "pam_trusted_users (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:930
+#: sssd.conf.5.xml:1003
msgid ""
"Specifies the comma-separated list of UID values or user names that are "
-"allowed to access the PAM responder. User names are resolved to UIDs at "
+"allowed to run PAM conversations against trusted domains. Users not "
+"included in this list can only access domains marked as public with "
+"<quote>pam_public_domains</quote>. User names are resolved to UIDs at "
"startup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:936
-msgid "Default: all (All users are allowed to access the PAM responder)"
+#: sssd.conf.5.xml:1013
+msgid "Default: All users are considered trusted by default"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940
+#: sssd.conf.5.xml:1017
msgid ""
"Please note that UID 0 is always allowed to access the PAM responder even in "
"case it is not in the pam_trusted_users list."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:947
+#: sssd.conf.5.xml:1024
msgid "pam_public_domains (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:950
+#: sssd.conf.5.xml:1027
msgid ""
"Specifies the comma-separated list of domain names that are accessible even "
"to untrusted users."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:954
+#: sssd.conf.5.xml:1031
msgid "Two special values for pam_public_domains option are defined:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:958
+#: sssd.conf.5.xml:1035
msgid ""
"all (Untrusted users are allowed to access all domains in PAM responder.)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:962
+#: sssd.conf.5.xml:1039
msgid ""
"none (Untrusted users are not allowed to access any domains PAM in "
"responder.)"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1043 sssd.conf.5.xml:1068 sssd.conf.5.xml:1087
+#: sssd.conf.5.xml:1411 sssd.conf.5.xml:2342 sssd-ldap.5.xml:1793
+msgid "Default: none"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:971
+#: sssd.conf.5.xml:1048
msgid "pam_account_expired_message (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:974
+#: sssd.conf.5.xml:1051
msgid ""
-"If user is authenticating using SSH keys and account is expired then by "
-"default 'Permission denied' is output. This output will be changed to "
-"content of this variable if it is set."
+"Allows a custom expiration message to be set, replacing the default "
+"'Permission denied' message."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1056
+msgid ""
+"Note: Please be aware that message is only printed for the SSH service "
+"unless pam_verbostiy is set to 3 (show all messages and debug information)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:983
+#: sssd.conf.5.xml:1064
#, no-wrap
msgid ""
-"pam_account_expired_message = Account expired, please call help desk.\n"
+"pam_account_expired_message = Account expired, please contact help desk.\n"
" "
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:992
+#: sssd.conf.5.xml:1073
+msgid "pam_account_locked_message (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1076
+msgid ""
+"Allows a custom lockout message to be set, replacing the default 'Permission "
+"denied' message."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd.conf.5.xml:1083
+#, no-wrap
+msgid ""
+"pam_account_locked_message = Account locked, please contact help desk.\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1092
+msgid "pam_cert_auth (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1095
+msgid ""
+"Enable certificate based Smartcard authentication. Since this requires "
+"additional communication with the Smartcard which will delay the "
+"authentication process this option is disabled by default."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1101 sssd-ldap.5.xml:1021 sssd-ldap.5.xml:1048
+#: sssd-ldap.5.xml:1339 sssd-ldap.5.xml:1360 sssd-ldap.5.xml:1866
+#: include/ldap_id_mapping.xml:244
+msgid "Default: False"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1106
+#, fuzzy
+#| msgid "full_name_format (string)"
+msgid "pam_cert_db_path (string)"
+msgstr "full_name_format (neudennad)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1109
+msgid ""
+"The path to the certificate database which contain the PKCS#11 modules to "
+"access the Smartcard."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1113
+msgid "Default: /etc/pki/nssdb (NSS version)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1118
msgid "p11_child_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:995
+#: sssd.conf.5.xml:1121
msgid "How many seconds will pam_sss wait for p11_child to finish."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1008
+#: sssd.conf.5.xml:1134
msgid "SUDO configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1010
+#: sssd.conf.5.xml:1136
msgid ""
"These options can be used to configure the sudo service. The detailed "
"instructions for configuration of <citerefentry> <refentrytitle>sudo</"
@@ -1366,34 +1517,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1027
+#: sssd.conf.5.xml:1153
msgid "sudo_timed (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1030
+#: sssd.conf.5.xml:1156
msgid ""
"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
"that implement time-dependent sudoers entries."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1043
+#: sssd.conf.5.xml:1169
msgid "AUTOFS configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1045
+#: sssd.conf.5.xml:1171
msgid "These options can be used to configure the autofs service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1049
+#: sssd.conf.5.xml:1175
msgid "autofs_negative_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1052
+#: sssd.conf.5.xml:1178
msgid ""
"Specifies for how many seconds should the autofs responder negative cache "
"hits (that is, queries for invalid map entries, like nonexistent ones) "
@@ -1401,68 +1552,68 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1068
+#: sssd.conf.5.xml:1194
msgid "SSH configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1070
+#: sssd.conf.5.xml:1196
msgid "These options can be used to configure the SSH service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1074
+#: sssd.conf.5.xml:1200
msgid "ssh_hash_known_hosts (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1077
+#: sssd.conf.5.xml:1203
msgid ""
"Whether or not to hash host names and addresses in the managed known_hosts "
"file."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1086
+#: sssd.conf.5.xml:1212
msgid "ssh_known_hosts_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1089
+#: sssd.conf.5.xml:1215
msgid ""
"How many seconds to keep a host in the managed known_hosts file after its "
"host keys were requested."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1093
+#: sssd.conf.5.xml:1219
msgid "Default: 180"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1098
+#: sssd.conf.5.xml:1224
msgid "ca_db (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1101
+#: sssd.conf.5.xml:1227
msgid ""
"Path to a storage of trusted CA certificates. The option is used to validate "
"user certificates before deriving public ssh keys from them."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1106
+#: sssd.conf.5.xml:1232
msgid "Default: /etc/pki/nssdb"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1114
+#: sssd.conf.5.xml:1240
msgid "PAC responder configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1116
+#: sssd.conf.5.xml:1242
msgid ""
"The PAC responder works together with the authorization data plugin for MIT "
"Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the "
@@ -1474,7 +1625,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1125
+#: sssd.conf.5.xml:1251
msgid ""
"If the remote user does not exist in the cache, it is created. The uid is "
"determined with the help of the SID, trusted domains will have UPGs and the "
@@ -1485,24 +1636,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1133
+#: sssd.conf.5.xml:1259
msgid ""
"If there are SIDs of groups from domains sssd knows about, the user will be "
"added to those groups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1139
+#: sssd.conf.5.xml:1265
msgid "These options can be used to configure the PAC responder."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1143 sssd-ifp.5.xml:50
+#: sssd.conf.5.xml:1269 sssd-ifp.5.xml:50
msgid "allowed_uids (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1146
+#: sssd.conf.5.xml:1272
msgid ""
"Specifies the comma-separated list of UID values or user names that are "
"allowed to access the PAC responder. User names are resolved to UIDs at "
@@ -1510,12 +1661,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1152
+#: sssd.conf.5.xml:1278
msgid "Default: 0 (only the root user is allowed to access the PAC responder)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1156
+#: sssd.conf.5.xml:1282
msgid ""
"Please note that although the UID 0 is used as the default it will be "
"overwritten with this option. If you still want to allow the root user to "
@@ -1523,25 +1674,37 @@ msgid ""
"to the list of allowed UIDs as well."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1291
+msgid "pac_lifetime (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1294
+msgid ""
+"Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC "
+"data can be used to determine the group memberships of a user."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1170
+#: sssd.conf.5.xml:1309
msgid "DOMAIN SECTIONS"
msgstr "RANNOÙ DOMANI"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1177
+#: sssd.conf.5.xml:1316
msgid "min_id,max_id (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1180
+#: sssd.conf.5.xml:1319
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1185
+#: sssd.conf.5.xml:1324
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -1550,46 +1713,46 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1192
+#: sssd.conf.5.xml:1331
msgid ""
"These ID limits affect even saving entries to cache, not only returning them "
"by name or ID."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1196
+#: sssd.conf.5.xml:1335
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1202
+#: sssd.conf.5.xml:1341
msgid "enumerate (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1205
+#: sssd.conf.5.xml:1344
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1209
+#: sssd.conf.5.xml:1348
msgid "TRUE = Users and groups are enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1212
+#: sssd.conf.5.xml:1351
msgid "FALSE = No enumerations for this domain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1215 sssd.conf.5.xml:1447 sssd.conf.5.xml:1614
+#: sssd.conf.5.xml:1354 sssd.conf.5.xml:1586 sssd.conf.5.xml:1753
msgid "Default: FALSE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1218
+#: sssd.conf.5.xml:1357
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -1601,14 +1764,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1231
+#: sssd.conf.5.xml:1370
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1236
+#: sssd.conf.5.xml:1375
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -1617,39 +1780,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1244
+#: sssd.conf.5.xml:1383
msgid ""
"For the reasons cited above, enabling enumeration is not recommended, "
"especially in large environments."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1252
+#: sssd.conf.5.xml:1391
msgid "subdomain_enumerate (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1259
+#: sssd.conf.5.xml:1398
msgid "all"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1260
+#: sssd.conf.5.xml:1399
msgid "All discovered trusted domains will be enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1263
+#: sssd.conf.5.xml:1402
msgid "none"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1264
+#: sssd.conf.5.xml:1403
msgid "No discovered trusted domains will be enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1255
+#: sssd.conf.5.xml:1394
msgid ""
"Whether any of autodetected trusted domains should be enumerated. The "
"supported values are: <placeholder type=\"variablelist\" id=\"0\"/> "
@@ -1658,19 +1821,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1295
+#: sssd.conf.5.xml:1434
msgid "entry_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1298
+#: sssd.conf.5.xml:1437
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1302
+#: sssd.conf.5.xml:1441
msgid ""
"The cache expiration timestamps are stored as attributes of individual "
"objects in the cache. Therefore, changing the cache timeout only has effect "
@@ -1681,151 +1844,151 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1315
+#: sssd.conf.5.xml:1454
msgid "Default: 5400"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1321
+#: sssd.conf.5.xml:1460
msgid "entry_cache_user_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1324
+#: sssd.conf.5.xml:1463
msgid ""
"How many seconds should nss_sss consider user entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1328 sssd.conf.5.xml:1341 sssd.conf.5.xml:1354
-#: sssd.conf.5.xml:1367 sssd.conf.5.xml:1380 sssd.conf.5.xml:1394
-#: sssd.conf.5.xml:1408
+#: sssd.conf.5.xml:1467 sssd.conf.5.xml:1480 sssd.conf.5.xml:1493
+#: sssd.conf.5.xml:1506 sssd.conf.5.xml:1519 sssd.conf.5.xml:1533
+#: sssd.conf.5.xml:1547
msgid "Default: entry_cache_timeout"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1334
+#: sssd.conf.5.xml:1473
msgid "entry_cache_group_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1337
+#: sssd.conf.5.xml:1476
msgid ""
"How many seconds should nss_sss consider group entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1347
+#: sssd.conf.5.xml:1486
msgid "entry_cache_netgroup_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1350
+#: sssd.conf.5.xml:1489
msgid ""
"How many seconds should nss_sss consider netgroup entries valid before "
"asking the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1360
+#: sssd.conf.5.xml:1499
msgid "entry_cache_service_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1363
+#: sssd.conf.5.xml:1502
msgid ""
"How many seconds should nss_sss consider service entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1373
+#: sssd.conf.5.xml:1512
msgid "entry_cache_sudo_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1376
+#: sssd.conf.5.xml:1515
msgid ""
"How many seconds should sudo consider rules valid before asking the backend "
"again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1386
+#: sssd.conf.5.xml:1525
msgid "entry_cache_autofs_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1389
+#: sssd.conf.5.xml:1528
msgid ""
"How many seconds should the autofs service consider automounter maps valid "
"before asking the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1400
+#: sssd.conf.5.xml:1539
msgid "entry_cache_ssh_host_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1403
+#: sssd.conf.5.xml:1542
msgid ""
"How many seconds to keep a host ssh key after refresh. IE how long to cache "
"the host key for."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1414
+#: sssd.conf.5.xml:1553
msgid "refresh_expired_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1417
+#: sssd.conf.5.xml:1556
msgid ""
"Specifies how many seconds SSSD has to wait before triggering a background "
"refresh task which will refresh all expired or nearly expired records."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1422
+#: sssd.conf.5.xml:1561
msgid ""
"The background refresh will process users, groups and netgroups in the cache."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1426
+#: sssd.conf.5.xml:1565
msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1430 sssd-ldap.5.xml:730 sssd-ipa.5.xml:227
+#: sssd.conf.5.xml:1569 sssd-ldap.5.xml:730 sssd-ipa.5.xml:227
msgid "Default: 0 (disabled)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1436
+#: sssd.conf.5.xml:1575
msgid "cache_credentials (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1439
+#: sssd.conf.5.xml:1578
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1443
+#: sssd.conf.5.xml:1582
msgid "User credentials are stored in a SHA512 hash, not in plaintext"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1453
+#: sssd.conf.5.xml:1592
msgid "cache_credentials_minimal_first_factor_length (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1456
+#: sssd.conf.5.xml:1595
msgid ""
"If 2-Factor-Authentication (2FA) is used and credentials should be saved "
"this value determines the minimal length the first authentication factor "
@@ -1833,24 +1996,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1463
+#: sssd.conf.5.xml:1602
msgid ""
"This should avoid that the short PINs of a PIN based 2FA scheme are saved in "
"the cache which would make them easy targets for brute-force attacks."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1468
+#: sssd.conf.5.xml:1607
msgid "Default: 8"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1474
+#: sssd.conf.5.xml:1613
msgid "account_cache_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1477
+#: sssd.conf.5.xml:1616
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -1859,17 +2022,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1484
+#: sssd.conf.5.xml:1623
msgid "Default: 0 (unlimited)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1489
+#: sssd.conf.5.xml:1628
msgid "pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1500
+#: sssd.conf.5.xml:1639
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -1878,33 +2041,33 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1507
+#: sssd.conf.5.xml:1646
msgid "Default: 7 (Kerberos), 0 (LDAP)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1513
+#: sssd.conf.5.xml:1652
msgid "id_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1516
+#: sssd.conf.5.xml:1655
msgid ""
"The identification provider used for the domain. Supported ID providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1520
+#: sssd.conf.5.xml:1659
msgid "<quote>proxy</quote>: Support a legacy NSS provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1523 sssd.conf.5.xml:1660
+#: sssd.conf.5.xml:1662 sssd.conf.5.xml:1799
msgid "<quote>local</quote>: SSSD internal provider for local users"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1527
+#: sssd.conf.5.xml:1666
msgid ""
"<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-"
"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
@@ -1912,8 +2075,8 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1535 sssd.conf.5.xml:1640 sssd.conf.5.xml:1695
-#: sssd.conf.5.xml:1748
+#: sssd.conf.5.xml:1674 sssd.conf.5.xml:1779 sssd.conf.5.xml:1834
+#: sssd.conf.5.xml:1897
msgid ""
"<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management "
"provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
@@ -1922,8 +2085,8 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1544 sssd.conf.5.xml:1649 sssd.conf.5.xml:1704
-#: sssd.conf.5.xml:1757
+#: sssd.conf.5.xml:1683 sssd.conf.5.xml:1788 sssd.conf.5.xml:1843
+#: sssd.conf.5.xml:1906
msgid ""
"<quote>ad</quote>: Active Directory provider. See <citerefentry> "
"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1931,19 +2094,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1555
+#: sssd.conf.5.xml:1694
msgid "use_fully_qualified_names (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1558
+#: sssd.conf.5.xml:1697
msgid ""
"Use the full name and domain (as formatted by the domain's full_name_format) "
"as the user's login name reported to NSS."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1563
+#: sssd.conf.5.xml:1702
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -1952,7 +2115,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1571
+#: sssd.conf.5.xml:1710
msgid ""
"NOTE: This option has no effect on netgroup lookups due to their tendency to "
"include nested netgroups without qualified names. For netgroups, all domains "
@@ -1960,22 +2123,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1578
+#: sssd.conf.5.xml:1717
msgid "Default: FALSE (TRUE if default_domain_suffix is used)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1584
+#: sssd.conf.5.xml:1723
msgid "ignore_group_members (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1587
+#: sssd.conf.5.xml:1726
msgid "Do not return group members for group lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1590
+#: sssd.conf.5.xml:1729
msgid ""
"If set to TRUE, the group membership attribute is not requested from the "
"ldap server, and group members are not returned when processing group lookup "
@@ -1987,7 +2150,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1608
+#: sssd.conf.5.xml:1747
msgid ""
"Enabling this option can also make access provider checks for group "
"membership significantly faster, especially for groups containing many "
@@ -1995,19 +2158,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1619
+#: sssd.conf.5.xml:1758
msgid "auth_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1622
+#: sssd.conf.5.xml:1761
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1626 sssd.conf.5.xml:1688
+#: sssd.conf.5.xml:1765 sssd.conf.5.xml:1827
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2015,7 +2178,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1633
+#: sssd.conf.5.xml:1772
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2023,30 +2186,30 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1657
+#: sssd.conf.5.xml:1796
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1664
+#: sssd.conf.5.xml:1803
msgid "<quote>none</quote> disables authentication explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1667
+#: sssd.conf.5.xml:1806
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1673
+#: sssd.conf.5.xml:1812
msgid "access_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1676
+#: sssd.conf.5.xml:1815
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -2054,19 +2217,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1682
+#: sssd.conf.5.xml:1821
msgid ""
"<quote>permit</quote> always allow access. It's the only permitted access "
"provider for a local domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1685
+#: sssd.conf.5.xml:1824
msgid "<quote>deny</quote> always deny access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1712
+#: sssd.conf.5.xml:1851
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -2075,24 +2238,37 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1719
+#: sssd.conf.5.xml:1858
+msgid ""
+"<quote>krb5</quote>: .k5login based access control. See <citerefentry> "
+"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></"
+"citerefentry> for more information on configuring Kerberos."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1865
+msgid "<quote>proxy</quote> for relaying access control to another PAM module."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1868
msgid "Default: <quote>permit</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1724
+#: sssd.conf.5.xml:1873
msgid "chpass_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1727
+#: sssd.conf.5.xml:1876
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1732
+#: sssd.conf.5.xml:1881
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -2100,7 +2276,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1740
+#: sssd.conf.5.xml:1889
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2108,35 +2284,35 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1765
+#: sssd.conf.5.xml:1914
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1769
+#: sssd.conf.5.xml:1918
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1772
+#: sssd.conf.5.xml:1921
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1779
+#: sssd.conf.5.xml:1928
msgid "sudo_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1782
+#: sssd.conf.5.xml:1931
msgid "The SUDO provider used for the domain. Supported SUDO providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1786
+#: sssd.conf.5.xml:1935
msgid ""
"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2144,32 +2320,32 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1794
+#: sssd.conf.5.xml:1943
msgid ""
"<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default "
"settings."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1798
+#: sssd.conf.5.xml:1947
msgid ""
"<quote>ad</quote> the same as <quote>ldap</quote> but with AD default "
"settings."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1802
+#: sssd.conf.5.xml:1951
msgid "<quote>none</quote> disables SUDO explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1805 sssd.conf.5.xml:1883 sssd.conf.5.xml:1915
-#: sssd.conf.5.xml:1940
+#: sssd.conf.5.xml:1954 sssd.conf.5.xml:2032 sssd.conf.5.xml:2073
+#: sssd.conf.5.xml:2098
msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1809
+#: sssd.conf.5.xml:1958
msgid ""
"The detailed instructions for configuration of sudo_provider are in the "
"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -2180,12 +2356,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1826
+#: sssd.conf.5.xml:1975
msgid "selinux_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1829
+#: sssd.conf.5.xml:1978
msgid ""
"The provider which should handle loading of selinux settings. Note that this "
"provider will be called right after access provider ends. Supported selinux "
@@ -2193,7 +2369,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1835
+#: sssd.conf.5.xml:1984
msgid ""
"<quote>ipa</quote> to load selinux settings from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2201,31 +2377,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1843
+#: sssd.conf.5.xml:1992
msgid "<quote>none</quote> disallows fetching selinux settings explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1846
+#: sssd.conf.5.xml:1995
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"selinux loading requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1852
+#: sssd.conf.5.xml:2001
msgid "subdomains_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1855
+#: sssd.conf.5.xml:2004
msgid ""
"The provider which should handle fetching of subdomains. This value should "
"be always the same as id_provider. Supported subdomain providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1861
+#: sssd.conf.5.xml:2010
msgid ""
"<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2233,7 +2409,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1870
+#: sssd.conf.5.xml:2019
msgid ""
"<quote>ad</quote> to load a list of subdomains from an Active Directory "
"server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> "
@@ -2242,23 +2418,23 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1879
+#: sssd.conf.5.xml:2028
msgid "<quote>none</quote> disallows fetching subdomains explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1890
+#: sssd.conf.5.xml:2039
msgid "autofs_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1893
+#: sssd.conf.5.xml:2042
msgid ""
"The autofs provider used for the domain. Supported autofs providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1897
+#: sssd.conf.5.xml:2046
msgid ""
"<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2266,7 +2442,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1904
+#: sssd.conf.5.xml:2053
msgid ""
"<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2274,24 +2450,32 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1912
+#: sssd.conf.5.xml:2061
+msgid ""
+"<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> "
+"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> for more information on configuring the AD provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2070
msgid "<quote>none</quote> disables autofs explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1922
+#: sssd.conf.5.xml:2080
msgid "hostid_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1925
+#: sssd.conf.5.xml:2083
msgid ""
"The provider used for retrieving host identity information. Supported "
"hostid providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1929
+#: sssd.conf.5.xml:2087
msgid ""
"<quote>ipa</quote> to load host identity stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2299,12 +2483,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1937
+#: sssd.conf.5.xml:2095
msgid "<quote>none</quote> disables hostid explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1950
+#: sssd.conf.5.xml:2108
msgid ""
"Regular expression for this domain that describes how to parse the string "
"containing user name and domain into these components. The \"domain\" can "
@@ -2314,7 +2498,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1959
+#: sssd.conf.5.xml:2117
msgid ""
"Default for the AD and IPA provider: <quote>(((?P&lt;domain&gt;[^\\\\]+)\\"
"\\(?P&lt;name&gt;.+$))|((?P&lt;name&gt;[^@]+)@(?P&lt;domain&gt;.+$))|(^(?"
@@ -2323,29 +2507,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1964
+#: sssd.conf.5.xml:2122
msgid "username"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1967
+#: sssd.conf.5.xml:2125
msgid "username@domain.name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1970
+#: sssd.conf.5.xml:2128
msgid "domain\\username"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1973
+#: sssd.conf.5.xml:2131
msgid ""
"While the first two correspond to the general default the third one is "
"introduced to allow easy integration of users from Windows domains."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1978
+#: sssd.conf.5.xml:2136
msgid ""
"Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
"which translates to \"the name is everything up to the <quote>@</quote> "
@@ -2353,7 +2537,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1984
+#: sssd.conf.5.xml:2142
msgid ""
"PLEASE NOTE: the support for non-unique named subpatterns is not available "
"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
@@ -2361,66 +2545,66 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1991
+#: sssd.conf.5.xml:2149
msgid ""
"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
"P&lt;name&gt;) to label subpatterns."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2038
+#: sssd.conf.5.xml:2196
msgid "Default: <quote>%1$s@%2$s</quote>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2044
+#: sssd.conf.5.xml:2202
msgid "lookup_family_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2047
+#: sssd.conf.5.xml:2205
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2051
+#: sssd.conf.5.xml:2209
msgid "Supported values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2054
+#: sssd.conf.5.xml:2212
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2057
+#: sssd.conf.5.xml:2215
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2060
+#: sssd.conf.5.xml:2218
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2063
+#: sssd.conf.5.xml:2221
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2066
+#: sssd.conf.5.xml:2224
msgid "Default: ipv4_first"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2072
+#: sssd.conf.5.xml:2230
msgid "dns_resolver_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2075
+#: sssd.conf.5.xml:2233
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -2428,70 +2612,70 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2081 sssd-ldap.5.xml:1203 sssd-ldap.5.xml:1245
-#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:248
+#: sssd.conf.5.xml:2239 sssd-ldap.5.xml:1221 sssd-ldap.5.xml:1263
+#: sssd-ldap.5.xml:1281 sssd-krb5.5.xml:248
msgid "Default: 6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2087
+#: sssd.conf.5.xml:2245
msgid "dns_discovery_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2090
+#: sssd.conf.5.xml:2248
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2094
+#: sssd.conf.5.xml:2252
msgid "Default: Use the domain part of machine's hostname"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2100
+#: sssd.conf.5.xml:2258
msgid "override_gid (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2103
+#: sssd.conf.5.xml:2261
msgid "Override the primary GID value with the one specified."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2109
+#: sssd.conf.5.xml:2267
msgid "case_sensitive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2117
+#: sssd.conf.5.xml:2275
msgid "True"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2120
+#: sssd.conf.5.xml:2278
msgid "Case sensitive. This value is invalid for AD provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2126
+#: sssd.conf.5.xml:2284
msgid "False"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2128
+#: sssd.conf.5.xml:2286
msgid "Case insensitive."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2132
+#: sssd.conf.5.xml:2290
msgid "Preserving"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2135
+#: sssd.conf.5.xml:2293
msgid ""
"Same as False (case insensitive), but does not lowercase names in the result "
"of NSS operations. Note that name aliases (and in case of services also "
@@ -2499,7 +2683,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2112
+#: sssd.conf.5.xml:2270
msgid ""
"Treat user and group names as case sensitive. At the moment, this option is "
"not supported in the local provider. Possible option values are: "
@@ -2507,41 +2691,85 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2147
+#: sssd.conf.5.xml:2305
msgid "Default: True (False for AD provider)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2153
-msgid "proxy_fast_alias (boolean)"
+#: sssd.conf.5.xml:2311
+msgid "subdomain_inherit (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2156
+#: sssd.conf.5.xml:2314
msgid ""
-"When a user or group is looked up by name in the proxy provider, a second "
-"lookup by ID is performed to \"canonicalize\" the name in case the requested "
-"name was an alias. Setting this option to true would cause the SSSD to "
-"perform the ID lookup from cache for performance reasons."
+"Specifies a list of configuration parameters that should be inherited by a "
+"subdomain. Please note that only selected parameters can be inherited. "
+"Currently the following options can be inherited:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2320
+msgid "ignore_group_members"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2323
+msgid "ldap_purge_cache_timeout"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2326 sssd-ldap.5.xml:1054
+msgid "ldap_use_tokengroups"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2329
+msgid "ldap_user_principal"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2332
+msgid ""
+"ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab "
+"is not set explicitly)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd.conf.5.xml:2338
+#, no-wrap
+msgid ""
+"subdomain_inherit = ldap_purge_cache_timeout\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2336
+msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2345
+msgid "Note: This option only works with the IPA and AD provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2170
+#: sssd.conf.5.xml:2352
msgid "subdomain_homedir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2181
+#: sssd.conf.5.xml:2363
msgid "%F"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2182
+#: sssd.conf.5.xml:2364
msgid "flat (NetBIOS) name of a subdomain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2173
+#: sssd.conf.5.xml:2355
msgid ""
"Use this homedir as default value for all subdomains within this domain in "
"IPA AD trust. See <emphasis>override_homedir</emphasis> for info about "
@@ -2551,34 +2779,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2187
+#: sssd.conf.5.xml:2369
msgid ""
"The value can be overridden by <emphasis>override_homedir</emphasis> option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2191
+#: sssd.conf.5.xml:2373
msgid "Default: <filename>/home/%d/%u</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2196
+#: sssd.conf.5.xml:2378
msgid "realmd_tags (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2199
+#: sssd.conf.5.xml:2381
msgid ""
"Various tags stored by the realmd configuration service for this domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2205
+#: sssd.conf.5.xml:2387
msgid "cached_auth_timeout (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2208
+#: sssd.conf.5.xml:2390
msgid ""
"Specifies time in seconds since last successful online authentication for "
"which user will be authenticated using cached credentials while SSSD is in "
@@ -2586,12 +2814,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2214
+#: sssd.conf.5.xml:2396
msgid "Special value 0 implies that this feature is disabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2218
+#: sssd.conf.5.xml:2400
msgid ""
"Please note that if <quote>cached_auth_timeout</quote> is longer than "
"<quote>pam_id_timeout</quote> then the back end could be called to handle "
@@ -2599,7 +2827,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1172
+#: sssd.conf.5.xml:1311
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -2607,49 +2835,63 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2236
+#: sssd.conf.5.xml:2418
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2239
+#: sssd.conf.5.xml:2421
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2242
+#: sssd.conf.5.xml:2424
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2250
+#: sssd.conf.5.xml:2432
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2253
+#: sssd.conf.5.xml:2435
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
"for example _nss_files_getpwent."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2445
+msgid "proxy_fast_alias (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2448
+msgid ""
+"When a user or group is looked up by name in the proxy provider, a second "
+"lookup by ID is performed to \"canonicalize\" the name in case the requested "
+"name was an alias. Setting this option to true would cause the SSSD to "
+"perform the ID lookup from cache for performance reasons."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2232
+#: sssd.conf.5.xml:2414
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2265
+#: sssd.conf.5.xml:2465
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2267
+#: sssd.conf.5.xml:2467
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -2657,73 +2899,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2274
+#: sssd.conf.5.xml:2474
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2277
+#: sssd.conf.5.xml:2477
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2281
+#: sssd.conf.5.xml:2481
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2286
+#: sssd.conf.5.xml:2486
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2289
+#: sssd.conf.5.xml:2489
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2294
+#: sssd.conf.5.xml:2494
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2299
+#: sssd.conf.5.xml:2499
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2302
+#: sssd.conf.5.xml:2502
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2306 sssd.conf.5.xml:2318
+#: sssd.conf.5.xml:2506 sssd.conf.5.xml:2518
msgid "Default: TRUE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2311
+#: sssd.conf.5.xml:2511
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2314
+#: sssd.conf.5.xml:2514
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2323
+#: sssd.conf.5.xml:2523
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2326
+#: sssd.conf.5.xml:2526
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -2731,17 +2973,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2334
+#: sssd.conf.5.xml:2534
msgid "Default: 077"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2339
+#: sssd.conf.5.xml:2539
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2342
+#: sssd.conf.5.xml:2542
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -2750,17 +2992,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2352
+#: sssd.conf.5.xml:2552
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2357
+#: sssd.conf.5.xml:2557
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2360
+#: sssd.conf.5.xml:2560
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -2768,17 +3010,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2367
+#: sssd.conf.5.xml:2567
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2372
+#: sssd.conf.5.xml:2572
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2375
+#: sssd.conf.5.xml:2575
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -2786,19 +3028,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2381
+#: sssd.conf.5.xml:2581
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:2391 sssd-ldap.5.xml:2611 sssd-simple.5.xml:131
-#: sssd-ipa.5.xml:717 sssd-ad.5.xml:889 sssd-krb5.5.xml:564
+#: sssd.conf.5.xml:2591 sssd-ldap.5.xml:2629 sssd-simple.5.xml:131
+#: sssd-ipa.5.xml:717 sssd-ad.5.xml:965 sssd-krb5.5.xml:564
#: sss_rpcidmapd.5.xml:98
msgid "EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:2397
+#: sssd.conf.5.xml:2597
#, no-wrap
msgid ""
"[sssd]\n"
@@ -2828,7 +3070,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2393
+#: sssd.conf.5.xml:2593
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -2874,7 +3116,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:88
+#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:89
#: sssd-krb5.5.xml:63 sssd-ifp.5.xml:44
msgid "CONFIGURATION OPTIONS"
msgstr ""
@@ -2974,8 +3216,8 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:646 sssd-ad.5.xml:212
-#: sss_override.8.xml:99 sss_override.8.xml:167
+#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:646 sssd-ad.5.xml:220
+#: sss_override.8.xml:137 sss_override.8.xml:234
msgid "Examples:"
msgstr ""
@@ -3264,14 +3506,14 @@ msgid "ldap_user_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:373 sssd-ldap.5.xml:914 sssd-ldap.5.xml:1119
+#: sssd-ldap.5.xml:373 sssd-ldap.5.xml:914 sssd-ldap.5.xml:1137
msgid ""
"The LDAP attribute that contains timestamp of the last modification of the "
"parent object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:377 sssd-ldap.5.xml:918 sssd-ldap.5.xml:1126
+#: sssd-ldap.5.xml:377 sssd-ldap.5.xml:918 sssd-ldap.5.xml:1144
msgid "Default: modifyTimestamp"
msgstr ""
@@ -3666,8 +3908,8 @@ msgid "The LDAP attribute that corresponds to the user's full name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:743 sssd-ldap.5.xml:850 sssd-ldap.5.xml:1077
-#: sssd-ldap.5.xml:1151 sssd-ldap.5.xml:2192 sssd-ipa.5.xml:590
+#: sssd-ldap.5.xml:743 sssd-ldap.5.xml:850 sssd-ldap.5.xml:1095
+#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:2210 sssd-ipa.5.xml:590
msgid "Default: cn"
msgstr ""
@@ -3871,19 +4113,36 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:945
-msgid "ldap_group_nesting_level (integer)"
+msgid "ldap_group_external_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:948
msgid ""
+"The LDAP attribute that references group members that are defined in an "
+"external domain. At the moment, only IPA's external members are supported."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:954
+msgid "Default: ipaExternalMember in the IPA provider, otherwise unset."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:961
+msgid "ldap_group_nesting_level (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:964
+msgid ""
"If ldap_schema is set to a schema format that supports nested groups (e.g. "
"RFC2307bis), then this option controls how many levels of nesting SSSD will "
"follow. This option has no effect on the RFC2307 schema."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:955
+#: sssd-ldap.5.xml:971
msgid ""
"Note: This option specifies the guaranteed level of nested groups to be "
"processed for any lookup. However, nested groups beyond this limit "
@@ -3893,26 +4152,27 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:964
+#: sssd-ldap.5.xml:980
msgid ""
"If ldap_group_nesting_level is set to 0 then no nested groups are processed "
-"at all. However, when connected to Active-Directory Server 2008 and later it "
-"is furthermore required to disable usage of Token-Groups by setting "
-"ldap_use_tokengroups to false."
+"at all. However, when connected to Active-Directory Server 2008 and later "
+"using <quote>id_provider=ad</quote> it is furthermore required to disable "
+"usage of Token-Groups by setting ldap_use_tokengroups to false in order to "
+"restrict group nesting."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:971
+#: sssd-ldap.5.xml:989
msgid "Default: 2"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:977
+#: sssd-ldap.5.xml:995
msgid "ldap_groups_use_matching_rule_in_chain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:980
+#: sssd-ldap.5.xml:998
msgid ""
"This option tells SSSD to take advantage of an Active Directory-specific "
"feature which may speed up group lookup operations on deployments with "
@@ -3920,14 +4180,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:986
+#: sssd-ldap.5.xml:1004
msgid ""
"In most common cases, it is best to leave this option disabled. It generally "
"only provides a performance increase on very complex nestings."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:991 sssd-ldap.5.xml:1018
+#: sssd-ldap.5.xml:1009 sssd-ldap.5.xml:1036
msgid ""
"If this option is enabled, SSSD will use it if it detects that the server "
"supports it during initial connection. So \"True\" here essentially means "
@@ -3935,7 +4195,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:997 sssd-ldap.5.xml:1024
+#: sssd-ldap.5.xml:1015 sssd-ldap.5.xml:1042
msgid ""
"Note: This feature is currently known to work only with Active Directory "
"2008 R1 and later. See <ulink url=\"http://msdn.microsoft.com/en-us/library/"
@@ -3943,19 +4203,13 @@ msgid ""
"for more details."
msgstr ""
-#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1003 sssd-ldap.5.xml:1030 sssd-ldap.5.xml:1321
-#: sssd-ldap.5.xml:1342 sssd-ldap.5.xml:1848 include/ldap_id_mapping.xml:242
-msgid "Default: False"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1009
+#: sssd-ldap.5.xml:1027
msgid "ldap_initgroups_use_matching_rule_in_chain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1012
+#: sssd-ldap.5.xml:1030
msgid ""
"This option tells SSSD to take advantage of an Active Directory-specific "
"feature which might speed up initgroups operations (most notably when "
@@ -3963,168 +4217,168 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1039
+#: sssd-ldap.5.xml:1057
msgid ""
"This options enables or disables use of Token-Groups attribute when "
"performing initgroup for users from Active Directory Server 2008 and later."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1044
+#: sssd-ldap.5.xml:1062
msgid "Default: True for AD and IPA otherwise False."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1050
+#: sssd-ldap.5.xml:1068
msgid "ldap_netgroup_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1053
+#: sssd-ldap.5.xml:1071
msgid "The object class of a netgroup entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1056
+#: sssd-ldap.5.xml:1074
msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1060
+#: sssd-ldap.5.xml:1078
msgid "Default: nisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1066
+#: sssd-ldap.5.xml:1084
msgid "ldap_netgroup_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1069
+#: sssd-ldap.5.xml:1087
msgid "The LDAP attribute that corresponds to the netgroup name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1073
+#: sssd-ldap.5.xml:1091
msgid "In IPA provider, ipa_netgroup_name should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1083
+#: sssd-ldap.5.xml:1101
msgid "ldap_netgroup_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1086
+#: sssd-ldap.5.xml:1104
msgid "The LDAP attribute that contains the names of the netgroup's members."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1090
+#: sssd-ldap.5.xml:1108
msgid "In IPA provider, ipa_netgroup_member should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1094
+#: sssd-ldap.5.xml:1112
msgid "Default: memberNisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1100
+#: sssd-ldap.5.xml:1118
msgid "ldap_netgroup_triple (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1103
+#: sssd-ldap.5.xml:1121
msgid ""
"The LDAP attribute that contains the (host, user, domain) netgroup triples."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1107 sssd-ldap.5.xml:1123
+#: sssd-ldap.5.xml:1125 sssd-ldap.5.xml:1141
msgid "This option is not available in IPA provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1110
+#: sssd-ldap.5.xml:1128
msgid "Default: nisNetgroupTriple"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1116
+#: sssd-ldap.5.xml:1134
msgid "ldap_netgroup_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1132
+#: sssd-ldap.5.xml:1150
msgid "ldap_service_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1135
+#: sssd-ldap.5.xml:1153
msgid "The object class of a service entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1138
+#: sssd-ldap.5.xml:1156
msgid "Default: ipService"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1144
+#: sssd-ldap.5.xml:1162
msgid "ldap_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1147
+#: sssd-ldap.5.xml:1165
msgid ""
"The LDAP attribute that contains the name of service attributes and their "
"aliases."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1157
+#: sssd-ldap.5.xml:1175
msgid "ldap_service_port (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1160
+#: sssd-ldap.5.xml:1178
msgid "The LDAP attribute that contains the port managed by this service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1164
+#: sssd-ldap.5.xml:1182
msgid "Default: ipServicePort"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1170
+#: sssd-ldap.5.xml:1188
msgid "ldap_service_proto (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1173
+#: sssd-ldap.5.xml:1191
msgid ""
"The LDAP attribute that contains the protocols understood by this service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1177
+#: sssd-ldap.5.xml:1195
msgid "Default: ipServiceProtocol"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1183
+#: sssd-ldap.5.xml:1201
msgid "ldap_service_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1188
+#: sssd-ldap.5.xml:1206
msgid "ldap_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1191
+#: sssd-ldap.5.xml:1209
msgid ""
"Specifies the timeout (in seconds) that ldap searches are allowed to run "
"before they are cancelled and cached results are returned (and offline mode "
@@ -4132,7 +4386,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1197
+#: sssd-ldap.5.xml:1215
msgid ""
"Note: this option is subject to change in future versions of the SSSD. It "
"will likely be replaced at some point by a series of timeouts for specific "
@@ -4140,12 +4394,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1209
+#: sssd-ldap.5.xml:1227
msgid "ldap_enumeration_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1212
+#: sssd-ldap.5.xml:1230
msgid ""
"Specifies the timeout (in seconds) that ldap searches for user and group "
"enumerations are allowed to run before they are cancelled and cached results "
@@ -4153,12 +4407,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1225
+#: sssd-ldap.5.xml:1243
msgid "ldap_network_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1228
+#: sssd-ldap.5.xml:1246
msgid ""
"Specifies the timeout (in seconds) after which the <citerefentry> "
"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
@@ -4169,12 +4423,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1251
+#: sssd-ldap.5.xml:1269
msgid "ldap_opt_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1254
+#: sssd-ldap.5.xml:1272
msgid ""
"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
"will abort if no response is received. Also controls the timeout when "
@@ -4183,12 +4437,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1269
+#: sssd-ldap.5.xml:1287
msgid "ldap_connection_expire_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1272
+#: sssd-ldap.5.xml:1290
msgid ""
"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
"maintained. After this time, the connection will be re-established. If used "
@@ -4197,34 +4451,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1280 sssd-ldap.5.xml:2349
+#: sssd-ldap.5.xml:1298 sssd-ldap.5.xml:2367
msgid "Default: 900 (15 minutes)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1286
+#: sssd-ldap.5.xml:1304
msgid "ldap_page_size (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1289
+#: sssd-ldap.5.xml:1307
msgid ""
"Specify the number of records to retrieve from LDAP in a single request. "
"Some LDAP servers enforce a maximum limit per-request."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1294
+#: sssd-ldap.5.xml:1312
msgid "Default: 1000"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1300
+#: sssd-ldap.5.xml:1318
msgid "ldap_disable_paging (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1303
+#: sssd-ldap.5.xml:1321
msgid ""
"Disable the LDAP paging control. This option should be used if the LDAP "
"server reports that it supports the LDAP paging control in its RootDSE but "
@@ -4232,14 +4486,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1309
+#: sssd-ldap.5.xml:1327
msgid ""
"Example: OpenLDAP servers with the paging control module installed on the "
"server but not enabled will report it in the RootDSE but be unable to use it."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1315
+#: sssd-ldap.5.xml:1333
msgid ""
"Example: 389 DS has a bug where it can only support a one paging control at "
"a time on a single connection. On busy clients, this can result in some "
@@ -4247,17 +4501,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1327
+#: sssd-ldap.5.xml:1345
msgid "ldap_disable_range_retrieval (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1330
+#: sssd-ldap.5.xml:1348
msgid "Disable Active Directory range retrieval."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1333
+#: sssd-ldap.5.xml:1351
msgid ""
"Active Directory limits the number of members to be retrieved in a single "
"lookup using the MaxValRange policy (which defaults to 1500 members). If a "
@@ -4267,12 +4521,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1348
+#: sssd-ldap.5.xml:1366
msgid "ldap_sasl_minssf (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1351
+#: sssd-ldap.5.xml:1369
msgid ""
"When communicating with an LDAP server using SASL, specify the minimum "
"security level necessary to establish the connection. The values of this "
@@ -4280,17 +4534,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1357
+#: sssd-ldap.5.xml:1375
msgid "Default: Use the system default (usually specified by ldap.conf)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1364
+#: sssd-ldap.5.xml:1382
msgid "ldap_deref_threshold (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1367
+#: sssd-ldap.5.xml:1385
msgid ""
"Specify the number of group members that must be missing from the internal "
"cache in order to trigger a dereference lookup. If less members are missing, "
@@ -4298,13 +4552,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1373
+#: sssd-ldap.5.xml:1391
msgid ""
"You can turn off dereference lookups completely by setting the value to 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1377
+#: sssd-ldap.5.xml:1395
msgid ""
"A dereference lookup is a means of fetching all group members in a single "
"LDAP call. Different LDAP servers may implement different dereference "
@@ -4313,7 +4567,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1385
+#: sssd-ldap.5.xml:1403
msgid ""
"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
"filter, then the dereference lookup performance enhancement will be disabled "
@@ -4321,26 +4575,26 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1398
+#: sssd-ldap.5.xml:1416
msgid "ldap_tls_reqcert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1401
+#: sssd-ldap.5.xml:1419
msgid ""
"Specifies what checks to perform on server certificates in a TLS session, if "
"any. It can be specified as one of the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1407
+#: sssd-ldap.5.xml:1425
msgid ""
"<emphasis>never</emphasis> = The client will not request or check any server "
"certificate."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1411
+#: sssd-ldap.5.xml:1429
msgid ""
"<emphasis>allow</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -4348,7 +4602,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1418
+#: sssd-ldap.5.xml:1436
msgid ""
"<emphasis>try</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -4356,7 +4610,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1424
+#: sssd-ldap.5.xml:1442
msgid ""
"<emphasis>demand</emphasis> = The server certificate is requested. If no "
"certificate is provided, or a bad certificate is provided, the session is "
@@ -4364,41 +4618,41 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1430
+#: sssd-ldap.5.xml:1448
msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1434
+#: sssd-ldap.5.xml:1452
msgid "Default: hard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1440
+#: sssd-ldap.5.xml:1458
msgid "ldap_tls_cacert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1443
+#: sssd-ldap.5.xml:1461
msgid ""
"Specifies the file that contains certificates for all of the Certificate "
"Authorities that <command>sssd</command> will recognize."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1448 sssd-ldap.5.xml:1466 sssd-ldap.5.xml:1507
+#: sssd-ldap.5.xml:1466 sssd-ldap.5.xml:1484 sssd-ldap.5.xml:1525
msgid ""
"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
"conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1455
+#: sssd-ldap.5.xml:1473
msgid "ldap_tls_cacertdir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1458
+#: sssd-ldap.5.xml:1476
msgid ""
"Specifies the path of a directory that contains Certificate Authority "
"certificates in separate individual files. Typically the file names need to "
@@ -4407,32 +4661,32 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1473
+#: sssd-ldap.5.xml:1491
msgid "ldap_tls_cert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1476
+#: sssd-ldap.5.xml:1494
msgid "Specifies the file that contains the certificate for the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1486
+#: sssd-ldap.5.xml:1504
msgid "ldap_tls_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1489
+#: sssd-ldap.5.xml:1507
msgid "Specifies the file that contains the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1498
+#: sssd-ldap.5.xml:1516
msgid "ldap_tls_cipher_suite (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1501
+#: sssd-ldap.5.xml:1519
msgid ""
"Specifies acceptable cipher suites. Typically this is a colon separated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -4440,24 +4694,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1514
+#: sssd-ldap.5.xml:1532
msgid "ldap_id_use_start_tls (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1517
+#: sssd-ldap.5.xml:1535
msgid ""
"Specifies that the id_provider connection must also use <systemitem class="
"\"protocol\">tls</systemitem> to protect the channel."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1527
+#: sssd-ldap.5.xml:1545
msgid "ldap_id_mapping (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1530
+#: sssd-ldap.5.xml:1548
msgid ""
"Specifies that SSSD should attempt to map user and group IDs from the "
"ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
@@ -4465,17 +4719,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1536
+#: sssd-ldap.5.xml:1554
msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1546
+#: sssd-ldap.5.xml:1564
msgid "ldap_min_id, ldap_max_id (interger)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1549
+#: sssd-ldap.5.xml:1567
msgid ""
"In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
"set to true the allowed ID range for ldap_user_uid_number and "
@@ -4486,29 +4740,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1561
+#: sssd-ldap.5.xml:1579
msgid "Default: not set (both options are set to 0)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1567
+#: sssd-ldap.5.xml:1585
msgid "ldap_sasl_mech (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1570
+#: sssd-ldap.5.xml:1588
msgid ""
"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
"supported."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1580
+#: sssd-ldap.5.xml:1598
msgid "ldap_sasl_authid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1583
+#: sssd-ldap.5.xml:1601
msgid ""
"Specify the SASL authorization id to use. When GSSAPI is used, this "
"represents the Kerberos principal used for authentication to the directory. "
@@ -4517,17 +4771,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1591
+#: sssd-ldap.5.xml:1609
msgid "Default: host/hostname@REALM"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1597
+#: sssd-ldap.5.xml:1615
msgid "ldap_sasl_realm (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1600
+#: sssd-ldap.5.xml:1618
msgid ""
"Specify the SASL realm to use. When not specified, this option defaults to "
"the value of krb5_realm. If the ldap_sasl_authid contains the realm as "
@@ -4535,49 +4789,49 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1606
+#: sssd-ldap.5.xml:1624
msgid "Default: the value of krb5_realm."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1612
+#: sssd-ldap.5.xml:1630
msgid "ldap_sasl_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1615
+#: sssd-ldap.5.xml:1633
msgid ""
"If set to true, the LDAP library would perform a reverse lookup to "
"canonicalize the host name during a SASL bind."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1620
+#: sssd-ldap.5.xml:1638
msgid "Default: false;"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1626
+#: sssd-ldap.5.xml:1644
msgid "ldap_krb5_keytab (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1629
+#: sssd-ldap.5.xml:1647
msgid "Specify the keytab to use when using SASL/GSSAPI."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1632
+#: sssd-ldap.5.xml:1650
msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1638
+#: sssd-ldap.5.xml:1656
msgid "ldap_krb5_init_creds (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1641
+#: sssd-ldap.5.xml:1659
msgid ""
"Specifies that the id_provider should init Kerberos credentials (TGT). This "
"action is performed only if SASL is used and the mechanism selected is "
@@ -4585,27 +4839,27 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1653
+#: sssd-ldap.5.xml:1671
msgid "ldap_krb5_ticket_lifetime (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1656
+#: sssd-ldap.5.xml:1674
msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1660 sssd-ad.5.xml:783
+#: sssd-ldap.5.xml:1678 sssd-ad.5.xml:859
msgid "Default: 86400 (24 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1666 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1684 sssd-krb5.5.xml:74
msgid "krb5_server, krb5_backup_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1669
+#: sssd-ldap.5.xml:1687
msgid ""
"Specifies the comma-separated list of IP addresses or hostnames of the "
"Kerberos servers to which SSSD should connect in the order of preference. "
@@ -4617,7 +4871,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1681 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1699 sssd-krb5.5.xml:89
msgid ""
"When using service discovery for KDC or kpasswd servers, SSSD first searches "
"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -4625,7 +4879,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1686 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1704 sssd-krb5.5.xml:94
msgid ""
"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
"While the legacy name is recognized for the time being, users are advised to "
@@ -4633,39 +4887,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1695 sssd-ipa.5.xml:415 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1713 sssd-ipa.5.xml:415 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1698
+#: sssd-ldap.5.xml:1716
msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1701
+#: sssd-ldap.5.xml:1719
msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1707 sssd-ipa.5.xml:430 sssd-krb5.5.xml:462
+#: sssd-ldap.5.xml:1725 sssd-ipa.5.xml:430 sssd-krb5.5.xml:462
msgid "krb5_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1710
+#: sssd-ldap.5.xml:1728
msgid ""
"Specifies if the host principal should be canonicalized when connecting to "
"LDAP server. This feature is available with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1722 sssd-krb5.5.xml:477
+#: sssd-ldap.5.xml:1740 sssd-krb5.5.xml:477
msgid "krb5_use_kdcinfo (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1725 sssd-krb5.5.xml:480
+#: sssd-ldap.5.xml:1743 sssd-krb5.5.xml:480
msgid ""
"Specifies if the SSSD should instruct the Kerberos libraries what realm and "
"which KDCs to use. This option is on by default, if you disable it, you need "
@@ -4675,7 +4929,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1736 sssd-krb5.5.xml:491
+#: sssd-ldap.5.xml:1754 sssd-krb5.5.xml:491
msgid ""
"See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
@@ -4683,26 +4937,26 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1750
+#: sssd-ldap.5.xml:1768
msgid "ldap_pwd_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1753
+#: sssd-ldap.5.xml:1771
msgid ""
"Select the policy to evaluate the password expiration on the client side. "
"The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1758
+#: sssd-ldap.5.xml:1776
msgid ""
"<emphasis>none</emphasis> - No evaluation on the client side. This option "
"cannot disable server-side password policies."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1763
+#: sssd-ldap.5.xml:1781
msgid ""
"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -4710,7 +4964,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1769
+#: sssd-ldap.5.xml:1787
msgid ""
"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
"to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -4718,31 +4972,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1778
+#: sssd-ldap.5.xml:1796
msgid ""
"<emphasis>Note</emphasis>: if a password policy is configured on server "
"side, it always takes precedence over policy set with this option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1786
+#: sssd-ldap.5.xml:1804
msgid "ldap_referrals (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1789
+#: sssd-ldap.5.xml:1807
msgid "Specifies whether automatic referral chasing should be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1793
+#: sssd-ldap.5.xml:1811
msgid ""
"Please note that sssd only supports referral chasing when it is compiled "
"with OpenLDAP version 2.4.13 or higher."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1798
+#: sssd-ldap.5.xml:1816
msgid ""
"Chasing referrals may incur a performance penalty in environments that use "
"them heavily, a notable example is Microsoft Active Directory. If your setup "
@@ -4751,56 +5005,56 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1812
+#: sssd-ldap.5.xml:1830
msgid "ldap_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1815
+#: sssd-ldap.5.xml:1833
msgid "Specifies the service name to use when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1819
+#: sssd-ldap.5.xml:1837
msgid "Default: ldap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1825
+#: sssd-ldap.5.xml:1843
msgid "ldap_chpass_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1828
+#: sssd-ldap.5.xml:1846
msgid ""
"Specifies the service name to use to find an LDAP server which allows "
"password changes when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1833
+#: sssd-ldap.5.xml:1851
msgid "Default: not set, i.e. service discovery is disabled"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1839
+#: sssd-ldap.5.xml:1857
msgid "ldap_chpass_update_last_change (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1842
+#: sssd-ldap.5.xml:1860
msgid ""
"Specifies whether to update the ldap_user_shadow_last_change attribute with "
"days since the Epoch after a password change operation."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1854
+#: sssd-ldap.5.xml:1872
msgid "ldap_access_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1857
+#: sssd-ldap.5.xml:1875
msgid ""
"If using access_provider = ldap and ldap_access_order = filter (default), "
"this option is mandatory. It specifies an LDAP search filter criteria that "
@@ -4816,12 +5070,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1877
+#: sssd-ldap.5.xml:1895
msgid "Example:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1880
+#: sssd-ldap.5.xml:1898
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -4830,14 +5084,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1884
+#: sssd-ldap.5.xml:1902
msgid ""
"This example means that access to this host is restricted to users whose "
"employeeType attribute is set to \"admin\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1889
+#: sssd-ldap.5.xml:1907
msgid ""
"Offline caching for this feature is limited to determining whether the "
"user's last online login was granted access permission. If they were granted "
@@ -4846,24 +5100,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1897 sssd-ldap.5.xml:1954
+#: sssd-ldap.5.xml:1915 sssd-ldap.5.xml:1972
msgid "Default: Empty"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1903
+#: sssd-ldap.5.xml:1921
msgid "ldap_account_expire_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1906
+#: sssd-ldap.5.xml:1924
msgid ""
"With this option a client side evaluation of access control attributes can "
"be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1910
+#: sssd-ldap.5.xml:1928
msgid ""
"Please note that it is always recommended to use server side access control, "
"i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -4871,19 +5125,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1917
+#: sssd-ldap.5.xml:1935
msgid "The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1920
+#: sssd-ldap.5.xml:1938
msgid ""
"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
"determine if the account is expired."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1925
+#: sssd-ldap.5.xml:1943
msgid ""
"<emphasis>ad</emphasis>: use the value of the 32bit field "
"ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -4892,7 +5146,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1932
+#: sssd-ldap.5.xml:1950
msgid ""
"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
"emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -4900,7 +5154,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1938
+#: sssd-ldap.5.xml:1956
msgid ""
"<emphasis>nds</emphasis>: the values of "
"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -4909,7 +5163,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1947
+#: sssd-ldap.5.xml:1965
msgid ""
"Please note that the ldap_access_order configuration option <emphasis>must</"
"emphasis> include <quote>expire</quote> in order for the "
@@ -4917,22 +5171,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1960
+#: sssd-ldap.5.xml:1978
msgid "ldap_access_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1963
+#: sssd-ldap.5.xml:1981
msgid "Comma separated list of access control options. Allowed values are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1967
+#: sssd-ldap.5.xml:1985
msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1970
+#: sssd-ldap.5.xml:1988
msgid ""
"<emphasis>lockout</emphasis>: use account locking. If set, this option "
"denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -4942,14 +5196,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1980
+#: sssd-ldap.5.xml:1998
msgid ""
"<emphasis> Please note that this option is superseded by the <quote>ppolicy</"
"quote> option and might be removed in a future release. </emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1987
+#: sssd-ldap.5.xml:2005
msgid ""
"<emphasis>ppolicy</emphasis>: use account locking. If set, this option "
"denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -4962,12 +5216,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2004
+#: sssd-ldap.5.xml:2022
msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2008
+#: sssd-ldap.5.xml:2026
msgid ""
"<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, "
"pwd_expire_policy_renew: </emphasis> These options are useful if users are "
@@ -4977,7 +5231,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2018
+#: sssd-ldap.5.xml:2036
msgid ""
"The difference between these options is the action taken if user password is "
"expired: pwd_expire_policy_reject - user is denied to log in, "
@@ -4987,49 +5241,49 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2026
+#: sssd-ldap.5.xml:2044
msgid ""
"Note If user password is expired no explicit message is prompted by SSSD."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2030
+#: sssd-ldap.5.xml:2048
msgid ""
"Please note that 'access_provider = ldap' must be set for this feature to "
"work. Also 'ldap_pwd_policy' must be set to an appropriate password policy."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2035
+#: sssd-ldap.5.xml:2053
msgid ""
"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
"to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2040
+#: sssd-ldap.5.xml:2058
msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2044
+#: sssd-ldap.5.xml:2062
msgid "Default: filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2047
+#: sssd-ldap.5.xml:2065
msgid ""
"Please note that it is a configuration error if a value is used more than "
"once."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2054
+#: sssd-ldap.5.xml:2072
msgid "ldap_pwdlockout_dn (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2057
+#: sssd-ldap.5.xml:2075
msgid ""
"This option specifies the DN of password policy entry on LDAP server. Please "
"note that absence of this option in sssd.conf in case of enabled account "
@@ -5038,74 +5292,74 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2065
+#: sssd-ldap.5.xml:2083
msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2068
+#: sssd-ldap.5.xml:2086
msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2074
+#: sssd-ldap.5.xml:2092
msgid "ldap_deref (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2077
+#: sssd-ldap.5.xml:2095
msgid ""
"Specifies how alias dereferencing is done when performing a search. The "
"following options are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2082
+#: sssd-ldap.5.xml:2100
msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2086
+#: sssd-ldap.5.xml:2104
msgid ""
"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
"the base object, but not in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2091
+#: sssd-ldap.5.xml:2109
msgid ""
"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
"the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2096
+#: sssd-ldap.5.xml:2114
msgid ""
"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
"in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2101
+#: sssd-ldap.5.xml:2119
msgid ""
"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
"client libraries)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2109
+#: sssd-ldap.5.xml:2127
msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2112
+#: sssd-ldap.5.xml:2130
msgid ""
"Allows to retain local users as members of an LDAP group for servers that "
"use the RFC2307 schema."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2116
+#: sssd-ldap.5.xml:2134
msgid ""
"In some environments where the RFC2307 schema is used, local users are made "
"members of LDAP groups by adding their names to the memberUid attribute. "
@@ -5116,7 +5370,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2127
+#: sssd-ldap.5.xml:2145
msgid ""
"This option falls back to checking if local users are referenced, and caches "
"them so that later initgroups() calls will augment the local users with the "
@@ -5124,24 +5378,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2139 sssd-ifp.5.xml:136
+#: sssd-ldap.5.xml:2157 sssd-ifp.5.xml:136
msgid "wildcart_limit (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2142
+#: sssd-ldap.5.xml:2160
msgid ""
"Specifies an upper limit on the number of entries that are downloaded during "
"a wildcard lookup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2146
+#: sssd-ldap.5.xml:2164
msgid "At the moment, only the InfoPipe responder supports wildcard lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2150
+#: sssd-ldap.5.xml:2168
msgid "Default: 1000 (often the size of one page)"
msgstr ""
@@ -5156,12 +5410,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2160
+#: sssd-ldap.5.xml:2178
msgid "SUDO OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2162
+#: sssd-ldap.5.xml:2180
msgid ""
"The detailed instructions for configuration of sudo_provider are in the "
"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -5169,208 +5423,208 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2173
+#: sssd-ldap.5.xml:2191
msgid "ldap_sudorule_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2176
+#: sssd-ldap.5.xml:2194
msgid "The object class of a sudo rule entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2179
+#: sssd-ldap.5.xml:2197
msgid "Default: sudoRole"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2185
+#: sssd-ldap.5.xml:2203
msgid "ldap_sudorule_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2188
+#: sssd-ldap.5.xml:2206
msgid "The LDAP attribute that corresponds to the sudo rule name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2198
+#: sssd-ldap.5.xml:2216
msgid "ldap_sudorule_command (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2201
+#: sssd-ldap.5.xml:2219
msgid "The LDAP attribute that corresponds to the command name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2205
+#: sssd-ldap.5.xml:2223
msgid "Default: sudoCommand"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2211
+#: sssd-ldap.5.xml:2229
msgid "ldap_sudorule_host (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2214
+#: sssd-ldap.5.xml:2232
msgid ""
"The LDAP attribute that corresponds to the host name (or host IP address, "
"host IP network, or host netgroup)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2219
+#: sssd-ldap.5.xml:2237
msgid "Default: sudoHost"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2225
+#: sssd-ldap.5.xml:2243
msgid "ldap_sudorule_user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2228
+#: sssd-ldap.5.xml:2246
msgid ""
"The LDAP attribute that corresponds to the user name (or UID, group name or "
"user's netgroup)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2232
+#: sssd-ldap.5.xml:2250
msgid "Default: sudoUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2238
+#: sssd-ldap.5.xml:2256
msgid "ldap_sudorule_option (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2241
+#: sssd-ldap.5.xml:2259
msgid "The LDAP attribute that corresponds to the sudo options."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2245
+#: sssd-ldap.5.xml:2263
msgid "Default: sudoOption"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2251
+#: sssd-ldap.5.xml:2269
msgid "ldap_sudorule_runasuser (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2254
+#: sssd-ldap.5.xml:2272
msgid ""
"The LDAP attribute that corresponds to the user name that commands may be "
"run as."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2258
+#: sssd-ldap.5.xml:2276
msgid "Default: sudoRunAsUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2264
+#: sssd-ldap.5.xml:2282
msgid "ldap_sudorule_runasgroup (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2267
+#: sssd-ldap.5.xml:2285
msgid ""
"The LDAP attribute that corresponds to the group name or group GID that "
"commands may be run as."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2271
+#: sssd-ldap.5.xml:2289
msgid "Default: sudoRunAsGroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2277
+#: sssd-ldap.5.xml:2295
msgid "ldap_sudorule_notbefore (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2280
+#: sssd-ldap.5.xml:2298
msgid ""
"The LDAP attribute that corresponds to the start date/time for when the sudo "
"rule is valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2284
+#: sssd-ldap.5.xml:2302
msgid "Default: sudoNotBefore"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2290
+#: sssd-ldap.5.xml:2308
msgid "ldap_sudorule_notafter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2293
+#: sssd-ldap.5.xml:2311
msgid ""
"The LDAP attribute that corresponds to the expiration date/time, after which "
"the sudo rule will no longer be valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2298
+#: sssd-ldap.5.xml:2316
msgid "Default: sudoNotAfter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2304
+#: sssd-ldap.5.xml:2322
msgid "ldap_sudorule_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2307
+#: sssd-ldap.5.xml:2325
msgid "The LDAP attribute that corresponds to the ordering index of the rule."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2311
+#: sssd-ldap.5.xml:2329
msgid "Default: sudoOrder"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2317
+#: sssd-ldap.5.xml:2335
msgid "ldap_sudo_full_refresh_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2320
+#: sssd-ldap.5.xml:2338
msgid ""
"How many seconds SSSD will wait between executing a full refresh of sudo "
"rules (which downloads all rules that are stored on the server)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2325
+#: sssd-ldap.5.xml:2343
msgid ""
"The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
"emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2330
+#: sssd-ldap.5.xml:2348
msgid "Default: 21600 (6 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2336
+#: sssd-ldap.5.xml:2354
msgid "ldap_sudo_smart_refresh_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2339
+#: sssd-ldap.5.xml:2357
msgid ""
"How many seconds SSSD has to wait before executing a smart refresh of sudo "
"rules (which downloads all rules that have USN higher than the highest USN "
@@ -5378,101 +5632,101 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2345
+#: sssd-ldap.5.xml:2363
msgid ""
"If USN attributes are not supported by the server, the modifyTimestamp "
"attribute is used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2355
+#: sssd-ldap.5.xml:2373
msgid "ldap_sudo_use_host_filter (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2358
+#: sssd-ldap.5.xml:2376
msgid ""
"If true, SSSD will download only rules that are applicable to this machine "
"(using the IPv4 or IPv6 host/network addresses and hostnames)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2369
+#: sssd-ldap.5.xml:2387
msgid "ldap_sudo_hostnames (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2372
+#: sssd-ldap.5.xml:2390
msgid ""
"Space separated list of hostnames or fully qualified domain names that "
"should be used to filter the rules."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2377
+#: sssd-ldap.5.xml:2395
msgid ""
"If this option is empty, SSSD will try to discover the hostname and the "
"fully qualified domain name automatically."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2382 sssd-ldap.5.xml:2405 sssd-ldap.5.xml:2423
-#: sssd-ldap.5.xml:2441
+#: sssd-ldap.5.xml:2400 sssd-ldap.5.xml:2423 sssd-ldap.5.xml:2441
+#: sssd-ldap.5.xml:2459
msgid ""
"If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
"emphasis> then this option has no effect."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2387 sssd-ldap.5.xml:2410
+#: sssd-ldap.5.xml:2405 sssd-ldap.5.xml:2428
msgid "Default: not specified"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2393
+#: sssd-ldap.5.xml:2411
msgid "ldap_sudo_ip (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2396
+#: sssd-ldap.5.xml:2414
msgid ""
"Space separated list of IPv4 or IPv6 host/network addresses that should be "
"used to filter the rules."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2401
+#: sssd-ldap.5.xml:2419
msgid ""
"If this option is empty, SSSD will try to discover the addresses "
"automatically."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2416
+#: sssd-ldap.5.xml:2434
msgid "ldap_sudo_include_netgroups (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2419
+#: sssd-ldap.5.xml:2437
msgid ""
"If true then SSSD will download every rule that contains a netgroup in "
"sudoHost attribute."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2434
+#: sssd-ldap.5.xml:2452
msgid "ldap_sudo_include_regexp (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2437
+#: sssd-ldap.5.xml:2455
msgid ""
"If true then SSSD will download every rule that contains a wildcard in "
"sudoHost attribute."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2453
+#: sssd-ldap.5.xml:2471
msgid ""
"This manual page only describes attribute name mapping. For detailed "
"explanation of sudo related attribute semantics, see <citerefentry> "
@@ -5481,110 +5735,110 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2463
+#: sssd-ldap.5.xml:2481
msgid "AUTOFS OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2465
+#: sssd-ldap.5.xml:2483
msgid ""
"Some of the defaults for the parameters below are dependent on the LDAP "
"schema."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2471
+#: sssd-ldap.5.xml:2489
msgid "ldap_autofs_map_master_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2474
+#: sssd-ldap.5.xml:2492
msgid "The name of the automount master map in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2477
+#: sssd-ldap.5.xml:2495
msgid "Default: auto.master"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2484
+#: sssd-ldap.5.xml:2502
msgid "ldap_autofs_map_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2487
+#: sssd-ldap.5.xml:2505
msgid "The object class of an automount map entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2490
+#: sssd-ldap.5.xml:2508
msgid "Default: automountMap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2497
+#: sssd-ldap.5.xml:2515
msgid "ldap_autofs_map_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2500
+#: sssd-ldap.5.xml:2518
msgid "The name of an automount map entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2503
+#: sssd-ldap.5.xml:2521
msgid "Default: ou (rfc2307), automountMapName (rfc2307bis, ipa, ad)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2511
+#: sssd-ldap.5.xml:2529
msgid "ldap_autofs_entry_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2514
+#: sssd-ldap.5.xml:2532
msgid ""
"The object class of an automount entry in LDAP. The entry usually "
"corresponds to a mount point."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2519
+#: sssd-ldap.5.xml:2537
#, fuzzy
#| msgid "Default: root"
msgid "Default: automount"
msgstr "Dre zoiuer : root"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2526
+#: sssd-ldap.5.xml:2544
msgid "ldap_autofs_entry_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2529 sssd-ldap.5.xml:2544
+#: sssd-ldap.5.xml:2547 sssd-ldap.5.xml:2562
msgid ""
"The key of an automount entry in LDAP. The entry usually corresponds to a "
"mount point."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2533
+#: sssd-ldap.5.xml:2551
msgid "Default: cn (rfc2307), automountKey (rfc2307bis, ipa, ad)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2541
+#: sssd-ldap.5.xml:2559
msgid "ldap_autofs_entry_value (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2548
+#: sssd-ldap.5.xml:2566
msgid "Default: automountInformation"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2469
+#: sssd-ldap.5.xml:2487
msgid ""
"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
@@ -5593,32 +5847,32 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2558
+#: sssd-ldap.5.xml:2576
msgid "ADVANCED OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2565
+#: sssd-ldap.5.xml:2583
msgid "ldap_netgroup_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2570
+#: sssd-ldap.5.xml:2588
msgid "ldap_user_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2575
+#: sssd-ldap.5.xml:2593
msgid "ldap_group_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><note>
-#: sssd-ldap.5.xml:2580
+#: sssd-ldap.5.xml:2598
msgid "<note>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para>
-#: sssd-ldap.5.xml:2582
+#: sssd-ldap.5.xml:2600
msgid ""
"If the option <quote>ldap_use_tokengroups</quote> is enabled. The searches "
"against Active Directory will not be restricted and return all groups "
@@ -5627,22 +5881,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist>
-#: sssd-ldap.5.xml:2589
+#: sssd-ldap.5.xml:2607
msgid "</note>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2591
+#: sssd-ldap.5.xml:2609
msgid "ldap_sudo_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2596
+#: sssd-ldap.5.xml:2614
msgid "ldap_autofs_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2560
+#: sssd-ldap.5.xml:2578
msgid ""
"These options are supported by LDAP domains, but they should be used with "
"caution. Please include them in your configuration only if you know what you "
@@ -5651,7 +5905,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2613
+#: sssd-ldap.5.xml:2631
msgid ""
"The following example assumes that SSSD is correctly configured and LDAP is "
"set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -5659,7 +5913,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2619
+#: sssd-ldap.5.xml:2637
#, no-wrap
msgid ""
"[domain/LDAP]\n"
@@ -5672,26 +5926,26 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: sssd-ldap.5.xml:2618 sssd-ldap.5.xml:2636 sssd-simple.5.xml:139
-#: sssd-ipa.5.xml:725 sssd-ad.5.xml:897 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98
+#: sssd-ldap.5.xml:2636 sssd-ldap.5.xml:2654 sssd-simple.5.xml:139
+#: sssd-ipa.5.xml:725 sssd-ad.5.xml:973 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98
#: sssd-krb5.5.xml:573 include/ldap_id_mapping.xml:105
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2630
+#: sssd-ldap.5.xml:2648
msgid "LDAP ACCESS FILTER EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2632
+#: sssd-ldap.5.xml:2650
msgid ""
"The following example assumes that SSSD is correctly configured and to use "
"the ldap_access_order=lockout."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2637
+#: sssd-ldap.5.xml:2655
#, no-wrap
msgid ""
"[domain/LDAP]\n"
@@ -5707,13 +5961,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2652 sssd_krb5_locator_plugin.8.xml:61
-#: sssd-simple.5.xml:148 sssd-ad.5.xml:912 sssd.8.xml:195 sss_seed.8.xml:163
+#: sssd-ldap.5.xml:2670 sssd_krb5_locator_plugin.8.xml:61
+#: sssd-simple.5.xml:148 sssd-ad.5.xml:988 sssd.8.xml:195 sss_seed.8.xml:163
msgid "NOTES"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2654
+#: sssd-ldap.5.xml:2672
msgid ""
"The descriptions of some of the configuration options in this manual page "
"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -5748,11 +6002,12 @@ msgid ""
"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </"
"arg> <arg choice='opt'> <replaceable>ignore_unknown_user</replaceable> </"
"arg> <arg choice='opt'> <replaceable>ignore_authinfo_unavail</replaceable> </"
-"arg> <arg choice='opt'> <replaceable>domains=X</replaceable> </arg>"
+"arg> <arg choice='opt'> <replaceable>domains=X</replaceable> </arg> <arg "
+"choice='opt'> <replaceable>allow_missing_name</replaceable> </arg>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:54
+#: pam_sss.8.xml:57
msgid ""
"<command>pam_sss.so</command> is the PAM interface to the System Security "
"Services daemon (SSSD). Errors and results are logged through "
@@ -5760,34 +6015,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:64
+#: pam_sss.8.xml:67
msgid "<option>quiet</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:67
+#: pam_sss.8.xml:70
msgid "Suppress log messages for unknown users."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:72
+#: pam_sss.8.xml:75
msgid "<option>forward_pass</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:75
+#: pam_sss.8.xml:78
msgid ""
"If <option>forward_pass</option> is set the entered password is put on the "
"stack for other PAM modules to use."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:82
+#: pam_sss.8.xml:85
msgid "<option>use_first_pass</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:85
+#: pam_sss.8.xml:88
msgid ""
"The argument use_first_pass forces the module to use a previous stacked "
"modules password and will never prompt the user - if no password is "
@@ -5795,31 +6050,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:93
+#: pam_sss.8.xml:96
msgid "<option>use_authtok</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:96
+#: pam_sss.8.xml:99
msgid ""
"When password changing enforce the module to set the new password to the one "
"provided by a previously stacked password module."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:103
+#: pam_sss.8.xml:106
msgid "<option>retry=N</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:106
+#: pam_sss.8.xml:109
msgid ""
"If specified the user is asked another N times for a password if "
"authentication fails. Default is 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:108
+#: pam_sss.8.xml:111
msgid ""
"Please note that this option might not work as expected if the application "
"calling PAM handles the user dialog on its own. A typical example is "
@@ -5827,36 +6082,36 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:117
+#: pam_sss.8.xml:120
msgid "<option>ignore_unknown_user</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:120
+#: pam_sss.8.xml:123
msgid ""
"If this option is specified and the user does not exist, the PAM module will "
"return PAM_IGNORE. This causes the PAM framework to ignore this module."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:127
+#: pam_sss.8.xml:130
msgid "<option>ignore_authinfo_unavail</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:131
+#: pam_sss.8.xml:134
msgid ""
"Specifies that the PAM module should return PAM_IGNORE if it cannot contact "
"the SSSD daemon. This causes the PAM framework to ignore this module."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:138
+#: pam_sss.8.xml:141
msgid "<option>domains</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:142
+#: pam_sss.8.xml:145
msgid ""
"Allows the administrator to restrict the domains a particular PAM service is "
"allowed to authenticate against. The format is a comma-separated list of "
@@ -5864,7 +6119,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:148
+#: pam_sss.8.xml:151
msgid ""
"NOTE: Must be used in conjunction with the <quote>pam_trusted_users</quote> "
"and <quote>pam_public_domains</quote> options. Please see the "
@@ -5873,25 +6128,56 @@ msgid ""
"responder options."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:165
+msgid "<option>allow_missing_name</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:169
+msgid ""
+"The main purpose of this option is to let SSSD determine the user name based "
+"on additional information, e.g. the certificate from a Smartcard."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
+#: pam_sss.8.xml:179
+#, no-wrap
+msgid ""
+" auth sufficient pam_sss.so allow_missing_name\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:174
+msgid ""
+"The current use case are login managers which can monitor a Smartcard reader "
+"for card events. In case a Smartcard is inserted the login manager will call "
+"a PAM stack which includes a line like <placeholder type=\"programlisting\" "
+"id=\"0\"/> In this case SSSD will try to determine the user name based on "
+"the content of the Smartcard, returns it to pam_sss which will finally put "
+"it on the PAM stack."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:164
+#: pam_sss.8.xml:191
msgid "MODULE TYPES PROVIDED"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:165
+#: pam_sss.8.xml:192
msgid ""
"All module types (<option>account</option>, <option>auth</option>, "
"<option>password</option> and <option>session</option>) are provided."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:171
+#: pam_sss.8.xml:198
msgid "FILES"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:172
+#: pam_sss.8.xml:199
msgid ""
"If a password reset by root fails, because the corresponding SSSD provider "
"does not support password resets, an individual message can be displayed. "
@@ -5899,7 +6185,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:177
+#: pam_sss.8.xml:204
msgid ""
"The message is read from the file <filename>pam_sss_pw_reset_message.LOC</"
"filename> where LOC stands for a locale string returned by <citerefentry> "
@@ -5911,7 +6197,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:187
+#: pam_sss.8.xml:214
msgid ""
"These files are searched in the directory <filename>/etc/sssd/customize/"
"DOMAIN_NAME/</filename>. If no matching file is present a generic message is "
@@ -6070,7 +6356,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:89
+#: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:90
msgid ""
"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -6218,7 +6504,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:116 sssd-ad.5.xml:714
+#: sssd-ipa.5.xml:116 sssd-ad.5.xml:790
msgid "dyndns_update (boolean)"
msgstr ""
@@ -6226,14 +6512,14 @@ msgstr ""
#: sssd-ipa.5.xml:119
msgid ""
"Optional. This option tells SSSD to automatically update the DNS server "
-"built into FreeIPA v2 with the IP address of this client. The update is "
-"secured using GSS-TSIG. The IP address of the IPA LDAP connection is used "
-"for the updates, if it is not otherwise specified by using the "
-"<quote>dyndns_iface</quote> option."
+"built into FreeIPA with the IP address of this client. The update is secured "
+"using GSS-TSIG. The IP address of the IPA LDAP connection is used for the "
+"updates, if it is not otherwise specified by using the <quote>dyndns_iface</"
+"quote> option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:128 sssd-ad.5.xml:728
+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:804
msgid ""
"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
"the default Kerberos realm must be set properly in /etc/krb5.conf"
@@ -6248,12 +6534,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:145 sssd-ad.5.xml:739
+#: sssd-ipa.5.xml:145 sssd-ad.5.xml:815
msgid "dyndns_ttl (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:148 sssd-ad.5.xml:742
+#: sssd-ipa.5.xml:148 sssd-ad.5.xml:818
msgid ""
"The TTL to apply to the client DNS record when updating it. If "
"dyndns_update is false this has no effect. This will override the TTL "
@@ -6274,12 +6560,12 @@ msgid "Default: 1200 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:165 sssd-ad.5.xml:753
+#: sssd-ipa.5.xml:165 sssd-ad.5.xml:829
msgid "dyndns_iface (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168 sssd-ad.5.xml:756
+#: sssd-ipa.5.xml:168 sssd-ad.5.xml:832
msgid ""
"Optional. Applicable only when dyndns_update is true. Choose the interface "
"or a list of interfaces whose IP addresses should be used for dynamic DNS "
@@ -6303,7 +6589,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:185 sssd-ad.5.xml:767
+#: sssd-ipa.5.xml:185 sssd-ad.5.xml:843
msgid "Example: dyndns_iface = em1, vnet1, vnet2"
msgstr ""
@@ -6313,7 +6599,7 @@ msgid "ipa_enable_dns_sites (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:194 sssd-ad.5.xml:152
+#: sssd-ipa.5.xml:194 sssd-ad.5.xml:160
msgid "Enables DNS sites - location based service discovery."
msgstr ""
@@ -6330,12 +6616,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:217 sssd-ad.5.xml:773
+#: sssd-ipa.5.xml:217 sssd-ad.5.xml:849
msgid "dyndns_refresh_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:220 sssd-ad.5.xml:776
+#: sssd-ipa.5.xml:220 sssd-ad.5.xml:852
msgid ""
"How often should the back end perform periodic DNS update in addition to the "
"automatic update performed when the back end goes online. This option is "
@@ -6343,12 +6629,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:233 sssd-ad.5.xml:789
+#: sssd-ipa.5.xml:233 sssd-ad.5.xml:865
msgid "dyndns_update_ptr (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:236 sssd-ad.5.xml:792
+#: sssd-ipa.5.xml:236 sssd-ad.5.xml:868
msgid ""
"Whether the PTR record should also be explicitly updated when updating the "
"client's DNS records. Applicable only when dyndns_update is true."
@@ -6367,50 +6653,50 @@ msgid "Default: False (disabled)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:253 sssd-ad.5.xml:803
+#: sssd-ipa.5.xml:253 sssd-ad.5.xml:879
msgid "dyndns_force_tcp (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:256 sssd-ad.5.xml:806
+#: sssd-ipa.5.xml:256 sssd-ad.5.xml:882
msgid ""
"Whether the nsupdate utility should default to using TCP for communicating "
"with the DNS server."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:260 sssd-ad.5.xml:810
+#: sssd-ipa.5.xml:260 sssd-ad.5.xml:886
msgid "Default: False (let nsupdate choose the protocol)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:266 sssd-ad.5.xml:816
+#: sssd-ipa.5.xml:266 sssd-ad.5.xml:892
msgid "dyndns_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:269 sssd-ad.5.xml:819
+#: sssd-ipa.5.xml:269 sssd-ad.5.xml:895
msgid ""
"The DNS server to use when performing a DNS update. In most setups, it's "
"recommended to leave this option unset."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:274 sssd-ad.5.xml:824
+#: sssd-ipa.5.xml:274 sssd-ad.5.xml:900
msgid ""
"Setting this option makes sense for environments where the DNS server is "
"different from the identity server."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:279 sssd-ad.5.xml:829
+#: sssd-ipa.5.xml:279 sssd-ad.5.xml:905
msgid ""
"Please note that this option will be only used in fallback attempt when "
"previous attempt using autodetected settings failed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:284 sssd-ad.5.xml:834
+#: sssd-ipa.5.xml:284 sssd-ad.5.xml:910
msgid "Default: None (let nsupdate choose the server)"
msgstr ""
@@ -6520,7 +6806,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:408 sssd-ad.5.xml:855
+#: sssd-ipa.5.xml:408 sssd-ad.5.xml:931
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
@@ -6594,26 +6880,26 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:480 sssd-ad.5.xml:862
+#: sssd-ipa.5.xml:480 sssd-ad.5.xml:938
msgid "krb5_confd_path (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:483 sssd-ad.5.xml:865
+#: sssd-ipa.5.xml:483 sssd-ad.5.xml:941
msgid ""
"Absolute path of a directory where SSSD should place Kerberos configuration "
"snippets."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:487 sssd-ad.5.xml:869
+#: sssd-ipa.5.xml:487 sssd-ad.5.xml:945
msgid ""
"To disable the creation of the configuration snippets set the parameter to "
"'none'."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:491 sssd-ad.5.xml:873
+#: sssd-ipa.5.xml:491 sssd-ad.5.xml:949
msgid ""
"Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
msgstr ""
@@ -6632,7 +6918,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:508 sssd-ipa.5.xml:524 sssd-ad.5.xml:347
+#: sssd-ipa.5.xml:508 sssd-ipa.5.xml:524 sssd-ad.5.xml:355
msgid "Default: 5 (seconds)"
msgstr ""
@@ -6930,13 +7216,14 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ad.5.xml:45
msgid ""
-"The AD provider is able to provide identity information and authentication "
-"for entities from trusted domains as well. Currently only trusted domains in "
-"the same forest are recognized."
+"The AD provider can be used to get user information and authenticate users "
+"from trusted domains. Currently only trusted domains in the same forest are "
+"recognized. In addition servers from trusted domains are always auto-"
+"discovered."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:50
+#: sssd-ad.5.xml:51
msgid ""
"The AD provider accepts the same options used by the <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -6946,15 +7233,15 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:62
+#: sssd-ad.5.xml:63
msgid ""
"However, it is neither necessary nor recommended to set these options. The "
-"AD provider can also be used as an access, chpass and sudo provider. No "
-"configuration of the access provider is required on the client side."
+"AD provider can also be used as an access, chpass, sudo and autofs provider. "
+"No configuration of the access provider is required on the client side."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:74
+#: sssd-ad.5.xml:75
#, no-wrap
msgid ""
"ldap_id_mapping = False\n"
@@ -6962,7 +7249,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:68
+#: sssd-ad.5.xml:69
msgid ""
"By default, the AD provider will map UID and GID values from the objectSID "
"parameter in Active Directory. For details on this, see the <quote>ID "
@@ -6975,7 +7262,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:81
+#: sssd-ad.5.xml:82
msgid ""
"Users, groups and other entities served by SSSD are always treated as case-"
"insensitive in the AD provider for compatibility with Active Directory's "
@@ -6983,53 +7270,65 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:96
+#: sssd-ad.5.xml:97
msgid "ad_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:99
+#: sssd-ad.5.xml:100
msgid ""
"Specifies the name of the Active Directory domain. This is optional. If not "
"provided, the configuration domain name is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:104
+#: sssd-ad.5.xml:105
msgid ""
"For proper operation, this option should be specified as the lower-case "
"version of the long version of the Active Directory domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:109
+#: sssd-ad.5.xml:110
msgid ""
"The short domain name (also known as the NetBIOS or the flat name) is "
"autodetected by the SSSD."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:116
+#: sssd-ad.5.xml:117
msgid "ad_server, ad_backup_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:119
+#: sssd-ad.5.xml:120
msgid ""
"The comma-separated list of hostnames of the AD servers to which SSSD should "
"connect in order of preference. For more information on failover and server "
-"redundancy, see the <quote>FAILOVER</quote> section. This is optional if "
-"autodiscovery is enabled. For more information on service discovery, refer "
-"to the <quote>SERVICE DISCOVERY</quote> section."
+"redundancy, see the <quote>FAILOVER</quote> section."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:127
+msgid ""
+"This is optional if autodiscovery is enabled. For more information on "
+"service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ad.5.xml:132
+msgid ""
+"Note: Trusted domains will always auto-discover servers even if the primary "
+"server is explicitly defined in the ad_server option."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:140
msgid "ad_hostname (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:135
+#: sssd-ad.5.xml:143
msgid ""
"Optional. May be set on machines where the hostname(5) does not reflect the "
"fully qualified name used in the Active Directory domain to identify this "
@@ -7037,19 +7336,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:141
+#: sssd-ad.5.xml:149
msgid ""
"This field is used to determine the host principal in use in the keytab. It "
"must match the hostname for which the keytab was issued."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:149
+#: sssd-ad.5.xml:157
msgid "ad_enable_dns_sites (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:156
+#: sssd-ad.5.xml:164
msgid ""
"If true and service discovery (see Service Discovery paragraph at the bottom "
"of the man page) is enabled, the SSSD will first attempt to discover the "
@@ -7060,12 +7359,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:172
+#: sssd-ad.5.xml:180
msgid "ad_access_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:175
+#: sssd-ad.5.xml:183
msgid ""
"This option specifies LDAP access control filter that the user must match in "
"order to be allowed access. Please note that the <quote>access_provider</"
@@ -7074,7 +7373,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:183
+#: sssd-ad.5.xml:191
msgid ""
"The option also supports specifying different filters per domain or forest. "
"This extended filter would consist of: <quote>KEYWORD:NAME:FILTER</quote>. "
@@ -7083,7 +7382,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:191
+#: sssd-ad.5.xml:199
msgid ""
"If the keyword equals to <quote>DOM</quote> or is missing, then <quote>NAME</"
"quote> specifies the domain or subdomain the filter applies to. If the "
@@ -7092,14 +7391,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:199
+#: sssd-ad.5.xml:207
msgid ""
"Multiple filters can be separated with the <quote>?</quote> character, "
"similarly to how search bases work."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:204
+#: sssd-ad.5.xml:212
msgid ""
"The most specific match is always used. For example, if the option specified "
"filter for a domain the user is a member of and a global filter, the per-"
@@ -7108,7 +7407,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ad.5.xml:215
+#: sssd-ad.5.xml:223
#, no-wrap
msgid ""
"# apply filter on domain called dom1 only:\n"
@@ -7123,29 +7422,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:225 sssd-ad.5.xml:239
+#: sssd-ad.5.xml:233 sssd-ad.5.xml:247
msgid "Default: Not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:231
+#: sssd-ad.5.xml:239
msgid "ad_site (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:234
+#: sssd-ad.5.xml:242
msgid ""
"Specify AD site to which client should try to connect. If this option is "
"not provided, the AD site will be auto-discovered."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:245
+#: sssd-ad.5.xml:253
msgid "ad_enable_gc (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:248
+#: sssd-ad.5.xml:256
msgid ""
"By default, the SSSD connects to the Global Catalog first to retrieve users "
"from trusted domains and uses the LDAP port to retrieve group memberships or "
@@ -7154,7 +7453,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:256
+#: sssd-ad.5.xml:264
msgid ""
"Please note that disabling Global Catalog support does not disable "
"retrieving users from trusted domains. The SSSD would connect to the LDAP "
@@ -7163,12 +7462,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:270
+#: sssd-ad.5.xml:278
msgid "ad_gpo_access_control (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:273
+#: sssd-ad.5.xml:281
msgid ""
"This option specifies the operation mode for GPO-based access control "
"functionality: whether it operates in disabled mode, enforcing mode, or "
@@ -7178,14 +7477,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:282
+#: sssd-ad.5.xml:290
msgid ""
"GPO-based access control functionality uses GPO policy settings to determine "
"whether or not a particular user is allowed to logon to a particular host."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:288
+#: sssd-ad.5.xml:296
msgid ""
"NOTE: If the operation mode is set to enforcing, it is possible that users "
"that were previously allowed logon access will now be denied logon access "
@@ -7198,23 +7497,23 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:301
+#: sssd-ad.5.xml:309
msgid "There are three supported values for this option:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:305
+#: sssd-ad.5.xml:313
msgid ""
"disabled: GPO-based access control rules are neither evaluated nor enforced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:311
+#: sssd-ad.5.xml:319
msgid "enforcing: GPO-based access control rules are evaluated and enforced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:317
+#: sssd-ad.5.xml:325
msgid ""
"permissive: GPO-based access control rules are evaluated, but not enforced. "
"Instead, a syslog message will be emitted indicating that the user would "
@@ -7222,22 +7521,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:328
+#: sssd-ad.5.xml:336
msgid "Default: permissive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:331
+#: sssd-ad.5.xml:339
msgid "Default: enforcing"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:337
+#: sssd-ad.5.xml:345
msgid "ad_gpo_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:340
+#: sssd-ad.5.xml:348
msgid ""
"The amount of time between lookups of GPO policy files against the AD "
"server. This will reduce the latency and load on the AD server if there are "
@@ -7245,12 +7544,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:353
+#: sssd-ad.5.xml:361
msgid "ad_gpo_map_interactive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:356
+#: sssd-ad.5.xml:364
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the InteractiveLogonRight and "
@@ -7258,14 +7557,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:362
+#: sssd-ad.5.xml:370
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on locally\" and \"Deny log on locally\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:376
+#: sssd-ad.5.xml:384
#, no-wrap
msgid ""
"ad_gpo_map_interactive = +my_pam_service, -login\n"
@@ -7273,7 +7572,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:367
+#: sssd-ad.5.xml:375
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7285,53 +7584,78 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:380 sssd-ad.5.xml:451 sssd-ad.5.xml:492 sssd-ad.5.xml:537
-#: sssd-ad.5.xml:603
+#: sssd-ad.5.xml:388 sssd-ad.5.xml:484 sssd-ad.5.xml:530 sssd-ad.5.xml:575
+#: sssd-ad.5.xml:641
msgid "Default: the default set of PAM service names includes:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:384
+#: sssd-ad.5.xml:392
msgid "login"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:389
+#: sssd-ad.5.xml:397
msgid "su"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:394
+#: sssd-ad.5.xml:402
msgid "su-l"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:399
+#: sssd-ad.5.xml:407
msgid "gdm-fingerprint"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:404
+#: sssd-ad.5.xml:412
msgid "gdm-password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:409
+#: sssd-ad.5.xml:417
msgid "gdm-smartcard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:414
+#: sssd-ad.5.xml:422
msgid "kdm"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:427
+msgid "lightdm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:432
+msgid "lxdm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:437
+msgid "sddm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:442
+msgid "unity"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:447
+msgid "xdm"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:423
+#: sssd-ad.5.xml:456
msgid "ad_gpo_map_remote_interactive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:426
+#: sssd-ad.5.xml:459
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the RemoteInteractiveLogonRight and "
@@ -7339,7 +7663,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:432
+#: sssd-ad.5.xml:465
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on through Remote Desktop Services\" and \"Deny log on through Remote "
@@ -7347,7 +7671,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:447
+#: sssd-ad.5.xml:480
#, no-wrap
msgid ""
"ad_gpo_map_remote_interactive = +my_pam_service, -sshd\n"
@@ -7355,7 +7679,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:438
+#: sssd-ad.5.xml:471
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7367,17 +7691,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:455
+#: sssd-ad.5.xml:488
msgid "sshd"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:493
+msgid "cockpit"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:464
+#: sssd-ad.5.xml:502
msgid "ad_gpo_map_network (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:467
+#: sssd-ad.5.xml:505
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the NetworkLogonRight and "
@@ -7385,7 +7714,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:473
+#: sssd-ad.5.xml:511
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Access "
"this computer from the network\" and \"Deny access to this computer from the "
@@ -7393,7 +7722,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:488
+#: sssd-ad.5.xml:526
#, no-wrap
msgid ""
"ad_gpo_map_network = +my_pam_service, -ftp\n"
@@ -7401,7 +7730,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:479
+#: sssd-ad.5.xml:517
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7413,22 +7742,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:496
+#: sssd-ad.5.xml:534
msgid "ftp"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:501
+#: sssd-ad.5.xml:539
msgid "samba"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:510
+#: sssd-ad.5.xml:548
msgid "ad_gpo_map_batch (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:513
+#: sssd-ad.5.xml:551
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the BatchLogonRight and DenyBatchLogonRight "
@@ -7436,14 +7765,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:519
+#: sssd-ad.5.xml:557
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on as a batch job\" and \"Deny log on as a batch job\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:533
+#: sssd-ad.5.xml:571
#, no-wrap
msgid ""
"ad_gpo_map_batch = +my_pam_service, -crond\n"
@@ -7451,7 +7780,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:524
+#: sssd-ad.5.xml:562
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7463,17 +7792,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:541
+#: sssd-ad.5.xml:579
msgid "crond"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:550
+#: sssd-ad.5.xml:588
msgid "ad_gpo_map_service (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:553
+#: sssd-ad.5.xml:591
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the ServiceLogonRight and "
@@ -7481,14 +7810,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:559
+#: sssd-ad.5.xml:597
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on as a service\" and \"Deny log on as a service\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:572
+#: sssd-ad.5.xml:610
#, no-wrap
msgid ""
"ad_gpo_map_service = +my_pam_service\n"
@@ -7496,7 +7825,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:564 sssd-ad.5.xml:634
+#: sssd-ad.5.xml:602 sssd-ad.5.xml:677
msgid ""
"It is possible to add a PAM service name to the default set by using <quote>"
"+service_name</quote>. Since the default set is empty, it is not possible "
@@ -7507,19 +7836,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:582
+#: sssd-ad.5.xml:620
msgid "ad_gpo_map_permit (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:585
+#: sssd-ad.5.xml:623
msgid ""
"A comma-separated list of PAM service names for which GPO-based access is "
"always granted, regardless of any GPO Logon Rights."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:599
+#: sssd-ad.5.xml:637
#, no-wrap
msgid ""
"ad_gpo_map_permit = +my_pam_service, -sudo\n"
@@ -7527,7 +7856,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:590
+#: sssd-ad.5.xml:628
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7539,34 +7868,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:607
+#: sssd-ad.5.xml:645
+msgid "polkit-1"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:650
msgid "sudo"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:612
+#: sssd-ad.5.xml:655
msgid "sudo-i"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:617
+#: sssd-ad.5.xml:660
msgid "systemd-user"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:626
+#: sssd-ad.5.xml:669
msgid "ad_gpo_map_deny (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:629
+#: sssd-ad.5.xml:672
msgid ""
"A comma-separated list of PAM service names for which GPO-based access is "
"always denied, regardless of any GPO Logon Rights."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:642
+#: sssd-ad.5.xml:685
#, no-wrap
msgid ""
"ad_gpo_map_deny = +my_pam_service\n"
@@ -7574,12 +7908,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:652
+#: sssd-ad.5.xml:695
msgid "ad_gpo_default_right (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:655
+#: sssd-ad.5.xml:698
msgid ""
"This option defines how access control is evaluated for PAM service names "
"that are not explicitly listed in one of the ad_gpo_map_* options. This "
@@ -7592,52 +7926,92 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:668
+#: sssd-ad.5.xml:711
msgid "Supported values for this option include:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:672
+#: sssd-ad.5.xml:715
msgid "interactive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:677
+#: sssd-ad.5.xml:720
msgid "remote_interactive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:682
+#: sssd-ad.5.xml:725
msgid "network"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:687
+#: sssd-ad.5.xml:730
msgid "batch"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:692
+#: sssd-ad.5.xml:735
msgid "service"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:697
+#: sssd-ad.5.xml:740
msgid "permit"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:702
+#: sssd-ad.5.xml:745
msgid "deny"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:708
+#: sssd-ad.5.xml:751
msgid "Default: deny"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:757
+msgid "ad_maximum_machine_account_password_age (integer)"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:717
+#: sssd-ad.5.xml:760
+msgid ""
+"SSSD will check once a day if the machine account password is older than the "
+"given age in days and try to renew it. A value of 0 will disable the renewal "
+"attempt."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:766
+#, fuzzy
+#| msgid "Default: 3"
+msgid "Default: 30 days"
+msgstr "Dre ziouer : 3"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:772
+msgid "ad_machine_account_password_renewal_opts (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:775
+msgid ""
+"This option should only be used to test the machine account renewal task. "
+"The option expect 2 integers seperated by a colon (':'). The first integer "
+"defines the interval in seconds how often the task is run. The second "
+"specifies the inital timeout in seconds before the task is run for the first "
+"time after startup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:784
+msgid "Default: 86400:750 (24h and 15m)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:793
msgid ""
"Optional. This option tells SSSD to automatically update the Active "
"Directory DNS server with the IP address of this client. The update is "
@@ -7648,36 +8022,36 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:747
+#: sssd-ad.5.xml:823
msgid "Default: 3600 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:763
+#: sssd-ad.5.xml:839
msgid ""
"Default: Use the IP addresses of the interface which is used for AD LDAP "
"connection"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:797 sss_rpcidmapd.5.xml:76
+#: sssd-ad.5.xml:873 sss_rpcidmapd.5.xml:76
msgid "Default: True"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:843 sssd-krb5.5.xml:505
+#: sssd-ad.5.xml:919 sssd-krb5.5.xml:505
msgid "krb5_use_enterprise_principal (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:846 sssd-krb5.5.xml:508
+#: sssd-ad.5.xml:922 sssd-krb5.5.xml:508
msgid ""
"Specifies if the user principal should be treated as enterprise principal. "
"See section 5 of RFC 6806 for more details about enterprise principals."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:891
+#: sssd-ad.5.xml:967
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -7685,7 +8059,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:898
+#: sssd-ad.5.xml:974
#, no-wrap
msgid ""
"[domain/EXAMPLE]\n"
@@ -7700,7 +8074,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:918
+#: sssd-ad.5.xml:994
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -7709,7 +8083,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:914
+#: sssd-ad.5.xml:990
msgid ""
"The AD access control provider checks if the account is expired. It has the "
"same effect as the following configuration of the LDAP provider: "
@@ -7717,7 +8091,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:924
+#: sssd-ad.5.xml:1000
msgid ""
"However, unless the <quote>ad</quote> access control provider is explicitly "
"configured, the default access provider is <quote>permit</quote>. Please "
@@ -7726,6 +8100,14 @@ msgid ""
"encryption details) manually."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ad.5.xml:1008
+msgid ""
+"When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema "
+"attribute mapping (nisMap, nisObject, ...) is used, because these attributes "
+"are included in the default Active Directory schema."
+msgstr ""
+
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16
msgid "sssd-sudo"
@@ -8184,7 +8566,7 @@ msgid "The password to obfuscate will be read from standard input."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:80
+#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:70
#: sss_ssh_knownhostsproxy.1.xml:78
msgid ""
"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
@@ -8251,17 +8633,22 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_override.8.xml:37
msgid ""
-"Overrides data are stored in SSSD cache. If the cache is deleted all local "
-"overrides are lost."
+"Overrides data are stored in the SSSD cache. If the cache is deleted, all "
+"local overrides are lost. Please note that after the first override is "
+"created using any of the following <emphasis>user-add</emphasis>, "
+"<emphasis>group-add</emphasis>, <emphasis>user-import</emphasis> or "
+"<emphasis>group-import</emphasis> command. SSSD needs to be restarted to "
+"take effect. <emphasis>sss_override</emphasis> prints message when a "
+"restart is required."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_override.8.xml:43
+#: sss_override.8.xml:50
msgid "AVAILABLE COMMANDS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_override.8.xml:45
+#: sss_override.8.xml:52
msgid ""
"Argument <emphasis>NAME</emphasis> is the name of original object in all "
"commands. It is not possible to override <emphasis>uid</emphasis> or "
@@ -8269,50 +8656,80 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:52
+#: sss_override.8.xml:59
msgid ""
"<option>user-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--"
"name</option> NAME</optional> <optional><option>-u,--uid</option> UID</"
"optional> <optional><option>-g,--gid</option> GID</optional> "
"<optional><option>-h,--home</option> HOME</optional> <optional><option>-s,--"
"shell</option> SHELL</optional> <optional><option>-c,--gecos</option> GECOS</"
-"optional>"
+"optional> <optional><option>-x,--certificate</option> BASE64 ENCODED "
+"CERTIFICATE</optional>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:63
-msgid "Override attributes of an user."
+#: sss_override.8.xml:72
+msgid ""
+"Override attributes of an user. Please be aware that calling this command "
+"will replace any previous override for the (NAMEd) user."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:69
+#: sss_override.8.xml:80
msgid "<option>user-del</option> <emphasis>NAME</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:74
-msgid "Remove user overrides."
+#: sss_override.8.xml:85
+msgid ""
+"Remove user overrides. However be aware that overridden attributes might be "
+"returned from memory cache. Please see SSSD option "
+"<emphasis>memcache_timeout</emphasis> for more details."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:80
+#: sss_override.8.xml:94
+msgid ""
+"<option>user-find</option> <optional><option>-d,--domain</option> DOMAIN</"
+"optional>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:99
+msgid ""
+"List all users with set overrides. If <emphasis>DOMAIN</emphasis> parameter "
+"is set, only users from the domain are listed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:107
+msgid "<option>user-show</option> <emphasis>NAME</emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:112
+msgid "Show user overrides."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:118
msgid "<option>user-import</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:85
+#: sss_override.8.xml:123
msgid ""
"Import user overrides from <emphasis>FILE</emphasis>. Data format is "
"similar to standard passwd file. The format is:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:90
-msgid "original_name:name:uid:gid:gecos:home:shell"
+#: sss_override.8.xml:128
+msgid "original_name:name:uid:gid:gecos:home:shell:base64_encoded_certificate"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:93
+#: sss_override.8.xml:131
msgid ""
"where original_name is original name of the user whose attributes should be "
"overridden. The rest of fields correspond to new values. You can omit a "
@@ -8320,29 +8737,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:102
+#: sss_override.8.xml:140
msgid "ckent:superman::::::"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:105
-msgid "ckent@krypton.com::501:501:Superman:/home/earth:/bin/bash"
+#: sss_override.8.xml:143
+msgid "ckent@krypton.com::501:501:Superman:/home/earth:/bin/bash:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:111
+#: sss_override.8.xml:149
msgid "<option>user-export</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:116
+#: sss_override.8.xml:154
msgid ""
"Export all overridden attributes and store them in <emphasis>FILE</"
"emphasis>. See <emphasis>user-import</emphasis> for data format."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:124
+#: sss_override.8.xml:162
msgid ""
"<option>group-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--"
"name</option> NAME</optional> <optional><option>-g,--gid</option> GID</"
@@ -8350,39 +8767,68 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:131
-msgid "Override attributes of a group."
+#: sss_override.8.xml:169
+msgid ""
+"Override attributes of a group. Please be aware that calling this command "
+"will replace any previous override for the (NAMEd) group."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:137
+#: sss_override.8.xml:177
msgid "<option>group-del</option> <emphasis>NAME</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:142
-msgid "Remove group overrides."
+#: sss_override.8.xml:182
+msgid ""
+"Remove group overrides. However be aware that overridden attributes might be "
+"returned from memory cache. Please see SSSD option "
+"<emphasis>memcache_timeout</emphasis> for more details."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:191
+msgid ""
+"<option>group-find</option> <optional><option>-d,--domain</option> DOMAIN</"
+"optional>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:196
+msgid ""
+"List all groups with set overrides. If <emphasis>DOMAIN</emphasis> "
+"parameter is set, only groups from the domain are listed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:204
+msgid "<option>group-show</option> <emphasis>NAME</emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:209
+msgid "Show group overrides."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:148
+#: sss_override.8.xml:215
msgid "<option>group-import</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:153
+#: sss_override.8.xml:220
msgid ""
"Import group overrides from <emphasis>FILE</emphasis>. Data format is "
"similar to standard group file. The format is:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:158
+#: sss_override.8.xml:225
msgid "original_name:name:gid"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:161
+#: sss_override.8.xml:228
msgid ""
"where original_name is original name of the group whose attributes should be "
"overridden. The rest of fields correspond to new values. You can omit a "
@@ -8390,41 +8836,41 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:170
+#: sss_override.8.xml:237
msgid "admins:administrators:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:173
+#: sss_override.8.xml:240
msgid "Domain Users:Users:501"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:179
+#: sss_override.8.xml:246
msgid "<option>group-export</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:184
+#: sss_override.8.xml:251
msgid ""
"Export all overridden attributes and store them in <emphasis>FILE</"
"emphasis>. See <emphasis>group-import</emphasis> for data format."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_override.8.xml:194
+#: sss_override.8.xml:261
#, fuzzy
#| msgid "OPTIONS"
msgid "COMMON OPTIONS"
msgstr "DIBARZHIOÙ"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_override.8.xml:196
+#: sss_override.8.xml:263
msgid "Those options are available with all commands."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:201
+#: sss_override.8.xml:268
#, fuzzy
#| msgid ""
#| "<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</"
@@ -9571,13 +10017,49 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_cache.8.xml:185
+#, fuzzy
+#| msgid ""
+#| "<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</"
+#| "replaceable>"
msgid ""
-"<option>-d</option>,<option>--domain</option> <replaceable>domain</"
+"<option>-r</option>,<option>--sudo-rule</option> <replaceable>rule</"
"replaceable>"
msgstr ""
+"<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</"
+"replaceable>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_cache.8.xml:190
+msgid "Invalidate particular sudo rule."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:196
+#, fuzzy
+#| msgid ""
+#| "<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</"
+#| "replaceable>"
+msgid "<option>-R</option>,<option>--sudo-rules</option>"
+msgstr ""
+"<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</"
+"replaceable>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:200
+msgid ""
+"Invalidate all cached sudo rules. This option overrides invalidation of "
+"specific sudo rule if it was also set."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:208
+msgid ""
+"<option>-d</option>,<option>--domain</option> <replaceable>domain</"
+"replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:213
msgid "Restrict invalidation process only to a particular domain."
msgstr ""
@@ -10057,13 +10539,13 @@ msgid ""
"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
"citerefentry> can be configured to use <command>sss_ssh_authorizedkeys</"
"command> for public key user authentication if it is compiled with support "
-"for either <quote>AuthorizedKeysCommand</quote> or <quote>PubkeyAgent</"
-"quote> <citerefentry> <refentrytitle>sshd_config</refentrytitle> "
-"<manvolnum>5</manvolnum></citerefentry> options."
+"for <quote>AuthorizedKeysCommand</quote> option. Please refer to the "
+"<citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</"
+"manvolnum></citerefentry> man page for more details about this option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sss_ssh_authorizedkeys.1.xml:58
+#: sss_ssh_authorizedkeys.1.xml:59
#, no-wrap
msgid ""
" AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n"
@@ -10071,7 +10553,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:51
+#: sss_ssh_authorizedkeys.1.xml:52
msgid ""
"If <quote>AuthorizedKeysCommand</quote> is supported, "
"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
@@ -10081,36 +10563,19 @@ msgid ""
"\" id=\"0\"/>"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sss_ssh_authorizedkeys.1.xml:70
-#, no-wrap
-msgid "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:63
-msgid ""
-"If <quote>PubkeyAgent</quote> is supported, "
-"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
-"citerefentry> can be configured to use it by using the following directive "
-"for <citerefentry> <refentrytitle>sshd</refentrytitle> <manvolnum>8</"
-"manvolnum></citerefentry> configuration: <placeholder type=\"programlisting"
-"\" id=\"0\"/>"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_ssh_authorizedkeys.1.xml:85
+#: sss_ssh_authorizedkeys.1.xml:75
msgid ""
"Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_ssh_authorizedkeys.1.xml:94 sss_ssh_knownhostsproxy.1.xml:92
+#: sss_ssh_authorizedkeys.1.xml:84 sss_ssh_knownhostsproxy.1.xml:92
msgid "EXIT STATUS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:96 sss_ssh_knownhostsproxy.1.xml:94
+#: sss_ssh_authorizedkeys.1.xml:86 sss_ssh_knownhostsproxy.1.xml:94
msgid ""
"In case of success, an exit value of 0 is returned. Otherwise, 1 is returned."
msgstr ""
@@ -10497,7 +10962,7 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:137 include/ldap_id_mapping.xml:189
+#: include/ldap_id_mapping.xml:137 include/ldap_id_mapping.xml:191
msgid "Default: 200000"
msgstr ""
@@ -10554,11 +11019,12 @@ msgstr ""
msgid ""
"For example, if your most recently-added Active Directory user has "
"objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, "
-"<quote>ldap_idmap_range_size</quote> must be at least 1107."
+"<quote>ldap_idmap_range_size</quote> must be at least 1108 as range size is "
+"equal to maximal SID minus minimal SID plus one (e.g. 1108 = 1107 - 0 + 1)."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:184
+#: include/ldap_id_mapping.xml:186
msgid ""
"It is important to plan ahead for future expansion, as changing this value "
"will result in changing all of the ID mappings on the system, leading to "
@@ -10566,12 +11032,12 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:194
+#: include/ldap_id_mapping.xml:196
msgid "ldap_idmap_default_domain_sid (string)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:197
+#: include/ldap_id_mapping.xml:199
msgid ""
"Specify the domain SID of the default domain. This will guarantee that this "
"domain will always be assigned to slice zero in the ID map, bypassing the "
@@ -10579,36 +11045,36 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:208
+#: include/ldap_id_mapping.xml:210
msgid "ldap_idmap_default_domain (string)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:211
+#: include/ldap_id_mapping.xml:213
msgid "Specify the name of the default domain."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:219
+#: include/ldap_id_mapping.xml:221
msgid "ldap_idmap_autorid_compat (boolean)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:222
+#: include/ldap_id_mapping.xml:224
msgid ""
"Changes the behavior of the ID-mapping algorithm to behave more similarly to "
"winbind's <quote>idmap_autorid</quote> algorithm."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:227
+#: include/ldap_id_mapping.xml:229
msgid ""
"When this option is configured, domains will be allocated starting with "
"slice zero and increasing monatomically with each additional domain."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:232
+#: include/ldap_id_mapping.xml:234
msgid ""
"NOTE: This algorithm is non-deterministic (it depends on the order that "
"users and groups are requested). If this mode is required for compatibility "
@@ -10617,13 +11083,34 @@ msgid ""
"least one domain is consistently allocated to slice zero."
msgstr ""
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:249
+msgid "ldap_idmap_helper_table_size (integer)"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:252
+msgid ""
+"Maximal number of secondary slices that is tried when performing mapping "
+"from UNIX id to SID."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:256
+msgid ""
+"Note: Additional secondary slices might be generated when SID is being "
+"mapped to UNIX id and RID part of SID is out of range for secondary slices "
+"generated so far. If value of ldap_idmap_helper_table_size is equal to 0 "
+"then no additional secondary slices are generated."
+msgstr ""
+
#. type: Content of: <refsect1><refsect2><title>
-#: include/ldap_id_mapping.xml:251
+#: include/ldap_id_mapping.xml:273
msgid "Well-Known SIDs"
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:253
+#: include/ldap_id_mapping.xml:275
msgid ""
"SSSD supports to look up the names of Well-Known SIDs, i.e. SIDs with a "
"special hardcoded meaning. Since the generic users and groups related to "
@@ -10632,51 +11119,51 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:259
+#: include/ldap_id_mapping.xml:281
msgid ""
"The SID name space is organized in authorities which can be seen as "
"different domains. The authorities for the Well-Known SIDs are"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:262
+#: include/ldap_id_mapping.xml:284
msgid "Null Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:263
+#: include/ldap_id_mapping.xml:285
msgid "World Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:264
+#: include/ldap_id_mapping.xml:286
msgid "Local Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:265
+#: include/ldap_id_mapping.xml:287
msgid "Creator Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:266
+#: include/ldap_id_mapping.xml:288
msgid "NT Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:267
+#: include/ldap_id_mapping.xml:289
msgid "Built-in"
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:269
+#: include/ldap_id_mapping.xml:291
msgid ""
"The capitalized version of these names are used as domain names when "
"returning the fully qualified name of a Well-Known SID."
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:273
+#: include/ldap_id_mapping.xml:295
msgid ""
"Since some utilities allow to modify SID based access control information "
"with the help of a name instead of using the SID directly SSSD supports to "
diff --git a/src/man/po/ca.po b/src/man/po/ca.po
index e85b1664b..2fb8e0943 100644
--- a/src/man/po/ca.po
+++ b/src/man/po/ca.po
@@ -14,8 +14,8 @@ msgid ""
msgstr ""
"Project-Id-Version: sssd-docs 1.12.90\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2015-09-30 11:58+0200\n"
-"PO-Revision-Date: 2015-09-29 10:29-0400\n"
+"POT-Creation-Date: 2016-06-20 21:22+0200\n"
+"PO-Revision-Date: 2015-10-18 04:13-0400\n"
"Last-Translator: Robert Antoni Buj Gelonch <rbuj@fedoraproject.org>\n"
"Language-Team: Catalan (http://www.transifex.com/projects/p/sssd/language/"
"ca/)\n"
@@ -24,7 +24,7 @@ msgstr ""
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=2; plural=(n != 1);\n"
-"X-Generator: Zanata 3.7.2\n"
+"X-Generator: Zanata 3.8.4\n"
#. type: Content of: <reference><title>
#: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5
@@ -37,7 +37,7 @@ msgstr ""
#: sss_rpcidmapd.5.xml:5 sss_ssh_authorizedkeys.1.xml:5
#: sss_ssh_knownhostsproxy.1.xml:5
msgid "SSSD Manual pages"
-msgstr "Pàgines de manual de l'SSSD"
+msgstr "Pàgines del manual de l'SSSD"
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sss_groupmod.8.xml:10 sss_groupmod.8.xml:15
@@ -69,7 +69,7 @@ msgstr ""
"replaceable></arg> <arg choice='plain'> <replaceable>GRUP</replaceable></arg>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:53
+#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:56
#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21
#: sssd-ad.5.xml:21 sssd-sudo.5.xml:21 sssd.8.xml:29 sss_obfuscate.8.xml:30
#: sss_override.8.xml:30 sss_useradd.8.xml:30 sssd-krb5.5.xml:21
@@ -90,11 +90,11 @@ msgstr ""
"que s'especifiquen a la línia d'ordres."
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:39 pam_sss.8.xml:60 sssd.8.xml:42 sss_obfuscate.8.xml:58
+#: sss_groupmod.8.xml:39 pam_sss.8.xml:63 sssd.8.xml:42 sss_obfuscate.8.xml:58
#: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
#: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
#: sss_cache.8.xml:38 sss_debuglevel.8.xml:38 sss_seed.8.xml:42
-#: sss_ssh_authorizedkeys.1.xml:76 sss_ssh_knownhostsproxy.1.xml:62
+#: sss_ssh_authorizedkeys.1.xml:66 sss_ssh_knownhostsproxy.1.xml:62
msgid "OPTIONS"
msgstr "OPCIONS"
@@ -114,9 +114,9 @@ msgid ""
"replaceable> parameter. The <replaceable>GROUPS</replaceable> parameter is "
"a comma separated list of group names."
msgstr ""
-"Afegiu aquest grup als grups especificats pel paràmetre de "
-"<replaceable>GRUPS</replaceable> . El paràmetre de <replaceable>GRUPS</"
-"replaceable> és una llista delimitada per comes dels noms de grup."
+"Afegeix aquest grup als grups especificats amb el paràmetre "
+"<replaceable>GRUPS</replaceable>. El paràmetre <replaceable>GRUPS</"
+"replaceable> és una llista delimitada per comes dels noms dels grups."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_groupmod.8.xml:57 sss_usermod.8.xml:91
@@ -133,7 +133,7 @@ msgid ""
"Remove this group from groups specified by the <replaceable>GROUPS</"
"replaceable> parameter."
msgstr ""
-"Suprimeix aquest grup dels grups especificats pel paràmetre "
+"Suprimeix aquest grup dels grups especificats amb el paràmetre "
"<replaceable>GRUPS</replaceable>."
#. type: Content of: <reference><refentry><refnamediv><refname>
@@ -153,17 +153,17 @@ msgstr "5"
#: sssd-ipa.5.xml:12 sssd-ad.5.xml:12 sssd-sudo.5.xml:12 sssd-krb5.5.xml:12
#: sssd-ifp.5.xml:12 sss_rpcidmapd.5.xml:28
msgid "File Formats and Conventions"
-msgstr "Formats de fitxer i convencions"
+msgstr "Formats i convencions dels fitxers"
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
#: sssd.conf.5.xml:17
msgid "the configuration file for SSSD"
-msgstr "l'arxiu de configuració per a SSSD"
+msgstr "el fitxer de configuració per a l'SSSD"
#. type: Content of: <reference><refentry><refsect1><title>
#: sssd.conf.5.xml:21
msgid "FILE FORMAT"
-msgstr "FORMAT DE FITXER"
+msgstr "FORMAT DEL FITXER"
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
#: sssd.conf.5.xml:29
@@ -174,6 +174,10 @@ msgid ""
"<replaceable>key2</replaceable> = <replaceable>value2,value3</replaceable>\n"
" "
msgstr ""
+"<replaceable>[secció]</replaceable>\n"
+"<replaceable>clau</replaceable> = <replaceable>valor</replaceable>\n"
+"<replaceable>clau2</replaceable> = <replaceable>valor2,valor3</replaceable>\n"
+" "
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd.conf.5.xml:24
@@ -183,11 +187,11 @@ msgid ""
"until the next section begins. An example of section with single and multi-"
"valued parameters: <placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
-"El fitxer utilitza un estil de sintaxi del tipu ini i consisteix en seccions "
-"i paràmetres.\n"
-"Una secció comença amb el nom de la secció entre claudàtors i continua fins "
-"que comença la següent secció. Un exemple de secció amb paràmetres simples i "
-"múltiples: <placeholder type=\"programlisting\" id=\"0\"/>"
+"El fitxer té un estil de sintaxi del tipus ini i està format per seccions i "
+"paràmetres. Una secció comença amb el nom de la secció entre claudàtors i "
+"continua fins a l'inici de la següent secció. Un exemple de secció amb "
+"paràmetres amb un sol valor i amb valors múltiples: <placeholder type="
+"\"programlisting\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd.conf.5.xml:36
@@ -195,8 +199,8 @@ msgid ""
"The data types used are string (no quotes needed), integer and bool (with "
"values of <quote>TRUE/FALSE</quote>)."
msgstr ""
-"Els tipus de dades utilitzats són cadenes (no es necessiten cometes), enters "
-"i booleans (amb valors de <quote>TRUE/FALSE</quote>)."
+"Els tipus de dades que s'utilitzen són cadenes (no necessiten cometes), "
+"enters i booleans (amb valors <quote>TRUE/FALSE</quote>)."
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd.conf.5.xml:41
@@ -204,6 +208,9 @@ msgid ""
"A line comment starts with a hash sign (<quote>#</quote>) or a semicolon "
"(<quote>;</quote>). Inline comments are not supported."
msgstr ""
+"Una línia de comentari comença amb un signe de coixinet (<quote>#</quote>) o "
+"un signe de punt i coma (<quote>;</quote>). Els comentaris en línia no "
+"estan admesos."
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd.conf.5.xml:47
@@ -212,7 +219,8 @@ msgid ""
"parameter. Its function is only as a label for the section."
msgstr ""
"Totes les seccions poden tenir un paràmetre opcional de "
-"<replaceable>descripció</replaceable>. Serveix només per etiquetar la secció."
+"<replaceable>descripció</replaceable>. La seva funció tan sols és una "
+"etiqueta per a la secció."
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd.conf.5.xml:53
@@ -220,134 +228,160 @@ msgid ""
"<filename>sssd.conf</filename> must be a regular file, owned by root and "
"only root may read from or write to the file."
msgstr ""
-"<filename>sssd.conf</filename> ha de ser un fitxer normal, amb propietat de "
-"root i només l'usuari root ha de poder llegir o escriure a l'arxiu."
+"<filename>sssd.conf</filename> ha de ser un fitxer normal, amb root com a "
+"propietari i només l'usuari root hi pot llegir o escriure."
#. type: Content of: <reference><refentry><refsect1><title>
#: sssd.conf.5.xml:59
msgid "GENERAL OPTIONS"
-msgstr ""
+msgstr "OPCIONS GENERALS"
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd.conf.5.xml:61
msgid "Following options are usable in more than one configuration sections."
msgstr ""
+"Les següents opcions es poden utilitzar en més d'una secció de configuració."
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
#: sssd.conf.5.xml:65
msgid "Options usable in all sections"
-msgstr ""
+msgstr "Opcions que es poden utilitzar en totes les seccions"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:69
msgid "debug_level (integer)"
-msgstr "debug_level (Enter)"
+msgstr "debug_level (enter)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:73
-msgid "debug_timestamps (bool)"
-msgstr "debug_timestamps (bool)"
+#, fuzzy
+#| msgid "debug_level (integer)"
+msgid "debug (integer)"
+msgstr "debug_level (enter)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:76
msgid ""
+"SSSD 1.14 and later also includes the <replaceable>debug</replaceable> alias "
+"for <replaceable>debug_level</replaceable> as a convenience feature. If both "
+"are specified, the value of <replaceable>debug_level</replaceable> will be "
+"used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:86
+msgid "debug_timestamps (bool)"
+msgstr "debug_timestamps (booleà)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:89
+msgid ""
"Add a timestamp to the debug messages. If journald is enabled for SSSD "
"debug logging this option is ignored."
msgstr ""
+"Afegeix una marca temporal al registre de depuració. Si el journald està "
+"habilitat per enregistrar la depuració de l'SSSD, aleshores s'ignora aquesta "
+"opció."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:81 sssd.conf.5.xml:605 sssd.conf.5.xml:1081
-#: sssd-ldap.5.xml:1647 sssd-ldap.5.xml:1744 sssd-ldap.5.xml:1806
-#: sssd-ldap.5.xml:2363 sssd-ldap.5.xml:2428 sssd-ldap.5.xml:2446
-#: sssd-ipa.5.xml:405 sssd-ipa.5.xml:440 sssd-ad.5.xml:166 sssd-ad.5.xml:264
-#: sssd-ad.5.xml:733 sssd-ad.5.xml:852 sssd-krb5.5.xml:499
+#: sssd.conf.5.xml:94 sssd.conf.5.xml:672 sssd.conf.5.xml:1207
+#: sssd-ldap.5.xml:1665 sssd-ldap.5.xml:1762 sssd-ldap.5.xml:1824
+#: sssd-ldap.5.xml:2381 sssd-ldap.5.xml:2446 sssd-ldap.5.xml:2464
+#: sssd-ipa.5.xml:405 sssd-ipa.5.xml:440 sssd-ad.5.xml:174 sssd-ad.5.xml:272
+#: sssd-ad.5.xml:809 sssd-ad.5.xml:928 sssd-krb5.5.xml:499
msgid "Default: true"
msgstr "Per defecte: true"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:86
+#: sssd.conf.5.xml:99
msgid "debug_microseconds (bool)"
-msgstr ""
+msgstr "debug_microseconds (booleà)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:89
+#: sssd.conf.5.xml:102
msgid ""
"Add microseconds to the timestamp in debug messages. If journald is enabled "
"for SSSD debug logging this option is ignored."
msgstr ""
+"Afegeix els mil·lisegons a les marques temporals als missatges de depuració. "
+"Si el journald està habilitat per enregistrar la depuració de l'SSSD, "
+"aleshores s'ignora aquesta opció."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:94 sssd.conf.5.xml:1035 sssd.conf.5.xml:2164
-#: sssd-ldap.5.xml:692 sssd-ldap.5.xml:1521 sssd-ldap.5.xml:1540
-#: sssd-ldap.5.xml:1716 sssd-ldap.5.xml:2133 sssd-ipa.5.xml:139
+#: sssd.conf.5.xml:107 sssd.conf.5.xml:1161 sssd.conf.5.xml:2456
+#: sssd-ldap.5.xml:692 sssd-ldap.5.xml:1539 sssd-ldap.5.xml:1558
+#: sssd-ldap.5.xml:1734 sssd-ldap.5.xml:2151 sssd-ipa.5.xml:139
#: sssd-ipa.5.xml:211 sssd-ipa.5.xml:542 sssd-krb5.5.xml:266
#: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471
msgid "Default: false"
msgstr "Per defecte: false"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:67 sssd.conf.5.xml:105 sssd-ldap.5.xml:2171
+#: sssd.conf.5.xml:67 sssd.conf.5.xml:118 sssd-ldap.5.xml:2189
msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
-msgstr ""
+msgstr "<placeholder type=\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:103
+#: sssd.conf.5.xml:116
msgid "Options usable in SERVICE and DOMAIN sections"
-msgstr ""
+msgstr "Opcions que es poden utilitzar a les seccions SERVEI i DOMINI"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:107
+#: sssd.conf.5.xml:120
msgid "timeout (integer)"
-msgstr "timeout (Enter)"
+msgstr "timeout (enter)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:110
+#: sssd.conf.5.xml:123
msgid ""
"Timeout in seconds between heartbeats for this service. This is used to "
"ensure that the process is alive and capable of answering requests."
msgstr ""
+"El temps d'expiració entre els batecs per aquest servei. S'utilitza per "
+"assegurar que el procés età viu i és capaç de respondre a les peticions."
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:115 sssd.conf.5.xml:999 sssd-ldap.5.xml:1392
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:128 sssd.conf.5.xml:1125 sssd-ldap.5.xml:1410
+#: include/ldap_id_mapping.xml:264
msgid "Default: 10"
msgstr "Per defecte: 10"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:125
+#: sssd.conf.5.xml:138
msgid "SPECIAL SECTIONS"
msgstr "SECCIONS ESPECIALS"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:128
+#: sssd.conf.5.xml:141
msgid "The [sssd] section"
msgstr "La secció [sssd]"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:137 sssd.conf.5.xml:2272
+#: sssd.conf.5.xml:150 sssd.conf.5.xml:2472
msgid "Section parameters"
msgstr "Paràmetres de la secció"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:139
+#: sssd.conf.5.xml:152
msgid "config_file_version (integer)"
msgstr "config_file_version (enter)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:142
+#: sssd.conf.5.xml:155
msgid ""
"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use "
"version 2."
msgstr ""
-"Indica quina és la sintaxi de l'arxiu de configuració. L'SSSD 0.6.0 i "
-"posteriors fan servir la versió 2."
+"Indica quina és la sintaxi del fitxer de configuració. La versió 0.6.0 i les "
+"posteriors versions de l'SSSD utilitzen la versió 2."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:148
+#: sssd.conf.5.xml:161
msgid "services"
-msgstr "serveis"
+msgstr "services"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:151
+#: sssd.conf.5.xml:164
msgid ""
"Comma separated list of services that are started when sssd itself starts."
msgstr ""
@@ -355,40 +389,45 @@ msgstr ""
"sssd."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:155
+#: sssd.conf.5.xml:168
msgid ""
"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> "
"<phrase condition=\"with_autofs\">, autofs</phrase> <phrase condition="
"\"with_ssh\">, ssh</phrase> <phrase condition=\"with_pac_responder\">, pac</"
"phrase> <phrase condition=\"with_ifp\">, ifp</phrase>"
msgstr ""
+"Serveis admesos: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> "
+"<phrase condition=\"with_autofs\">, autofs</phrase> <phrase condition="
+"\"with_ssh\">, ssh</phrase> <phrase condition=\"with_pac_responder\">, pac</"
+"phrase> <phrase condition=\"with_ifp\">, ifp</phrase>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:165 sssd.conf.5.xml:390
+#: sssd.conf.5.xml:178 sssd.conf.5.xml:468
msgid "reconnection_retries (integer)"
-msgstr "reconnection_retries (Enter)"
+msgstr "reconnection_retries (enter)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:168 sssd.conf.5.xml:393
+#: sssd.conf.5.xml:181 sssd.conf.5.xml:471
msgid ""
"Number of times services should attempt to reconnect in the event of a Data "
"Provider crash or restart before they give up"
msgstr ""
-"Nombre de vegades que els serveis haurien d'intentar reconnectar en cas de "
-"caiguda del Proveïdor de Dades o reiniciar abans de donar-se per vençuts"
+"El nombre de vegades que els serveis haurien d'intentar tornar a connectar "
+"en cas de caiguda o reinici del proveïdor de dades abans de donar-se per "
+"vençuts"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:173 sssd.conf.5.xml:398
+#: sssd.conf.5.xml:186 sssd.conf.5.xml:476
msgid "Default: 3"
msgstr "Per defecte: 3"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:178
+#: sssd.conf.5.xml:191
msgid "domains"
-msgstr "dominis"
+msgstr "domains"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:181
+#: sssd.conf.5.xml:194
msgid ""
"A domain is a database containing user information. SSSD can use more "
"domains at the same time, but at least one must be configured or SSSD won't "
@@ -396,185 +435,211 @@ msgid ""
"them to be queried. A domain name should only consist of alphanumeric ASCII "
"characters, dashes, dots and underscores."
msgstr ""
+"Un domini és una base de dades que conté la informació de l'usuari. L'SSSD "
+"pot utilitzar més d'un domini al mateix temps, però com a mínim se n'ha de "
+"configurar un o no s'iniciarà l'SSSD. En aquest paràmetre es descriuen la "
+"llista dels dominis en l'ordre que vulgueu que es consultin. Un nom de "
+"domini tan sols pot consistir de caràcters alfanumèrics ASCII, guions, punts "
+"i guions baixos."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:193 sssd.conf.5.xml:1947
+#: sssd.conf.5.xml:206 sssd.conf.5.xml:2105
msgid "re_expression (string)"
msgstr "re_expression (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:196
+#: sssd.conf.5.xml:209
msgid ""
"Default regular expression that describes how to parse the string containing "
"user name and domain into these components."
msgstr ""
+"L'expressió regular per defecte que descriu com analitzar la cadena que "
+"conté el nom d'usuari i el domini en aquests components."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:201
+#: sssd.conf.5.xml:214
msgid ""
"Each domain can have an individual regular expression configured. For some "
"ID providers there are also default regular expressions. See DOMAIN "
"SECTIONS for more info on these regular expressions."
msgstr ""
+"Cadascun dels dominis pot tenir una expressió regular configurada de forma "
+"individual. Per alguns proveïdors d'id. també hi ha expressions regulars per "
+"defecte. Vegeu les SECCIONS DELS DOMINIS per a més informació sobre aquestes "
+"expressions regulars."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:210 sssd.conf.5.xml:1998
+#: sssd.conf.5.xml:223 sssd.conf.5.xml:2156
msgid "full_name_format (string)"
msgstr "full_name_format (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:213 sssd.conf.5.xml:2001
+#: sssd.conf.5.xml:226 sssd.conf.5.xml:2159
msgid ""
"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
"manvolnum> </citerefentry>-compatible format that describes how to compose a "
"fully qualified name from user name and domain name components."
msgstr ""
+"Un format compatible amb <citerefentry> <refentrytitle>printf</"
+"refentrytitle> <manvolnum>3</manvolnum> </citerefentry>-que descriu com "
+"compondre un FQN des dels components del nom d'usuari i del nom del domini."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:224 sssd.conf.5.xml:2012
+#: sssd.conf.5.xml:237 sssd.conf.5.xml:2170
msgid "%1$s"
-msgstr ""
+msgstr "%1$s"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:225 sssd.conf.5.xml:2013
+#: sssd.conf.5.xml:238 sssd.conf.5.xml:2171
msgid "user name"
-msgstr ""
+msgstr "nom d'usuari"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:228 sssd.conf.5.xml:2016
+#: sssd.conf.5.xml:241 sssd.conf.5.xml:2174
msgid "%2$s"
-msgstr ""
+msgstr "%2$s"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:231 sssd.conf.5.xml:2019
+#: sssd.conf.5.xml:244 sssd.conf.5.xml:2177
msgid "domain name as specified in the SSSD config file."
msgstr ""
+"el nom del domini tal com s'especifica al fitxer de configuració de l'SSSD."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:237 sssd.conf.5.xml:2025
+#: sssd.conf.5.xml:250 sssd.conf.5.xml:2183
msgid "%3$s"
-msgstr ""
+msgstr "%3$s"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:240 sssd.conf.5.xml:2028
+#: sssd.conf.5.xml:253 sssd.conf.5.xml:2186
msgid ""
"domain flat name. Mostly usable for Active Directory domains, both directly "
"configured or discovered via IPA trusts."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:221 sssd.conf.5.xml:2009
+#: sssd.conf.5.xml:234 sssd.conf.5.xml:2167
msgid ""
"The following expansions are supported: <placeholder type=\"variablelist\" "
"id=\"0\"/>"
msgstr ""
+"S'admeten les següents ampliacions: <placeholder type=\"variablelist\" id="
+"\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:250
+#: sssd.conf.5.xml:263
msgid ""
"Each domain can have an individual format string configured. see DOMAIN "
"SECTIONS for more info on this option."
msgstr ""
+"Cadascun dels dominis pot tenir una cadena del format configurada de forma "
+"individual. Vegeu les SECCIONS DELS DOMINIS per a més informació sobre "
+"aquesta opció."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:256
+#: sssd.conf.5.xml:269
msgid "try_inotify (boolean)"
msgstr "try_inotify (booleà)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:259
+#: sssd.conf.5.xml:272
msgid ""
"SSSD monitors the state of resolv.conf to identify when it needs to update "
"its internal DNS resolver. By default, we will attempt to use inotify for "
"this, and will fall back to polling resolv.conf every five seconds if "
"inotify cannot be used."
msgstr ""
-"L'SSSD monitora l'estat de resolv.conf per a identificar quan cal "
-"actualitzar el seu traductor intern de DNS. Per defecte, s'intentarà "
-"utilitzar inotify per a això i recaurà en sondejar el resolv.conf cada cinc "
-"segons si inotify no es pot utilitzar."
+"L'SSSD monitora l'estat del resolv.conf per identificar quan cal actualitzar "
+"el seu traductor intern de DNS. Per defecte, s'intentarà utilitzar inotify "
+"per a això i recaurà en sondejar el resolv.conf cada cinc segons si no es "
+"pot utilitzar l'inotify."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:267
+#: sssd.conf.5.xml:280
msgid ""
"There are some limited situations where it is preferred that we should skip "
"even trying to use inotify. In these rare cases, this option should be set "
"to 'false'"
msgstr ""
-"Hi ha algunes situacions limitades on és preferit ometre fins i tot "
-"d'intentar utilitzar inotify. En aquests casos rars, s'hauria d'establir "
-"aquesta opció a 'false'"
+"Hi ha algunes situacions limitades on es prefereix ignorar fins i tot "
+"l'intent d'ús de l'inotify. En aquestes estranyes circumstàncies, s'hauria "
+"d'establir aquesta opció a «false»"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:273
+#: sssd.conf.5.xml:286
msgid ""
"Default: true on platforms where inotify is supported. False on other "
"platforms."
msgstr ""
-"Per defecte: true en plataformes on està suportat inotify. Fals en altres "
-"plataformes."
+"Per defecte: true en les plataformes on està suportat l'inotify. Fals en les "
+"altres plataformes."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:277
+#: sssd.conf.5.xml:290
msgid ""
"Note: this option will have no effect on platforms where inotify is "
"unavailable. On these platforms, polling will always be used."
msgstr ""
-"Nota: aquesta opció no afectarà a plataformes on inotify no està disponible. "
-"En aquestes plataformes, sempre s'utilitzarà el sondeig."
+"Nota: aquesta opció no afectarà les plataformes on l'inotify no està "
+"disponible. En aquestes plataformes, sempre s'utilitzarà el sondeig."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:284
+#: sssd.conf.5.xml:297
msgid "krb5_rcache_dir (string)"
-msgstr ""
+msgstr "krb5_rcache_dir (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:287
+#: sssd.conf.5.xml:300
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
msgstr ""
-"Directori al sistema de fitxers on el SSSD ha d'emmagatzemar els fitxers cau "
-"de Kerberos"
+"El directori al sistema de fitxers on l'SSSD ha d'emmagatzemar els fitxers "
+"cau de repetició del Kerberos."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:291
+#: sssd.conf.5.xml:304
msgid ""
"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct "
"SSSD to let libkrb5 decide the appropriate location for the replay cache."
msgstr ""
+"Aquesta opció accepta un valor especial __LIBKRB5_DEFAULTS__ que instruirà a "
+"l'SSSD per permetre a libkrb5 decidir la ubicació apropiada per a la memòria "
+"auxiliar de reproducció."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:297
+#: sssd.conf.5.xml:310
msgid ""
"Default: Distribution-specific and specified at build-time. "
"(__LIBKRB5_DEFAULTS__ if not configured)"
msgstr ""
+"Per defecte: Específic de la distribució i s'especifica en temps de "
+"construcció. (__LIBKRB5_DEFAULTS__ si no està configurat)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:304
+#: sssd.conf.5.xml:317
msgid "user (string)"
-msgstr ""
+msgstr "user (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:307
+#: sssd.conf.5.xml:320
msgid ""
"The user to drop the privileges to where appropriate to avoid running as the "
"root user."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:312
+#: sssd.conf.5.xml:325
msgid "Default: not set, process will run as root"
-msgstr ""
+msgstr "Per defecte: sense establir, els processos s'executaran com a root"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:317
+#: sssd.conf.5.xml:330
msgid "default_domain_suffix (string)"
-msgstr ""
+msgstr "default_domain_suffix (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:320
+#: sssd.conf.5.xml:333
msgid ""
"This string will be used as a default domain name for all names without a "
"domain name component. The main use case is environments where the primary "
@@ -582,9 +647,15 @@ msgid ""
"trusted domain. The option allows those users to log in just with their "
"user name without giving a domain name as well."
msgstr ""
+"Aquesta cadena s'utilitzarà un nom de domini per defecte per a tots els noms "
+"que no tinguin el component del nom del domini. El cas d'ús principal està "
+"als entorns on el domini principal està destinat a la gestió de les "
+"polítiques dels amfitrions i tots els usuaris es troben en un domini de "
+"confiança. L'opció permet que els usuaris iniciïn la sessió sols amb el seu "
+"nom d'usuari sense donar també un nom de domini."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:330
+#: sssd.conf.5.xml:343
msgid ""
"Please note that if this option is set all users from the primary domain "
"have to use their fully qualified name, e.g. user@domain.name, to log in. "
@@ -592,22 +663,27 @@ msgid ""
"is not allowed to use this option together with use_fully_qualified_names "
"set to False."
msgstr ""
+"Tingueu en compte que si s'estableix aquesta opció per a tots els usuaris "
+"des del domini principal, s'han d'utilitzar el seu FQN, p. ex. usuari@nom."
+"domini, per iniciar la sessió. En establir aquesta opció es canvia el "
+"predeterminat d'use_fully_qualified_names a True. No està permès l'ús "
+"d'aquesta opció juntament amb use_fully_qualified_names establert a False."
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:339 sssd-ldap.5.xml:663 sssd-ldap.5.xml:1480
-#: sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1574 sssd-ad.5.xml:576
-#: sssd-ad.5.xml:646 sssd-krb5.5.xml:410 sssd-krb5.5.xml:550
-#: include/ldap_id_mapping.xml:203 include/ldap_id_mapping.xml:214
+#: sssd.conf.5.xml:352 sssd-ldap.5.xml:663 sssd-ldap.5.xml:1498
+#: sssd-ldap.5.xml:1510 sssd-ldap.5.xml:1592 sssd-ad.5.xml:614
+#: sssd-ad.5.xml:689 sssd-krb5.5.xml:410 sssd-krb5.5.xml:550
+#: include/ldap_id_mapping.xml:205 include/ldap_id_mapping.xml:216
msgid "Default: not set"
-msgstr ""
+msgstr "Per defecte: sense establir"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:344
+#: sssd.conf.5.xml:357
msgid "override_space (string)"
-msgstr ""
+msgstr "override_space (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:347
+#: sssd.conf.5.xml:360
msgid ""
"This parameter will replace spaces (space bar) with the given character for "
"user and group names. e.g. (_). User name &quot;john doe&quot; will be "
@@ -617,7 +693,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:356
+#: sssd.conf.5.xml:369
msgid ""
"Please note it is a configuration error to use a replacement character that "
"might be used in user or group names. If a name contains the replacement "
@@ -626,12 +702,106 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:364
+#: sssd.conf.5.xml:377
msgid "Default: not set (spaces will not be replaced)"
+msgstr "Per defecte: sense establir (no se substituiran els espais)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:382
+#, fuzzy
+#| msgid "ldap_user_certificate (string)"
+msgid "certificate_verification (string)"
+msgstr "ldap_user_certificate (cadena)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:390
+msgid "no_ocsp"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:392
+msgid ""
+"Disables Online Certificate Status Protocol (OCSP) checks. This might be "
+"needed if the OCSP servers defined in the certificate are not reachable from "
+"the client."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:400
+msgid "no_verification"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:402
+msgid ""
+"Disables verification completely. This option should only be used for "
+"testing."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:408
+msgid "ocsp_default_responder=URL"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:410
+msgid ""
+"Sets the OCSP default responder which should be used instead of the one "
+"mentioned in the certificate. URL must be replaced with the URL of the OCSP "
+"default responder e.g. http://example.com:80/ocsp."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:416
+msgid ""
+"This option must be used together with ocsp_default_responder_signing_cert."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:424
+msgid "ocsp_default_responder_signing_cert=NAME"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:426
+msgid ""
+"The nickname of the cert to trust (expected) to sign the OCSP responses. "
+"The certificate with the given nickname must be availble in the systems NSS "
+"database."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:431
+#, fuzzy
+#| msgid "These options can be used to configure the InfoPipe responder."
+msgid "This option must be used together with ocsp_default_responder."
+msgstr ""
+"Es poden utilitzar aquestes opcions per configurar el contestador de "
+"l'InfoPipe."
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:385
+msgid ""
+"With this parameter the certificate verification can be tuned with a comma "
+"separated list of options. Supported options are: <placeholder type="
+"\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:438
+msgid "Unknown options are reported but ignored."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:441
+#, fuzzy
+#| msgid "Default: not set, i.e. service discovery is disabled"
+msgid "Default: not set, i.e. do not restrict certificate vertification"
msgstr ""
+"Defecte: no definit, és a dir, el descobriment de serveis està inhabilitat"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:130
+#: sssd.conf.5.xml:143
msgid ""
"Individual pieces of SSSD functionality are provided by special SSSD "
"services that are started and stopped together with SSSD. The services are "
@@ -640,20 +810,20 @@ msgid ""
"some other important options like the identity domains. <placeholder type="
"\"variablelist\" id=\"0\"/>"
msgstr ""
-"Parts concretes de la funcionalitat de l'SSSD les proveeixen serveis "
-"especials que s'inicien i s'aturen juntament amb l'SSSD. Els serveis es "
-"gestionen amb un servei especial anomenat <quote>monitor</quote>. La secció "
-"<quote>[sssd]</quote> s'utilitza per configurar el monitor així com altres "
-"opcions importants com les identitats de dominies. <placeholder type="
-"\"variablelist\" id=\"0\"/>"
+"Les peces individuals de la funcionalitat de l'SSSD es proporcionen amb "
+"serveis especials que s'inicien i s'aturen juntament amb l'SSSD. Els "
+"serveis es gestionen amb un servei especial anomenat <quote>monitor</quote>. "
+"La secció <quote>[sssd]</quote> s'utilitza per configurar el monitor així "
+"com altres opcions importants com els dominis d'identitats. <placeholder "
+"type=\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:375
+#: sssd.conf.5.xml:453
msgid "SERVICES SECTIONS"
-msgstr "SECCIONS DE SERVEIS"
+msgstr "SECCIONS DELS SERVEIS"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:377
+#: sssd.conf.5.xml:455
msgid ""
"Settings that can be used to configure different services are described in "
"this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -666,22 +836,22 @@ msgstr ""
"quote>"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:384
+#: sssd.conf.5.xml:462
msgid "General service configuration options"
msgstr "Opcions de configuració del servei general"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:386
+#: sssd.conf.5.xml:464
msgid "These options can be used to configure any service."
-msgstr "Aquestes opcions es poden utilitzar per a configurar qualsevol servei."
+msgstr "Es poden utilitzar aquestes opcions per configurar qualsevol servei."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:403
+#: sssd.conf.5.xml:481
msgid "fd_limit"
-msgstr ""
+msgstr "fd_limit"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:406
+#: sssd.conf.5.xml:484
msgid ""
"This option specifies the maximum number of file descriptors that may be "
"opened at one time by this SSSD process. On systems where SSSD is granted "
@@ -691,17 +861,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:415
+#: sssd.conf.5.xml:493
msgid "Default: 8192 (or limits.conf \"hard\" limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:420
+#: sssd.conf.5.xml:498
msgid "client_idle_timeout"
-msgstr ""
+msgstr "client_idle_timeout"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:423
+#: sssd.conf.5.xml:501
msgid ""
"This option specifies the number of seconds that a client of an SSSD process "
"can hold onto a file descriptor without communicating on it. This value is "
@@ -709,19 +879,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:430 sssd.conf.5.xml:446 sssd.conf.5.xml:478
-#: sssd.conf.5.xml:736 sssd.conf.5.xml:922 sssd.conf.5.xml:1289
-#: sssd-ldap.5.xml:1219
+#: sssd.conf.5.xml:508 sssd.conf.5.xml:524 sssd.conf.5.xml:556
+#: sssd.conf.5.xml:803 sssd.conf.5.xml:995 sssd.conf.5.xml:1428
+#: sssd-ldap.5.xml:1237
msgid "Default: 60"
msgstr "Per defecte: 60"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:435 sssd.conf.5.xml:1278
+#: sssd.conf.5.xml:513 sssd.conf.5.xml:1417
msgid "force_timeout (integer)"
-msgstr ""
+msgstr "force_timeout (enter)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:438 sssd.conf.5.xml:1281
+#: sssd.conf.5.xml:516 sssd.conf.5.xml:1420
msgid ""
"If a service is not responding to ping checks (see the <quote>timeout</"
"quote> option), it is first sent the SIGTERM signal that instructs it to "
@@ -731,12 +901,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:451
+#: sssd.conf.5.xml:529
msgid "offline_timeout (integer)"
-msgstr ""
+msgstr "offline_timeout (enter)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:454
+#: sssd.conf.5.xml:532
msgid ""
"When SSSD switches to offline mode the amount of time before it tries to go "
"back online will increase based upon the time spent disconnected. This "
@@ -744,102 +914,50 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:461
+#: sssd.conf.5.xml:539
msgid "offline_timeout + random_offset"
-msgstr ""
+msgstr "offline_timeout + random_offset"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:464
+#: sssd.conf.5.xml:542
msgid ""
"The random offset can increment up to 30 seconds. After each unsuccessful "
"attempt to go online, the new interval is recalculated by the following:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:469
+#: sssd.conf.5.xml:547
msgid "new_interval = old_interval*2 + random_offset"
-msgstr ""
+msgstr "new_interval = old_interval*2 + random_offset"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:472
+#: sssd.conf.5.xml:550
msgid ""
"Note that the maximum length of each interval is currently limited to one "
"hour. If the calculated length of new_interval is greater than an hour, it "
"will be forced to one hour."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:483
-msgid "subdomain_inherit (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:486
-msgid ""
-"Specifies a list of configuration parameters that should be inherited by a "
-"subdomain. Please note that only selected parameters can be inherited. "
-"Currently the following options can be inherited:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:492
-msgid "ignore_group_members"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:495
-msgid "ldap_purge_cache_timeout"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:498 sssd-ldap.5.xml:1036
-msgid "ldap_use_tokengroups"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:501
-msgid "ldap_user_principal"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:506
-#, no-wrap
-msgid ""
-"subdomain_inherit = ldap_purge_cache_timeout\n"
-" "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:504
-msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:510 sssd.conf.5.xml:966 sssd.conf.5.xml:987
-#: sssd.conf.5.xml:1272 sssd-ldap.5.xml:1775
-msgid "Default: none"
-msgstr "Per defecte: none"
-
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:518
+#: sssd.conf.5.xml:564
msgid "NSS configuration options"
-msgstr "Opcions de configuració d'NSS"
+msgstr "Opcions de configuració de l'NSS"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:520
+#: sssd.conf.5.xml:566
msgid ""
"These options can be used to configure the Name Service Switch (NSS) service."
msgstr ""
-"Aquestes opcions es poden utilitzar per a configurar el servei de canvi de "
-"servei de nom (NSS)."
+"Es poden utilitzar aquestes opcions per configurar el servei del NSS (Name "
+"Service Switch)."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:525
+#: sssd.conf.5.xml:571
msgid "enum_cache_timeout (integer)"
-msgstr "enum_cache_timeout (Enter)"
+msgstr "enum_cache_timeout (enter)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:528
+#: sssd.conf.5.xml:574
msgid ""
"How many seconds should nss_sss cache enumerations (requests for info about "
"all users)"
@@ -848,17 +966,17 @@ msgstr ""
"(peticions d'informació sobre tots els usuaris)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:532
+#: sssd.conf.5.xml:578
msgid "Default: 120"
msgstr "Per defecte: 120"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:537
+#: sssd.conf.5.xml:583
msgid "entry_cache_nowait_percentage (integer)"
-msgstr "entry_cache_nowait_percentage (Enter)"
+msgstr "entry_cache_nowait_percentage (enter)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
+#: sssd.conf.5.xml:586
msgid ""
"The entry cache can be set to automatically update entries in the background "
"if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -869,7 +987,7 @@ msgstr ""
"valor entry_cache_timeout per al domini."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:546
+#: sssd.conf.5.xml:592
msgid ""
"For example, if the domain's entry_cache_timeout is set to 30s and "
"entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -877,7 +995,7 @@ msgid ""
"but the SSSD will go and update the cache on its own, so that future "
"requests will not need to block waiting for a cache update."
msgstr ""
-"Per exemple, si s'estableix entry_cache_timeout del domini a 30s i "
+"Per exemple, si s'estableix entry_cache_timeout del domini a 30 s i "
"entry_cache_nowait_percentage està establert a 50 (per cent), les entrades "
"que arriben després de 15 segons més enllà de l'última actualització de la "
"memòria cau es retornaran immediatament, però l'SSSD anirà actualitzant la "
@@ -885,7 +1003,7 @@ msgstr ""
"peticions que esperen per a una actualització de la memòria cau."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:556
+#: sssd.conf.5.xml:602
msgid ""
"Valid values for this option are 0-99 and represent a percentage of the "
"entry_cache_timeout for each domain. For performance reasons, this "
@@ -898,17 +1016,17 @@ msgstr ""
"(0 desactiva aquesta característica)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:564
+#: sssd.conf.5.xml:610
msgid "Default: 50"
-msgstr ""
+msgstr "Per defecte: 50"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:569
+#: sssd.conf.5.xml:615
msgid "entry_negative_timeout (integer)"
-msgstr "entry_negative_timeout (Enter)"
+msgstr "entry_negative_timeout (enter)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:572
+#: sssd.conf.5.xml:618
msgid ""
"Specifies for how many seconds nss_sss should cache negative cache hits "
"(that is, queries for invalid database entries, like nonexistent ones) "
@@ -920,36 +1038,73 @@ msgstr ""
"altra vegada."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:578 sssd.conf.5.xml:1059
+#: sssd.conf.5.xml:624 sssd.conf.5.xml:1185
msgid "Default: 15"
msgstr "Per defecte: 15"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:583
+#: sssd.conf.5.xml:629
+#, fuzzy
+#| msgid "autofs_negative_timeout (integer)"
+msgid "local_negative_timeout (integer)"
+msgstr "autofs_negative_timeout (enter)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:632
+#, fuzzy
+#| msgid ""
+#| "Specifies for how many seconds nss_sss should cache negative cache hits "
+#| "(that is, queries for invalid database entries, like nonexistent ones) "
+#| "before asking the back end again."
+msgid ""
+"Specifies for how many seconds nss_sss should keep local users and groups in "
+"negative cache before trying to look it up in the back end again."
+msgstr ""
+"Especifica quants segons nss_sss hauria d'emmagatzemar els intents de la "
+"memòria cau negatius (és a dir, consultes per a les entrades incorrectes de "
+"la base de dades, com les inexistents) abans de preguntar al rerefons una "
+"altra vegada."
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:637 sssd.conf.5.xml:983 sssd.conf.5.xml:2406 sssd.8.xml:79
+msgid "Default: 0"
+msgstr "Per defecte: 0"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:642
msgid "filter_users, filter_groups (string)"
msgstr "filter_users, filter_groups (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:586
+#: sssd.conf.5.xml:645
+msgid ""
+"Exclude certain users or groups from being fetched from the sss NSS "
+"database. This is particularly useful for system accounts. This option can "
+"also be set per-domain or include fully-qualified names to filter only users "
+"from the particular domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:652
msgid ""
-"Exclude certain users from being fetched from the sss NSS database. This is "
-"particularly useful for system accounts. This option can also be set per-"
-"domain or include fully-qualified names to filter only users from the "
-"particular domain."
+"NOTE: The filter_groups option doesn't affect inheritance of nested group "
+"members, since filtering happens after they are propagated for returning via "
+"NSS. E.g. a group having a member group filtered out will still have the "
+"member users of the latter listed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:593
+#: sssd.conf.5.xml:660
msgid "Default: root"
msgstr "Per defecte: root"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:598
+#: sssd.conf.5.xml:665
msgid "filter_users_in_groups (bool)"
msgstr "filter_users_in_groups (booleà)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:601
+#: sssd.conf.5.xml:668
msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
@@ -957,97 +1112,111 @@ msgstr ""
"aquesta opció a false."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:612
+#: sssd.conf.5.xml:679
msgid "fallback_homedir (string)"
-msgstr ""
+msgstr "fallback_homedir (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:615
+#: sssd.conf.5.xml:682
msgid ""
"Set a default template for a user's home directory if one is not specified "
"explicitly by the domain's data provider."
msgstr ""
+"Estableix una plantilla predeterminada per al directori inicial de l'usuari "
+"si no se n'especifica cap explícitament amb el proveïdor de dades del domini."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:620
+#: sssd.conf.5.xml:687
msgid ""
"The available values for this option are the same as for override_homedir."
msgstr ""
+"Els valors disponibles per aquesta opció són els mateixos que per "
+"override_homedir."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:626
+#: sssd.conf.5.xml:693
#, no-wrap
msgid ""
"fallback_homedir = /home/%u\n"
" "
msgstr ""
+"fallback_homedir = /home/%u\n"
+" "
#. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:624 sssd.conf.5.xml:981 sssd-krb5.5.xml:533
-#: include/override_homedir.xml:55
+#: sssd.conf.5.xml:691 sssd.conf.5.xml:1062 sssd.conf.5.xml:1081
+#: sssd-krb5.5.xml:533 include/override_homedir.xml:55
msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
-msgstr ""
+msgstr "exemple: <placeholder type=\"programlisting\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:630
+#: sssd.conf.5.xml:697
msgid "Default: not set (no substitution for unset home directories)"
msgstr ""
+"Per defecte: sense establir (cap substitució per als directoris inicials no "
+"establerts)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:636
+#: sssd.conf.5.xml:703
msgid "override_shell (string)"
-msgstr ""
+msgstr "override_shell (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:639
+#: sssd.conf.5.xml:706
msgid ""
"Override the login shell for all users. This option supersedes any other "
"shell options if it takes effect and can be set either in the [nss] section "
"or per-domain."
msgstr ""
+"Substitueix el shell d'inici de sessió per a tots els usuaris. Aquesta opció "
+"substitueix qualsevol de les altres opcions del shell si entra en vigor i es "
+"pot configurar ja sigui en la secció [nss] o per cada domini."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:645
+#: sssd.conf.5.xml:712
msgid "Default: not set (SSSD will use the value retrieved from LDAP)"
msgstr ""
+"Per defecte: sense establir (SSSD utilitzarà el valor recuperat del LDAP)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:651
+#: sssd.conf.5.xml:718
msgid "allowed_shells (string)"
-msgstr ""
+msgstr "allowed_shells (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:654
+#: sssd.conf.5.xml:721
msgid ""
"Restrict user shell to one of the listed values. The order of evaluation is:"
msgstr ""
+"Restringeix el shell de l'usuari a un dels valors llistats. L'ordre "
+"d'avaluació és:"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:657
+#: sssd.conf.5.xml:724
msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
-msgstr ""
+msgstr "1. Si el shell està present al <quote>/etc/shells</quote>, s'utilitza."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:661
+#: sssd.conf.5.xml:728
msgid ""
"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
"quote>, use the value of the shell_fallback parameter."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:666
+#: sssd.conf.5.xml:733
msgid ""
"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
"shells</quote>, a nologin shell is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:671
+#: sssd.conf.5.xml:738
msgid "The wildcard (*) can be used to allow any shell."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:674
+#: sssd.conf.5.xml:741
msgid ""
"The (*) is useful if you want to use shell_fallback in case that user's "
"shell is not in <quote>/etc/shells</quote> and maintaining list of all "
@@ -1055,103 +1224,116 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:681
+#: sssd.conf.5.xml:748
msgid "An empty string for shell is passed as-is to libc."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:684
+#: sssd.conf.5.xml:751
msgid ""
"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
"that a restart of the SSSD is required in case a new shell is installed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:688
+#: sssd.conf.5.xml:755
msgid "Default: Not set. The user shell is automatically used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:693
+#: sssd.conf.5.xml:760
msgid "vetoed_shells (string)"
-msgstr ""
+msgstr "vetoed_shells (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:696
+#: sssd.conf.5.xml:763
msgid "Replace any instance of these shells with the shell_fallback"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:701
+#: sssd.conf.5.xml:768
msgid "shell_fallback (string)"
-msgstr ""
+msgstr "shell_fallback (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:704
+#: sssd.conf.5.xml:771
msgid ""
"The default shell to use if an allowed shell is not installed on the machine."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:708
+#: sssd.conf.5.xml:775
msgid "Default: /bin/sh"
-msgstr ""
+msgstr "Per defecte: /bin/sh"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:713
+#: sssd.conf.5.xml:780
msgid "default_shell"
-msgstr ""
+msgstr "default_shell"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:716
+#: sssd.conf.5.xml:783
msgid ""
"The default shell to use if the provider does not return one during lookup. "
"This option can be specified globally in the [nss] section or per-domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:722
+#: sssd.conf.5.xml:789
msgid ""
"Default: not set (Return NULL if no shell is specified and rely on libc to "
"substitute something sensible when necessary, usually /bin/sh)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:729 sssd.conf.5.xml:915
+#: sssd.conf.5.xml:796 sssd.conf.5.xml:988
msgid "get_domains_timeout (int)"
-msgstr ""
+msgstr "get_domains_timeout (enter)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:732 sssd.conf.5.xml:918
+#: sssd.conf.5.xml:799 sssd.conf.5.xml:991
msgid ""
"Specifies time in seconds for which the list of subdomains will be "
"considered valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:741
+#: sssd.conf.5.xml:808
msgid "memcache_timeout (int)"
-msgstr ""
+msgstr "memcache_timeout (enter)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:744
+#: sssd.conf.5.xml:811
msgid ""
"Specifies time in seconds for which records in the in-memory cache will be "
-"valid"
+"valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:748 sssd-ldap.5.xml:706
+#: sssd.conf.5.xml:815 sssd.conf.5.xml:1299 sssd-ldap.5.xml:706
msgid "Default: 300"
msgstr "Per defecte: 300"
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:818
+#, fuzzy
+#| msgid ""
+#| "If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client "
+#| "applications will not use the fast in memory cache."
+msgid ""
+"NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", "
+"client applications will not use the fast in-memory cache."
+msgstr ""
+"Si la variable d'entorn SSS_NSS_USE_MEMCACHE està establerta a \"NO\", les "
+"aplicacions clients no utilitzaran el fast en la memòria cau."
+
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:753 sssd-ifp.5.xml:74
+#: sssd.conf.5.xml:826 sssd-ifp.5.xml:74
msgid "user_attributes (string)"
-msgstr ""
+msgstr "user_attributes (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:829
msgid ""
"Some of the additional NSS responder requests can return more attributes "
"than just the POSIX ones defined by the NSS interface. The list of "
@@ -1162,38 +1344,38 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:769
+#: sssd.conf.5.xml:842
msgid ""
"To make configuration more easy the NSS responder will check the InfoPipe "
"option if it is not set for the NSS responder."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:774
+#: sssd.conf.5.xml:847
msgid "Default: not set, fallback to InfoPipe option"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:781
+#: sssd.conf.5.xml:854
msgid "PAM configuration options"
-msgstr "Opcions de configuració de PAM"
+msgstr "Opcions de configuració del PAM"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:856
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
msgstr ""
-"Aquestes opcions s'utilitzen per configurar el servei de Pluggable "
-"Authentication Module (PAM)."
+"Es poden utilitzar aquestes opcions per configurar el servei del PAM "
+"(Pluggable Authentication Module)."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:788
+#: sssd.conf.5.xml:861
msgid "offline_credentials_expiration (integer)"
-msgstr "offline_credentials_expiration (Enter)"
+msgstr "offline_credentials_expiration (enter)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:791
+#: sssd.conf.5.xml:864
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
@@ -1203,17 +1385,17 @@ msgstr ""
"de sessió)."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:796 sssd.conf.5.xml:809
+#: sssd.conf.5.xml:869 sssd.conf.5.xml:882
msgid "Default: 0 (No limit)"
msgstr "Per defecte: 0 (sense límit)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:802
+#: sssd.conf.5.xml:875
msgid "offline_failed_login_attempts (integer)"
-msgstr "offline_failed_login_attempts (Enter)"
+msgstr "offline_failed_login_attempts (enter)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:805
+#: sssd.conf.5.xml:878
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
@@ -1222,12 +1404,12 @@ msgstr ""
"fallits es permet."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:815
+#: sssd.conf.5.xml:888
msgid "offline_failed_login_delay (integer)"
-msgstr "offline_failed_login_delay (Enter)"
+msgstr "offline_failed_login_delay (enter)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:818
+#: sssd.conf.5.xml:891
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
@@ -1237,7 +1419,7 @@ msgstr ""
"possible."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:823
+#: sssd.conf.5.xml:896
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -1245,17 +1427,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:829 sssd.conf.5.xml:882
+#: sssd.conf.5.xml:902 sssd.conf.5.xml:955
msgid "Default: 5"
msgstr "Per defecte: 5"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:835
+#: sssd.conf.5.xml:908
msgid "pam_verbosity (integer)"
-msgstr "pam_verbosity (Enter)"
+msgstr "pam_verbosity (enter)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:838
+#: sssd.conf.5.xml:911
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
@@ -1264,43 +1446,43 @@ msgstr ""
"l'autenticació. Com més gran sigui el nombre més missatges es mostren."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:843
+#: sssd.conf.5.xml:916
msgid "Currently sssd supports the following values:"
-msgstr "L'Sssd suporta actualment els següents valors:"
+msgstr "L'sssd actualment admet els següents valors:"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:846
+#: sssd.conf.5.xml:919
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr "<emphasis>0</emphasis>: no mostris cap missatge"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:849
+#: sssd.conf.5.xml:922
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr "<emphasis>1</emphasis>: Mostra només missatges importants"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:853
+#: sssd.conf.5.xml:926
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr "<emphasis>2</emphasis>: Mostra missatges informatius"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:856
+#: sssd.conf.5.xml:929
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
"<emphasis>3</emphasis>: Mostra tots els missatges i informació de depuració"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:860 sssd.8.xml:63
+#: sssd.conf.5.xml:933 sssd.8.xml:63
msgid "Default: 1"
msgstr "Per defecte: 1"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:865
+#: sssd.conf.5.xml:938
msgid "pam_id_timeout (integer)"
-msgstr "pam_id_timeout (Enter)"
+msgstr "pam_id_timeout (enter)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:941
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -1312,7 +1494,7 @@ msgstr ""
"l'última informació."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:874
+#: sssd.conf.5.xml:947
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
@@ -1321,22 +1503,22 @@ msgid ""
msgstr ""
"Una conversa completa de PAM pot realitzar múltiples peticions de PAM, com "
"ara la gestió del compte i la sessió d'inici. Aquesta opció controla (en "
-"base a aplicació per client) quant de temps (en segons) es pot emmagatzemar "
-"en memòria cau la informació d'identitat per evitar excessives peticions al "
-"proveïdor d'identitat."
+"funció d'una aplicació client) quant de temps (en segons) es pot "
+"emmagatzemar en memòria cau la informació d'identitat per evitar peticions "
+"excessives al proveïdor d'identitat."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:888
+#: sssd.conf.5.xml:961
msgid "pam_pwd_expiration_warning (integer)"
-msgstr ""
+msgstr "pam_pwd_expiration_warning (enter)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:891 sssd.conf.5.xml:1492
+#: sssd.conf.5.xml:964 sssd.conf.5.xml:1631
msgid "Display a warning N days before the password expires."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:894
+#: sssd.conf.5.xml:967
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -1344,119 +1526,199 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:900 sssd.conf.5.xml:1495
+#: sssd.conf.5.xml:973 sssd.conf.5.xml:1634
msgid ""
"If zero is set, then this filter is not applied, i.e. if the expiration "
"warning was received from backend server, it will automatically be displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:905
+#: sssd.conf.5.xml:978
msgid ""
"This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
"emphasis> for a particular domain."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:910 sssd.conf.5.xml:2224 sssd.8.xml:79
-msgid "Default: 0"
-msgstr "Per defecte: 0"
-
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:927
+#: sssd.conf.5.xml:1000
msgid "pam_trusted_users (string)"
-msgstr ""
+msgstr "pam_trusted_users (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:930
+#: sssd.conf.5.xml:1003
+#, fuzzy
+#| msgid ""
+#| "Specifies the comma-separated list of UID values or user names that are "
+#| "allowed to access the InfoPipe responder. User names are resolved to UIDs "
+#| "at startup."
msgid ""
"Specifies the comma-separated list of UID values or user names that are "
-"allowed to access the PAM responder. User names are resolved to UIDs at "
+"allowed to run PAM conversations against trusted domains. Users not "
+"included in this list can only access domains marked as public with "
+"<quote>pam_public_domains</quote>. User names are resolved to UIDs at "
"startup."
msgstr ""
+"Especifica una llista separada per comes dels valors dels UID o dels noms "
+"d'usuaris que estan assignats per accedir al contestador de l'InfoPipe. Els "
+"noms d'usuaris es resolen als UID en la preparació."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:936
-msgid "Default: all (All users are allowed to access the PAM responder)"
+#: sssd.conf.5.xml:1013
+msgid "Default: All users are considered trusted by default"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940
+#: sssd.conf.5.xml:1017
msgid ""
"Please note that UID 0 is always allowed to access the PAM responder even in "
"case it is not in the pam_trusted_users list."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:947
+#: sssd.conf.5.xml:1024
msgid "pam_public_domains (string)"
-msgstr ""
+msgstr "pam_public_domains (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:950
+#: sssd.conf.5.xml:1027
msgid ""
"Specifies the comma-separated list of domain names that are accessible even "
"to untrusted users."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:954
+#: sssd.conf.5.xml:1031
msgid "Two special values for pam_public_domains option are defined:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:958
+#: sssd.conf.5.xml:1035
msgid ""
"all (Untrusted users are allowed to access all domains in PAM responder.)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:962
+#: sssd.conf.5.xml:1039
msgid ""
"none (Untrusted users are not allowed to access any domains PAM in "
"responder.)"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1043 sssd.conf.5.xml:1068 sssd.conf.5.xml:1087
+#: sssd.conf.5.xml:1411 sssd.conf.5.xml:2342 sssd-ldap.5.xml:1793
+msgid "Default: none"
+msgstr "Per defecte: none"
+
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:971
+#: sssd.conf.5.xml:1048
msgid "pam_account_expired_message (string)"
+msgstr "pam_account_expired_message (cadena)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1051
+msgid ""
+"Allows a custom expiration message to be set, replacing the default "
+"'Permission denied' message."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:974
+#: sssd.conf.5.xml:1056
msgid ""
-"If user is authenticating using SSH keys and account is expired then by "
-"default 'Permission denied' is output. This output will be changed to "
-"content of this variable if it is set."
+"Note: Please be aware that message is only printed for the SSH service "
+"unless pam_verbostiy is set to 3 (show all messages and debug information)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:983
+#: sssd.conf.5.xml:1064
#, no-wrap
msgid ""
-"pam_account_expired_message = Account expired, please call help desk.\n"
+"pam_account_expired_message = Account expired, please contact help desk.\n"
" "
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:992
+#: sssd.conf.5.xml:1073
+#, fuzzy
+#| msgid "pam_account_expired_message (string)"
+msgid "pam_account_locked_message (string)"
+msgstr "pam_account_expired_message (cadena)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1076
+msgid ""
+"Allows a custom lockout message to be set, replacing the default 'Permission "
+"denied' message."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd.conf.5.xml:1083
+#, no-wrap
+msgid ""
+"pam_account_locked_message = Account locked, please contact help desk.\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1092
+#, fuzzy
+#| msgid "enumerate (bool)"
+msgid "pam_cert_auth (bool)"
+msgstr "enumerate (booleà)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1095
+msgid ""
+"Enable certificate based Smartcard authentication. Since this requires "
+"additional communication with the Smartcard which will delay the "
+"authentication process this option is disabled by default."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1101 sssd-ldap.5.xml:1021 sssd-ldap.5.xml:1048
+#: sssd-ldap.5.xml:1339 sssd-ldap.5.xml:1360 sssd-ldap.5.xml:1866
+#: include/ldap_id_mapping.xml:244
+msgid "Default: False"
+msgstr "Per defecte: False"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1106
+#, fuzzy
+#| msgid "krb5_confd_path (string)"
+msgid "pam_cert_db_path (string)"
+msgstr "krb5_confd_path (cadena)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1109
+msgid ""
+"The path to the certificate database which contain the PKCS#11 modules to "
+"access the Smartcard."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1113
+msgid "Default: /etc/pki/nssdb (NSS version)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1118
#, fuzzy
#| msgid "pam_id_timeout (integer)"
msgid "p11_child_timeout (integer)"
-msgstr "pam_id_timeout (Enter)"
+msgstr "pam_id_timeout (enter)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:995
+#: sssd.conf.5.xml:1121
msgid "How many seconds will pam_sss wait for p11_child to finish."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1008
+#: sssd.conf.5.xml:1134
msgid "SUDO configuration options"
-msgstr ""
+msgstr "Opcions de configuració de SUDO"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1010
+#: sssd.conf.5.xml:1136
msgid ""
"These options can be used to configure the sudo service. The detailed "
"instructions for configuration of <citerefentry> <refentrytitle>sudo</"
@@ -1465,36 +1727,44 @@ msgid ""
"</citerefentry> are in the manual page <citerefentry> <refentrytitle>sssd-"
"sudo</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
msgstr ""
+"Es poden utilitzar aquestes opcions per configurar el servei del sudo. Les "
+"instruccions detallades per la configuració del <citerefentry> "
+"<refentrytitle>sudo</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> "
+"perquè funcioni amb <citerefentry> <refentrytitle>sssd</refentrytitle> "
+"<manvolnum>8</manvolnum> </citerefentry> estan en la pàgina del manual "
+"<citerefentry> <refentrytitle>sssd-sudo</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry>."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1027
+#: sssd.conf.5.xml:1153
msgid "sudo_timed (bool)"
-msgstr ""
+msgstr "sudo_timed (booleà)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1030
+#: sssd.conf.5.xml:1156
msgid ""
"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
"that implement time-dependent sudoers entries."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1043
+#: sssd.conf.5.xml:1169
msgid "AUTOFS configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1045
+#: sssd.conf.5.xml:1171
msgid "These options can be used to configure the autofs service."
msgstr ""
+"Es poden utilitzar aquestes opcions per configurar el servei de l'autofs."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1049
+#: sssd.conf.5.xml:1175
msgid "autofs_negative_timeout (integer)"
-msgstr ""
+msgstr "autofs_negative_timeout (enter)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1052
+#: sssd.conf.5.xml:1178
msgid ""
"Specifies for how many seconds should the autofs responder negative cache "
"hits (that is, queries for invalid map entries, like nonexistent ones) "
@@ -1502,72 +1772,72 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1068
+#: sssd.conf.5.xml:1194
msgid "SSH configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1070
+#: sssd.conf.5.xml:1196
msgid "These options can be used to configure the SSH service."
-msgstr ""
+msgstr "Es poden utilitzar aquestes opcions per configurar el servei de l'SSH."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1074
+#: sssd.conf.5.xml:1200
msgid "ssh_hash_known_hosts (bool)"
-msgstr ""
+msgstr "ssh_hash_known_hosts (booleà)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1077
+#: sssd.conf.5.xml:1203
msgid ""
"Whether or not to hash host names and addresses in the managed known_hosts "
"file."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1086
+#: sssd.conf.5.xml:1212
msgid "ssh_known_hosts_timeout (integer)"
-msgstr ""
+msgstr "ssh_known_hosts_timeout (enter)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1089
+#: sssd.conf.5.xml:1215
msgid ""
"How many seconds to keep a host in the managed known_hosts file after its "
"host keys were requested."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1093
+#: sssd.conf.5.xml:1219
msgid "Default: 180"
-msgstr ""
+msgstr "Per defecte: 180"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1098
+#: sssd.conf.5.xml:1224
#, fuzzy
#| msgid "mail_dir (string)"
msgid "ca_db (string)"
msgstr "mail_dir (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1101
+#: sssd.conf.5.xml:1227
msgid ""
"Path to a storage of trusted CA certificates. The option is used to validate "
"user certificates before deriving public ssh keys from them."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1106
+#: sssd.conf.5.xml:1232
#, fuzzy
-#| msgid "Default: gecos"
+#| msgid "Default: /etc/krb5.keytab"
msgid "Default: /etc/pki/nssdb"
-msgstr "Per defecte: gecos"
+msgstr "Per defecte: /etc/krb5.keytab"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1114
+#: sssd.conf.5.xml:1240
msgid "PAC responder configuration options"
-msgstr ""
+msgstr "Opcions de configuració del contestador del PAC."
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1116
+#: sssd.conf.5.xml:1242
msgid ""
"The PAC responder works together with the authorization data plugin for MIT "
"Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the "
@@ -1579,7 +1849,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1125
+#: sssd.conf.5.xml:1251
msgid ""
"If the remote user does not exist in the cache, it is created. The uid is "
"determined with the help of the SID, trusted domains will have UPGs and the "
@@ -1590,24 +1860,25 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1133
+#: sssd.conf.5.xml:1259
msgid ""
"If there are SIDs of groups from domains sssd knows about, the user will be "
"added to those groups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1139
+#: sssd.conf.5.xml:1265
msgid "These options can be used to configure the PAC responder."
msgstr ""
+"Es poden utilitzar aquestes opcions per configurar el contestador del PAC."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1143 sssd-ifp.5.xml:50
+#: sssd.conf.5.xml:1269 sssd-ifp.5.xml:50
msgid "allowed_uids (string)"
-msgstr ""
+msgstr "allowed_uids (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1146
+#: sssd.conf.5.xml:1272
msgid ""
"Specifies the comma-separated list of UID values or user names that are "
"allowed to access the PAC responder. User names are resolved to UIDs at "
@@ -1615,12 +1886,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1152
+#: sssd.conf.5.xml:1278
msgid "Default: 0 (only the root user is allowed to access the PAC responder)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1156
+#: sssd.conf.5.xml:1282
msgid ""
"Please note that although the UID 0 is used as the default it will be "
"overwritten with this option. If you still want to allow the root user to "
@@ -1628,18 +1899,32 @@ msgid ""
"to the list of allowed UIDs as well."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1291
+#, fuzzy
+#| msgid "pam_id_timeout (integer)"
+msgid "pac_lifetime (integer)"
+msgstr "pam_id_timeout (enter)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1294
+msgid ""
+"Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC "
+"data can be used to determine the group memberships of a user."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1170
+#: sssd.conf.5.xml:1309
msgid "DOMAIN SECTIONS"
msgstr "SECCIONS DE DOMINI"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1177
+#: sssd.conf.5.xml:1316
msgid "min_id,max_id (integer)"
-msgstr "min_id, max_id (Enter)"
+msgstr "min_id, max_id (enter)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1180
+#: sssd.conf.5.xml:1319
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
@@ -1648,7 +1933,7 @@ msgstr ""
"fora d'aquests límits, s'ignora."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1185
+#: sssd.conf.5.xml:1324
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -1661,24 +1946,24 @@ msgstr ""
"com s'esperava."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1192
+#: sssd.conf.5.xml:1331
msgid ""
"These ID limits affect even saving entries to cache, not only returning them "
"by name or ID."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1196
+#: sssd.conf.5.xml:1335
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr "Per defecte: 1 per a min_id, 0 (sense límit) per a max_id"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1202
+#: sssd.conf.5.xml:1341
msgid "enumerate (bool)"
msgstr "enumerate (booleà)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1205
+#: sssd.conf.5.xml:1344
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
@@ -1687,22 +1972,22 @@ msgstr ""
"valors següents:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1209
+#: sssd.conf.5.xml:1348
msgid "TRUE = Users and groups are enumerated"
msgstr "TRUE = Els usuaris i grups s'enumeren"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1212
+#: sssd.conf.5.xml:1351
msgid "FALSE = No enumerations for this domain"
msgstr "FALSE = Cap enumeració per a aquest domini"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1215 sssd.conf.5.xml:1447 sssd.conf.5.xml:1614
+#: sssd.conf.5.xml:1354 sssd.conf.5.xml:1586 sssd.conf.5.xml:1753
msgid "Default: FALSE"
msgstr "Per defecte: FALSE"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1218
+#: sssd.conf.5.xml:1357
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -1714,7 +1999,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1231
+#: sssd.conf.5.xml:1370
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
@@ -1724,7 +2009,7 @@ msgstr ""
"finalitzi."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1236
+#: sssd.conf.5.xml:1375
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -1738,39 +2023,39 @@ msgstr ""
"ús."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1244
+#: sssd.conf.5.xml:1383
msgid ""
"For the reasons cited above, enabling enumeration is not recommended, "
"especially in large environments."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1252
+#: sssd.conf.5.xml:1391
msgid "subdomain_enumerate (string)"
-msgstr ""
+msgstr "subdomain_enumerate (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1259
+#: sssd.conf.5.xml:1398
msgid "all"
-msgstr ""
+msgstr "all"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1260
+#: sssd.conf.5.xml:1399
msgid "All discovered trusted domains will be enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1263
+#: sssd.conf.5.xml:1402
msgid "none"
-msgstr ""
+msgstr "none"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1264
+#: sssd.conf.5.xml:1403
msgid "No discovered trusted domains will be enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1255
+#: sssd.conf.5.xml:1394
msgid ""
"Whether any of autodetected trusted domains should be enumerated. The "
"supported values are: <placeholder type=\"variablelist\" id=\"0\"/> "
@@ -1779,21 +2064,21 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1295
+#: sssd.conf.5.xml:1434
msgid "entry_cache_timeout (integer)"
-msgstr "entry_cache_timeout (Enter)"
+msgstr "entry_cache_timeout (enter)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1298
+#: sssd.conf.5.xml:1437
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
msgstr ""
-"Quants segons l'nss_sss hauria de considerar les entrades vàlides abans de "
+"Quants segons el nss_sss hauria de considerar les entrades vàlides abans de "
"demanar al rerefons una altra vegada"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1302
+#: sssd.conf.5.xml:1441
msgid ""
"The cache expiration timestamps are stored as attributes of individual "
"objects in the cache. Therefore, changing the cache timeout only has effect "
@@ -1804,153 +2089,153 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1315
+#: sssd.conf.5.xml:1454
msgid "Default: 5400"
msgstr "Per defecte: 5400"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1321
+#: sssd.conf.5.xml:1460
msgid "entry_cache_user_timeout (integer)"
-msgstr ""
+msgstr "entry_cache_user_timeout (enter)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1324
+#: sssd.conf.5.xml:1463
msgid ""
"How many seconds should nss_sss consider user entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1328 sssd.conf.5.xml:1341 sssd.conf.5.xml:1354
-#: sssd.conf.5.xml:1367 sssd.conf.5.xml:1380 sssd.conf.5.xml:1394
-#: sssd.conf.5.xml:1408
+#: sssd.conf.5.xml:1467 sssd.conf.5.xml:1480 sssd.conf.5.xml:1493
+#: sssd.conf.5.xml:1506 sssd.conf.5.xml:1519 sssd.conf.5.xml:1533
+#: sssd.conf.5.xml:1547
msgid "Default: entry_cache_timeout"
-msgstr ""
+msgstr "Per defecte: entry_cache_timeout"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1334
+#: sssd.conf.5.xml:1473
msgid "entry_cache_group_timeout (integer)"
-msgstr ""
+msgstr "entry_cache_group_timeout (enter)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1337
+#: sssd.conf.5.xml:1476
msgid ""
"How many seconds should nss_sss consider group entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1347
+#: sssd.conf.5.xml:1486
msgid "entry_cache_netgroup_timeout (integer)"
-msgstr ""
+msgstr "entry_cache_netgroup_timeout (enter)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1350
+#: sssd.conf.5.xml:1489
msgid ""
"How many seconds should nss_sss consider netgroup entries valid before "
"asking the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1360
+#: sssd.conf.5.xml:1499
msgid "entry_cache_service_timeout (integer)"
-msgstr ""
+msgstr "entry_cache_service_timeout (enter)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1363
+#: sssd.conf.5.xml:1502
msgid ""
"How many seconds should nss_sss consider service entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1373
+#: sssd.conf.5.xml:1512
msgid "entry_cache_sudo_timeout (integer)"
-msgstr ""
+msgstr "entry_cache_sudo_timeout (enter)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1376
+#: sssd.conf.5.xml:1515
msgid ""
"How many seconds should sudo consider rules valid before asking the backend "
"again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1386
+#: sssd.conf.5.xml:1525
msgid "entry_cache_autofs_timeout (integer)"
-msgstr ""
+msgstr "entry_cache_autofs_timeout (enter)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1389
+#: sssd.conf.5.xml:1528
msgid ""
"How many seconds should the autofs service consider automounter maps valid "
"before asking the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1400
+#: sssd.conf.5.xml:1539
msgid "entry_cache_ssh_host_timeout (integer)"
-msgstr ""
+msgstr "entry_cache_ssh_host_timeout (enter)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1403
+#: sssd.conf.5.xml:1542
msgid ""
"How many seconds to keep a host ssh key after refresh. IE how long to cache "
"the host key for."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1414
+#: sssd.conf.5.xml:1553
msgid "refresh_expired_interval (integer)"
-msgstr ""
+msgstr "refresh_expired_interval (enter)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1417
+#: sssd.conf.5.xml:1556
msgid ""
"Specifies how many seconds SSSD has to wait before triggering a background "
"refresh task which will refresh all expired or nearly expired records."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1422
+#: sssd.conf.5.xml:1561
msgid ""
"The background refresh will process users, groups and netgroups in the cache."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1426
+#: sssd.conf.5.xml:1565
msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1430 sssd-ldap.5.xml:730 sssd-ipa.5.xml:227
+#: sssd.conf.5.xml:1569 sssd-ldap.5.xml:730 sssd-ipa.5.xml:227
msgid "Default: 0 (disabled)"
-msgstr ""
+msgstr "Per defecte: 0 (inhabilitat)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1436
+#: sssd.conf.5.xml:1575
msgid "cache_credentials (bool)"
-msgstr "cache_credentials (bool)"
+msgstr "cache_credentials (booleà)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1439
+#: sssd.conf.5.xml:1578
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
"Determina si les credencials d'usuari també són emmagatzemades en la memòria "
"cau local de LDB"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1443
+#: sssd.conf.5.xml:1582
msgid "User credentials are stored in a SHA512 hash, not in plaintext"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1453
+#: sssd.conf.5.xml:1592
msgid "cache_credentials_minimal_first_factor_length (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1456
+#: sssd.conf.5.xml:1595
msgid ""
"If 2-Factor-Authentication (2FA) is used and credentials should be saved "
"this value determines the minimal length the first authentication factor "
@@ -1958,24 +2243,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1463
+#: sssd.conf.5.xml:1602
msgid ""
"This should avoid that the short PINs of a PIN based 2FA scheme are saved in "
"the cache which would make them easy targets for brute-force attacks."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1468
+#: sssd.conf.5.xml:1607
msgid "Default: 8"
-msgstr ""
+msgstr "Per defecte: 8"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1474
+#: sssd.conf.5.xml:1613
msgid "account_cache_expiration (integer)"
-msgstr "account_cache_expiration (Enter)"
+msgstr "account_cache_expiration (enter)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1477
+#: sssd.conf.5.xml:1616
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -1988,17 +2273,17 @@ msgstr ""
"ha de ser superior o igual que offline_credentials_expiration."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1484
+#: sssd.conf.5.xml:1623
msgid "Default: 0 (unlimited)"
msgstr "Per defecte: 0 (sense límit)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1489
+#: sssd.conf.5.xml:1628
msgid "pwd_expiration_warning (integer)"
-msgstr ""
+msgstr "pwd_expiration_warning (enter)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1500
+#: sssd.conf.5.xml:1639
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -2007,33 +2292,33 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1507
+#: sssd.conf.5.xml:1646
msgid "Default: 7 (Kerberos), 0 (LDAP)"
-msgstr ""
+msgstr "Per defecte: 7 (Kerberos), 0 (LDAP)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1513
+#: sssd.conf.5.xml:1652
msgid "id_provider (string)"
msgstr "id_provider (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1516
+#: sssd.conf.5.xml:1655
msgid ""
"The identification provider used for the domain. Supported ID providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1520
+#: sssd.conf.5.xml:1659
msgid "<quote>proxy</quote>: Support a legacy NSS provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1523 sssd.conf.5.xml:1660
+#: sssd.conf.5.xml:1662 sssd.conf.5.xml:1799
msgid "<quote>local</quote>: SSSD internal provider for local users"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1527
+#: sssd.conf.5.xml:1666
msgid ""
"<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-"
"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
@@ -2041,8 +2326,8 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1535 sssd.conf.5.xml:1640 sssd.conf.5.xml:1695
-#: sssd.conf.5.xml:1748
+#: sssd.conf.5.xml:1674 sssd.conf.5.xml:1779 sssd.conf.5.xml:1834
+#: sssd.conf.5.xml:1897
msgid ""
"<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management "
"provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
@@ -2051,8 +2336,8 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1544 sssd.conf.5.xml:1649 sssd.conf.5.xml:1704
-#: sssd.conf.5.xml:1757
+#: sssd.conf.5.xml:1683 sssd.conf.5.xml:1788 sssd.conf.5.xml:1843
+#: sssd.conf.5.xml:1906
msgid ""
"<quote>ad</quote>: Active Directory provider. See <citerefentry> "
"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2060,19 +2345,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1555
+#: sssd.conf.5.xml:1694
msgid "use_fully_qualified_names (bool)"
msgstr "use_fully_qualified_names (booleà)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1558
+#: sssd.conf.5.xml:1697
msgid ""
"Use the full name and domain (as formatted by the domain's full_name_format) "
"as the user's login name reported to NSS."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1563
+#: sssd.conf.5.xml:1702
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -2080,12 +2365,12 @@ msgid ""
"<command>getent passwd test@LOCAL</command> would."
msgstr ""
"Si s'estableix a TRUE, totes les peticions a aquest domini han d'utilitzar "
-"noms de domini qualificats. Per exemples, si s'utilitza a un domini LOCAL "
-"que conté un usuari \"test\", <command>getent passwd test</command> no "
-"trobaria l'usuari mentre que <command>getent passwd test@LOCAL</command> si."
+"noms de domini qualificats. Per exemple, si s'utilitza a un domini LOCAL que "
+"conté un usuari \"test\", <command>getent passwd test</command> no trobaria "
+"l'usuari mentre que <command>getent passwd test@LOCAL</command> sí."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1571
+#: sssd.conf.5.xml:1710
msgid ""
"NOTE: This option has no effect on netgroup lookups due to their tendency to "
"include nested netgroups without qualified names. For netgroups, all domains "
@@ -2093,22 +2378,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1578
+#: sssd.conf.5.xml:1717
msgid "Default: FALSE (TRUE if default_domain_suffix is used)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1584
+#: sssd.conf.5.xml:1723
msgid "ignore_group_members (bool)"
-msgstr ""
+msgstr "ignore_group_members (booleà)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1587
+#: sssd.conf.5.xml:1726
msgid "Do not return group members for group lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1590
+#: sssd.conf.5.xml:1729
msgid ""
"If set to TRUE, the group membership attribute is not requested from the "
"ldap server, and group members are not returned when processing group lookup "
@@ -2120,7 +2405,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1608
+#: sssd.conf.5.xml:1747
msgid ""
"Enabling this option can also make access provider checks for group "
"membership significantly faster, especially for groups containing many "
@@ -2128,12 +2413,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1619
+#: sssd.conf.5.xml:1758
msgid "auth_provider (string)"
msgstr "auth_provider (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1622
+#: sssd.conf.5.xml:1761
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
@@ -2142,7 +2427,7 @@ msgstr ""
"d'autenticació suportats són:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1626 sssd.conf.5.xml:1688
+#: sssd.conf.5.xml:1765 sssd.conf.5.xml:1827
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2153,7 +2438,7 @@ msgstr ""
"manvolnum></citerefentry> per a més informació sobre configuració d'LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1633
+#: sssd.conf.5.xml:1772
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2164,20 +2449,20 @@ msgstr ""
"manvolnum></citerefentry> per a més informació sobre configurar Kerberos."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1657
+#: sssd.conf.5.xml:1796
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
-"<quote>proxy</quote> per a l'autenticació re-enviada a algun altre objectiu "
+"<quote>proxy</quote> per a l'autenticació reenviada a algun altre objectiu "
"de PAM."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1664
+#: sssd.conf.5.xml:1803
msgid "<quote>none</quote> disables authentication explicitly."
msgstr "<quote>none</quote> impossibilita l'autenticació explícitament."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1667
+#: sssd.conf.5.xml:1806
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
@@ -2186,12 +2471,12 @@ msgstr ""
"gestionar les sol·licituds d'autenticació."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1673
+#: sssd.conf.5.xml:1812
msgid "access_provider (string)"
msgstr "access_provider (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1676
+#: sssd.conf.5.xml:1815
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -2202,19 +2487,19 @@ msgstr ""
"instal·lats) Els proveïdors especials interns són:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1682
+#: sssd.conf.5.xml:1821
msgid ""
"<quote>permit</quote> always allow access. It's the only permitted access "
"provider for a local domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1685
+#: sssd.conf.5.xml:1824
msgid "<quote>deny</quote> always deny access."
msgstr "<quote>deny</quote> sempre denega l'accés."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1712
+#: sssd.conf.5.xml:1851
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -2227,17 +2512,44 @@ msgstr ""
"configuració del mòdul d'accés simple."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1719
+#: sssd.conf.5.xml:1858
+#, fuzzy
+#| msgid ""
+#| "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
+#| "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
+#| "citerefentry> for more information on configuring Kerberos."
+msgid ""
+"<quote>krb5</quote>: .k5login based access control. See <citerefentry> "
+"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></"
+"citerefentry> for more information on configuring Kerberos."
+msgstr ""
+"<quote>krb5</quote> per a l'autenticació Kerberos. Vegeu "
+"<citerefentry><refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</"
+"manvolnum></citerefentry> per a més informació sobre configurar Kerberos."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1865
+#, fuzzy
+#| msgid ""
+#| "<quote>proxy</quote> for relaying password changes to some other PAM "
+#| "target."
+msgid "<quote>proxy</quote> for relaying access control to another PAM module."
+msgstr ""
+"<quote>proxy</quote> per al canvi de contrasenya reenviat a algun altre "
+"objectiu PAM."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1868
msgid "Default: <quote>permit</quote>"
msgstr "Per defecte: <quote>permit</quote>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1724
+#: sssd.conf.5.xml:1873
msgid "chpass_provider (string)"
-msgstr "chpass_provider (string)"
+msgstr "chpass_provider (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1727
+#: sssd.conf.5.xml:1876
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
@@ -2246,7 +2558,7 @@ msgstr ""
"al domini. Els proveïdors de canvi de contrasenya compatibles són:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1732
+#: sssd.conf.5.xml:1881
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -2258,7 +2570,7 @@ msgstr ""
"configuració d'LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1740
+#: sssd.conf.5.xml:1889
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2269,20 +2581,20 @@ msgstr ""
"manvolnum></citerefentry> per a més informació sobre configurar Kerberos."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1765
+#: sssd.conf.5.xml:1914
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
-"<quote>proxy</quote> per al canvi de contrasenya re-enviat a algun altre "
-"objectiu de PAM."
+"<quote>proxy</quote> per al canvi de contrasenya reenviat a algun altre "
+"objectiu PAM."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1769
+#: sssd.conf.5.xml:1918
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr "<quote>none</quote> rebutja els canvis de contrasenya explícitament."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1772
+#: sssd.conf.5.xml:1921
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
@@ -2291,17 +2603,17 @@ msgstr ""
"gestionar peticions de canvi de contrasenya."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1779
+#: sssd.conf.5.xml:1928
msgid "sudo_provider (string)"
-msgstr ""
+msgstr "sudo_provider (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1782
+#: sssd.conf.5.xml:1931
msgid "The SUDO provider used for the domain. Supported SUDO providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1786
+#: sssd.conf.5.xml:1935
msgid ""
"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2309,32 +2621,32 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1794
+#: sssd.conf.5.xml:1943
msgid ""
"<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default "
"settings."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1798
+#: sssd.conf.5.xml:1947
msgid ""
"<quote>ad</quote> the same as <quote>ldap</quote> but with AD default "
"settings."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1802
+#: sssd.conf.5.xml:1951
msgid "<quote>none</quote> disables SUDO explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1805 sssd.conf.5.xml:1883 sssd.conf.5.xml:1915
-#: sssd.conf.5.xml:1940
+#: sssd.conf.5.xml:1954 sssd.conf.5.xml:2032 sssd.conf.5.xml:2073
+#: sssd.conf.5.xml:2098
msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1809
+#: sssd.conf.5.xml:1958
msgid ""
"The detailed instructions for configuration of sudo_provider are in the "
"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -2345,12 +2657,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1826
+#: sssd.conf.5.xml:1975
msgid "selinux_provider (string)"
-msgstr ""
+msgstr "selinux_provider (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1829
+#: sssd.conf.5.xml:1978
msgid ""
"The provider which should handle loading of selinux settings. Note that this "
"provider will be called right after access provider ends. Supported selinux "
@@ -2358,7 +2670,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1835
+#: sssd.conf.5.xml:1984
msgid ""
"<quote>ipa</quote> to load selinux settings from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2366,31 +2678,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1843
+#: sssd.conf.5.xml:1992
msgid "<quote>none</quote> disallows fetching selinux settings explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1846
+#: sssd.conf.5.xml:1995
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"selinux loading requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1852
+#: sssd.conf.5.xml:2001
msgid "subdomains_provider (string)"
-msgstr ""
+msgstr "subdomains_provider (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1855
+#: sssd.conf.5.xml:2004
msgid ""
"The provider which should handle fetching of subdomains. This value should "
"be always the same as id_provider. Supported subdomain providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1861
+#: sssd.conf.5.xml:2010
msgid ""
"<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2398,7 +2710,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1870
+#: sssd.conf.5.xml:2019
msgid ""
"<quote>ad</quote> to load a list of subdomains from an Active Directory "
"server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> "
@@ -2407,23 +2719,23 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1879
+#: sssd.conf.5.xml:2028
msgid "<quote>none</quote> disallows fetching subdomains explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1890
+#: sssd.conf.5.xml:2039
msgid "autofs_provider (string)"
-msgstr ""
+msgstr "autofs_provider (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1893
+#: sssd.conf.5.xml:2042
msgid ""
"The autofs provider used for the domain. Supported autofs providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1897
+#: sssd.conf.5.xml:2046
msgid ""
"<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2431,7 +2743,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1904
+#: sssd.conf.5.xml:2053
msgid ""
"<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2439,24 +2751,41 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1912
+#: sssd.conf.5.xml:2061
+#, fuzzy
+#| msgid ""
+#| "<quote>ldap</quote> to change a password stored in a LDAP server. See "
+#| "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
+#| "manvolnum> </citerefentry> for more information on configuring LDAP."
+msgid ""
+"<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> "
+"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> for more information on configuring the AD provider."
+msgstr ""
+"<quote>ldap</quote> per canviar una contrasenya emmagatzemada en un servidor "
+"LDAP. Vegeu <citerefentry><refentrytitle>sssd-ldap</refentrytitle> "
+"<manvolnum>5</manvolnum></citerefentry> per a més informació sobre "
+"configuració d'LDAP."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2070
msgid "<quote>none</quote> disables autofs explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1922
+#: sssd.conf.5.xml:2080
msgid "hostid_provider (string)"
-msgstr ""
+msgstr "hostid_provider (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1925
+#: sssd.conf.5.xml:2083
msgid ""
"The provider used for retrieving host identity information. Supported "
"hostid providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1929
+#: sssd.conf.5.xml:2087
msgid ""
"<quote>ipa</quote> to load host identity stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2464,12 +2793,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1937
+#: sssd.conf.5.xml:2095
msgid "<quote>none</quote> disables hostid explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1950
+#: sssd.conf.5.xml:2108
msgid ""
"Regular expression for this domain that describes how to parse the string "
"containing user name and domain into these components. The \"domain\" can "
@@ -2479,7 +2808,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1959
+#: sssd.conf.5.xml:2117
msgid ""
"Default for the AD and IPA provider: <quote>(((?P&lt;domain&gt;[^\\\\]+)\\"
"\\(?P&lt;name&gt;.+$))|((?P&lt;name&gt;[^@]+)@(?P&lt;domain&gt;.+$))|(^(?"
@@ -2488,40 +2817,40 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1964
+#: sssd.conf.5.xml:2122
msgid "username"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1967
+#: sssd.conf.5.xml:2125
msgid "username@domain.name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1970
+#: sssd.conf.5.xml:2128
msgid "domain\\username"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1973
+#: sssd.conf.5.xml:2131
msgid ""
"While the first two correspond to the general default the third one is "
"introduced to allow easy integration of users from Windows domains."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1978
+#: sssd.conf.5.xml:2136
msgid ""
"Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
"which translates to \"the name is everything up to the <quote>@</quote> "
"sign, the domain everything after that\""
msgstr ""
"Per defecte: <quote>(?P&lt;nom&gt;[^@]+)@?(?P&lt;domini&gt;[^@]*$)</quote> "
-"que es tradueix per \"el nom és qualsevol cosa fins el símbol <quote>@</"
-"quote> , el domini tot el que ve després\""
+"que es tradueix per \"el nom és tot el que hi ha fins al símbol <quote>@</"
+"quote> , el domini és tot el que hi ha després\""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1984
+#: sssd.conf.5.xml:2142
msgid ""
"PLEASE NOTE: the support for non-unique named subpatterns is not available "
"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
@@ -2529,7 +2858,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1991
+#: sssd.conf.5.xml:2149
msgid ""
"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
"P&lt;name&gt;) to label subpatterns."
@@ -2538,17 +2867,17 @@ msgstr ""
"sintaxi Python (?P &lt;name&gt;) a l'etiqueta subpatterns."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2038
+#: sssd.conf.5.xml:2196
msgid "Default: <quote>%1$s@%2$s</quote>."
msgstr "Per defecte: <quote>%1$s@%2$s</quote>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2044
+#: sssd.conf.5.xml:2202
msgid "lookup_family_order (string)"
msgstr "lookup_family_order (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2047
+#: sssd.conf.5.xml:2205
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
@@ -2557,42 +2886,42 @@ msgstr ""
"realitzar cerques de DNS."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2051
+#: sssd.conf.5.xml:2209
msgid "Supported values:"
msgstr "Valors admesos:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2054
+#: sssd.conf.5.xml:2212
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr "ipv4_first: Intenta resoldre l'adreça IPv4, si falla, intenta IPv6"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2057
+#: sssd.conf.5.xml:2215
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr "ipv4_only: Intenta resoldre només noms màquina a adreces IPv4."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2060
+#: sssd.conf.5.xml:2218
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr "ipv6_first: Intenta resoldre l'adreça IPv6, si falla, intenta IPv4"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2063
+#: sssd.conf.5.xml:2221
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr "ipv6_only: Intenta resoldre només noms màquina a adreces IPv6."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2066
+#: sssd.conf.5.xml:2224
msgid "Default: ipv4_first"
msgstr "Per defecte: ipv4_first"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2072
+#: sssd.conf.5.xml:2230
msgid "dns_resolver_timeout (integer)"
msgstr "dns_resolver_timeout (enter)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2075
+#: sssd.conf.5.xml:2233
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -2603,18 +2932,18 @@ msgstr ""
"aquest temps d'espera, el domini seguirà operant en el mode fora de línia."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2081 sssd-ldap.5.xml:1203 sssd-ldap.5.xml:1245
-#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:248
+#: sssd.conf.5.xml:2239 sssd-ldap.5.xml:1221 sssd-ldap.5.xml:1263
+#: sssd-ldap.5.xml:1281 sssd-krb5.5.xml:248
msgid "Default: 6"
msgstr "Per defecte: 6"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2087
+#: sssd.conf.5.xml:2245
msgid "dns_discovery_domain (string)"
msgstr "dns_discovery_domain (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2090
+#: sssd.conf.5.xml:2248
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
@@ -2623,52 +2952,52 @@ msgstr ""
"del domini de la consulta DNS del servei de descobriment."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2094
+#: sssd.conf.5.xml:2252
msgid "Default: Use the domain part of machine's hostname"
msgstr "Per defecte: Utilitza la part del domini del nom de màquina"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2100
+#: sssd.conf.5.xml:2258
msgid "override_gid (integer)"
-msgstr ""
+msgstr "override_gid (enter)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2103
+#: sssd.conf.5.xml:2261
msgid "Override the primary GID value with the one specified."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2109
+#: sssd.conf.5.xml:2267
msgid "case_sensitive (string)"
-msgstr ""
+msgstr "case_sensitive (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2117
+#: sssd.conf.5.xml:2275
msgid "True"
-msgstr ""
+msgstr "True"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2120
+#: sssd.conf.5.xml:2278
msgid "Case sensitive. This value is invalid for AD provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2126
+#: sssd.conf.5.xml:2284
msgid "False"
-msgstr ""
+msgstr "False"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2128
+#: sssd.conf.5.xml:2286
msgid "Case insensitive."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2132
+#: sssd.conf.5.xml:2290
msgid "Preserving"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2135
+#: sssd.conf.5.xml:2293
msgid ""
"Same as False (case insensitive), but does not lowercase names in the result "
"of NSS operations. Note that name aliases (and in case of services also "
@@ -2676,7 +3005,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2112
+#: sssd.conf.5.xml:2270
msgid ""
"Treat user and group names as case sensitive. At the moment, this option is "
"not supported in the local provider. Possible option values are: "
@@ -2684,41 +3013,87 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2147
+#: sssd.conf.5.xml:2305
msgid "Default: True (False for AD provider)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2153
-msgid "proxy_fast_alias (boolean)"
+#: sssd.conf.5.xml:2311
+msgid "subdomain_inherit (string)"
+msgstr "subdomain_inherit (cadena)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2314
+msgid ""
+"Specifies a list of configuration parameters that should be inherited by a "
+"subdomain. Please note that only selected parameters can be inherited. "
+"Currently the following options can be inherited:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2156
+#: sssd.conf.5.xml:2320
+msgid "ignore_group_members"
+msgstr "ignore_group_members"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2323
+msgid "ldap_purge_cache_timeout"
+msgstr "ldap_purge_cache_timeout"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2326 sssd-ldap.5.xml:1054
+msgid "ldap_use_tokengroups"
+msgstr "ldap_use_tokengroups"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2329
+msgid "ldap_user_principal"
+msgstr "ldap_user_principal"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2332
msgid ""
-"When a user or group is looked up by name in the proxy provider, a second "
-"lookup by ID is performed to \"canonicalize\" the name in case the requested "
-"name was an alias. Setting this option to true would cause the SSSD to "
-"perform the ID lookup from cache for performance reasons."
+"ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab "
+"is not set explicitly)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd.conf.5.xml:2338
+#, no-wrap
+msgid ""
+"subdomain_inherit = ldap_purge_cache_timeout\n"
+" "
+msgstr ""
+"subdomain_inherit = ldap_purge_cache_timeout\n"
+" "
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2336
+msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr "Exemple: <placeholder type=\"programlisting\" id=\"0\"/>"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2345
+msgid "Note: This option only works with the IPA and AD provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2170
+#: sssd.conf.5.xml:2352
msgid "subdomain_homedir (string)"
-msgstr ""
+msgstr "subdomain_homedir (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2181
+#: sssd.conf.5.xml:2363
msgid "%F"
-msgstr ""
+msgstr "%F"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2182
+#: sssd.conf.5.xml:2364
msgid "flat (NetBIOS) name of a subdomain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2173
+#: sssd.conf.5.xml:2355
msgid ""
"Use this homedir as default value for all subdomains within this domain in "
"IPA AD trust. See <emphasis>override_homedir</emphasis> for info about "
@@ -2728,36 +3103,36 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2187
+#: sssd.conf.5.xml:2369
msgid ""
"The value can be overridden by <emphasis>override_homedir</emphasis> option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2191
+#: sssd.conf.5.xml:2373
msgid "Default: <filename>/home/%d/%u</filename>"
-msgstr ""
+msgstr "Per defecte: <filename>/home/%d/%u</filename>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2196
+#: sssd.conf.5.xml:2378
msgid "realmd_tags (string)"
-msgstr ""
+msgstr "realmd_tags (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2199
+#: sssd.conf.5.xml:2381
msgid ""
"Various tags stored by the realmd configuration service for this domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2205
+#: sssd.conf.5.xml:2387
#, fuzzy
-#| msgid "enum_cache_timeout (integer)"
+#| msgid "memcache_timeout (int)"
msgid "cached_auth_timeout (int)"
-msgstr "enum_cache_timeout (Enter)"
+msgstr "memcache_timeout (enter)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2208
+#: sssd.conf.5.xml:2390
msgid ""
"Specifies time in seconds since last successful online authentication for "
"which user will be authenticated using cached credentials while SSSD is in "
@@ -2765,12 +3140,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2214
+#: sssd.conf.5.xml:2396
msgid "Special value 0 implies that this feature is disabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2218
+#: sssd.conf.5.xml:2400
msgid ""
"Please note that if <quote>cached_auth_timeout</quote> is longer than "
"<quote>pam_id_timeout</quote> then the back end could be called to handle "
@@ -2778,7 +3153,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1172
+#: sssd.conf.5.xml:1311
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -2789,17 +3164,17 @@ msgstr ""
"replaceable>]</quote> <placeholder type=\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2236
+#: sssd.conf.5.xml:2418
msgid "proxy_pam_target (string)"
msgstr "proxy_pam_target (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2239
+#: sssd.conf.5.xml:2421
msgid "The proxy target PAM proxies to."
-msgstr "El servidor intermediari on re-envia PAM."
+msgstr "El servidor intermediari on reenvia PAM."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2242
+#: sssd.conf.5.xml:2424
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
@@ -2808,37 +3183,51 @@ msgstr ""
"de pam existent o crear-ne una de nova i afegir aquí el nom del servei."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2250
+#: sssd.conf.5.xml:2432
msgid "proxy_lib_name (string)"
msgstr "proxy_lib_name (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2253
+#: sssd.conf.5.xml:2435
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
"for example _nss_files_getpwent."
msgstr ""
-"El nom de la biblioteca NSS per utilitzar en els servidors intermediaris de "
-"domini. Les funcions NSS buscades a la biblioteca tenen el format _nss_"
-"$(libName)_$(function), per exemple _nss_files_getpwent."
+"El nom de la biblioteca NSS per utilitzar als dominis del servidor "
+"intermediari. Les funcions NSS que se cerquen a la biblioteca tenen el "
+"format _nss_$(libName)_$(function), per exemple _nss_files_getpwent."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2445
+msgid "proxy_fast_alias (boolean)"
+msgstr "proxy_fast_alias (booleà)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2448
+msgid ""
+"When a user or group is looked up by name in the proxy provider, a second "
+"lookup by ID is performed to \"canonicalize\" the name in case the requested "
+"name was an alias. Setting this option to true would cause the SSSD to "
+"perform the ID lookup from cache for performance reasons."
+msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2232
+#: sssd.conf.5.xml:2414
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
-"Opcions vàlides per a servidors intermediaris de domini. <placeholder type="
+"Opcions vàlides per als dominis del servidor intermediari. <placeholder type="
"\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2265
+#: sssd.conf.5.xml:2465
msgid "The local domain section"
-msgstr "La secció de domini local"
+msgstr "La secció del domini local"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2267
+#: sssd.conf.5.xml:2467
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -2849,77 +3238,77 @@ msgstr ""
"<replaceable>id_provider = local</replaceable>."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2274
+#: sssd.conf.5.xml:2474
msgid "default_shell (string)"
msgstr "default_shell (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2277
+#: sssd.conf.5.xml:2477
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
-"L'intèrpret d'ordres per defecte per als usuaris creats amb eines SSSD "
-"d'espai d'usuari."
+"El shell predeterminat per als usuaris que es creen amb eines de l'espai "
+"d'usuari de l'SSSD."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2281
+#: sssd.conf.5.xml:2481
msgid "Default: <filename>/bin/bash</filename>"
msgstr "Per defecte: <filename>/bin/bash</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2286
+#: sssd.conf.5.xml:2486
msgid "base_directory (string)"
msgstr "base_directory (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2289
+#: sssd.conf.5.xml:2489
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
-"Les eines afegeixen el nom d'usuari a <replaceable>base_directory</"
-"replaceable> i utilitzen això com el directori d'usuari."
+"Les eines concatenen el nom d'usuari a <replaceable>base_directory</"
+"replaceable> i utilitzen aquest com el directori inicial."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2294
+#: sssd.conf.5.xml:2494
msgid "Default: <filename>/home</filename>"
msgstr "Per defecte: <filename>/home</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2299
+#: sssd.conf.5.xml:2499
msgid "create_homedir (bool)"
msgstr "create_homedir (booleà)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2302
+#: sssd.conf.5.xml:2502
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2306 sssd.conf.5.xml:2318
+#: sssd.conf.5.xml:2506 sssd.conf.5.xml:2518
msgid "Default: TRUE"
msgstr "Per defecte: TRUE"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2311
+#: sssd.conf.5.xml:2511
msgid "remove_homedir (bool)"
msgstr "remove_homedir (booleà)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2314
+#: sssd.conf.5.xml:2514
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2323
+#: sssd.conf.5.xml:2523
msgid "homedir_umask (integer)"
msgstr "homedir_umask (enter)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2326
+#: sssd.conf.5.xml:2526
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -2927,64 +3316,64 @@ msgid ""
msgstr ""
"Utilitzat per <citerefentry><refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum></citerefentry> per especificar els permisos per "
-"defecte en un directori personal acabat de crear."
+"defecte en un directori inicial acabat de crear."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2334
+#: sssd.conf.5.xml:2534
msgid "Default: 077"
msgstr "Per defecte: 077"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2339
+#: sssd.conf.5.xml:2539
msgid "skel_dir (string)"
msgstr "skel_dir (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2342
+#: sssd.conf.5.xml:2542
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
"<citerefentry> <refentrytitle>sss_useradd</refentrytitle> <manvolnum>8</"
"manvolnum> </citerefentry>"
msgstr ""
-"El directori d'esquelet que conté fitxers i directoris per copiar al "
-"directori de personal, quan el directori personal és creat per "
+"El directori esquemàtic que conté els fitxers i els directoris per copiar al "
+"directori inicial, quan el directori inicial de l'usuari es crea amb "
"<citerefentry><refentrytitle>sss_useradd</refentrytitle> <manvolnum>8</"
"manvolnum></citerefentry>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2352
+#: sssd.conf.5.xml:2552
msgid "Default: <filename>/etc/skel</filename>"
msgstr "Per defecte: <filename>/etc/skel</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2357
+#: sssd.conf.5.xml:2557
msgid "mail_dir (string)"
msgstr "mail_dir (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2360
+#: sssd.conf.5.xml:2560
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
"default value is used."
msgstr ""
-"El directori de cua de correu. Això és necessari per manipular la bústia de "
-"correu quan el compte d'usuari corresponent és modificat o suprimit. Si no "
-"s'especifica, s'utilitzarà un valor per defecte."
+"El directori de gestió de cues del correu. Aquest és necessari per manipular "
+"la bústia de correu quan el compte d'usuari corresponent és modificat o "
+"suprimit. Si no s'especifica, s'utilitzarà un valor per defecte."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2367
+#: sssd.conf.5.xml:2567
msgid "Default: <filename>/var/mail</filename>"
msgstr "Per defecte: <filename>/var/correu</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2372
+#: sssd.conf.5.xml:2572
msgid "userdel_cmd (string)"
msgstr "userdel_cmd (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2375
+#: sssd.conf.5.xml:2575
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -2995,19 +3384,19 @@ msgstr ""
"té en compte."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2381
+#: sssd.conf.5.xml:2581
msgid "Default: None, no command is run"
msgstr "Per defecte: Cap, no s'executa cap comanda"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:2391 sssd-ldap.5.xml:2611 sssd-simple.5.xml:131
-#: sssd-ipa.5.xml:717 sssd-ad.5.xml:889 sssd-krb5.5.xml:564
+#: sssd.conf.5.xml:2591 sssd-ldap.5.xml:2629 sssd-simple.5.xml:131
+#: sssd-ipa.5.xml:717 sssd-ad.5.xml:965 sssd-krb5.5.xml:564
#: sss_rpcidmapd.5.xml:98
msgid "EXAMPLE"
msgstr "EXEMPLE"
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:2397
+#: sssd.conf.5.xml:2597
#, no-wrap
msgid ""
"[sssd]\n"
@@ -3048,31 +3437,30 @@ msgstr ""
"\n"
"[domain/LDAP]\n"
"id_provider = ldap\n"
-"ldap_uri = ldap://ldap.example.com\n"
-"ldap_search_base = dc=example,dc=com\n"
+"ldap_uri = ldap://ldap.exemple.com\n"
+"ldap_search_base = dc=exemple,dc=com\n"
"\n"
"auth_provider = krb5\n"
-"krb5_server = kerberos.example.com\n"
-"krb5_realm = EXAMPLE.COM\n"
+"krb5_server = kerberos.exemple.com\n"
+"krb5_realm = EXEMPLE.COM\n"
"cache_credentials = true\n"
"\n"
"min_id = 10000\n"
"max_id = 20000\n"
"enumerate = False\n"
-"\n"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2393
+#: sssd.conf.5.xml:2593
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
"configuring domains for more details. <placeholder type=\"programlisting\" "
"id=\"0\"/>"
msgstr ""
-"El següent exemple mostra una configuració típica d'SSSD. No descriu la "
-"configuració dels mateixos dominis - referiu-vos a la documentació de "
-"configuració de dominis per a més detalls. <placeholder type="
-"\"programlisting\" id=\"0\"/>"
+"En el següent exemple es mostra una configuració típica de l'SSSD. No es "
+"descriu la configuració dels mateixos dominis - referiu-vos a la "
+"documentació sobre la configuració dels dominis per a més detalls. "
+"<placeholder type=\"programlisting\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sssd-ldap.5.xml:10 sssd-ldap.5.xml:16
@@ -3082,7 +3470,7 @@ msgstr "sssd-ldap"
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
#: sssd-ldap.5.xml:17
msgid "SSSD LDAP provider"
-msgstr ""
+msgstr "Proveïdor de LDAP de l'SSSD"
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ldap.5.xml:23
@@ -3093,12 +3481,12 @@ msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
"manvolnum> </citerefentry> manual page for detailed syntax information."
msgstr ""
-"Aquesta pàgina del manual descriu la configuració de dominis LDAP per a "
-"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
-"</citerefentry>. Consulteu la secció <quote>FORMAT DE FITXER</quote> de la "
-"pàgina del manual <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
-"<manvolnum>5</manvolnum> </citerefentry> per obtenir informació detallada de "
-"la sintaxi."
+"En aquesta pàgina del manual es descriu la configuració de dominis LDAP per "
+"a <citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</"
+"manvolnum> </citerefentry>. Consulteu la secció <quote>FORMAT DE FITXER</"
+"quote> de la pàgina del manual <citerefentry> <refentrytitle>sssd.conf</"
+"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> per obtenir "
+"informació detallada de la sintaxi."
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ldap.5.xml:35
@@ -3121,11 +3509,11 @@ msgstr ""
"TLS/SSL o LDAPS. L'<command>sssd</command> <emphasis>no</emphasis> suporta "
"autenticació sobre un canal sense xifrar. Si el servidor de LDAP s'utilitza "
"només com a un proveïdor d'identitats, no és necessari un canal xifrat. Si "
-"us plau refereiu-vos a l'opció <quote>ldap_access_filter</quote> per a més "
+"us plau, refereiu-vos a l'opció <quote>ldap_access_filter</quote> per a més "
"informació sobre l'ús d'LDAP com un proveïdor d'accés."
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:88
+#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:89
#: sssd-krb5.5.xml:63 sssd-ifp.5.xml:44
msgid "CONFIGURATION OPTIONS"
msgstr "OPCIONS DE CONFIGURACIÓ"
@@ -3133,7 +3521,7 @@ msgstr "OPCIONS DE CONFIGURACIÓ"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:60
msgid "ldap_uri, ldap_backup_uri (string)"
-msgstr ""
+msgstr "ldap_uri, ldap_backup_uri (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:63
@@ -3153,7 +3541,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:73
msgid "ldap[s]://&lt;host&gt;[:port]"
-msgstr ""
+msgstr "ldap[s]://&lt;host&gt;[:port]"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:76
@@ -3164,12 +3552,12 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:79
msgid "example: ldap://[fc00::126:25]:389"
-msgstr ""
+msgstr "exemple: ldap://[fc00::126:25]:389"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:85
msgid "ldap_chpass_uri, ldap_chpass_backup_uri (string)"
-msgstr ""
+msgstr "ldap_chpass_uri, ldap_chpass_backup_uri (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:88
@@ -3228,10 +3616,10 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:646 sssd-ad.5.xml:212
-#: sss_override.8.xml:99 sss_override.8.xml:167
+#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:646 sssd-ad.5.xml:220
+#: sss_override.8.xml:137 sss_override.8.xml:234
msgid "Examples:"
-msgstr ""
+msgstr "Exemples:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:129
@@ -3246,6 +3634,8 @@ msgid ""
"ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?"
"(host=thishost)?dc=example.com?subtree?"
msgstr ""
+"ldap_search_base = cn=host_specific,dc=exemple,dc=com?subtree?"
+"(host=thishost)?dc=exemple.com?subtree?"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:137
@@ -3288,22 +3678,22 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#: sssd-ldap.5.xml:172
msgid "rfc2307"
-msgstr ""
+msgstr "rfc2307"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#: sssd-ldap.5.xml:177
msgid "rfc2307bis"
-msgstr ""
+msgstr "rfc2307bis"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#: sssd-ldap.5.xml:182
msgid "IPA"
-msgstr ""
+msgstr "IPA"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#: sssd-ldap.5.xml:187
msgid "AD"
-msgstr ""
+msgstr "AD"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:193
@@ -3360,7 +3750,7 @@ msgstr "obfuscated_password"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:235
msgid "Default: password"
-msgstr ""
+msgstr "Per defecte: password"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:241
@@ -3461,7 +3851,7 @@ msgstr "ldap_user_home_directory (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:318
msgid "The LDAP attribute that contains the name of the user's home directory."
-msgstr "L'atribut LDAP que conté el nom del directori personal de l'usuari."
+msgstr "L'atribut LDAP que conté el nom del directori inicial de l'usuari."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:322
@@ -3486,7 +3876,7 @@ msgstr "Per defecte: loginShell"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:341
msgid "ldap_user_uuid (string)"
-msgstr ""
+msgstr "ldap_user_uuid (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:344
@@ -3503,7 +3893,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:355
msgid "ldap_user_objectsid (string)"
-msgstr ""
+msgstr "ldap_user_objectsid (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:358
@@ -3523,7 +3913,7 @@ msgid "ldap_user_modify_timestamp (string)"
msgstr "ldap_user_modify_timestamp (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:373 sssd-ldap.5.xml:914 sssd-ldap.5.xml:1119
+#: sssd-ldap.5.xml:373 sssd-ldap.5.xml:914 sssd-ldap.5.xml:1137
msgid ""
"The LDAP attribute that contains timestamp of the last modification of the "
"parent object."
@@ -3532,7 +3922,7 @@ msgstr ""
"pare."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:377 sssd-ldap.5.xml:918 sssd-ldap.5.xml:1126
+#: sssd-ldap.5.xml:377 sssd-ldap.5.xml:918 sssd-ldap.5.xml:1144
msgid "Default: modifyTimestamp"
msgstr "Per defecte: modifyTimestamp"
@@ -3718,7 +4108,7 @@ msgstr "Per defecte: krbPasswordExpiration"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:525
msgid "ldap_user_ad_account_expires (string)"
-msgstr ""
+msgstr "ldap_user_ad_account_expires (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:528
@@ -3730,12 +4120,12 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:533
msgid "Default: accountExpires"
-msgstr ""
+msgstr "Per defecte: accountExpires"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:539
msgid "ldap_user_ad_user_account_control (string)"
-msgstr ""
+msgstr "ldap_user_ad_user_account_control (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:542
@@ -3747,12 +4137,12 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:547
msgid "Default: userAccountControl"
-msgstr ""
+msgstr "Per defecte: userAccountControl"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:553
msgid "ldap_ns_account_lock (string)"
-msgstr ""
+msgstr "ldap_ns_account_lock (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:556
@@ -3769,7 +4159,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:567
msgid "ldap_user_nds_login_disabled (string)"
-msgstr ""
+msgstr "ldap_user_nds_login_disabled (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:570
@@ -3781,12 +4171,12 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:574 sssd-ldap.5.xml:588
msgid "Default: loginDisabled"
-msgstr ""
+msgstr "Per defecte: loginDisabled"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:580
msgid "ldap_user_nds_login_expiration_time (string)"
-msgstr ""
+msgstr "ldap_user_nds_login_expiration_time (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:583
@@ -3798,7 +4188,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:594
msgid "ldap_user_nds_login_allowed_time_map (string)"
-msgstr ""
+msgstr "ldap_user_nds_login_allowed_time_map (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:597
@@ -3810,7 +4200,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:602
msgid "Default: loginAllowedTimeMap"
-msgstr ""
+msgstr "Per defecte: loginAllowedTimeMap"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:608
@@ -3834,7 +4224,7 @@ msgstr "Per defecte: krbPrincipalName"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:621
msgid "ldap_user_extra_attrs (string)"
-msgstr ""
+msgstr "ldap_user_extra_attrs (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:624
@@ -3864,7 +4254,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:649
msgid "ldap_user_extra_attrs = telephoneNumber"
-msgstr ""
+msgstr "ldap_user_extra_attrs = telephoneNumber"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:652
@@ -3876,7 +4266,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:656
msgid "ldap_user_extra_attrs = phone:telephoneNumber"
-msgstr ""
+msgstr "ldap_user_extra_attrs = phone:telephoneNumber"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:659
@@ -3888,7 +4278,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:669
msgid "ldap_user_ssh_public_key (string)"
-msgstr ""
+msgstr "ldap_user_ssh_public_key (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:672
@@ -3898,7 +4288,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:676
msgid "Default: sshPublicKey"
-msgstr ""
+msgstr "Per defecte: sshPublicKey"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:682
@@ -3933,7 +4323,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:712
msgid "ldap_purge_cache_timeout (integer)"
-msgstr ""
+msgstr "ldap_purge_cache_timeout (enter)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:715
@@ -3966,8 +4356,8 @@ msgid "The LDAP attribute that corresponds to the user's full name."
msgstr "L'atribut LDAP que correspon al nom complet de l'usuari."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:743 sssd-ldap.5.xml:850 sssd-ldap.5.xml:1077
-#: sssd-ldap.5.xml:1151 sssd-ldap.5.xml:2192 sssd-ipa.5.xml:590
+#: sssd-ldap.5.xml:743 sssd-ldap.5.xml:850 sssd-ldap.5.xml:1095
+#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:2210 sssd-ipa.5.xml:590
msgid "Default: cn"
msgstr "Per defecte: cn"
@@ -4008,7 +4398,7 @@ msgid ""
"An explicit deny (!svc) is resolved first. Second, SSSD searches for "
"explicit allow (svc) and finally for allow_all (*)."
msgstr ""
-"Una denegació explícita (! svc) es resol en primer lloc. En segon lloc, "
+"Una denegació explícita (!svc) es resol en primer lloc. En segon lloc, "
"l'SSSD cerca autoritzacions explícites (svc) i, finalment, allow_all (*)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
@@ -4027,7 +4417,7 @@ msgstr "Per defecte: authorizedService"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:790
msgid "ldap_user_authorized_host (string)"
-msgstr ""
+msgstr "ldap_user_authorized_host (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:793
@@ -4060,7 +4450,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:817
msgid "ldap_user_certificate (string)"
-msgstr ""
+msgstr "ldap_user_certificate (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:820
@@ -4125,7 +4515,7 @@ msgstr "Per defecte: memberuid (rfc2307) / member (rfc2307bis)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:882
msgid "ldap_group_uuid (string)"
-msgstr ""
+msgstr "ldap_group_uuid (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:885
@@ -4135,7 +4525,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:896
msgid "ldap_group_objectsid (string)"
-msgstr ""
+msgstr "ldap_group_objectsid (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:899
@@ -4152,7 +4542,7 @@ msgstr "ldap_group_modify_timestamp (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:924
msgid "ldap_group_type (integer)"
-msgstr ""
+msgstr "ldap_group_type (enter)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:927
@@ -4176,22 +4566,42 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:945
+#, fuzzy
+#| msgid "ldap_group_member (string)"
+msgid "ldap_group_external_member (string)"
+msgstr "ldap_group_member (cadena)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:948
+msgid ""
+"The LDAP attribute that references group members that are defined in an "
+"external domain. At the moment, only IPA's external members are supported."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:954
+msgid "Default: ipaExternalMember in the IPA provider, otherwise unset."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:961
msgid "ldap_group_nesting_level (integer)"
msgstr "ldap_group_nesting_level (enter)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:948
+#: sssd-ldap.5.xml:964
msgid ""
"If ldap_schema is set to a schema format that supports nested groups (e.g. "
"RFC2307bis), then this option controls how many levels of nesting SSSD will "
"follow. This option has no effect on the RFC2307 schema."
msgstr ""
-"Si ldap_schema s'estableix a un format d'esquema que suporta grups niats (p. "
-"ex. RFC2307bis), llavors aquest opció controla quants nivells de nidificació "
-"seguirà l'SSSD. Aquesta opció no té cap efecte sobre l'esquema RFC2307."
+"Si ldap_schema s'estableix a un format d'esquema que admeti els grups niats "
+"(p. ex. RFC2307bis), llavors aquesta opció controla quants nivells de "
+"nidificació seguirà l'SSSD. Aquesta opció no té cap efecte sobre l'esquema "
+"RFC2307."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:955
+#: sssd-ldap.5.xml:971
msgid ""
"Note: This option specifies the guaranteed level of nested groups to be "
"processed for any lookup. However, nested groups beyond this limit "
@@ -4201,26 +4611,27 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:964
+#: sssd-ldap.5.xml:980
msgid ""
"If ldap_group_nesting_level is set to 0 then no nested groups are processed "
-"at all. However, when connected to Active-Directory Server 2008 and later it "
-"is furthermore required to disable usage of Token-Groups by setting "
-"ldap_use_tokengroups to false."
+"at all. However, when connected to Active-Directory Server 2008 and later "
+"using <quote>id_provider=ad</quote> it is furthermore required to disable "
+"usage of Token-Groups by setting ldap_use_tokengroups to false in order to "
+"restrict group nesting."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:971
+#: sssd-ldap.5.xml:989
msgid "Default: 2"
msgstr "Per defecte: 2"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:977
+#: sssd-ldap.5.xml:995
msgid "ldap_groups_use_matching_rule_in_chain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:980
+#: sssd-ldap.5.xml:998
msgid ""
"This option tells SSSD to take advantage of an Active Directory-specific "
"feature which may speed up group lookup operations on deployments with "
@@ -4228,14 +4639,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:986
+#: sssd-ldap.5.xml:1004
msgid ""
"In most common cases, it is best to leave this option disabled. It generally "
"only provides a performance increase on very complex nestings."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:991 sssd-ldap.5.xml:1018
+#: sssd-ldap.5.xml:1009 sssd-ldap.5.xml:1036
msgid ""
"If this option is enabled, SSSD will use it if it detects that the server "
"supports it during initial connection. So \"True\" here essentially means "
@@ -4243,7 +4654,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:997 sssd-ldap.5.xml:1024
+#: sssd-ldap.5.xml:1015 sssd-ldap.5.xml:1042
msgid ""
"Note: This feature is currently known to work only with Active Directory "
"2008 R1 and later. See <ulink url=\"http://msdn.microsoft.com/en-us/library/"
@@ -4251,19 +4662,13 @@ msgid ""
"for more details."
msgstr ""
-#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1003 sssd-ldap.5.xml:1030 sssd-ldap.5.xml:1321
-#: sssd-ldap.5.xml:1342 sssd-ldap.5.xml:1848 include/ldap_id_mapping.xml:242
-msgid "Default: False"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1009
+#: sssd-ldap.5.xml:1027
msgid "ldap_initgroups_use_matching_rule_in_chain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1012
+#: sssd-ldap.5.xml:1030
msgid ""
"This option tells SSSD to take advantage of an Active Directory-specific "
"feature which might speed up initgroups operations (most notably when "
@@ -4271,169 +4676,169 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1039
+#: sssd-ldap.5.xml:1057
msgid ""
"This options enables or disables use of Token-Groups attribute when "
"performing initgroup for users from Active Directory Server 2008 and later."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1044
+#: sssd-ldap.5.xml:1062
msgid "Default: True for AD and IPA otherwise False."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1050
+#: sssd-ldap.5.xml:1068
msgid "ldap_netgroup_object_class (string)"
msgstr "ldap_netgroup_object_class (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1053
+#: sssd-ldap.5.xml:1071
msgid "The object class of a netgroup entry in LDAP."
msgstr "La classe d'objecte d'una entrada de netgroup a LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1056
+#: sssd-ldap.5.xml:1074
msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1060
+#: sssd-ldap.5.xml:1078
msgid "Default: nisNetgroup"
msgstr "Per defecte: nisNetgroup"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1066
+#: sssd-ldap.5.xml:1084
msgid "ldap_netgroup_name (string)"
msgstr "ldap_netgroup_name (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1069
+#: sssd-ldap.5.xml:1087
msgid "The LDAP attribute that corresponds to the netgroup name."
msgstr "L'atribut LDAP que es correspon amb el nom del netgroup."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1073
+#: sssd-ldap.5.xml:1091
msgid "In IPA provider, ipa_netgroup_name should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1083
+#: sssd-ldap.5.xml:1101
msgid "ldap_netgroup_member (string)"
msgstr "ldap_netgroup_member (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1086
+#: sssd-ldap.5.xml:1104
msgid "The LDAP attribute that contains the names of the netgroup's members."
msgstr "L'atribut LDAP que conté els noms dels membres del netgroup."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1090
+#: sssd-ldap.5.xml:1108
msgid "In IPA provider, ipa_netgroup_member should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1094
+#: sssd-ldap.5.xml:1112
msgid "Default: memberNisNetgroup"
msgstr "Per defecte: memberNisNetgroup"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1100
+#: sssd-ldap.5.xml:1118
msgid "ldap_netgroup_triple (string)"
msgstr "ldap_netgroup_triple (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1103
+#: sssd-ldap.5.xml:1121
msgid ""
"The LDAP attribute that contains the (host, user, domain) netgroup triples."
msgstr ""
"L'atribut LDAP que conté les tripletes netgroup (maquina, usuari, domini)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1107 sssd-ldap.5.xml:1123
+#: sssd-ldap.5.xml:1125 sssd-ldap.5.xml:1141
msgid "This option is not available in IPA provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1110
+#: sssd-ldap.5.xml:1128
msgid "Default: nisNetgroupTriple"
msgstr "Per defecte: nisNetgroupTriple"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1116
+#: sssd-ldap.5.xml:1134
msgid "ldap_netgroup_modify_timestamp (string)"
msgstr "ldap_netgroup_modify_timestamp (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1132
+#: sssd-ldap.5.xml:1150
msgid "ldap_service_object_class (string)"
-msgstr ""
+msgstr "ldap_service_object_class (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1135
+#: sssd-ldap.5.xml:1153
msgid "The object class of a service entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1138
+#: sssd-ldap.5.xml:1156
msgid "Default: ipService"
-msgstr ""
+msgstr "Per defecte: ipService"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1144
+#: sssd-ldap.5.xml:1162
msgid "ldap_service_name (string)"
-msgstr ""
+msgstr "ldap_service_name (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1147
+#: sssd-ldap.5.xml:1165
msgid ""
"The LDAP attribute that contains the name of service attributes and their "
"aliases."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1157
+#: sssd-ldap.5.xml:1175
msgid "ldap_service_port (string)"
-msgstr ""
+msgstr "ldap_service_port (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1160
+#: sssd-ldap.5.xml:1178
msgid "The LDAP attribute that contains the port managed by this service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1164
+#: sssd-ldap.5.xml:1182
msgid "Default: ipServicePort"
-msgstr ""
+msgstr "Per defecte: ipServicePort"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1170
+#: sssd-ldap.5.xml:1188
msgid "ldap_service_proto (string)"
-msgstr ""
+msgstr "ldap_service_proto (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1173
+#: sssd-ldap.5.xml:1191
msgid ""
"The LDAP attribute that contains the protocols understood by this service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1177
+#: sssd-ldap.5.xml:1195
msgid "Default: ipServiceProtocol"
-msgstr ""
+msgstr "Per defecte: ipServiceProtocol"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1183
+#: sssd-ldap.5.xml:1201
msgid "ldap_service_search_base (string)"
-msgstr ""
+msgstr "ldap_service_search_base (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1188
+#: sssd-ldap.5.xml:1206
msgid "ldap_search_timeout (integer)"
msgstr "ldap_search_timeout (enter)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1191
+#: sssd-ldap.5.xml:1209
msgid ""
"Specifies the timeout (in seconds) that ldap searches are allowed to run "
"before they are cancelled and cached results are returned (and offline mode "
@@ -4441,7 +4846,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1197
+#: sssd-ldap.5.xml:1215
msgid ""
"Note: this option is subject to change in future versions of the SSSD. It "
"will likely be replaced at some point by a series of timeouts for specific "
@@ -4449,12 +4854,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1209
+#: sssd-ldap.5.xml:1227
msgid "ldap_enumeration_search_timeout (integer)"
-msgstr ""
+msgstr "ldap_enumeration_search_timeout (enter)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1212
+#: sssd-ldap.5.xml:1230
msgid ""
"Specifies the timeout (in seconds) that ldap searches for user and group "
"enumerations are allowed to run before they are cancelled and cached results "
@@ -4462,12 +4867,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1225
+#: sssd-ldap.5.xml:1243
msgid "ldap_network_timeout (integer)"
msgstr "ldap_network_timeout (enter)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1228
+#: sssd-ldap.5.xml:1246
msgid ""
"Specifies the timeout (in seconds) after which the <citerefentry> "
"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
@@ -4484,12 +4889,12 @@ msgstr ""
"manvolnum></citerefentry> retorna en cas de cap activitat."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1251
+#: sssd-ldap.5.xml:1269
msgid "ldap_opt_timeout (integer)"
msgstr "ldap_opt_timeout (enter)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1254
+#: sssd-ldap.5.xml:1272
msgid ""
"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
"will abort if no response is received. Also controls the timeout when "
@@ -4498,12 +4903,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1269
+#: sssd-ldap.5.xml:1287
msgid "ldap_connection_expire_timeout (integer)"
-msgstr ""
+msgstr "ldap_connection_expire_timeout (enter)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1272
+#: sssd-ldap.5.xml:1290
msgid ""
"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
"maintained. After this time, the connection will be re-established. If used "
@@ -4512,34 +4917,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1280 sssd-ldap.5.xml:2349
+#: sssd-ldap.5.xml:1298 sssd-ldap.5.xml:2367
msgid "Default: 900 (15 minutes)"
-msgstr ""
+msgstr "Per defecte: 900 (15 minuts)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1286
+#: sssd-ldap.5.xml:1304
msgid "ldap_page_size (integer)"
-msgstr ""
+msgstr "ldap_page_size (enter)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1289
+#: sssd-ldap.5.xml:1307
msgid ""
"Specify the number of records to retrieve from LDAP in a single request. "
"Some LDAP servers enforce a maximum limit per-request."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1294
+#: sssd-ldap.5.xml:1312
msgid "Default: 1000"
-msgstr ""
+msgstr "Per defecte: 1000"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1300
+#: sssd-ldap.5.xml:1318
msgid "ldap_disable_paging (boolean)"
-msgstr ""
+msgstr "ldap_disable_paging (booleà)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1303
+#: sssd-ldap.5.xml:1321
msgid ""
"Disable the LDAP paging control. This option should be used if the LDAP "
"server reports that it supports the LDAP paging control in its RootDSE but "
@@ -4547,14 +4952,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1309
+#: sssd-ldap.5.xml:1327
msgid ""
"Example: OpenLDAP servers with the paging control module installed on the "
"server but not enabled will report it in the RootDSE but be unable to use it."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1315
+#: sssd-ldap.5.xml:1333
msgid ""
"Example: 389 DS has a bug where it can only support a one paging control at "
"a time on a single connection. On busy clients, this can result in some "
@@ -4562,17 +4967,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1327
+#: sssd-ldap.5.xml:1345
msgid "ldap_disable_range_retrieval (boolean)"
-msgstr ""
+msgstr "ldap_disable_range_retrieval (booleà)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1330
+#: sssd-ldap.5.xml:1348
msgid "Disable Active Directory range retrieval."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1333
+#: sssd-ldap.5.xml:1351
msgid ""
"Active Directory limits the number of members to be retrieved in a single "
"lookup using the MaxValRange policy (which defaults to 1500 members). If a "
@@ -4582,12 +4987,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1348
+#: sssd-ldap.5.xml:1366
msgid "ldap_sasl_minssf (integer)"
-msgstr ""
+msgstr "ldap_sasl_minssf (enter)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1351
+#: sssd-ldap.5.xml:1369
msgid ""
"When communicating with an LDAP server using SASL, specify the minimum "
"security level necessary to establish the connection. The values of this "
@@ -4595,17 +5000,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1357
+#: sssd-ldap.5.xml:1375
msgid "Default: Use the system default (usually specified by ldap.conf)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1364
+#: sssd-ldap.5.xml:1382
msgid "ldap_deref_threshold (integer)"
-msgstr ""
+msgstr "ldap_deref_threshold (enter)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1367
+#: sssd-ldap.5.xml:1385
msgid ""
"Specify the number of group members that must be missing from the internal "
"cache in order to trigger a dereference lookup. If less members are missing, "
@@ -4613,13 +5018,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1373
+#: sssd-ldap.5.xml:1391
msgid ""
"You can turn off dereference lookups completely by setting the value to 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1377
+#: sssd-ldap.5.xml:1395
msgid ""
"A dereference lookup is a means of fetching all group members in a single "
"LDAP call. Different LDAP servers may implement different dereference "
@@ -4628,7 +5033,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1385
+#: sssd-ldap.5.xml:1403
msgid ""
"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
"filter, then the dereference lookup performance enhancement will be disabled "
@@ -4636,12 +5041,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1398
+#: sssd-ldap.5.xml:1416
msgid "ldap_tls_reqcert (string)"
msgstr "ldap_tls_reqcert (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1401
+#: sssd-ldap.5.xml:1419
msgid ""
"Specifies what checks to perform on server certificates in a TLS session, if "
"any. It can be specified as one of the following values:"
@@ -4651,7 +5056,7 @@ msgstr ""
"valors següents:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1407
+#: sssd-ldap.5.xml:1425
msgid ""
"<emphasis>never</emphasis> = The client will not request or check any server "
"certificate."
@@ -4660,7 +5065,7 @@ msgstr ""
"certificat del servidor."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1411
+#: sssd-ldap.5.xml:1429
msgid ""
"<emphasis>allow</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -4672,7 +5077,7 @@ msgstr ""
"normalment."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1418
+#: sssd-ldap.5.xml:1436
msgid ""
"<emphasis>try</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -4683,7 +5088,7 @@ msgstr ""
"proporciona un certificat dolent, immediatament s'acaba la sessió."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1424
+#: sssd-ldap.5.xml:1442
msgid ""
"<emphasis>demand</emphasis> = The server certificate is requested. If no "
"certificate is provided, or a bad certificate is provided, the session is "
@@ -4694,22 +5099,22 @@ msgstr ""
"immediatament s'acaba la sessió."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1430
+#: sssd-ldap.5.xml:1448
msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
msgstr "<emphasis>hard</emphasis> = Igual que <quote>demand</quote>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1434
+#: sssd-ldap.5.xml:1452
msgid "Default: hard"
msgstr "Per defecte: hard"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1440
+#: sssd-ldap.5.xml:1458
msgid "ldap_tls_cacert (string)"
msgstr "ldap_tls_cacert (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1443
+#: sssd-ldap.5.xml:1461
msgid ""
"Specifies the file that contains certificates for all of the Certificate "
"Authorities that <command>sssd</command> will recognize."
@@ -4718,7 +5123,7 @@ msgstr ""
"Certificació que reconeixerà l'<command>sssd</command>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1448 sssd-ldap.5.xml:1466 sssd-ldap.5.xml:1507
+#: sssd-ldap.5.xml:1466 sssd-ldap.5.xml:1484 sssd-ldap.5.xml:1525
msgid ""
"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
"conf</filename>"
@@ -4727,12 +5132,12 @@ msgstr ""
"<filename>/etc/openldap/ldap.conf</filename>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1455
+#: sssd-ldap.5.xml:1473
msgid "ldap_tls_cacertdir (string)"
msgstr "ldap_tls_cacertdir (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1458
+#: sssd-ldap.5.xml:1476
msgid ""
"Specifies the path of a directory that contains Certificate Authority "
"certificates in separate individual files. Typically the file names need to "
@@ -4746,32 +5151,32 @@ msgstr ""
"correctes."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1473
+#: sssd-ldap.5.xml:1491
msgid "ldap_tls_cert (string)"
-msgstr ""
+msgstr "ldap_tls_cert (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1476
+#: sssd-ldap.5.xml:1494
msgid "Specifies the file that contains the certificate for the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1486
+#: sssd-ldap.5.xml:1504
msgid "ldap_tls_key (string)"
-msgstr ""
+msgstr "ldap_tls_key (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1489
+#: sssd-ldap.5.xml:1507
msgid "Specifies the file that contains the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1498
+#: sssd-ldap.5.xml:1516
msgid "ldap_tls_cipher_suite (string)"
-msgstr ""
+msgstr "ldap_tls_cipher_suite (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1501
+#: sssd-ldap.5.xml:1519
msgid ""
"Specifies acceptable cipher suites. Typically this is a colon separated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -4779,12 +5184,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1514
+#: sssd-ldap.5.xml:1532
msgid "ldap_id_use_start_tls (boolean)"
msgstr "ldap_id_use_start_tls (booleà)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1517
+#: sssd-ldap.5.xml:1535
msgid ""
"Specifies that the id_provider connection must also use <systemitem class="
"\"protocol\">tls</systemitem> to protect the channel."
@@ -4793,12 +5198,12 @@ msgstr ""
"class=\"protocol\">tls</systemitem> per a protegir el canal."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1527
+#: sssd-ldap.5.xml:1545
msgid "ldap_id_mapping (boolean)"
-msgstr ""
+msgstr "ldap_id_mapping (booleà)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1530
+#: sssd-ldap.5.xml:1548
msgid ""
"Specifies that SSSD should attempt to map user and group IDs from the "
"ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
@@ -4806,17 +5211,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1536
+#: sssd-ldap.5.xml:1554
msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1546
+#: sssd-ldap.5.xml:1564
msgid "ldap_min_id, ldap_max_id (interger)"
-msgstr ""
+msgstr "ldap_min_id, ldap_max_id (enter)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1549
+#: sssd-ldap.5.xml:1567
msgid ""
"In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
"set to true the allowed ID range for ldap_user_uid_number and "
@@ -4827,17 +5232,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1561
+#: sssd-ldap.5.xml:1579
msgid "Default: not set (both options are set to 0)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1567
+#: sssd-ldap.5.xml:1585
msgid "ldap_sasl_mech (string)"
msgstr "ldap_sasl_mech (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1570
+#: sssd-ldap.5.xml:1588
msgid ""
"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
"supported."
@@ -4846,12 +5251,12 @@ msgstr ""
"i suportat."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1580
+#: sssd-ldap.5.xml:1598
msgid "ldap_sasl_authid (string)"
msgstr "ldap_sasl_authid (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1583
+#: sssd-ldap.5.xml:1601
msgid ""
"Specify the SASL authorization id to use. When GSSAPI is used, this "
"represents the Kerberos principal used for authentication to the directory. "
@@ -4860,17 +5265,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1591
+#: sssd-ldap.5.xml:1609
msgid "Default: host/hostname@REALM"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1597
+#: sssd-ldap.5.xml:1615
msgid "ldap_sasl_realm (string)"
-msgstr ""
+msgstr "ldap_sasl_realm (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1600
+#: sssd-ldap.5.xml:1618
msgid ""
"Specify the SASL realm to use. When not specified, this option defaults to "
"the value of krb5_realm. If the ldap_sasl_authid contains the realm as "
@@ -4878,82 +5283,82 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1606
+#: sssd-ldap.5.xml:1624
msgid "Default: the value of krb5_realm."
-msgstr ""
+msgstr "Per defecte: el valor de krb5_realm."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1612
+#: sssd-ldap.5.xml:1630
msgid "ldap_sasl_canonicalize (boolean)"
-msgstr ""
+msgstr "ldap_sasl_canonicalize (booleà)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1615
+#: sssd-ldap.5.xml:1633
msgid ""
"If set to true, the LDAP library would perform a reverse lookup to "
"canonicalize the host name during a SASL bind."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1620
+#: sssd-ldap.5.xml:1638
msgid "Default: false;"
-msgstr ""
+msgstr "Per defecte: false;"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1626
+#: sssd-ldap.5.xml:1644
msgid "ldap_krb5_keytab (string)"
msgstr "ldap_krb5_keytab (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1629
+#: sssd-ldap.5.xml:1647
msgid "Specify the keytab to use when using SASL/GSSAPI."
msgstr "Especifica el fitxer keytab a utilitzar quan s'utilitza SASL/GSSAPI."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1632
+#: sssd-ldap.5.xml:1650
msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
msgstr ""
"Per defecte: Fitxer keytab de sistema, normalment <filename>/etc/krb5."
"keytab</filename>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1638
+#: sssd-ldap.5.xml:1656
msgid "ldap_krb5_init_creds (boolean)"
msgstr "ldap_krb5_init_creds (booleà)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1641
+#: sssd-ldap.5.xml:1659
msgid ""
"Specifies that the id_provider should init Kerberos credentials (TGT). This "
"action is performed only if SASL is used and the mechanism selected is "
"GSSAPI."
msgstr ""
-"Especifica que el id_provider hauria d'iniciar les credencials del Kerberos "
-"(TGT). Aquesta acció es realitza només si s'utilitza SASL i el mecanisme "
+"Especifica que id_provider ha d'iniciar les credencials del Kerberos (TGT). "
+"Aquesta acció únicament es realitza si s'utilitza SASL i el mecanisme "
"seleccionat és GSSAPI."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1653
+#: sssd-ldap.5.xml:1671
msgid "ldap_krb5_ticket_lifetime (integer)"
msgstr "ldap_krb5_ticket_lifetime (enter)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1656
+#: sssd-ldap.5.xml:1674
msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr "Especifica el temps de vida en segons de la TGT si s'utilitza GSSAPI."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1660 sssd-ad.5.xml:783
+#: sssd-ldap.5.xml:1678 sssd-ad.5.xml:859
msgid "Default: 86400 (24 hours)"
msgstr "Per defecte: 86400 (24 hores)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1666 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1684 sssd-krb5.5.xml:74
msgid "krb5_server, krb5_backup_server (string)"
-msgstr ""
+msgstr "krb5_server, krb5_backup_server (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1669
+#: sssd-ldap.5.xml:1687
msgid ""
"Specifies the comma-separated list of IP addresses or hostnames of the "
"Kerberos servers to which SSSD should connect in the order of preference. "
@@ -4965,64 +5370,64 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1681 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1699 sssd-krb5.5.xml:89
msgid ""
"When using service discovery for KDC or kpasswd servers, SSSD first searches "
"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
"none are found."
msgstr ""
-"En utilitzar el servei de descobriment per a servidors KDC o kpasswd, l'SSSD "
-"primer cerca les entrades DNS que especifiquen _udp com el protocol i "
+"Quan s'utilitza el servei de descobriment per als servidors KDC o kpasswd, "
+"l'SSSD primer cerca les entrades DNS que especifiquen _udp com el protocol i "
"retorna a _tcp si no se'n troba cap."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1686 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1704 sssd-krb5.5.xml:94
msgid ""
"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
"While the legacy name is recognized for the time being, users are advised to "
"migrate their config files to use <quote>krb5_server</quote> instead."
msgstr ""
"Aquesta opció s'anomenava <quote>krb5_kdcip</quote> en les primeres versions "
-"d'SSSD. Mentre que el nom antic és reconegut de moment, s'aconsella als "
-"usuaris que migrain els seus fitxers de configuració per utilitzar "
+"de l'SSSD. Mentre que el nom antic és reconegut de moment, s'aconsella als "
+"usuaris que migrin els seus fitxers de configuració per utilitzar "
"<quote>krb5_server</quote>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1695 sssd-ipa.5.xml:415 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1713 sssd-ipa.5.xml:415 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr "krb5_realm (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1698
+#: sssd-ldap.5.xml:1716
msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
-msgstr "Especifica l'àmbit KERBEROS (per a autenticació SASL/GSSAPI)."
+msgstr "Especifica l'àmbit KERBEROS (per a l'autenticació SASL/GSSAPI)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1701
+#: sssd-ldap.5.xml:1719
msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
msgstr ""
"Per defecte: Paràmetres predeterminats del sistema, vegeu <filename>/etc/"
"krb5.conf</filename>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1707 sssd-ipa.5.xml:430 sssd-krb5.5.xml:462
+#: sssd-ldap.5.xml:1725 sssd-ipa.5.xml:430 sssd-krb5.5.xml:462
msgid "krb5_canonicalize (boolean)"
-msgstr ""
+msgstr "krb5_canonicalize (booleà)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1710
+#: sssd-ldap.5.xml:1728
msgid ""
"Specifies if the host principal should be canonicalized when connecting to "
"LDAP server. This feature is available with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1722 sssd-krb5.5.xml:477
+#: sssd-ldap.5.xml:1740 sssd-krb5.5.xml:477
msgid "krb5_use_kdcinfo (boolean)"
-msgstr ""
+msgstr "krb5_use_kdcinfo (booleà)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1725 sssd-krb5.5.xml:480
+#: sssd-ldap.5.xml:1743 sssd-krb5.5.xml:480
msgid ""
"Specifies if the SSSD should instruct the Kerberos libraries what realm and "
"which KDCs to use. This option is on by default, if you disable it, you need "
@@ -5032,7 +5437,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1736 sssd-krb5.5.xml:491
+#: sssd-ldap.5.xml:1754 sssd-krb5.5.xml:491
msgid ""
"See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
@@ -5040,12 +5445,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1750
+#: sssd-ldap.5.xml:1768
msgid "ldap_pwd_policy (string)"
msgstr "ldap_pwd_policy (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1753
+#: sssd-ldap.5.xml:1771
msgid ""
"Select the policy to evaluate the password expiration on the client side. "
"The following values are allowed:"
@@ -5054,7 +5459,7 @@ msgstr ""
"costat del client. S'admeten els valors següents:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1758
+#: sssd-ldap.5.xml:1776
msgid ""
"<emphasis>none</emphasis> - No evaluation on the client side. This option "
"cannot disable server-side password policies."
@@ -5063,7 +5468,7 @@ msgstr ""
"opció no inhabilita les polítiques de contrasenya de servidor."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1763
+#: sssd-ldap.5.xml:1781
msgid ""
"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -5071,7 +5476,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1769
+#: sssd-ldap.5.xml:1787
msgid ""
"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
"to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -5083,34 +5488,34 @@ msgstr ""
"contrasenya."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1778
+#: sssd-ldap.5.xml:1796
msgid ""
"<emphasis>Note</emphasis>: if a password policy is configured on server "
"side, it always takes precedence over policy set with this option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1786
+#: sssd-ldap.5.xml:1804
msgid "ldap_referrals (boolean)"
msgstr "ldap_referrals (booleà)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1789
+#: sssd-ldap.5.xml:1807
msgid "Specifies whether automatic referral chasing should be enabled."
msgstr ""
"Especifica si el seguiment automàtic del referenciador s'hauria d'habilitar."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1793
+#: sssd-ldap.5.xml:1811
msgid ""
"Please note that sssd only supports referral chasing when it is compiled "
"with OpenLDAP version 2.4.13 or higher."
msgstr ""
-"Si us plau fixi's que l'sssd només suporta el seguiment del referenciador "
-"quan és compilat amb la versió d'OpenLDAP 2.4.13 o superior."
+"Tingueu en compte que l'sssd només admet l'encadenament de les referències "
+"quan es compila amb la versió 2.4.13 o superiors d'OpenLDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1798
+#: sssd-ldap.5.xml:1816
msgid ""
"Chasing referrals may incur a performance penalty in environments that use "
"them heavily, a notable example is Microsoft Active Directory. If your setup "
@@ -5119,61 +5524,62 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1812
+#: sssd-ldap.5.xml:1830
msgid "ldap_dns_service_name (string)"
msgstr "ldap_dns_service_name (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1815
+#: sssd-ldap.5.xml:1833
msgid "Specifies the service name to use when service discovery is enabled."
msgstr ""
"Especifica el nom de servei per utilitzar quan està habilitada la detecció "
"de serveis."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1819
+#: sssd-ldap.5.xml:1837
msgid "Default: ldap"
msgstr "Per defecte: ldap"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1825
+#: sssd-ldap.5.xml:1843
msgid "ldap_chpass_dns_service_name (string)"
msgstr "ldap_chpass_dns_service_name (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1828
+#: sssd-ldap.5.xml:1846
msgid ""
"Specifies the service name to use to find an LDAP server which allows "
"password changes when service discovery is enabled."
msgstr ""
-"Especifica el nom de servei a utilitzar per trobar un servidor LDAP que "
-"permet canvis de contrasenya quan està habilitada la detecció de serveis."
+"Especifica el nom del servei a utilitzar per trobar un servidor LDAP que "
+"permeti els canvis de contrasenyes quan estigui habilitat el descobriment "
+"dels serveis."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1833
+#: sssd-ldap.5.xml:1851
msgid "Default: not set, i.e. service discovery is disabled"
msgstr ""
"Defecte: no definit, és a dir, el descobriment de serveis està inhabilitat"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1839
+#: sssd-ldap.5.xml:1857
msgid "ldap_chpass_update_last_change (bool)"
-msgstr ""
+msgstr "ldap_chpass_update_last_change (booleà)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1842
+#: sssd-ldap.5.xml:1860
msgid ""
"Specifies whether to update the ldap_user_shadow_last_change attribute with "
"days since the Epoch after a password change operation."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1854
+#: sssd-ldap.5.xml:1872
msgid "ldap_access_filter (string)"
msgstr "ldap_access_filter (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1857
+#: sssd-ldap.5.xml:1875
msgid ""
"If using access_provider = ldap and ldap_access_order = filter (default), "
"this option is mandatory. It specifies an LDAP search filter criteria that "
@@ -5189,12 +5595,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1877
+#: sssd-ldap.5.xml:1895
msgid "Example:"
msgstr "Exemple:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1880
+#: sssd-ldap.5.xml:1898
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -5203,37 +5609,38 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1884
+#: sssd-ldap.5.xml:1902
msgid ""
"This example means that access to this host is restricted to users whose "
"employeeType attribute is set to \"admin\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1889
+#: sssd-ldap.5.xml:1907
msgid ""
"Offline caching for this feature is limited to determining whether the "
"user's last online login was granted access permission. If they were granted "
"access during their last login, they will continue to be granted access "
"while offline and vice-versa."
msgstr ""
-"La memòria cau fora de línia per a aquesta característica es limita a "
-"determinar si el darrer inici de sessió d'usuari va concedir permís d'accés. "
-"Si es var concedir accés durant el seu últim inici de sessió, es continuarà "
-"concedint accés en estar fora de línia i viceversa."
+"La memòria auxiliar sense connexió per a aquesta característica es limita a "
+"determinar si el darrer inici de sessió de l'usuari amb connexió es va "
+"concedir el permís d'accés. Si es va concedir l'accés durant el seu últim "
+"inici de sessió, es continuarà concedint l'accés mentre s'estigui "
+"desconnectat i viceversa."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1897 sssd-ldap.5.xml:1954
+#: sssd-ldap.5.xml:1915 sssd-ldap.5.xml:1972
msgid "Default: Empty"
msgstr "Per defecte: Buit"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1903
+#: sssd-ldap.5.xml:1921
msgid "ldap_account_expire_policy (string)"
msgstr "ldap_account_expire_policy (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1906
+#: sssd-ldap.5.xml:1924
msgid ""
"With this option a client side evaluation of access control attributes can "
"be enabled."
@@ -5242,7 +5649,7 @@ msgstr ""
"d'atributs de control d'accés."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1910
+#: sssd-ldap.5.xml:1928
msgid ""
"Please note that it is always recommended to use server side access control, "
"i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -5254,12 +5661,12 @@ msgstr ""
"contrasenya és correcta."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1917
+#: sssd-ldap.5.xml:1935
msgid "The following values are allowed:"
msgstr "S'admeten els valors següents:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1920
+#: sssd-ldap.5.xml:1938
msgid ""
"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
"determine if the account is expired."
@@ -5268,7 +5675,7 @@ msgstr ""
"determinar si el compte ha caducat."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1925
+#: sssd-ldap.5.xml:1943
msgid ""
"<emphasis>ad</emphasis>: use the value of the 32bit field "
"ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -5277,7 +5684,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1932
+#: sssd-ldap.5.xml:1950
msgid ""
"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
"emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -5285,7 +5692,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1938
+#: sssd-ldap.5.xml:1956
msgid ""
"<emphasis>nds</emphasis>: the values of "
"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -5294,7 +5701,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1947
+#: sssd-ldap.5.xml:1965
msgid ""
"Please note that the ldap_access_order configuration option <emphasis>must</"
"emphasis> include <quote>expire</quote> in order for the "
@@ -5302,24 +5709,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1960
+#: sssd-ldap.5.xml:1978
msgid "ldap_access_order (string)"
msgstr "ldap_access_order (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1963
+#: sssd-ldap.5.xml:1981
msgid "Comma separated list of access control options. Allowed values are:"
msgstr ""
-"Llista separada per comes d'opcions de control d'accés. Els valors permesos "
+"Llista separada per comes d'opcions de control d'accés. Els valors permesos "
"són:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1967
+#: sssd-ldap.5.xml:1985
msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
msgstr "<emphasis>filter</emphasis>: utilitza ldap_access_filter"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1970
+#: sssd-ldap.5.xml:1988
msgid ""
"<emphasis>lockout</emphasis>: use account locking. If set, this option "
"denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -5329,14 +5736,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1980
+#: sssd-ldap.5.xml:1998
msgid ""
"<emphasis> Please note that this option is superseded by the <quote>ppolicy</"
"quote> option and might be removed in a future release. </emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1987
+#: sssd-ldap.5.xml:2005
msgid ""
"<emphasis>ppolicy</emphasis>: use account locking. If set, this option "
"denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -5349,12 +5756,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2004
+#: sssd-ldap.5.xml:2022
msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
msgstr "<emphasis>expire</emphasis>: utilitza ldap_account_expire_policy"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2008
+#: sssd-ldap.5.xml:2026
msgid ""
"<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, "
"pwd_expire_policy_renew: </emphasis> These options are useful if users are "
@@ -5364,7 +5771,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2018
+#: sssd-ldap.5.xml:2036
msgid ""
"The difference between these options is the action taken if user password is "
"expired: pwd_expire_policy_reject - user is denied to log in, "
@@ -5374,20 +5781,20 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2026
+#: sssd-ldap.5.xml:2044
msgid ""
"Note If user password is expired no explicit message is prompted by SSSD."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2030
+#: sssd-ldap.5.xml:2048
msgid ""
"Please note that 'access_provider = ldap' must be set for this feature to "
"work. Also 'ldap_pwd_policy' must be set to an appropriate password policy."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2035
+#: sssd-ldap.5.xml:2053
msgid ""
"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
"to determine access"
@@ -5396,17 +5803,17 @@ msgstr ""
"authorizedService per determinar l'accés"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2040
+#: sssd-ldap.5.xml:2058
msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2044
+#: sssd-ldap.5.xml:2062
msgid "Default: filter"
msgstr "Per defecte: filter"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2047
+#: sssd-ldap.5.xml:2065
msgid ""
"Please note that it is a configuration error if a value is used more than "
"once."
@@ -5415,12 +5822,12 @@ msgstr ""
"s'utilitza més d'una vegada."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2054
+#: sssd-ldap.5.xml:2072
msgid "ldap_pwdlockout_dn (string)"
-msgstr ""
+msgstr "ldap_pwdlockout_dn (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2057
+#: sssd-ldap.5.xml:2075
msgid ""
"This option specifies the DN of password policy entry on LDAP server. Please "
"note that absence of this option in sssd.conf in case of enabled account "
@@ -5429,37 +5836,37 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2065
+#: sssd-ldap.5.xml:2083
msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com"
-msgstr ""
+msgstr "Exemple: cn=ppolicy,ou=policies,dc=exemple,dc=com"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2068
+#: sssd-ldap.5.xml:2086
msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base"
-msgstr ""
+msgstr "Per defecte: cn=ppolicy,ou=policies,$ldap_search_base"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2074
+#: sssd-ldap.5.xml:2092
msgid "ldap_deref (string)"
msgstr "ldap_deref (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2077
+#: sssd-ldap.5.xml:2095
msgid ""
"Specifies how alias dereferencing is done when performing a search. The "
"following options are allowed:"
msgstr ""
-"Especifica com la eliminació de referències d'àlies es fa en realitzar una "
-"cerca. S'admeten les opcions següents:"
+"Especifica com es realitza l'eliminació de les referències dels àlies quan "
+"es fa una cerca. S'admeten les opcions següents:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2082
+#: sssd-ldap.5.xml:2100
msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
msgstr ""
"<emphasis>never</emphasis>: les referències dels àlies mai són eliminades."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2086
+#: sssd-ldap.5.xml:2104
msgid ""
"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
"the base object, but not in locating the base object of the search."
@@ -5469,7 +5876,7 @@ msgstr ""
"de la cerca."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2091
+#: sssd-ldap.5.xml:2109
msgid ""
"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
"the base object of the search."
@@ -5478,7 +5885,7 @@ msgstr ""
"només en localitzar l'objecte base de la cerca."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2096
+#: sssd-ldap.5.xml:2114
msgid ""
"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
"in locating the base object of the search."
@@ -5487,7 +5894,7 @@ msgstr ""
"en la recerca i en la localització de l'objecte base de la cerca."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2101
+#: sssd-ldap.5.xml:2119
msgid ""
"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
"client libraries)"
@@ -5496,19 +5903,19 @@ msgstr ""
"biblioteques de client LDAP)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2109
+#: sssd-ldap.5.xml:2127
msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
-msgstr ""
+msgstr "ldap_rfc2307_fallback_to_local_users (booleà)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2112
+#: sssd-ldap.5.xml:2130
msgid ""
"Allows to retain local users as members of an LDAP group for servers that "
"use the RFC2307 schema."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2116
+#: sssd-ldap.5.xml:2134
msgid ""
"In some environments where the RFC2307 schema is used, local users are made "
"members of LDAP groups by adding their names to the memberUid attribute. "
@@ -5519,7 +5926,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2127
+#: sssd-ldap.5.xml:2145
msgid ""
"This option falls back to checking if local users are referenced, and caches "
"them so that later initgroups() calls will augment the local users with the "
@@ -5527,26 +5934,26 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2139 sssd-ifp.5.xml:136
+#: sssd-ldap.5.xml:2157 sssd-ifp.5.xml:136
#, fuzzy
#| msgid "ldap_opt_timeout (integer)"
msgid "wildcart_limit (integer)"
msgstr "ldap_opt_timeout (enter)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2142
+#: sssd-ldap.5.xml:2160
msgid ""
"Specifies an upper limit on the number of entries that are downloaded during "
"a wildcard lookup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2146
+#: sssd-ldap.5.xml:2164
msgid "At the moment, only the InfoPipe responder supports wildcard lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2150
+#: sssd-ldap.5.xml:2168
msgid "Default: 1000 (often the size of one page)"
msgstr ""
@@ -5567,12 +5974,12 @@ msgstr ""
"\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2160
+#: sssd-ldap.5.xml:2178
msgid "SUDO OPTIONS"
-msgstr ""
+msgstr "OPCIONS DE SUDO"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2162
+#: sssd-ldap.5.xml:2180
msgid ""
"The detailed instructions for configuration of sudo_provider are in the "
"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -5580,208 +5987,208 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2173
+#: sssd-ldap.5.xml:2191
msgid "ldap_sudorule_object_class (string)"
-msgstr ""
+msgstr "ldap_sudorule_object_class (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2176
+#: sssd-ldap.5.xml:2194
msgid "The object class of a sudo rule entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2179
+#: sssd-ldap.5.xml:2197
msgid "Default: sudoRole"
-msgstr ""
+msgstr "Per defecte: sudoRole"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2185
+#: sssd-ldap.5.xml:2203
msgid "ldap_sudorule_name (string)"
-msgstr ""
+msgstr "ldap_sudorule_name (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2188
+#: sssd-ldap.5.xml:2206
msgid "The LDAP attribute that corresponds to the sudo rule name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2198
+#: sssd-ldap.5.xml:2216
msgid "ldap_sudorule_command (string)"
-msgstr ""
+msgstr "ldap_sudorule_command (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2201
+#: sssd-ldap.5.xml:2219
msgid "The LDAP attribute that corresponds to the command name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2205
+#: sssd-ldap.5.xml:2223
msgid "Default: sudoCommand"
-msgstr ""
+msgstr "Per defecte: sudoCommand"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2211
+#: sssd-ldap.5.xml:2229
msgid "ldap_sudorule_host (string)"
-msgstr ""
+msgstr "ldap_sudorule_host (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2214
+#: sssd-ldap.5.xml:2232
msgid ""
"The LDAP attribute that corresponds to the host name (or host IP address, "
"host IP network, or host netgroup)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2219
+#: sssd-ldap.5.xml:2237
msgid "Default: sudoHost"
-msgstr ""
+msgstr "Per defecte: sudoHost"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2225
+#: sssd-ldap.5.xml:2243
msgid "ldap_sudorule_user (string)"
-msgstr ""
+msgstr "ldap_sudorule_user (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2228
+#: sssd-ldap.5.xml:2246
msgid ""
"The LDAP attribute that corresponds to the user name (or UID, group name or "
"user's netgroup)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2232
+#: sssd-ldap.5.xml:2250
msgid "Default: sudoUser"
-msgstr ""
+msgstr "Per defecte: sudoUser"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2238
+#: sssd-ldap.5.xml:2256
msgid "ldap_sudorule_option (string)"
-msgstr ""
+msgstr "ldap_sudorule_option (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2241
+#: sssd-ldap.5.xml:2259
msgid "The LDAP attribute that corresponds to the sudo options."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2245
+#: sssd-ldap.5.xml:2263
msgid "Default: sudoOption"
-msgstr ""
+msgstr "Per defecte: sudoOption"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2251
+#: sssd-ldap.5.xml:2269
msgid "ldap_sudorule_runasuser (string)"
-msgstr ""
+msgstr "ldap_sudorule_runasuser (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2254
+#: sssd-ldap.5.xml:2272
msgid ""
"The LDAP attribute that corresponds to the user name that commands may be "
"run as."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2258
+#: sssd-ldap.5.xml:2276
msgid "Default: sudoRunAsUser"
-msgstr ""
+msgstr "Per defecte: sudoRunAsUser"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2264
+#: sssd-ldap.5.xml:2282
msgid "ldap_sudorule_runasgroup (string)"
-msgstr ""
+msgstr "ldap_sudorule_runasgroup (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2267
+#: sssd-ldap.5.xml:2285
msgid ""
"The LDAP attribute that corresponds to the group name or group GID that "
"commands may be run as."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2271
+#: sssd-ldap.5.xml:2289
msgid "Default: sudoRunAsGroup"
-msgstr ""
+msgstr "Per defecte: sudoRunAsGroup"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2277
+#: sssd-ldap.5.xml:2295
msgid "ldap_sudorule_notbefore (string)"
-msgstr ""
+msgstr "ldap_sudorule_notbefore (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2280
+#: sssd-ldap.5.xml:2298
msgid ""
"The LDAP attribute that corresponds to the start date/time for when the sudo "
"rule is valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2284
+#: sssd-ldap.5.xml:2302
msgid "Default: sudoNotBefore"
-msgstr ""
+msgstr "Per defecte: sudoNotBefore"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2290
+#: sssd-ldap.5.xml:2308
msgid "ldap_sudorule_notafter (string)"
-msgstr ""
+msgstr "ldap_sudorule_notafter (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2293
+#: sssd-ldap.5.xml:2311
msgid ""
"The LDAP attribute that corresponds to the expiration date/time, after which "
"the sudo rule will no longer be valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2298
+#: sssd-ldap.5.xml:2316
msgid "Default: sudoNotAfter"
-msgstr ""
+msgstr "Per defecte: sudoNotAfter"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2304
+#: sssd-ldap.5.xml:2322
msgid "ldap_sudorule_order (string)"
-msgstr ""
+msgstr "ldap_sudorule_order (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2307
+#: sssd-ldap.5.xml:2325
msgid "The LDAP attribute that corresponds to the ordering index of the rule."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2311
+#: sssd-ldap.5.xml:2329
msgid "Default: sudoOrder"
-msgstr ""
+msgstr "Per defecte: sudoOrder"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2317
+#: sssd-ldap.5.xml:2335
msgid "ldap_sudo_full_refresh_interval (integer)"
-msgstr ""
+msgstr "ldap_sudo_full_refresh_interval (enter)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2320
+#: sssd-ldap.5.xml:2338
msgid ""
"How many seconds SSSD will wait between executing a full refresh of sudo "
"rules (which downloads all rules that are stored on the server)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2325
+#: sssd-ldap.5.xml:2343
msgid ""
"The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
"emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2330
+#: sssd-ldap.5.xml:2348
msgid "Default: 21600 (6 hours)"
-msgstr ""
+msgstr "Per defecte: 21600 (6 hores)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2336
+#: sssd-ldap.5.xml:2354
msgid "ldap_sudo_smart_refresh_interval (integer)"
-msgstr ""
+msgstr "ldap_sudo_smart_refresh_interval (enter)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2339
+#: sssd-ldap.5.xml:2357
msgid ""
"How many seconds SSSD has to wait before executing a smart refresh of sudo "
"rules (which downloads all rules that have USN higher than the highest USN "
@@ -5789,101 +6196,101 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2345
+#: sssd-ldap.5.xml:2363
msgid ""
"If USN attributes are not supported by the server, the modifyTimestamp "
"attribute is used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2355
+#: sssd-ldap.5.xml:2373
msgid "ldap_sudo_use_host_filter (boolean)"
-msgstr ""
+msgstr "ldap_sudo_use_host_filter (booleà)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2358
+#: sssd-ldap.5.xml:2376
msgid ""
"If true, SSSD will download only rules that are applicable to this machine "
"(using the IPv4 or IPv6 host/network addresses and hostnames)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2369
+#: sssd-ldap.5.xml:2387
msgid "ldap_sudo_hostnames (string)"
-msgstr ""
+msgstr "ldap_sudo_hostnames (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2372
+#: sssd-ldap.5.xml:2390
msgid ""
"Space separated list of hostnames or fully qualified domain names that "
"should be used to filter the rules."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2377
+#: sssd-ldap.5.xml:2395
msgid ""
"If this option is empty, SSSD will try to discover the hostname and the "
"fully qualified domain name automatically."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2382 sssd-ldap.5.xml:2405 sssd-ldap.5.xml:2423
-#: sssd-ldap.5.xml:2441
+#: sssd-ldap.5.xml:2400 sssd-ldap.5.xml:2423 sssd-ldap.5.xml:2441
+#: sssd-ldap.5.xml:2459
msgid ""
"If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
"emphasis> then this option has no effect."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2387 sssd-ldap.5.xml:2410
+#: sssd-ldap.5.xml:2405 sssd-ldap.5.xml:2428
msgid "Default: not specified"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2393
+#: sssd-ldap.5.xml:2411
msgid "ldap_sudo_ip (string)"
-msgstr ""
+msgstr "ldap_sudo_ip (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2396
+#: sssd-ldap.5.xml:2414
msgid ""
"Space separated list of IPv4 or IPv6 host/network addresses that should be "
"used to filter the rules."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2401
+#: sssd-ldap.5.xml:2419
msgid ""
"If this option is empty, SSSD will try to discover the addresses "
"automatically."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2416
+#: sssd-ldap.5.xml:2434
msgid "ldap_sudo_include_netgroups (boolean)"
-msgstr ""
+msgstr "ldap_sudo_include_netgroups (booleà)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2419
+#: sssd-ldap.5.xml:2437
msgid ""
"If true then SSSD will download every rule that contains a netgroup in "
"sudoHost attribute."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2434
+#: sssd-ldap.5.xml:2452
msgid "ldap_sudo_include_regexp (boolean)"
-msgstr ""
+msgstr "ldap_sudo_include_regexp (booleà)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2437
+#: sssd-ldap.5.xml:2455
msgid ""
"If true then SSSD will download every rule that contains a wildcard in "
"sudoHost attribute."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2453
+#: sssd-ldap.5.xml:2471
msgid ""
"This manual page only describes attribute name mapping. For detailed "
"explanation of sudo related attribute semantics, see <citerefentry> "
@@ -5892,114 +6299,114 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2463
+#: sssd-ldap.5.xml:2481
msgid "AUTOFS OPTIONS"
-msgstr ""
+msgstr "OPCIONS D'AUTOFS"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2465
+#: sssd-ldap.5.xml:2483
msgid ""
"Some of the defaults for the parameters below are dependent on the LDAP "
"schema."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2471
+#: sssd-ldap.5.xml:2489
msgid "ldap_autofs_map_master_name (string)"
-msgstr ""
+msgstr "ldap_autofs_map_master_name (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2474
+#: sssd-ldap.5.xml:2492
msgid "The name of the automount master map in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2477
+#: sssd-ldap.5.xml:2495
msgid "Default: auto.master"
-msgstr ""
+msgstr "Per defecte: auto.master"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2484
+#: sssd-ldap.5.xml:2502
msgid "ldap_autofs_map_object_class (string)"
-msgstr ""
+msgstr "ldap_autofs_map_object_class (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2487
+#: sssd-ldap.5.xml:2505
msgid "The object class of an automount map entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2490
+#: sssd-ldap.5.xml:2508
msgid "Default: automountMap"
-msgstr ""
+msgstr "Per defecte: automountMap"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2497
+#: sssd-ldap.5.xml:2515
msgid "ldap_autofs_map_name (string)"
-msgstr ""
+msgstr "ldap_autofs_map_name (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2500
+#: sssd-ldap.5.xml:2518
msgid "The name of an automount map entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2503
+#: sssd-ldap.5.xml:2521
#, fuzzy
#| msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
msgid "Default: ou (rfc2307), automountMapName (rfc2307bis, ipa, ad)"
msgstr "Per defecte: memberuid (rfc2307) / member (rfc2307bis)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2511
+#: sssd-ldap.5.xml:2529
msgid "ldap_autofs_entry_object_class (string)"
-msgstr ""
+msgstr "ldap_autofs_entry_object_class (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2514
+#: sssd-ldap.5.xml:2532
msgid ""
"The object class of an automount entry in LDAP. The entry usually "
"corresponds to a mount point."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2519
+#: sssd-ldap.5.xml:2537
#, fuzzy
-#| msgid "Default: root"
+#| msgid "Default: automountMap"
msgid "Default: automount"
-msgstr "Per defecte: root"
+msgstr "Per defecte: automountMap"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2526
+#: sssd-ldap.5.xml:2544
msgid "ldap_autofs_entry_key (string)"
-msgstr ""
+msgstr "ldap_autofs_entry_key (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2529 sssd-ldap.5.xml:2544
+#: sssd-ldap.5.xml:2547 sssd-ldap.5.xml:2562
msgid ""
"The key of an automount entry in LDAP. The entry usually corresponds to a "
"mount point."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2533
+#: sssd-ldap.5.xml:2551
#, fuzzy
#| msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
msgid "Default: cn (rfc2307), automountKey (rfc2307bis, ipa, ad)"
msgstr "Per defecte: memberuid (rfc2307) / member (rfc2307bis)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2541
+#: sssd-ldap.5.xml:2559
msgid "ldap_autofs_entry_value (string)"
-msgstr ""
+msgstr "ldap_autofs_entry_value (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2548
+#: sssd-ldap.5.xml:2566
msgid "Default: automountInformation"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2469
+#: sssd-ldap.5.xml:2487
msgid ""
"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
@@ -6008,32 +6415,32 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2558
+#: sssd-ldap.5.xml:2576
msgid "ADVANCED OPTIONS"
msgstr "OPCIONS AVANÇADES"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2565
+#: sssd-ldap.5.xml:2583
msgid "ldap_netgroup_search_base (string)"
msgstr "ldap_netgroup_search_base (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2570
+#: sssd-ldap.5.xml:2588
msgid "ldap_user_search_base (string)"
msgstr "ldap_user_search_base (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2575
+#: sssd-ldap.5.xml:2593
msgid "ldap_group_search_base (string)"
msgstr "ldap_group_search_base (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><note>
-#: sssd-ldap.5.xml:2580
+#: sssd-ldap.5.xml:2598
msgid "<note>"
-msgstr ""
+msgstr "<note>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para>
-#: sssd-ldap.5.xml:2582
+#: sssd-ldap.5.xml:2600
msgid ""
"If the option <quote>ldap_use_tokengroups</quote> is enabled. The searches "
"against Active Directory will not be restricted and return all groups "
@@ -6042,22 +6449,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist>
-#: sssd-ldap.5.xml:2589
+#: sssd-ldap.5.xml:2607
msgid "</note>"
-msgstr ""
+msgstr "</note>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2591
+#: sssd-ldap.5.xml:2609
msgid "ldap_sudo_search_base (string)"
-msgstr ""
+msgstr "ldap_sudo_search_base (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2596
+#: sssd-ldap.5.xml:2614
msgid "ldap_autofs_search_base (string)"
-msgstr ""
+msgstr "ldap_autofs_search_base (cadena)"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2560
+#: sssd-ldap.5.xml:2578
msgid ""
"These options are supported by LDAP domains, but they should be used with "
"caution. Please include them in your configuration only if you know what you "
@@ -6066,7 +6473,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2613
+#: sssd-ldap.5.xml:2631
msgid ""
"The following example assumes that SSSD is correctly configured and LDAP is "
"set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -6077,7 +6484,7 @@ msgstr ""
"replaceable>."
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2619
+#: sssd-ldap.5.xml:2637
#, no-wrap
msgid ""
"[domain/LDAP]\n"
@@ -6090,26 +6497,26 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: sssd-ldap.5.xml:2618 sssd-ldap.5.xml:2636 sssd-simple.5.xml:139
-#: sssd-ipa.5.xml:725 sssd-ad.5.xml:897 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98
+#: sssd-ldap.5.xml:2636 sssd-ldap.5.xml:2654 sssd-simple.5.xml:139
+#: sssd-ipa.5.xml:725 sssd-ad.5.xml:973 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98
#: sssd-krb5.5.xml:573 include/ldap_id_mapping.xml:105
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr "<placeholder type=\"programlisting\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2630
+#: sssd-ldap.5.xml:2648
msgid "LDAP ACCESS FILTER EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2632
+#: sssd-ldap.5.xml:2650
msgid ""
"The following example assumes that SSSD is correctly configured and to use "
"the ldap_access_order=lockout."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2637
+#: sssd-ldap.5.xml:2655
#, no-wrap
msgid ""
"[domain/LDAP]\n"
@@ -6125,13 +6532,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2652 sssd_krb5_locator_plugin.8.xml:61
-#: sssd-simple.5.xml:148 sssd-ad.5.xml:912 sssd.8.xml:195 sss_seed.8.xml:163
+#: sssd-ldap.5.xml:2670 sssd_krb5_locator_plugin.8.xml:61
+#: sssd-simple.5.xml:148 sssd-ad.5.xml:988 sssd.8.xml:195 sss_seed.8.xml:163
msgid "NOTES"
msgstr "NOTES"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2654
+#: sssd-ldap.5.xml:2672
msgid ""
"The descriptions of some of the configuration options in this manual page "
"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -6141,7 +6548,7 @@ msgstr ""
"Les descripcions d'algunes de les opcions de configuració en aquesta pàgina "
"del manual es basen en la pàgina del manual <citerefentry>de "
"<refentrytitle>ldap.conf</refentrytitle> <manvolnum>5</manvolnum></"
-"citerefentry> de la distribució de OpenLDAP 2.4."
+"citerefentry> de la distribució d'OpenLDAP 2.4."
#. type: Content of: <refentryinfo>
#: pam_sss.8.xml:8 include/upstream.xml:2
@@ -6149,8 +6556,8 @@ msgid ""
"<productname>SSSD</productname> <orgname>The SSSD upstream - http://"
"fedorahosted.org/sssd</orgname>"
msgstr ""
-"<productname>SSSD</productname> <orgname>La font de l'SSSD - http://"
-"fedorahosted.org/sssd</orgname>"
+"<productname>SSSD</productname> <orgname>La línia de desenvolupament "
+"principal de l'SSSD - http://fedorahosted.org/sssd</orgname>"
#. type: Content of: <reference><refentry><refnamediv><refname>
#: pam_sss.8.xml:13 pam_sss.8.xml:18
@@ -6164,6 +6571,17 @@ msgstr "Mòdul de PAM per SSSD"
#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
#: pam_sss.8.xml:24
+#, fuzzy
+#| msgid ""
+#| "<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</"
+#| "replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</"
+#| "replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</"
+#| "replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</"
+#| "replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> "
+#| "</arg> <arg choice='opt'> <replaceable>ignore_unknown_user</replaceable> "
+#| "</arg> <arg choice='opt'> <replaceable>ignore_authinfo_unavail</"
+#| "replaceable> </arg> <arg choice='opt'> <replaceable>domains=X</"
+#| "replaceable> </arg>"
msgid ""
"<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</"
"replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</"
@@ -6172,90 +6590,99 @@ msgid ""
"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </"
"arg> <arg choice='opt'> <replaceable>ignore_unknown_user</replaceable> </"
"arg> <arg choice='opt'> <replaceable>ignore_authinfo_unavail</replaceable> </"
-"arg> <arg choice='opt'> <replaceable>domains=X</replaceable> </arg>"
+"arg> <arg choice='opt'> <replaceable>domains=X</replaceable> </arg> <arg "
+"choice='opt'> <replaceable>allow_missing_name</replaceable> </arg>"
msgstr ""
+"<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</"
+"replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</"
+"replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</"
+"replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</"
+"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </"
+"arg> <arg choice='opt'> <replaceable>ignore_unknown_user</replaceable> </"
+"arg> <arg choice='opt'> <replaceable>ignore_authinfo_unavail</replaceable> </"
+"arg> <arg choice='opt'> <replaceable>domains=X</replaceable> </arg>"
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:54
+#: pam_sss.8.xml:57
msgid ""
"<command>pam_sss.so</command> is the PAM interface to the System Security "
"Services daemon (SSSD). Errors and results are logged through "
"<command>syslog(3)</command> with the LOG_AUTHPRIV facility."
msgstr ""
-"<command>pam_sss.so</command> és la interfície PAM pel System Security "
-"Services daemon (SSSD). Els errors i els resultats es registren a través de "
+"<command>pam_sss.so</command> és la interfície PAM a l'SSSD (System Security "
+"Services daemon). Els errors i els resultats es registren a través de "
"<command>syslog(3)</command> amb el canal LOG_AUTHPRIV."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:64
+#: pam_sss.8.xml:67
msgid "<option>quiet</option>"
-msgstr ""
+msgstr "<option>quiet</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:67
+#: pam_sss.8.xml:70
msgid "Suppress log messages for unknown users."
-msgstr ""
+msgstr "Suprimeix el registre dels missatges per als usuaris desconeguts."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:72
+#: pam_sss.8.xml:75
msgid "<option>forward_pass</option>"
msgstr "<option>forward_pass</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:75
+#: pam_sss.8.xml:78
msgid ""
"If <option>forward_pass</option> is set the entered password is put on the "
"stack for other PAM modules to use."
msgstr ""
-"Si s'estableix <option>forward_pass</option> contrasenya introduïda és posa "
-"a la pila per tal que altres mòduls PAM l'utilitzin."
+"Si s'estableix <option>forward_pass</option>, la contrasenya que "
+"s'introdueix es posa a la pila perquè els altres mòduls del PAM l'utilitzin."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:82
+#: pam_sss.8.xml:85
msgid "<option>use_first_pass</option>"
msgstr "<option>use_first_pass</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:85
+#: pam_sss.8.xml:88
msgid ""
"The argument use_first_pass forces the module to use a previous stacked "
"modules password and will never prompt the user - if no password is "
"available or the password is not appropriate, the user will be denied access."
msgstr ""
-"L'argument use_first_pass força al mòdul a utilitzar una contrasenya apliada "
-"als mòduls anteriors i mai demanarà l'usuari - si no hi ha cap contrasenya o "
-"la contrasenya no és correcte, se li negarà l'accés a l'usuari."
+"L'argument use_first_pass obliga al mòdul que utilitzi una contrasenya "
+"apilada anteriorment dels mòduls i mai ho demanarà l'usuari - si no hi ha "
+"cap contrasenya o no és correcta, es denegarà l'accés a l'usuari."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:93
+#: pam_sss.8.xml:96
msgid "<option>use_authtok</option>"
msgstr "<option>use_authtok</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:96
+#: pam_sss.8.xml:99
msgid ""
"When password changing enforce the module to set the new password to the one "
"provided by a previously stacked password module."
msgstr ""
-"Quan el canvi de contrasenya força al mòdul a establir la contrasenya nova a "
+"Quan el canvi de contrasenya força al mòdul a establir la nova contrasenya a "
"la proporcionada per un mòdul de contrasenya prèviament apilat."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:103
+#: pam_sss.8.xml:106
msgid "<option>retry=N</option>"
msgstr "<option>retry=N</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:106
+#: pam_sss.8.xml:109
msgid ""
"If specified the user is asked another N times for a password if "
"authentication fails. Default is 0."
msgstr ""
-"Si s'especifica l'usuari serà demanat N vegades més per una contrasenya en "
-"cas de fallar l'autenticació. Per defecte és 0."
+"Si s'especifica, en cas de fallar l'autenticació a l'usuari se li demanarà N "
+"vegades més una contrasenya. Per defecte és 0."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:108
+#: pam_sss.8.xml:111
msgid ""
"Please note that this option might not work as expected if the application "
"calling PAM handles the user dialog on its own. A typical example is "
@@ -6267,44 +6694,52 @@ msgstr ""
"<option>PasswordAuthentication</option>."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:117
+#: pam_sss.8.xml:120
msgid "<option>ignore_unknown_user</option>"
-msgstr ""
+msgstr "<option>ignore_unknown_user</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:120
+#: pam_sss.8.xml:123
msgid ""
"If this option is specified and the user does not exist, the PAM module will "
"return PAM_IGNORE. This causes the PAM framework to ignore this module."
msgstr ""
+"Si s'especifica aquesta opció i no existeix l'usuari, el mòdul PAM retornarà "
+"PAM_IGNORE. Això provoca que el marc de treball del PAM ignori aquest mòdul."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:127
+#: pam_sss.8.xml:130
msgid "<option>ignore_authinfo_unavail</option>"
-msgstr ""
+msgstr "<option>ignore_authinfo_unavail</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:131
+#: pam_sss.8.xml:134
msgid ""
"Specifies that the PAM module should return PAM_IGNORE if it cannot contact "
"the SSSD daemon. This causes the PAM framework to ignore this module."
msgstr ""
+"Especifica que el mòdul PAM ha de retornar PAM_IGNORE si no pot contactar "
+"amb el domini SSSD. Això provoca que el marc de treball del PAM ignori "
+"aquest mòdul."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:138
+#: pam_sss.8.xml:141
msgid "<option>domains</option>"
-msgstr ""
+msgstr "<option>domains</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:142
+#: pam_sss.8.xml:145
msgid ""
"Allows the administrator to restrict the domains a particular PAM service is "
"allowed to authenticate against. The format is a comma-separated list of "
"SSSD domain names, as specified in the sssd.conf file."
msgstr ""
+"Permet a l'administrador que restringeixi els dominis que un servei PAM "
+"concret pot autentificar-s'hi. El format és una llista separada per comes "
+"dels noms dels dominis SSSD, com s'especifica al fitxer sssd.conf."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:148
+#: pam_sss.8.xml:151
msgid ""
"NOTE: Must be used in conjunction with the <quote>pam_trusted_users</quote> "
"and <quote>pam_public_domains</quote> options. Please see the "
@@ -6312,40 +6747,78 @@ msgid ""
"manvolnum> </citerefentry> manual page for more information on these two PAM "
"responder options."
msgstr ""
+"NOTA: Ha d'utilitzar-se juntament amb les opcions <quote>pam_trusted_users</"
+"quote> i <quote>pam_public_domains</quote>. Si us plau, vegeu la pàgina del "
+"manual de <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry> per a més informació sobre aquestes "
+"dues opcions del contestador del PAM."
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:165
+#, fuzzy
+#| msgid "<option>domains</option>"
+msgid "<option>allow_missing_name</option>"
+msgstr "<option>domains</option>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:169
+msgid ""
+"The main purpose of this option is to let SSSD determine the user name based "
+"on additional information, e.g. the certificate from a Smartcard."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
+#: pam_sss.8.xml:179
+#, no-wrap
+msgid ""
+" auth sufficient pam_sss.so allow_missing_name\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:174
+msgid ""
+"The current use case are login managers which can monitor a Smartcard reader "
+"for card events. In case a Smartcard is inserted the login manager will call "
+"a PAM stack which includes a line like <placeholder type=\"programlisting\" "
+"id=\"0\"/> In this case SSSD will try to determine the user name based on "
+"the content of the Smartcard, returns it to pam_sss which will finally put "
+"it on the PAM stack."
+msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:164
+#: pam_sss.8.xml:191
msgid "MODULE TYPES PROVIDED"
-msgstr "MÒDUL TIPUS PROPORCIONATS"
+msgstr "TIPUS DE MÒDULS PROPORCIONATS"
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:165
+#: pam_sss.8.xml:192
msgid ""
"All module types (<option>account</option>, <option>auth</option>, "
"<option>password</option> and <option>session</option>) are provided."
msgstr ""
-"S'ofereixen tots els tipus de mòdul (<option>compte</option>, <option>auth</"
-"option>, <option>contrasenya</option> i <option>sessió</option>)."
+"Es proporcionen tots els tipus de mòduls (<option>account</option>, "
+"<option>auth</option>, <option>password</option> i <option>session</option>)."
#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:171
+#: pam_sss.8.xml:198
msgid "FILES"
msgstr "FITXERS"
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:172
+#: pam_sss.8.xml:199
msgid ""
"If a password reset by root fails, because the corresponding SSSD provider "
"does not support password resets, an individual message can be displayed. "
"This message can e.g. contain instructions about how to reset a password."
msgstr ""
-"Si una contrasenya reinicialitzada per root falla, degut a que el proveïdor "
-"SSSD corresponent no suporta reinicialitzar contrasenyes, es pot mostrar un "
-"missatge concret. Aquest missatge pot contenir, per exemple, instruccions "
-"sobre com restaurar una contrasenya."
+"Si falla el restabliment d'una contrasenya per root, perquè el proveïdor "
+"SSSD corresponent no admet el restabliment de les contrasenyes, es pot "
+"mostrar un missatge concret. Aquest missatge per exemple pot contenir les "
+"instruccions sobre com es restableix una contrasenya."
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:177
+#: pam_sss.8.xml:204
msgid ""
"The message is read from the file <filename>pam_sss_pw_reset_message.LOC</"
"filename> where LOC stands for a locale string returned by <citerefentry> "
@@ -6355,17 +6828,25 @@ msgid ""
"the owner of the files and only root may have read and write permissions "
"while all other users must have only read permissions."
msgstr ""
+"El missatge es llegeix del fitxer <filename>pam_sss_pw_reset_message.LOC</"
+"filename> on LOC representa una cadena de la configuració regional retornada "
+"amb <citerefentry> <refentrytitle>setlocale</refentrytitle><manvolnum>3</"
+"manvolnum> </citerefentry>. Si no hi ha cap coincidència, es mostra el "
+"contingut del fitxer <filename>pam_sss_pw_reset_message.txt</filename>. El "
+"propietari dels fitxers ha de ser root i tan sols root ha de tenir els "
+"permisos de lectura i escriptura, mentre que tots els altres usuaris "
+"únicament han de tenir els permisos de lectura."
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:187
+#: pam_sss.8.xml:214
msgid ""
"These files are searched in the directory <filename>/etc/sssd/customize/"
"DOMAIN_NAME/</filename>. If no matching file is present a generic message is "
"displayed."
msgstr ""
-"Aquests fitxers són buscat al directori <filename>/etc/sssd/customize/"
-"NOM_DE_DOMINI/</filename>. Si no es troba cap fitxer coincident es mostrarà "
-"un missatge genèric."
+"Aquests fitxers se cerquen al directori <filename>/etc/sssd/customize/"
+"NOM_DOMINI/</filename>. Si no hi ha present cap fitxer que hi coincideixi, "
+"es mostrarà un missatge genèric."
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sssd_krb5_locator_plugin.8.xml:10 sssd_krb5_locator_plugin.8.xml:15
@@ -6411,10 +6892,10 @@ msgid ""
"<command>sssd_krb5_locator_plugin</command> is not available on your system "
"you have to edit /etc/krb5.conf to reflect your Kerberos setup."
msgstr ""
-"No totes les implementacions Kerberos suporten l'ús d'afegitons. Si "
-"<command>sssd_krb5_locator_plugin</command> no està disponible al seu "
-"sistema heu d'editar /etc/krb5.conf per reflectir la seva configuració de "
-"Kerberos."
+"No totes les implementacions del Kerberos admeten l'ús de connectors. Si "
+"<command>sssd_krb5_locator_plugin</command> no estigués disponible al vostre "
+"sistema, heu d'editar /etc/krb5.conf per reflectir la vostra configuració "
+"del Kerberos."
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd_krb5_locator_plugin.8.xml:69
@@ -6432,7 +6913,8 @@ msgstr "sssd-simple"
#: sssd-simple.5.xml:17
msgid "the configuration file for SSSD's 'simple' access-control provider"
msgstr ""
-"el fitxer de configuració per al proveïdor 'simple' de control d'accés d'SSSD"
+"el fitxer de configuració per al proveïdor de control d'accés 'simple' de "
+"l'SSSD"
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-simple.5.xml:24
@@ -6444,12 +6926,12 @@ msgid ""
"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
"citerefentry> manual page."
msgstr ""
-"Aquesta pàgina del manual descriu la configuració del proveïdor senzill de "
-"control d'accés per <citerefentry> <refentrytitle>sssd</refentrytitle> "
-"<manvolnum>8</manvolnum></citerefentry>. Per una referència detallada de la "
-"sintaxi, aneu a la secció de <quote>FORMAT DE FITXER</quote> de la pàgina "
-"del manual <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
-"<manvolnum>5</manvolnum> </citerefentry>."
+"En aquesta pàgina del manual es descriu la configuració del proveïdor de "
+"control d'accés simple per a <citerefentry> <refentrytitle>sssd</"
+"refentrytitle> <manvolnum>8</manvolnum></citerefentry>. Per a una "
+"referència detallada de la sintaxi, aneu a la secció <quote>FORMAT DEL "
+"FITXER</quote> de la pàgina del manual <citerefentry> <refentrytitle>sssd."
+"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-simple.5.xml:38
@@ -6457,13 +6939,14 @@ msgid ""
"The simple access provider grants or denies access based on an access or "
"deny list of user or group names. The following rules apply:"
msgstr ""
-"El proveïdor d'accés simple accepta o nega l'accés basat en una llista "
-"d'accés o denegació de noms d'usuari grups. S'apliquen les regles següents:"
+"El proveïdor d'accés simple concedeix o denega l'accés basat en una llista "
+"d'accés o denegació dels noms dels usuaris o dels noms dels grups. "
+"S'apliquen les regles següents:"
#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
#: sssd-simple.5.xml:43
msgid "If all lists are empty, access is granted"
-msgstr "Si totes les llistes estan buides, s'accepta l'accés"
+msgstr "Si totes les llistes estan buides, es concedeix l'accés"
#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
#: sssd-simple.5.xml:47
@@ -6471,9 +6954,9 @@ msgid ""
"If any list is provided, the order of evaluation is allow,deny. This means "
"that any matching deny rule will supersede any matched allow rule."
msgstr ""
-"Si es proporciona alguna llista, l'ordre d'avaluació és accpetar, denegar. "
-"Això significa que qualsevol regla de denegació explícita substituirà "
-"qualsevol regla d'accés."
+"Si es proporciona alguna llista, l'ordre d'avaluació és permissió, "
+"denegació. Això vol dir que qualsevol coincidència amb la regla de denegació "
+"reemplaçarà qualsevol coincidència amb la regla de permissió."
#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
#: sssd-simple.5.xml:54
@@ -6481,8 +6964,8 @@ msgid ""
"If either or both \"allow\" lists are provided, all users are denied unless "
"they appear in the list."
msgstr ""
-"Si es proporcionen una o ambdues llistes d'acceptació tots els usuaris són "
-"denegats excepte els que apareixen a la llista."
+"Si es proporcionen una o ambdues llistes de \"permissió\", tots els usuaris "
+"són denegats excepte els que apareixen a la llista."
#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
#: sssd-simple.5.xml:60
@@ -6490,8 +6973,8 @@ msgid ""
"If only \"deny\" lists are provided, all users are granted access unless "
"they appear in the list."
msgstr ""
-"Si només es proporcionen llistes de \"denegació\" tots els usuaris tenen "
-"accés excepte els que apareixen a la llista."
+"Si només es proporcionen llistes de \"denegació\", es concedeix l'accés a "
+"tots els usuaris excepte els que apareixen a la llista."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-simple.5.xml:78
@@ -6501,7 +6984,8 @@ msgstr "simple_allow_users (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-simple.5.xml:81
msgid "Comma separated list of users who are allowed to log in."
-msgstr "Llista separada per comes d'usuaris amb permís per iniciar sessió."
+msgstr ""
+"Llista separada per comes dels usuaris a qui se'ls permet iniciar la sessió."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-simple.5.xml:88
@@ -6512,8 +6996,8 @@ msgstr "simple_deny_users (cadena)"
#: sssd-simple.5.xml:91
msgid "Comma separated list of users who are explicitly denied access."
msgstr ""
-"Llista separada per comes d'usuaris amb denegació explícita per iniciar "
-"sessió."
+"Llista separada per comes dels usuaris a qui se'ls denega explícitament "
+"l'accés."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-simple.5.xml:97
@@ -6526,8 +7010,9 @@ msgid ""
"Comma separated list of groups that are allowed to log in. This applies only "
"to groups within this SSSD domain. Local groups are not evaluated."
msgstr ""
-"Llista separada per comes de grups que se'ls permet l'entrada. Això s'aplica "
-"només a grups d'aquest domini SSSD. No s'avaluen els grups locals."
+"Llista separada per comes dels grups a qui se'ls permet iniciar la sessió. "
+"Això s'aplica únicament als grups dins d'aquest domini SSSD. No s'avaluen "
+"els grups locals."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-simple.5.xml:108
@@ -6541,22 +7026,22 @@ msgid ""
"applies only to groups within this SSSD domain. Local groups are not "
"evaluated."
msgstr ""
-"Llista separada per comes de grups que tenen l'accés explícitament denegat. "
-"Això s'aplica només a grups d'aquest domini SSSD. No s'avaluen els grups "
-"locals."
+"Llista separada per comes dels grups a qui se'ls denega explícitament "
+"l'accés. Això s'aplica únicament als grups dins d'aquest domini SSSD. No "
+"s'avaluen els grups locals."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:89
+#: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:90
msgid ""
"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
"citerefentry> manual page for details on the configuration of an SSSD "
"domain. <placeholder type=\"variablelist\" id=\"0\"/>"
msgstr ""
-"Consulteu la secció <quote>SECCIONS DE DOMINI</quote> de la pàgina del "
-"manual <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
-"manvolnum> </citerefentry> per a més informació sobre la configuració d'un "
-"domini SSSD. <placeholder type=\"variablelist\" id=\"0\"/>"
+"Per a més informació sobre la configuració d'un domini SSSD, consulteu la "
+"secció <quote>SECCIONS DELS DOMINIS</quote> de la pàgina del manual "
+"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry>. <placeholder type=\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-simple.5.xml:120
@@ -6582,10 +7067,10 @@ msgid ""
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
"This examples shows only the simple access provider-specific options."
msgstr ""
-"L'exemple següent pressuposa que l'SSSD està configurat correctament i "
-"example.com és un dels dominis de la secció <replaceable>[sssd]</"
-"replaceable>. Aquest exemple mostra només les opcions d'accés simple "
-"específiques del proveïdor."
+"En el següent exemple s'assumeix que l'SSD està configurat correctament i "
+"que exemple.com és un dels dominis de la secció <replaceable>[sssd]</"
+"replaceable>. En aquest exemple es mostren únicament les opcions "
+"específiques del proveïdor d'accés simple."
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
#: sssd-simple.5.xml:140
@@ -6595,6 +7080,9 @@ msgid ""
"access_provider = simple\n"
"simple_allow_users = user1, user2\n"
msgstr ""
+"[domini/exemple.com]\n"
+"access_provider = simple\n"
+"simple_allow_users = usuari1, usuari2\n"
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-simple.5.xml:150
@@ -6606,6 +7094,13 @@ msgid ""
"<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </"
"citerefentry>) option."
msgstr ""
+"La jerarquia completa de la pertinença a un grup es resol abans de la "
+"comprovació de l'accés, de manera que fins i tot els grups imbricats es "
+"poden incloure a les llistes d'accés. Si us plau, tingueu cura que l'opció "
+"<quote>ldap_group_nesting_level</quote> pot influir amb els resultats i s'ha "
+"d'establir amb un valor suficient. L'opció (<citerefentry> "
+"<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </"
+"citerefentry>)."
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sssd-ipa.5.xml:10 sssd-ipa.5.xml:16
@@ -6615,7 +7110,7 @@ msgstr "sssd-ipa"
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
#: sssd-ipa.5.xml:17
msgid "SSSD IPA provider"
-msgstr ""
+msgstr "Proveïdor d'IPA de l'SSSD"
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ipa.5.xml:23
@@ -6626,10 +7121,10 @@ msgid ""
"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</"
"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page."
msgstr ""
-"Aquesta pàgina del manual descriu la configuració del proveïdor IPA per "
-"<citerefentry><refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum></"
-"citerefentry>. Per una referència detallada sintaxi, aneu a la secció de "
-"<quote>FORMAT DE FITXER</quote> de la pàgina del manual "
+"En aquesta pàgina del manual es descriu la configuració del proveïdor IPA "
+"per a <citerefentry><refentrytitle>sssd</refentrytitle> <manvolnum>8</"
+"manvolnum></citerefentry>. Per una referència detallada sintaxi, aneu a la "
+"secció de <quote>FORMAT DE FITXER</quote> de la pàgina del manual "
"<citerefentry>d'<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
"manvolnum></citerefentry>."
@@ -6641,11 +7136,11 @@ msgid ""
"requires that the machine be joined to the IPA domain; configuration is "
"almost entirely self-discovered and obtained directly from the server."
msgstr ""
-"El proveïdor d'IPA és un back-end utilitzat per connectar a un servidor "
-"d'IPA. (Consuleteu el lloc web freeipa.org per obtenir informació sobre "
-"servidors IPA). Aquest proveïdor requereix afegir la màquina al domini "
-"d'IPA; la configuració s'auto-detecta gairebé totalment i s'obté directament "
-"des del servidor."
+"El proveïdor d'IPA és un programari especialitzat que s'utilitza per "
+"connectar a un servidor IPA. (Consulteu el lloc web freeipa.org per obtenir "
+"informació sobre els servidors IPA). Aquest proveïdor requereix que "
+"s'afegeixi la màquina al domini d'IPA; la configuració s'autodescobreix "
+"gairebé totalment i s'obté directament del servidor."
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ipa.5.xml:43
@@ -6686,13 +7181,13 @@ msgid ""
"Specifies the name of the IPA domain. This is optional. If not provided, "
"the configuration domain name is used."
msgstr ""
-"Especifica el nom del domini IPA. Això és opcional. Si no s'especifica "
+"Especifica el nom del domini IPA. És opcional. Si no se n'especifica cap, "
"s'utilitza el nom de domini de la configuració."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ipa.5.xml:89
msgid "ipa_server, ipa_backup_server (string)"
-msgstr ""
+msgstr "ipa_server, ipa_backup_server (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:92
@@ -6707,7 +7202,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ipa.5.xml:105
msgid "ipa_hostname (string)"
-msgstr "ipa_hostname (cadeba)"
+msgstr "ipa_hostname (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:108
@@ -6719,22 +7214,22 @@ msgstr ""
"complet utilitzat en el domini d'IPA per identificar aquest amfitrió."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:116 sssd-ad.5.xml:714
+#: sssd-ipa.5.xml:116 sssd-ad.5.xml:790
msgid "dyndns_update (boolean)"
-msgstr ""
+msgstr "dyndns_update (booleà)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:119
msgid ""
"Optional. This option tells SSSD to automatically update the DNS server "
-"built into FreeIPA v2 with the IP address of this client. The update is "
-"secured using GSS-TSIG. The IP address of the IPA LDAP connection is used "
-"for the updates, if it is not otherwise specified by using the "
-"<quote>dyndns_iface</quote> option."
+"built into FreeIPA with the IP address of this client. The update is secured "
+"using GSS-TSIG. The IP address of the IPA LDAP connection is used for the "
+"updates, if it is not otherwise specified by using the <quote>dyndns_iface</"
+"quote> option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:128 sssd-ad.5.xml:728
+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:804
msgid ""
"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
"the default Kerberos realm must be set properly in /etc/krb5.conf"
@@ -6749,12 +7244,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:145 sssd-ad.5.xml:739
+#: sssd-ipa.5.xml:145 sssd-ad.5.xml:815
msgid "dyndns_ttl (integer)"
-msgstr ""
+msgstr "dyndns_ttl (enter)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:148 sssd-ad.5.xml:742
+#: sssd-ipa.5.xml:148 sssd-ad.5.xml:818
msgid ""
"The TTL to apply to the client DNS record when updating it. If "
"dyndns_update is false this has no effect. This will override the TTL "
@@ -6775,12 +7270,12 @@ msgid "Default: 1200 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:165 sssd-ad.5.xml:753
+#: sssd-ipa.5.xml:165 sssd-ad.5.xml:829
msgid "dyndns_iface (string)"
-msgstr ""
+msgstr "dyndns_iface (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168 sssd-ad.5.xml:756
+#: sssd-ipa.5.xml:168 sssd-ad.5.xml:832
msgid ""
"Optional. Applicable only when dyndns_update is true. Choose the interface "
"or a list of interfaces whose IP addresses should be used for dynamic DNS "
@@ -6806,17 +7301,17 @@ msgid ""
msgstr "Per defecte: Utilitzar l'adreça IP de la connexió LDAP d'IPA"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:185 sssd-ad.5.xml:767
+#: sssd-ipa.5.xml:185 sssd-ad.5.xml:843
msgid "Example: dyndns_iface = em1, vnet1, vnet2"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ipa.5.xml:191
msgid "ipa_enable_dns_sites (boolean)"
-msgstr ""
+msgstr "ipa_enable_dns_sites (booleà)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:194 sssd-ad.5.xml:152
+#: sssd-ipa.5.xml:194 sssd-ad.5.xml:160
msgid "Enables DNS sites - location based service discovery."
msgstr ""
@@ -6833,12 +7328,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:217 sssd-ad.5.xml:773
+#: sssd-ipa.5.xml:217 sssd-ad.5.xml:849
msgid "dyndns_refresh_interval (integer)"
-msgstr ""
+msgstr "dyndns_refresh_interval (enter)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:220 sssd-ad.5.xml:776
+#: sssd-ipa.5.xml:220 sssd-ad.5.xml:852
msgid ""
"How often should the back end perform periodic DNS update in addition to the "
"automatic update performed when the back end goes online. This option is "
@@ -6846,12 +7341,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:233 sssd-ad.5.xml:789
+#: sssd-ipa.5.xml:233 sssd-ad.5.xml:865
msgid "dyndns_update_ptr (bool)"
-msgstr ""
+msgstr "dyndns_update_ptr (booleà)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:236 sssd-ad.5.xml:792
+#: sssd-ipa.5.xml:236 sssd-ad.5.xml:868
msgid ""
"Whether the PTR record should also be explicitly updated when updating the "
"client's DNS records. Applicable only when dyndns_update is true."
@@ -6867,62 +7362,62 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:247
msgid "Default: False (disabled)"
-msgstr ""
+msgstr "Per defecte: False (inhabilitat)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:253 sssd-ad.5.xml:803
+#: sssd-ipa.5.xml:253 sssd-ad.5.xml:879
msgid "dyndns_force_tcp (bool)"
-msgstr ""
+msgstr "dyndns_force_tcp (booleà)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:256 sssd-ad.5.xml:806
+#: sssd-ipa.5.xml:256 sssd-ad.5.xml:882
msgid ""
"Whether the nsupdate utility should default to using TCP for communicating "
"with the DNS server."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:260 sssd-ad.5.xml:810
+#: sssd-ipa.5.xml:260 sssd-ad.5.xml:886
msgid "Default: False (let nsupdate choose the protocol)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:266 sssd-ad.5.xml:816
+#: sssd-ipa.5.xml:266 sssd-ad.5.xml:892
#, fuzzy
-#| msgid "ldap_dns_service_name (string)"
+#| msgid "dyndns_iface (string)"
msgid "dyndns_server (string)"
-msgstr "ldap_dns_service_name (cadena)"
+msgstr "dyndns_iface (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:269 sssd-ad.5.xml:819
+#: sssd-ipa.5.xml:269 sssd-ad.5.xml:895
msgid ""
"The DNS server to use when performing a DNS update. In most setups, it's "
"recommended to leave this option unset."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:274 sssd-ad.5.xml:824
+#: sssd-ipa.5.xml:274 sssd-ad.5.xml:900
msgid ""
"Setting this option makes sense for environments where the DNS server is "
"different from the identity server."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:279 sssd-ad.5.xml:829
+#: sssd-ipa.5.xml:279 sssd-ad.5.xml:905
msgid ""
"Please note that this option will be only used in fallback attempt when "
"previous attempt using autodetected settings failed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:284 sssd-ad.5.xml:834
+#: sssd-ipa.5.xml:284 sssd-ad.5.xml:910
msgid "Default: None (let nsupdate choose the server)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ipa.5.xml:290
msgid "ipa_hbac_search_base (string)"
-msgstr ""
+msgstr "ipa_hbac_search_base (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:293
@@ -6932,12 +7427,12 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:297
msgid "Default: Use base DN"
-msgstr ""
+msgstr "Per defecte: Utilitza el DN base"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ipa.5.xml:303
msgid "ipa_host_search_base (string)"
-msgstr ""
+msgstr "ipa_host_search_base (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:306
@@ -6960,7 +7455,7 @@ msgstr "Per defecte: el valor de <emphasis>ldap_search_base</emphasis>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ipa.5.xml:322
msgid "ipa_selinux_search_base (string)"
-msgstr ""
+msgstr "ipa_selinux_search_base (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:325
@@ -6970,7 +7465,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ipa.5.xml:341
msgid "ipa_subdomains_search_base (string)"
-msgstr ""
+msgstr "ipa_subdomains_search_base (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:344
@@ -6985,7 +7480,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ipa.5.xml:360
msgid "ipa_master_domain_search_base (string)"
-msgstr ""
+msgstr "ipa_master_domain_search_base (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:363
@@ -7000,7 +7495,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ipa.5.xml:379
msgid "ipa_views_search_base (string)"
-msgstr ""
+msgstr "ipa_views_search_base (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:382
@@ -7027,7 +7522,7 @@ msgstr ""
"suplantada."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:408 sssd-ad.5.xml:855
+#: sssd-ipa.5.xml:408 sssd-ad.5.xml:931
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
@@ -7060,7 +7555,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ipa.5.xml:446 sssd-krb5.5.xml:416
msgid "krb5_use_fast (string)"
-msgstr ""
+msgstr "krb5_use_fast (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:449 sssd-krb5.5.xml:419
@@ -7092,7 +7587,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:468
msgid "Default: try"
-msgstr ""
+msgstr "Per defecte: try"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:471 sssd-krb5.5.xml:444
@@ -7103,26 +7598,26 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:480 sssd-ad.5.xml:862
+#: sssd-ipa.5.xml:480 sssd-ad.5.xml:938
msgid "krb5_confd_path (string)"
-msgstr ""
+msgstr "krb5_confd_path (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:483 sssd-ad.5.xml:865
+#: sssd-ipa.5.xml:483 sssd-ad.5.xml:941
msgid ""
"Absolute path of a directory where SSSD should place Kerberos configuration "
"snippets."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:487 sssd-ad.5.xml:869
+#: sssd-ipa.5.xml:487 sssd-ad.5.xml:945
msgid ""
"To disable the creation of the configuration snippets set the parameter to "
"'none'."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:491 sssd-ad.5.xml:873
+#: sssd-ipa.5.xml:491 sssd-ad.5.xml:949
msgid ""
"Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
msgstr ""
@@ -7130,7 +7625,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ipa.5.xml:498
msgid "ipa_hbac_refresh (integer)"
-msgstr ""
+msgstr "ipa_hbac_refresh (enter)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:501
@@ -7141,14 +7636,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:508 sssd-ipa.5.xml:524 sssd-ad.5.xml:347
+#: sssd-ipa.5.xml:508 sssd-ipa.5.xml:524 sssd-ad.5.xml:355
msgid "Default: 5 (seconds)"
-msgstr ""
+msgstr "Per defecte: 5 (segons)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ipa.5.xml:514
msgid "ipa_hbac_selinux (integer)"
-msgstr ""
+msgstr "ipa_hbac_selinux (enter)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:517
@@ -7161,7 +7656,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ipa.5.xml:530
msgid "ipa_server_mode (boolean)"
-msgstr ""
+msgstr "ipa_server_mode (booleà)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:533
@@ -7178,7 +7673,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ipa.5.xml:548
msgid "ipa_automount_location (string)"
-msgstr ""
+msgstr "ipa_automount_location (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:551
@@ -7198,7 +7693,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sssd-ipa.5.xml:571
msgid "ipa_view_class (string)"
-msgstr ""
+msgstr "ipa_view_class (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:574
@@ -7208,12 +7703,12 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:577
msgid "Default: nsContainer"
-msgstr ""
+msgstr "Per defecte: nsContainer"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sssd-ipa.5.xml:583
msgid "ipa_view_name (string)"
-msgstr ""
+msgstr "ipa_view_name (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:586
@@ -7223,7 +7718,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sssd-ipa.5.xml:596
msgid "ipa_overide_object_class (string)"
-msgstr ""
+msgstr "ipa_overide_object_class (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:599
@@ -7233,12 +7728,12 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:602
msgid "Default: ipaOverrideAnchor"
-msgstr ""
+msgstr "Per defecte: ipaOverrideAnchor"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sssd-ipa.5.xml:608
msgid "ipa_anchor_uuid (string)"
-msgstr ""
+msgstr "ipa_anchor_uuid (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:611
@@ -7250,12 +7745,12 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:615
msgid "Default: ipaAnchorUUID"
-msgstr ""
+msgstr "Per defecte: ipaAnchorUUID"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sssd-ipa.5.xml:621
msgid "ipa_user_override_object_class (string)"
-msgstr ""
+msgstr "ipa_user_override_object_class (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:624
@@ -7272,47 +7767,47 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#: sssd-ipa.5.xml:632
msgid "ldap_user_name"
-msgstr ""
+msgstr "ldap_user_name"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#: sssd-ipa.5.xml:635
msgid "ldap_user_uid_number"
-msgstr ""
+msgstr "ldap_user_uid_number"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#: sssd-ipa.5.xml:638
msgid "ldap_user_gid_number"
-msgstr ""
+msgstr "ldap_user_gid_number"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#: sssd-ipa.5.xml:641
msgid "ldap_user_gecos"
-msgstr ""
+msgstr "ldap_user_gecos"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#: sssd-ipa.5.xml:644
msgid "ldap_user_home_directory"
-msgstr ""
+msgstr "ldap_user_home_directory"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#: sssd-ipa.5.xml:647
msgid "ldap_user_shell"
-msgstr ""
+msgstr "ldap_user_shell"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#: sssd-ipa.5.xml:650
msgid "ldap_user_ssh_public_key"
-msgstr ""
+msgstr "ldap_user_ssh_public_key"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:655
msgid "Default: ipaUserOverride"
-msgstr ""
+msgstr "Per defecte: ipaUserOverride"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sssd-ipa.5.xml:661
msgid "ipa_group_override_object_class (string)"
-msgstr ""
+msgstr "ipa_group_override_object_class (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:664
@@ -7329,17 +7824,17 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#: sssd-ipa.5.xml:672
msgid "ldap_group_name"
-msgstr ""
+msgstr "ldap_group_name"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#: sssd-ipa.5.xml:675
msgid "ldap_group_gid_number"
-msgstr ""
+msgstr "ldap_group_gid_number"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:680
msgid "Default: ipaGroupOverride"
-msgstr ""
+msgstr "Per defecte: ipaGroupOverride"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
#: sssd-ipa.5.xml:564
@@ -7354,7 +7849,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
#: sssd-ipa.5.xml:690
msgid "SUBDOMAINS PROVIDER"
-msgstr ""
+msgstr "PROVEÏDOR DELS SUBDOMINIS"
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ipa.5.xml:692
@@ -7390,10 +7885,10 @@ msgid ""
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
"This examples shows only the ipa provider-specific options."
msgstr ""
-"L'exemple següent pressuposa que l'SSD està configurat correctament i "
-"example.com és un dels dominis de la secció <replaceable>[sssd]</"
-"replaceable>. Aquest exemple mostra només opcions específiques del proveïdor "
-"IPA."
+"En el següent exemple s'assumeix que l'SSD està configurat correctament i "
+"que exemple.com és un dels dominis de la secció <replaceable>[sssd]</"
+"replaceable>. En aquest exemple es mostren únicament les opcions "
+"específiques del proveïdor IPA."
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
#: sssd-ipa.5.xml:726
@@ -7404,16 +7899,20 @@ msgid ""
"ipa_server = ipaserver.example.com\n"
"ipa_hostname = myhost.example.com\n"
msgstr ""
+"[domini/exemple.com]\n"
+"id_provider = ipa\n"
+"ipa_server = servidoripa.exemple.com\n"
+"ipa_hostname = elmeuanfitrio.exemple.com\n"
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sssd-ad.5.xml:10 sssd-ad.5.xml:16
msgid "sssd-ad"
-msgstr ""
+msgstr "sssd-ad"
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
#: sssd-ad.5.xml:17
msgid "SSSD Active Directory provider"
-msgstr ""
+msgstr "Proveïdor d'Active Directory de l'SSSD"
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ad.5.xml:23
@@ -7443,13 +7942,14 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ad.5.xml:45
msgid ""
-"The AD provider is able to provide identity information and authentication "
-"for entities from trusted domains as well. Currently only trusted domains in "
-"the same forest are recognized."
+"The AD provider can be used to get user information and authenticate users "
+"from trusted domains. Currently only trusted domains in the same forest are "
+"recognized. In addition servers from trusted domains are always auto-"
+"discovered."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:50
+#: sssd-ad.5.xml:51
msgid ""
"The AD provider accepts the same options used by the <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -7459,23 +7959,25 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:62
+#: sssd-ad.5.xml:63
msgid ""
"However, it is neither necessary nor recommended to set these options. The "
-"AD provider can also be used as an access, chpass and sudo provider. No "
-"configuration of the access provider is required on the client side."
+"AD provider can also be used as an access, chpass, sudo and autofs provider. "
+"No configuration of the access provider is required on the client side."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:74
+#: sssd-ad.5.xml:75
#, no-wrap
msgid ""
"ldap_id_mapping = False\n"
" "
msgstr ""
+"ldap_id_mapping = False\n"
+" "
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:68
+#: sssd-ad.5.xml:69
msgid ""
"By default, the AD provider will map UID and GID values from the objectSID "
"parameter in Active Directory. For details on this, see the <quote>ID "
@@ -7488,7 +7990,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:81
+#: sssd-ad.5.xml:82
msgid ""
"Users, groups and other entities served by SSSD are always treated as case-"
"insensitive in the AD provider for compatibility with Active Directory's "
@@ -7496,53 +7998,65 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:96
+#: sssd-ad.5.xml:97
msgid "ad_domain (string)"
-msgstr ""
+msgstr "ad_domain (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:99
+#: sssd-ad.5.xml:100
msgid ""
"Specifies the name of the Active Directory domain. This is optional. If not "
"provided, the configuration domain name is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:104
+#: sssd-ad.5.xml:105
msgid ""
"For proper operation, this option should be specified as the lower-case "
"version of the long version of the Active Directory domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:109
+#: sssd-ad.5.xml:110
msgid ""
"The short domain name (also known as the NetBIOS or the flat name) is "
"autodetected by the SSSD."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:116
+#: sssd-ad.5.xml:117
msgid "ad_server, ad_backup_server (string)"
-msgstr ""
+msgstr "ad_server, ad_backup_server (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:119
+#: sssd-ad.5.xml:120
msgid ""
"The comma-separated list of hostnames of the AD servers to which SSSD should "
"connect in order of preference. For more information on failover and server "
-"redundancy, see the <quote>FAILOVER</quote> section. This is optional if "
-"autodiscovery is enabled. For more information on service discovery, refer "
-"to the <quote>SERVICE DISCOVERY</quote> section."
+"redundancy, see the <quote>FAILOVER</quote> section."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:127
+msgid ""
+"This is optional if autodiscovery is enabled. For more information on "
+"service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ad.5.xml:132
-msgid "ad_hostname (string)"
+msgid ""
+"Note: Trusted domains will always auto-discover servers even if the primary "
+"server is explicitly defined in the ad_server option."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:140
+msgid "ad_hostname (string)"
+msgstr "ad_hostname (cadena)"
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:135
+#: sssd-ad.5.xml:143
msgid ""
"Optional. May be set on machines where the hostname(5) does not reflect the "
"fully qualified name used in the Active Directory domain to identify this "
@@ -7550,19 +8064,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:141
+#: sssd-ad.5.xml:149
msgid ""
"This field is used to determine the host principal in use in the keytab. It "
"must match the hostname for which the keytab was issued."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:149
+#: sssd-ad.5.xml:157
msgid "ad_enable_dns_sites (boolean)"
-msgstr ""
+msgstr "ad_enable_dns_sites (booleà)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:156
+#: sssd-ad.5.xml:164
msgid ""
"If true and service discovery (see Service Discovery paragraph at the bottom "
"of the man page) is enabled, the SSSD will first attempt to discover the "
@@ -7573,12 +8087,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:172
+#: sssd-ad.5.xml:180
msgid "ad_access_filter (string)"
-msgstr ""
+msgstr "ad_access_filter (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:175
+#: sssd-ad.5.xml:183
msgid ""
"This option specifies LDAP access control filter that the user must match in "
"order to be allowed access. Please note that the <quote>access_provider</"
@@ -7587,7 +8101,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:183
+#: sssd-ad.5.xml:191
msgid ""
"The option also supports specifying different filters per domain or forest. "
"This extended filter would consist of: <quote>KEYWORD:NAME:FILTER</quote>. "
@@ -7596,7 +8110,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:191
+#: sssd-ad.5.xml:199
msgid ""
"If the keyword equals to <quote>DOM</quote> or is missing, then <quote>NAME</"
"quote> specifies the domain or subdomain the filter applies to. If the "
@@ -7605,14 +8119,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:199
+#: sssd-ad.5.xml:207
msgid ""
"Multiple filters can be separated with the <quote>?</quote> character, "
"similarly to how search bases work."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:204
+#: sssd-ad.5.xml:212
msgid ""
"The most specific match is always used. For example, if the option specified "
"filter for a domain the user is a member of and a global filter, the per-"
@@ -7621,7 +8135,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ad.5.xml:215
+#: sssd-ad.5.xml:223
#, no-wrap
msgid ""
"# apply filter on domain called dom1 only:\n"
@@ -7636,29 +8150,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:225 sssd-ad.5.xml:239
+#: sssd-ad.5.xml:233 sssd-ad.5.xml:247
msgid "Default: Not set"
-msgstr ""
+msgstr "Per defecte: Sense establir"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:231
+#: sssd-ad.5.xml:239
msgid "ad_site (string)"
-msgstr ""
+msgstr "ad_site (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:234
+#: sssd-ad.5.xml:242
msgid ""
"Specify AD site to which client should try to connect. If this option is "
"not provided, the AD site will be auto-discovered."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:245
+#: sssd-ad.5.xml:253
msgid "ad_enable_gc (boolean)"
-msgstr ""
+msgstr "ad_enable_gc (booleà)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:248
+#: sssd-ad.5.xml:256
msgid ""
"By default, the SSSD connects to the Global Catalog first to retrieve users "
"from trusted domains and uses the LDAP port to retrieve group memberships or "
@@ -7667,7 +8181,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:256
+#: sssd-ad.5.xml:264
msgid ""
"Please note that disabling Global Catalog support does not disable "
"retrieving users from trusted domains. The SSSD would connect to the LDAP "
@@ -7676,12 +8190,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:270
+#: sssd-ad.5.xml:278
msgid "ad_gpo_access_control (string)"
-msgstr ""
+msgstr "ad_gpo_access_control (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:273
+#: sssd-ad.5.xml:281
msgid ""
"This option specifies the operation mode for GPO-based access control "
"functionality: whether it operates in disabled mode, enforcing mode, or "
@@ -7691,14 +8205,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:282
+#: sssd-ad.5.xml:290
msgid ""
"GPO-based access control functionality uses GPO policy settings to determine "
"whether or not a particular user is allowed to logon to a particular host."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:288
+#: sssd-ad.5.xml:296
msgid ""
"NOTE: If the operation mode is set to enforcing, it is possible that users "
"that were previously allowed logon access will now be denied logon access "
@@ -7711,23 +8225,23 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:301
+#: sssd-ad.5.xml:309
msgid "There are three supported values for this option:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:305
+#: sssd-ad.5.xml:313
msgid ""
"disabled: GPO-based access control rules are neither evaluated nor enforced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:311
+#: sssd-ad.5.xml:319
msgid "enforcing: GPO-based access control rules are evaluated and enforced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:317
+#: sssd-ad.5.xml:325
msgid ""
"permissive: GPO-based access control rules are evaluated, but not enforced. "
"Instead, a syslog message will be emitted indicating that the user would "
@@ -7735,22 +8249,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:328
+#: sssd-ad.5.xml:336
msgid "Default: permissive"
-msgstr ""
+msgstr "Per defecte: permissive"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:331
+#: sssd-ad.5.xml:339
msgid "Default: enforcing"
-msgstr ""
+msgstr "Per defecte: enforcing"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:337
+#: sssd-ad.5.xml:345
msgid "ad_gpo_cache_timeout (integer)"
-msgstr ""
+msgstr "ad_gpo_cache_timeout (enter)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:340
+#: sssd-ad.5.xml:348
msgid ""
"The amount of time between lookups of GPO policy files against the AD "
"server. This will reduce the latency and load on the AD server if there are "
@@ -7758,12 +8272,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:353
+#: sssd-ad.5.xml:361
msgid "ad_gpo_map_interactive (string)"
-msgstr ""
+msgstr "ad_gpo_map_interactive (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:356
+#: sssd-ad.5.xml:364
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the InteractiveLogonRight and "
@@ -7771,22 +8285,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:362
+#: sssd-ad.5.xml:370
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on locally\" and \"Deny log on locally\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:376
+#: sssd-ad.5.xml:384
#, no-wrap
msgid ""
"ad_gpo_map_interactive = +my_pam_service, -login\n"
" "
msgstr ""
+"ad_gpo_map_interactive = +my_pam_service, -login\n"
+" "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:367
+#: sssd-ad.5.xml:375
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7798,53 +8314,80 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:380 sssd-ad.5.xml:451 sssd-ad.5.xml:492 sssd-ad.5.xml:537
-#: sssd-ad.5.xml:603
+#: sssd-ad.5.xml:388 sssd-ad.5.xml:484 sssd-ad.5.xml:530 sssd-ad.5.xml:575
+#: sssd-ad.5.xml:641
msgid "Default: the default set of PAM service names includes:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:384
+#: sssd-ad.5.xml:392
msgid "login"
-msgstr ""
+msgstr "login"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:389
+#: sssd-ad.5.xml:397
msgid "su"
-msgstr ""
+msgstr "su"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:394
+#: sssd-ad.5.xml:402
msgid "su-l"
-msgstr ""
+msgstr "su-l"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:399
+#: sssd-ad.5.xml:407
msgid "gdm-fingerprint"
-msgstr ""
+msgstr "gdm-fingerprint"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:404
+#: sssd-ad.5.xml:412
msgid "gdm-password"
-msgstr ""
+msgstr "gdm-password"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:409
+#: sssd-ad.5.xml:417
msgid "gdm-smartcard"
-msgstr ""
+msgstr "gdm-smartcard"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:414
+#: sssd-ad.5.xml:422
msgid "kdm"
+msgstr "kdm"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:427
+msgid "lightdm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:432
+msgid "lxdm"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:437
+msgid "sddm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:442
+msgid "unity"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:447
+#, fuzzy
+#| msgid "kdm"
+msgid "xdm"
+msgstr "kdm"
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:423
+#: sssd-ad.5.xml:456
msgid "ad_gpo_map_remote_interactive (string)"
-msgstr ""
+msgstr "ad_gpo_map_remote_interactive (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:426
+#: sssd-ad.5.xml:459
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the RemoteInteractiveLogonRight and "
@@ -7852,7 +8395,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:432
+#: sssd-ad.5.xml:465
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on through Remote Desktop Services\" and \"Deny log on through Remote "
@@ -7860,15 +8403,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:447
+#: sssd-ad.5.xml:480
#, no-wrap
msgid ""
"ad_gpo_map_remote_interactive = +my_pam_service, -sshd\n"
" "
msgstr ""
+"ad_gpo_map_remote_interactive = +my_pam_service, -sshd\n"
+" "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:438
+#: sssd-ad.5.xml:471
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7880,17 +8425,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:455
+#: sssd-ad.5.xml:488
msgid "sshd"
+msgstr "sshd"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:493
+msgid "cockpit"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:464
+#: sssd-ad.5.xml:502
msgid "ad_gpo_map_network (string)"
-msgstr ""
+msgstr "ad_gpo_map_network (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:467
+#: sssd-ad.5.xml:505
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the NetworkLogonRight and "
@@ -7898,7 +8448,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:473
+#: sssd-ad.5.xml:511
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Access "
"this computer from the network\" and \"Deny access to this computer from the "
@@ -7906,15 +8456,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:488
+#: sssd-ad.5.xml:526
#, no-wrap
msgid ""
"ad_gpo_map_network = +my_pam_service, -ftp\n"
" "
msgstr ""
+"ad_gpo_map_network = +my_pam_service, -ftp\n"
+" "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:479
+#: sssd-ad.5.xml:517
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7926,22 +8478,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:496
+#: sssd-ad.5.xml:534
msgid "ftp"
-msgstr ""
+msgstr "ftp"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:501
+#: sssd-ad.5.xml:539
msgid "samba"
-msgstr ""
+msgstr "samba"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:510
+#: sssd-ad.5.xml:548
msgid "ad_gpo_map_batch (string)"
-msgstr ""
+msgstr "ad_gpo_map_batch (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:513
+#: sssd-ad.5.xml:551
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the BatchLogonRight and DenyBatchLogonRight "
@@ -7949,22 +8501,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:519
+#: sssd-ad.5.xml:557
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on as a batch job\" and \"Deny log on as a batch job\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:533
+#: sssd-ad.5.xml:571
#, no-wrap
msgid ""
"ad_gpo_map_batch = +my_pam_service, -crond\n"
" "
msgstr ""
+"ad_gpo_map_batch = +my_pam_service, -crond\n"
+" "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:524
+#: sssd-ad.5.xml:562
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7976,17 +8530,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:541
+#: sssd-ad.5.xml:579
msgid "crond"
-msgstr ""
+msgstr "crond"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:550
+#: sssd-ad.5.xml:588
msgid "ad_gpo_map_service (string)"
-msgstr ""
+msgstr "ad_gpo_map_service (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:553
+#: sssd-ad.5.xml:591
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the ServiceLogonRight and "
@@ -7994,22 +8548,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:559
+#: sssd-ad.5.xml:597
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on as a service\" and \"Deny log on as a service\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:572
+#: sssd-ad.5.xml:610
#, no-wrap
msgid ""
"ad_gpo_map_service = +my_pam_service\n"
" "
msgstr ""
+"ad_gpo_map_service = +my_pam_service\n"
+" "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:564 sssd-ad.5.xml:634
+#: sssd-ad.5.xml:602 sssd-ad.5.xml:677
msgid ""
"It is possible to add a PAM service name to the default set by using <quote>"
"+service_name</quote>. Since the default set is empty, it is not possible "
@@ -8020,27 +8576,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:582
+#: sssd-ad.5.xml:620
msgid "ad_gpo_map_permit (string)"
-msgstr ""
+msgstr "ad_gpo_map_permit (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:585
+#: sssd-ad.5.xml:623
msgid ""
"A comma-separated list of PAM service names for which GPO-based access is "
"always granted, regardless of any GPO Logon Rights."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:599
+#: sssd-ad.5.xml:637
#, no-wrap
msgid ""
"ad_gpo_map_permit = +my_pam_service, -sudo\n"
" "
msgstr ""
+"ad_gpo_map_permit = +my_pam_service, -sudo\n"
+" "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:590
+#: sssd-ad.5.xml:628
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -8052,47 +8610,54 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:607
-msgid "sudo"
+#: sssd-ad.5.xml:645
+msgid "polkit-1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:612
+#: sssd-ad.5.xml:650
+msgid "sudo"
+msgstr "sudo"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:655
msgid "sudo-i"
-msgstr ""
+msgstr "sudo-i"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:617
+#: sssd-ad.5.xml:660
msgid "systemd-user"
-msgstr ""
+msgstr "systemd-user"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:626
+#: sssd-ad.5.xml:669
msgid "ad_gpo_map_deny (string)"
-msgstr ""
+msgstr "ad_gpo_map_deny (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:629
+#: sssd-ad.5.xml:672
msgid ""
"A comma-separated list of PAM service names for which GPO-based access is "
"always denied, regardless of any GPO Logon Rights."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:642
+#: sssd-ad.5.xml:685
#, no-wrap
msgid ""
"ad_gpo_map_deny = +my_pam_service\n"
" "
msgstr ""
+"ad_gpo_map_deny = +my_pam_service\n"
+" "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:652
+#: sssd-ad.5.xml:695
msgid "ad_gpo_default_right (string)"
-msgstr ""
+msgstr "ad_gpo_default_right (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:655
+#: sssd-ad.5.xml:698
msgid ""
"This option defines how access control is evaluated for PAM service names "
"that are not explicitly listed in one of the ad_gpo_map_* options. This "
@@ -8105,52 +8670,96 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:668
+#: sssd-ad.5.xml:711
msgid "Supported values for this option include:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:672
+#: sssd-ad.5.xml:715
msgid "interactive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:677
+#: sssd-ad.5.xml:720
msgid "remote_interactive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:682
+#: sssd-ad.5.xml:725
msgid "network"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:687
+#: sssd-ad.5.xml:730
msgid "batch"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:692
+#: sssd-ad.5.xml:735
msgid "service"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:697
+#: sssd-ad.5.xml:740
msgid "permit"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:702
+#: sssd-ad.5.xml:745
msgid "deny"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:708
+#: sssd-ad.5.xml:751
msgid "Default: deny"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:757
+msgid "ad_maximum_machine_account_password_age (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:760
+msgid ""
+"SSSD will check once a day if the machine account password is older than the "
+"given age in days and try to renew it. A value of 0 will disable the renewal "
+"attempt."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:766
+#, fuzzy
+#| msgid "Default: 300"
+msgid "Default: 30 days"
+msgstr "Per defecte: 300"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:772
+#, fuzzy
+#| msgid "pam_account_expired_message (string)"
+msgid "ad_machine_account_password_renewal_opts (string)"
+msgstr "pam_account_expired_message (cadena)"
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:717
+#: sssd-ad.5.xml:775
+msgid ""
+"This option should only be used to test the machine account renewal task. "
+"The option expect 2 integers seperated by a colon (':'). The first integer "
+"defines the interval in seconds how often the task is run. The second "
+"specifies the inital timeout in seconds before the task is run for the first "
+"time after startup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:784
+#, fuzzy
+#| msgid "Default: 86400 (24 hours)"
+msgid "Default: 86400:750 (24h and 15m)"
+msgstr "Per defecte: 86400 (24 hores)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:793
msgid ""
"Optional. This option tells SSSD to automatically update the Active "
"Directory DNS server with the IP address of this client. The update is "
@@ -8161,12 +8770,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:747
+#: sssd-ad.5.xml:823
msgid "Default: 3600 (seconds)"
-msgstr ""
+msgstr "Per defecte: 3600 (segons)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:763
+#: sssd-ad.5.xml:839
#, fuzzy
#| msgid "Default: Use the IP address of the IPA LDAP connection"
msgid ""
@@ -8175,24 +8784,24 @@ msgid ""
msgstr "Per defecte: Utilitzar l'adreça IP de la connexió LDAP d'IPA"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:797 sss_rpcidmapd.5.xml:76
+#: sssd-ad.5.xml:873 sss_rpcidmapd.5.xml:76
msgid "Default: True"
-msgstr ""
+msgstr "Per defecte: True"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:843 sssd-krb5.5.xml:505
+#: sssd-ad.5.xml:919 sssd-krb5.5.xml:505
msgid "krb5_use_enterprise_principal (boolean)"
-msgstr ""
+msgstr "krb5_use_enterprise_principal (booleà)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:846 sssd-krb5.5.xml:508
+#: sssd-ad.5.xml:922 sssd-krb5.5.xml:508
msgid ""
"Specifies if the user principal should be treated as enterprise principal. "
"See section 5 of RFC 6806 for more details about enterprise principals."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:891
+#: sssd-ad.5.xml:967
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -8200,7 +8809,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:898
+#: sssd-ad.5.xml:974
#, no-wrap
msgid ""
"[domain/EXAMPLE]\n"
@@ -8213,18 +8822,30 @@ msgid ""
"ad_hostname = client.example.com\n"
"ad_domain = example.com\n"
msgstr ""
+"[domain/EXEMPLE]\n"
+"id_provider = ad\n"
+"auth_provider = ad\n"
+"access_provider = ad\n"
+"chpass_provider = ad\n"
+"\n"
+"ad_server = dc1.exemple.com\n"
+"ad_hostname = client.exemple.com\n"
+"ad_domain = exemple.com\n"
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:918
+#: sssd-ad.5.xml:994
#, no-wrap
msgid ""
"access_provider = ldap\n"
"ldap_access_order = expire\n"
"ldap_account_expire_policy = ad\n"
msgstr ""
+"access_provider = ldap\n"
+"ldap_access_order = expire\n"
+"ldap_account_expire_policy = ad\n"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:914
+#: sssd-ad.5.xml:990
msgid ""
"The AD access control provider checks if the account is expired. It has the "
"same effect as the following configuration of the LDAP provider: "
@@ -8232,7 +8853,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:924
+#: sssd-ad.5.xml:1000
msgid ""
"However, unless the <quote>ad</quote> access control provider is explicitly "
"configured, the default access provider is <quote>permit</quote>. Please "
@@ -8241,10 +8862,18 @@ msgid ""
"encryption details) manually."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ad.5.xml:1008
+msgid ""
+"When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema "
+"attribute mapping (nisMap, nisObject, ...) is used, because these attributes "
+"are included in the default Active Directory schema."
+msgstr ""
+
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16
msgid "sssd-sudo"
-msgstr ""
+msgstr "sssd-sudo"
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
#: sssd-sudo.5.xml:17
@@ -8288,7 +8917,7 @@ msgstr ""
#: sssd-sudo.5.xml:57
#, no-wrap
msgid "sudoers: files sss\n"
-msgstr ""
+msgstr "sudoers: files sss\n"
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-sudo.5.xml:61
@@ -8348,6 +8977,16 @@ msgid ""
"ldap_uri = ldap://example.com\n"
"ldap_sudo_search_base = ou=sudoers,dc=example,dc=com\n"
msgstr ""
+"[sssd]\n"
+"config_file_version = 2\n"
+"services = nss, pam, sudo\n"
+"domains = EXEMPLE\n"
+"\n"
+"[domain/EXEMPLE]\n"
+"id_provider = ldap\n"
+"sudo_provider = ldap\n"
+"ldap_uri = ldap://exemple.com\n"
+"ldap_sudo_search_base = ou=sudoers,dc=exemple,dc=com\n"
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-sudo.5.xml:112
@@ -8415,12 +9054,12 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
#: sssd-sudo.5.xml:159
msgid "keyword ALL"
-msgstr ""
+msgstr "paraula clau ALL"
#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
#: sssd-sudo.5.xml:164
msgid "wildcard"
-msgstr ""
+msgstr "comodí"
#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
#: sssd-sudo.5.xml:169
@@ -8460,7 +9099,9 @@ msgstr "sssd"
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
#: sssd.8.xml:16
msgid "System Security Services Daemon"
-msgstr "Dimoni de Serveis de Seguretat de Sistema"
+msgstr ""
+"dimoni dels serveis de seguretat del sistema (System Security Services "
+"Daemon)"
#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
#: sssd.8.xml:21
@@ -8483,12 +9124,13 @@ msgid ""
"extended user data."
msgstr ""
"L'<command>SSSD</command> proporciona un conjunt de dimonis per gestionar "
-"l'accés a directoris remots i mecanismes d'autenticació. Proporciona una "
-"interfície NSS i PAM cap el sistema i un mètode d'afegitons per connectar a "
-"múltiples fonts de comptes diferents així com a l'interfície D-Bus. També és "
-"la base per proporcionar auditació de clients i polítiques de serveis per a "
-"projectes com FreeIPA. Proporciona una base de dades més robusta on "
-"emmagatzemar usuaris locals, així com dades addicionals d'usuari."
+"l'accés als directoris remots i els mecanismes d'autenticació. Proporciona "
+"una interfície NSS i PAM cap al sistema i un sistema d'accés a la capa de "
+"dades amb connectors per connectar a orígens múltiples de comptes diferents, "
+"com ara la interfície D-Bus. També és la base per proporcionar l'auditoria "
+"dels clients i les polítiques dels serveis per a projectes com FreeIPA. "
+"Proporciona una base de dades més robusta on emmagatzemar els usuaris "
+"locals, així com dades addicionals de l'usuari."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sssd.8.xml:46
@@ -8502,33 +9144,39 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sssd.8.xml:53
msgid "<option>--debug-timestamps=</option><replaceable>mode</replaceable>"
-msgstr ""
+msgstr "<option>--debug-timestamps=</option><replaceable>mode</replaceable>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sssd.8.xml:57
msgid "<emphasis>1</emphasis>: Add a timestamp to the debug messages"
msgstr ""
+"<emphasis>1</emphasis>: Afegeix una marca temporal als registres de depuració"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sssd.8.xml:60
msgid "<emphasis>0</emphasis>: Disable timestamp in the debug messages"
msgstr ""
+"<emphasis>0</emphasis>: Inhabilita la marca temporal als registres de "
+"depuració"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sssd.8.xml:69
msgid "<option>--debug-microseconds=</option><replaceable>mode</replaceable>"
-msgstr ""
+msgstr "<option>--debug-microseconds=</option><replaceable>mode</replaceable>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sssd.8.xml:73
msgid ""
"<emphasis>1</emphasis>: Add microseconds to the timestamp in debug messages"
msgstr ""
+"<emphasis>1</emphasis>: Afegeix els mil·lisegons a les marques temporals als "
+"missatges de depuració"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sssd.8.xml:76
msgid "<emphasis>0</emphasis>: Disable microseconds in timestamp"
msgstr ""
+"<emphasis>0</emphasis>: Inhabilita els mil·lisegons a les marques temporals"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sssd.8.xml:85
@@ -8542,9 +9190,10 @@ msgid ""
"are stored in <filename>/var/log/sssd</filename> and there are separate log "
"files for every SSSD service and domain."
msgstr ""
-"Envia la sortida de depuració a fitxers en comptes d'stderr. Per defecte els "
-"fitxers de registre s'emmagatzemen a <filename>/var/log/sssd</filename> i hi "
-"ha fitxers de registre separats per a cada servei d'SSSD i domini."
+"Envia la sortida de depuració als fitxers en comptes de l'stderr. Per "
+"defecte, els fitxers dels registres s'emmagatzemen a <filename>/var/log/"
+"sssd</filename> i hi ha fitxers dels registres que se separen per a cadascun "
+"dels serveis i dels dominis de l'SSSD."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sssd.8.xml:97
@@ -8554,7 +9203,7 @@ msgstr "<option>-D</option>,<option>--daemon</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sssd.8.xml:101
msgid "Become a daemon after starting up."
-msgstr "Esdevé un dimoni després d'iniciar-se."
+msgstr "Esdevé un dimoni després de la posada en marxa."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sssd.8.xml:107 sss_seed.8.xml:136
@@ -8564,7 +9213,7 @@ msgstr "<option>-i</option>,<option>--interactive</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sssd.8.xml:111
msgid "Run in the foreground, don't become a daemon."
-msgstr "Executa en primer pla, no esdevenir un dimoni."
+msgstr "Executa en primer pla, no esdevinguis un dimoni."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sssd.8.xml:117 sss_debuglevel.8.xml:42
@@ -8579,21 +9228,21 @@ msgid ""
"consult the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
"<manvolnum>5</manvolnum> </citerefentry> manual page."
msgstr ""
-"Especifi un fitxer de configuració direfent al per defecte. Per defecte és "
-"<filename>/etc/sssd/sssd.conf</filename>. Per consultar a la sintaxi del "
-"fitxer de configuració i les opcions, aneu a la pàgina del manual "
-"<citerefentry>d'<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+"Especifica un fitxer de configuració diferent al predeterminat. Per defecte "
+"és <filename>/etc/sssd/sssd.conf</filename>. Per consultar la sintaxi del "
+"fitxer de configuració i les opcions, aneu a la pàgina del manual del "
+"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
"manvolnum></citerefentry>."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sssd.8.xml:135
msgid "<option>--version</option>"
-msgstr ""
+msgstr "<option>--version</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sssd.8.xml:139
msgid "Print version number and exit."
-msgstr ""
+msgstr "Imprimeix el número de la versió i surt."
#. type: Content of: <reference><refentry><refsect1><title>
#: sssd.8.xml:147
@@ -8611,8 +9260,8 @@ msgid ""
"Informs the SSSD to gracefully terminate all of its child processes and then "
"shut down the monitor."
msgstr ""
-"Informa l'SSSD per finalitzar elegantment tots els seus processos fil i "
-"llavors apagar el monitor."
+"Informa l'SSSD per finalitzar elegantment tots els seus processos fills i "
+"després atura el monitor."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sssd.8.xml:159
@@ -8626,7 +9275,7 @@ msgid ""
"close and reopen them. This is meant to facilitate log rolling with programs "
"like logrotate."
msgstr ""
-"Diu a l'SSSD que deixi d'escriure als actual descriptors de fitxers de "
+"Diu a l'SSSD que deixi d'escriure als actuals descriptors de fitxers de "
"depuració i que els tanqui i els reobri. Això intenta facilitar la rotació "
"dels registres amb programes com logrotate."
@@ -8643,6 +9292,9 @@ msgid ""
"signal can be sent to either the sssd process or any sssd_be process "
"directly."
msgstr ""
+"Diu a l'SSSD que simuli l'operació sense connexió pel període del paràmetre "
+"<quote>offline_timeout</quote>. Això és útil per fer proves. El senyal es "
+"pot enviar directament al procés sssd o sssd_be."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sssd.8.xml:182
@@ -8656,6 +9308,8 @@ msgid ""
"signal can be sent to either the sssd process or any sssd_be process "
"directly."
msgstr ""
+"Diu a l'SSSD que es desconnecti immediatament. Això és útil per fer proves. "
+"El senyal es pot enviar directament al procés sssd o sssd_be."
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd.8.xml:197
@@ -8663,6 +9317,8 @@ msgid ""
"If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client "
"applications will not use the fast in memory cache."
msgstr ""
+"Si la variable d'entorn SSS_NSS_USE_MEMCACHE està establerta a \"NO\", les "
+"aplicacions clients no utilitzaran el fast en la memòria cau."
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15
@@ -8672,7 +9328,7 @@ msgstr "sss_obfuscate"
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
#: sss_obfuscate.8.xml:16
msgid "obfuscate a clear text password"
-msgstr "ofusca una contrasenya de text clar"
+msgstr "ofusca una contrasenya en text clar"
#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
#: sss_obfuscate.8.xml:21
@@ -8692,9 +9348,9 @@ msgid ""
"unreadable format and places it into appropriate domain section of the SSSD "
"config file."
msgstr ""
-"<command>sss_obfuscate</command> converteix una contrasenya especificada en "
-"un format illegible per humans i la col·loca a la secció de domini adequada "
-"de l'arxiu de configuració d'SSSD."
+"<command>sss_obfuscate</command> converteix una contrasenya especificada a "
+"un format illegible per als humans i la posa a la secció del domini adequat "
+"del fitxer de configuració de l'SSSD."
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_obfuscate.8.xml:37
@@ -8707,6 +9363,13 @@ msgid ""
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
"citerefentry> for more details on these parameters."
msgstr ""
+"La contrasenya en text clar es llegeix de l'entrada estàndard o s'introdueix "
+"de forma interactiva. La contrasenya ofuscada es fica al paràmetre "
+"<quote>ldap_default_authtok</quote> del domini SSSD indicat, i el paràmetre "
+"<quote>ldap_default_authtok_type</quote> s'estableix a "
+"<quote>obfuscated_password</quote>. Consulteu <citerefentry> "
+"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> per a més detalls sobre aquests paràmetres."
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_obfuscate.8.xml:49
@@ -8717,11 +9380,11 @@ msgid ""
"such as client side certificates or GSSAPI is <emphasis>strongly</emphasis> "
"advised."
msgstr ""
-"Si us plau fixi's que ofuscar contrasenyes <emphasis>no proporciona cap "
-"benefici real de seguretat</emphasis> ja que un atacant encara podria "
+"Tingueu en compte que ofuscar les contrasenyes <emphasis>no proporciona cap "
+"benefici real de seguretat</emphasis>, ja que un atacant encara podria "
"extreure la contrasenya amb enginyeria inversa. Es recomana "
"<emphasis>aferrissadament</emphasis> l'ús de mecanismes d'autenticació "
-"millors com certificats de client o GSSAPI."
+"millors com els certificats al cantó del client o el GSSAPI."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_obfuscate.8.xml:63
@@ -8734,7 +9397,7 @@ msgid "The password to obfuscate will be read from standard input."
msgstr "La contrasenya per ofuscar es llegirà de l'entrada estàndard."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:80
+#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:70
#: sss_ssh_knownhostsproxy.1.xml:78
msgid ""
"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
@@ -8749,7 +9412,7 @@ msgid ""
"The SSSD domain to use the password in. The default name is <quote>default</"
"quote>."
msgstr ""
-"El domini SSSD on utilitzar la contrasenya. El nom per defecte és "
+"El domini SSSD on s'utilitza la contrasenya. El nom per defecte és "
"<quote>default</quote>."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
@@ -8763,7 +9426,8 @@ msgstr ""
#: sss_obfuscate.8.xml:91
msgid "Read the config file specified by the positional parameter."
msgstr ""
-"Llegeix el fitxer de configuració especificat pel paràmetre de posició."
+"Llegeix el fitxer de configuració que s'especifica amb el paràmetre "
+"posicional."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_obfuscate.8.xml:95
@@ -8773,9 +9437,9 @@ msgstr "Per defecte: <filename>/etc/sssd/sssd.conf</filename>"
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sss_override.8.xml:10 sss_override.8.xml:15
#, fuzzy
-#| msgid "sss_useradd"
+#| msgid "sss_userdel"
msgid "sss_override"
-msgstr "sss_useradd"
+msgstr "sss_userdel"
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
#: sss_override.8.xml:16
@@ -8786,7 +9450,7 @@ msgstr ""
#: sss_override.8.xml:21
#, fuzzy
#| msgid ""
-#| "<command>sss_useradd</command> <arg choice='opt'> <replaceable>options</"
+#| "<command>sss_userdel</command> <arg choice='opt'> <replaceable>options</"
#| "replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
#| "arg>"
msgid ""
@@ -8794,9 +9458,9 @@ msgid ""
"replaceable></arg> <arg choice='opt'> <replaceable>options</replaceable> </"
"arg>"
msgstr ""
-"<command>sss_useradd</command> <arg choice='opt'> <replaceable>OPCIONS</"
-"replaceable></arg> <arg choice='plain'> <replaceable>INICI DE SESSIÓ</"
-"replaceable></arg>"
+"<command>sss_userdel</command> <arg choice='opt'> <replaceable>opcions</"
+"replaceable> </arg> <arg choice='plain'><replaceable>USUARI</replaceable></"
+"arg>"
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_override.8.xml:32
@@ -8809,17 +9473,22 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_override.8.xml:37
msgid ""
-"Overrides data are stored in SSSD cache. If the cache is deleted all local "
-"overrides are lost."
+"Overrides data are stored in the SSSD cache. If the cache is deleted, all "
+"local overrides are lost. Please note that after the first override is "
+"created using any of the following <emphasis>user-add</emphasis>, "
+"<emphasis>group-add</emphasis>, <emphasis>user-import</emphasis> or "
+"<emphasis>group-import</emphasis> command. SSSD needs to be restarted to "
+"take effect. <emphasis>sss_override</emphasis> prints message when a "
+"restart is required."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_override.8.xml:43
+#: sss_override.8.xml:50
msgid "AVAILABLE COMMANDS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_override.8.xml:45
+#: sss_override.8.xml:52
msgid ""
"Argument <emphasis>NAME</emphasis> is the name of original object in all "
"commands. It is not possible to override <emphasis>uid</emphasis> or "
@@ -8827,50 +9496,92 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:52
+#: sss_override.8.xml:59
msgid ""
"<option>user-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--"
"name</option> NAME</optional> <optional><option>-u,--uid</option> UID</"
"optional> <optional><option>-g,--gid</option> GID</optional> "
"<optional><option>-h,--home</option> HOME</optional> <optional><option>-s,--"
"shell</option> SHELL</optional> <optional><option>-c,--gecos</option> GECOS</"
-"optional>"
+"optional> <optional><option>-x,--certificate</option> BASE64 ENCODED "
+"CERTIFICATE</optional>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:63
-msgid "Override attributes of an user."
+#: sss_override.8.xml:72
+msgid ""
+"Override attributes of an user. Please be aware that calling this command "
+"will replace any previous override for the (NAMEd) user."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:69
+#: sss_override.8.xml:80
+#, fuzzy
+#| msgid "<option>--delattr</option> <replaceable>ATTR_NAME_VAL</replaceable>"
msgid "<option>user-del</option> <emphasis>NAME</emphasis>"
msgstr ""
+"<option>--delattr</option> <replaceable>NOM_ATRIBUT_VALOR</replaceable>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:74
-msgid "Remove user overrides."
+#: sss_override.8.xml:85
+msgid ""
+"Remove user overrides. However be aware that overridden attributes might be "
+"returned from memory cache. Please see SSSD option "
+"<emphasis>memcache_timeout</emphasis> for more details."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:80
+#: sss_override.8.xml:94
+#, fuzzy
+#| msgid ""
+#| "<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
+#| "replaceable>"
+msgid ""
+"<option>user-find</option> <optional><option>-d,--domain</option> DOMAIN</"
+"optional>"
+msgstr ""
+"<option>-d</option>,<option>--domain</option> <replaceable>DOMINI</"
+"replaceable>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:99
+msgid ""
+"List all users with set overrides. If <emphasis>DOMAIN</emphasis> parameter "
+"is set, only users from the domain are listed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:107
+#, fuzzy
+#| msgid "<option>--setattr</option> <replaceable>ATTR_NAME_VAL</replaceable>"
+msgid "<option>user-show</option> <emphasis>NAME</emphasis>"
+msgstr ""
+"<option>--setattr</option> <replaceable>NOM_ATRIBUT_VALOR</replaceable>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:112
+msgid "Show user overrides."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:118
msgid "<option>user-import</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:85
+#: sss_override.8.xml:123
msgid ""
"Import user overrides from <emphasis>FILE</emphasis>. Data format is "
"similar to standard passwd file. The format is:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:90
-msgid "original_name:name:uid:gid:gecos:home:shell"
+#: sss_override.8.xml:128
+msgid "original_name:name:uid:gid:gecos:home:shell:base64_encoded_certificate"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:93
+#: sss_override.8.xml:131
msgid ""
"where original_name is original name of the user whose attributes should be "
"overridden. The rest of fields correspond to new values. You can omit a "
@@ -8878,29 +9589,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:102
+#: sss_override.8.xml:140
msgid "ckent:superman::::::"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:105
-msgid "ckent@krypton.com::501:501:Superman:/home/earth:/bin/bash"
+#: sss_override.8.xml:143
+msgid "ckent@krypton.com::501:501:Superman:/home/earth:/bin/bash:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:111
+#: sss_override.8.xml:149
msgid "<option>user-export</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:116
+#: sss_override.8.xml:154
msgid ""
"Export all overridden attributes and store them in <emphasis>FILE</"
"emphasis>. See <emphasis>user-import</emphasis> for data format."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:124
+#: sss_override.8.xml:162
msgid ""
"<option>group-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--"
"name</option> NAME</optional> <optional><option>-g,--gid</option> GID</"
@@ -8908,39 +9619,77 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:131
-msgid "Override attributes of a group."
+#: sss_override.8.xml:169
+msgid ""
+"Override attributes of a group. Please be aware that calling this command "
+"will replace any previous override for the (NAMEd) group."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:137
+#: sss_override.8.xml:177
+#, fuzzy
+#| msgid "<option>--delattr</option> <replaceable>ATTR_NAME_VAL</replaceable>"
msgid "<option>group-del</option> <emphasis>NAME</emphasis>"
msgstr ""
+"<option>--delattr</option> <replaceable>NOM_ATRIBUT_VALOR</replaceable>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:142
-msgid "Remove group overrides."
+#: sss_override.8.xml:182
+msgid ""
+"Remove group overrides. However be aware that overridden attributes might be "
+"returned from memory cache. Please see SSSD option "
+"<emphasis>memcache_timeout</emphasis> for more details."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:191
+#, fuzzy
+#| msgid ""
+#| "<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
+#| "replaceable>"
+msgid ""
+"<option>group-find</option> <optional><option>-d,--domain</option> DOMAIN</"
+"optional>"
+msgstr ""
+"<option>-d</option>,<option>--domain</option> <replaceable>DOMINI</"
+"replaceable>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:196
+msgid ""
+"List all groups with set overrides. If <emphasis>DOMAIN</emphasis> "
+"parameter is set, only groups from the domain are listed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:148
+#: sss_override.8.xml:204
+msgid "<option>group-show</option> <emphasis>NAME</emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:209
+msgid "Show group overrides."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:215
msgid "<option>group-import</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:153
+#: sss_override.8.xml:220
msgid ""
"Import group overrides from <emphasis>FILE</emphasis>. Data format is "
"similar to standard group file. The format is:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:158
+#: sss_override.8.xml:225
msgid "original_name:name:gid"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:161
+#: sss_override.8.xml:228
msgid ""
"where original_name is original name of the group whose attributes should be "
"overridden. The rest of fields correspond to new values. You can omit a "
@@ -8948,49 +9697,46 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:170
+#: sss_override.8.xml:237
msgid "admins:administrators:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:173
+#: sss_override.8.xml:240
msgid "Domain Users:Users:501"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:179
+#: sss_override.8.xml:246
msgid "<option>group-export</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:184
+#: sss_override.8.xml:251
msgid ""
"Export all overridden attributes and store them in <emphasis>FILE</"
"emphasis>. See <emphasis>group-import</emphasis> for data format."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_override.8.xml:194
+#: sss_override.8.xml:261
#, fuzzy
-#| msgid "CONFIGURATION OPTIONS"
+#| msgid "SUDO OPTIONS"
msgid "COMMON OPTIONS"
-msgstr "OPCIONS DE CONFIGURACIÓ"
+msgstr "OPCIONS DE SUDO"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_override.8.xml:196
+#: sss_override.8.xml:263
msgid "Those options are available with all commands."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:201
+#: sss_override.8.xml:268
#, fuzzy
-#| msgid ""
-#| "<option>-d</option>,<option>--debug-level</option> <replaceable>LEVEL</"
-#| "replaceable>"
+#| msgid "<option>--delattr</option> <replaceable>ATTR_NAME_VAL</replaceable>"
msgid "<option>--debug</option> <replaceable>LEVEL</replaceable>"
msgstr ""
-"<option>-d</option>,<option>--debug-level</option> <replaceable>NIVELL</"
-"replaceable>"
+"<option>--delattr</option> <replaceable>NOM_ATRIBUT_VALOR</replaceable>"
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sss_useradd.8.xml:10 sss_useradd.8.xml:15
@@ -9000,7 +9746,7 @@ msgstr "sss_useradd"
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
#: sss_useradd.8.xml:16
msgid "create a new user"
-msgstr "crea un usuari nou"
+msgstr "crea un nou usuari"
#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
#: sss_useradd.8.xml:21
@@ -9010,8 +9756,8 @@ msgid ""
"arg>"
msgstr ""
"<command>sss_useradd</command> <arg choice='opt'> <replaceable>OPCIONS</"
-"replaceable></arg> <arg choice='plain'> <replaceable>INICI DE SESSIÓ</"
-"replaceable></arg>"
+"replaceable></arg> <arg choice='plain'> <replaceable>USUARI</replaceable></"
+"arg>"
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_useradd.8.xml:32
@@ -9019,8 +9765,8 @@ msgid ""
"<command>sss_useradd</command> creates a new user account using the values "
"specified on the command line plus the default values from the system."
msgstr ""
-"<command>sss_useradd</command> crea un nou compte d'usuari utilitzant els "
-"valors especificats a la línia d'ordres més els valors per defecte del "
+"<command>sss_useradd</command> crea un nou compte d'usuari amb els valors "
+"que s'especifiquen en la línia d'ordres més els valors per defecte del "
"sistema."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
@@ -9036,8 +9782,8 @@ msgid ""
"Set the UID of the user to the value of <replaceable>UID</replaceable>. If "
"not given, it is chosen automatically."
msgstr ""
-"Especifica l'UID de l'usuari al valor d'<replaceable>UID</replaceable>. Si "
-"no es dóna, és seleccionat automàticament."
+"Estableix l'UID de l'usuari al valor de l'<replaceable>UID</replaceable>. Si "
+"no se'n proporciona cap, es tria automàticament."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_useradd.8.xml:55 sss_usermod.8.xml:43 sss_seed.8.xml:100
@@ -9054,8 +9800,8 @@ msgid ""
"Any text string describing the user. Often used as the field for the user's "
"full name."
msgstr ""
-"Qualsevol cadena de text que descriu a l'usuari. Sovint s'utilitza com el "
-"camp pel nom i cognoms de l'usuari."
+"Qualsevol cadena de text amb la descripció de l'usuari. Sovint s'utilitza "
+"com a camp per al nom complet de l'usuari."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_useradd.8.xml:67 sss_usermod.8.xml:55 sss_seed.8.xml:112
@@ -9063,7 +9809,7 @@ msgid ""
"<option>-h</option>,<option>--home</option> <replaceable>HOME_DIR</"
"replaceable>"
msgstr ""
-"<option>-h</option>,<option>--home</option> <replaceable>HOME_DIR</"
+"<option>-h</option>,<option>--home</option> <replaceable>DIRECTORI_INICIAL</"
"replaceable>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
@@ -9075,19 +9821,18 @@ msgid ""
"<replaceable>LOGIN</replaceable> is tunable with <quote>user_defaults/"
"baseDirectory</quote> setting in sssd.conf."
msgstr ""
-"El directori personal del compte d'usuari. Per defecte s'afegeix el "
-"<replaceable>NOM D'USUARI</replaceable> a <filename>/ home</filename> i "
-"s'utilitza allò com el directori personal. La base que s'afegeix abans del "
-"<replaceable>NOM D'USUARI</replaceable> és personalitzable amb el paràmetre "
-"<quote>user_defaults/baseDirectory</quote> de l'sssd.conf."
+"El directori inicial del compte de l'usuari. Per defecte s'afegeix "
+"l'<replaceable>USUARI</replaceable> a <filename>/home</filename> i "
+"s'utilitza aquest com el directori inicial. La base que s'afegeix abans de "
+"l'<replaceable>USUARI</replaceable> es pot personalitzar amb l'ajust "
+"<quote>user_defaults/baseDirectory</quote> a l'sssd.conf."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_useradd.8.xml:82 sss_usermod.8.xml:66 sss_seed.8.xml:124
msgid ""
"<option>-s</option>,<option>--shell</option> <replaceable>SHELL</replaceable>"
msgstr ""
-"<option>-s</option>,<option>--shell</option> <replaceable>INTÈRPRET "
-"D'ORDRES</replaceable>"
+"<option>-s</option>,<option>--shell</option> <replaceable>SHELL</replaceable>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_useradd.8.xml:87
@@ -9096,8 +9841,8 @@ msgid ""
"filename>. The default can be changed with <quote>user_defaults/"
"defaultShell</quote> setting in sssd.conf."
msgstr ""
-"L'intèrpret d'ordres de l'usuari. Per defecte és <filename>/bin/bash</"
-"filename>. Es pot canviar el valor per defecte amb el paràmetre "
+"El shell d'inici de sessió de l'usuari. Per defecte és <filename>/bin/bash</"
+"filename>. Es pot canviar el valor per defecte amb l'ajust "
"<quote>user_defaults/defaultShell</quote> de l'sssd.conf."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
@@ -9112,7 +9857,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_useradd.8.xml:101
msgid "A list of existing groups this user is also a member of."
-msgstr "Una llista dels grups existents on n'és també membre aquest usuari."
+msgstr "Una llista dels grups existents que aquest usuari també n'és membre."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_useradd.8.xml:107
@@ -9126,9 +9871,9 @@ msgid ""
"directories contained in the skeleton directory (which can be defined with "
"the -k option or in the config file) will be copied to the home directory."
msgstr ""
-"Crea el directori personal de l'usuari si no existeix. Al directori personal "
-"es copiaran els fitxers i directoris continguts en el directori esquelet "
-"(que es pot definir amb l'opció -k o en el fitxer de configuració)."
+"Crea el directori inicial de l'usuari si no existeix. Al directori inicial "
+"es copiaran els fitxers i els directoris continguts al directori esquemàtic "
+"(que es pot definir amb l'opció -k o al fitxer de configuració)."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_useradd.8.xml:121
@@ -9140,7 +9885,7 @@ msgstr "<option>-M</option>,<option>--no-create-home</option>"
msgid ""
"Do not create the user's home directory. Overrides configuration settings."
msgstr ""
-"No crea el directori personal de l'usuari. Invalida els paràmetres de "
+"No crea el directori inicial de l'usuari. Substitueix els ajusts de la "
"configuració."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
@@ -9149,8 +9894,8 @@ msgid ""
"<option>-k</option>,<option>--skel</option> <replaceable>SKELDIR</"
"replaceable>"
msgstr ""
-"<option>-k</option>,<option>--skel</option> <replaceable>DIRECTORI ESQUELET</"
-"replaceable>"
+"<option>-k</option>,<option>--skel</option> "
+"<replaceable>DIRECTORI_ESQUEMÀTIC</replaceable>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_useradd.8.xml:137
@@ -9159,6 +9904,9 @@ msgid ""
"the user's home directory, when the home directory is created by "
"<command>sss_useradd</command>."
msgstr ""
+"El directori esquemàtic que conté els fitxers i els directoris per copiar al "
+"directori inicial de l'usuari, quan es crea el directori inicial amb "
+"<command>sss_useradd</command>."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_useradd.8.xml:143
@@ -9166,6 +9914,8 @@ msgid ""
"Special files (block devices, character devices, named pipes and unix "
"sockets) will not be copied."
msgstr ""
+"No es copiaran els fitxers especials (dispositius de blocs, dispositius de "
+"caràcters, canonades amb noms i sòcols d'UNIX)."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_useradd.8.xml:147
@@ -9174,6 +9924,9 @@ msgid ""
"home</option>) option is specified, or creation of home directories is set "
"to TRUE in the configuration."
msgstr ""
+"Aquesta opció tan sols és vàlida si s'especifica l'opció <option>-m</option> "
+"(o <option>--create-home</option>), o bé la creació dels directoris inicials "
+"està establerta a TRUE a la configuració."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_useradd.8.xml:156 sss_usermod.8.xml:124
@@ -9188,11 +9941,13 @@ msgid ""
"The SELinux user for the user's login. If not specified, the system default "
"will be used."
msgstr ""
+"L'usuari de SELinux per a l'inici de sessió de l'usuari. Si no s'especifica, "
+"s'utilitzarà el predeterminat del sistema."
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sssd-krb5.5.xml:10 sssd-krb5.5.xml:16
msgid "sssd-krb5"
-msgstr ""
+msgstr "sssd-krb5"
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
#: sssd-krb5.5.xml:17
@@ -9264,7 +10019,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-krb5.5.xml:113
msgid "krb5_kpasswd, krb5_backup_kpasswd (string)"
-msgstr ""
+msgstr "krb5_kpasswd, krb5_backup_kpasswd (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:116
@@ -9286,12 +10041,12 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:129
msgid "Default: Use the KDC"
-msgstr ""
+msgstr "Per defecte: Utilitza el KDC"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-krb5.5.xml:135
msgid "krb5_ccachedir (string)"
-msgstr ""
+msgstr "krb5_ccachedir (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:138
@@ -9304,37 +10059,37 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:145
msgid "Default: /tmp"
-msgstr ""
+msgstr "Per defecte: /tmp"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-krb5.5.xml:151
msgid "krb5_ccname_template (string)"
-msgstr ""
+msgstr "krb5_ccname_template (cadena)"
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
#: sssd-krb5.5.xml:165 include/override_homedir.xml:11
msgid "%u"
-msgstr ""
+msgstr "%u"
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:166 include/override_homedir.xml:12
msgid "login name"
-msgstr ""
+msgstr "nom d'usuari"
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
#: sssd-krb5.5.xml:169 include/override_homedir.xml:15
msgid "%U"
-msgstr ""
+msgstr "%U"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:170
msgid "login UID"
-msgstr ""
+msgstr "UID de l'usuari"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
#: sssd-krb5.5.xml:173
msgid "%p"
-msgstr ""
+msgstr "%p"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:174
@@ -9344,22 +10099,22 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
#: sssd-krb5.5.xml:178
msgid "%r"
-msgstr ""
+msgstr "%r"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:179
msgid "realm name"
-msgstr ""
+msgstr "nom real"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
#: sssd-krb5.5.xml:182
msgid "%h"
-msgstr ""
+msgstr "%h"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:183 sssd-ifp.5.xml:108
msgid "home directory"
-msgstr ""
+msgstr "directori inicial"
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
#: sssd-krb5.5.xml:187 include/override_homedir.xml:19
@@ -9384,7 +10139,7 @@ msgstr ""
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
#: sssd-krb5.5.xml:199 include/override_homedir.xml:45
msgid "%%"
-msgstr ""
+msgstr "%%"
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:200 include/override_homedir.xml:46
@@ -9434,12 +10189,12 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:234
msgid "Default: (from libkrb5)"
-msgstr ""
+msgstr "Per defecte: (del libkrb5)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-krb5.5.xml:240
msgid "krb5_auth_timeout (integer)"
-msgstr ""
+msgstr "krb5_auth_timeout (enter)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:243
@@ -9463,7 +10218,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-krb5.5.xml:272
msgid "krb5_keytab (string)"
-msgstr ""
+msgstr "krb5_keytab (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:275
@@ -9475,12 +10230,12 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:279
msgid "Default: /etc/krb5.keytab"
-msgstr ""
+msgstr "Per defecte: /etc/krb5.keytab"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-krb5.5.xml:285
msgid "krb5_store_password_if_offline (boolean)"
-msgstr ""
+msgstr "krb5_store_password_if_offline (booleà)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:288
@@ -9500,7 +10255,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-krb5.5.xml:306
msgid "krb5_renewable_lifetime (string)"
-msgstr ""
+msgstr "krb5_renewable_lifetime (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:309
@@ -9512,22 +10267,22 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:314 sssd-krb5.5.xml:348 sssd-krb5.5.xml:385
msgid "<emphasis>s</emphasis> for seconds"
-msgstr ""
+msgstr "<emphasis>s</emphasis> per segons"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:317 sssd-krb5.5.xml:351 sssd-krb5.5.xml:388
msgid "<emphasis>m</emphasis> for minutes"
-msgstr ""
+msgstr "<emphasis>m</emphasis> per minuts"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:320 sssd-krb5.5.xml:354 sssd-krb5.5.xml:391
msgid "<emphasis>h</emphasis> for hours"
-msgstr ""
+msgstr "<emphasis>h</emphasis> per hores"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:323 sssd-krb5.5.xml:357 sssd-krb5.5.xml:394
msgid "<emphasis>d</emphasis> for days."
-msgstr ""
+msgstr "<emphasis>d</emphasis> per dies."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:326 sssd-krb5.5.xml:397
@@ -9549,7 +10304,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-krb5.5.xml:341
msgid "krb5_lifetime (string)"
-msgstr ""
+msgstr "krb5_lifetime (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:344
@@ -9579,7 +10334,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-krb5.5.xml:376
msgid "krb5_renew_interval (string)"
-msgstr ""
+msgstr "krb5_renew_interval (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:379
@@ -9621,7 +10376,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-krb5.5.xml:453
msgid "krb5_fast_principal (string)"
-msgstr ""
+msgstr "krb5_fast_principal (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:456
@@ -9643,7 +10398,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-krb5.5.xml:520
msgid "krb5_map_user (string)"
-msgstr ""
+msgstr "krb5_map_user (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:523
@@ -9662,6 +10417,8 @@ msgid ""
"krb5_realm = REALM\n"
"krb5_map_user = joe:juser,dick:richard\n"
msgstr ""
+"krb5_realm = REALM\n"
+"krb5_map_user = joe:juser,dick:richard\n"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:540
@@ -9701,16 +10458,20 @@ msgid ""
"krb5_server = 192.168.1.1\n"
"krb5_realm = EXAMPLE.COM\n"
msgstr ""
+"[domain/FOO]\n"
+"auth_provider = krb5\n"
+"krb5_server = 192.168.1.1\n"
+"krb5_realm = EXEMPLE.COM\n"
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sss_groupadd.8.xml:10 sss_groupadd.8.xml:15
msgid "sss_groupadd"
-msgstr ""
+msgstr "sss_groupadd"
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
#: sss_groupadd.8.xml:16
msgid "create a new group"
-msgstr ""
+msgstr "crea un nou grup"
#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
#: sss_groupadd.8.xml:21
@@ -9719,6 +10480,8 @@ msgid ""
"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
"arg>"
msgstr ""
+"<command>sss_groupadd</command> <arg choice='opt'> <replaceable>opcions</"
+"replaceable> </arg> <arg choice='plain'><replaceable>GRUP</replaceable></arg>"
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_groupadd.8.xml:32
@@ -9727,12 +10490,16 @@ msgid ""
"compatible with POSIX groups, with the additional feature that they can "
"contain other groups as members."
msgstr ""
+"<command>sss_groupadd</command> crea un nou grup. Aquests grups són "
+"compatibles amb els grups POSIX, amb la característica addicional que poden "
+"contenir altres grups com a membres."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_groupadd.8.xml:43 sss_seed.8.xml:88
msgid ""
"<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>"
msgstr ""
+"<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_groupadd.8.xml:48
@@ -9740,16 +10507,18 @@ msgid ""
"Set the GID of the group to the value of <replaceable>GID</replaceable>. If "
"not given, it is chosen automatically."
msgstr ""
+"Estableix el GID del grup al valor del <replaceable>GID</replaceable>. Si no "
+"se'n proporciona cap, es tria automàticament."
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sss_userdel.8.xml:10 sss_userdel.8.xml:15
msgid "sss_userdel"
-msgstr ""
+msgstr "sss_userdel"
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
#: sss_userdel.8.xml:16
msgid "delete a user account"
-msgstr ""
+msgstr "suprimeix el compte d'un usuari"
#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
#: sss_userdel.8.xml:21
@@ -9758,6 +10527,9 @@ msgid ""
"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
"arg>"
msgstr ""
+"<command>sss_userdel</command> <arg choice='opt'> <replaceable>opcions</"
+"replaceable> </arg> <arg choice='plain'><replaceable>USUARI</replaceable></"
+"arg>"
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_userdel.8.xml:32
@@ -9765,11 +10537,13 @@ msgid ""
"<command>sss_userdel</command> deletes a user identified by login name "
"<replaceable>LOGIN</replaceable> from the system."
msgstr ""
+"<command>sss_userdel</command> suprimeix un usuari identificat amb el nom "
+"d'usuari <replaceable>USUARI</replaceable> del sistema."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_userdel.8.xml:44
msgid "<option>-r</option>,<option>--remove</option>"
-msgstr ""
+msgstr "<option>-r</option>,<option>--remove</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_userdel.8.xml:48
@@ -9777,6 +10551,9 @@ msgid ""
"Files in the user's home directory will be removed along with the home "
"directory itself and the user's mail spool. Overrides the configuration."
msgstr ""
+"Els fitxers al directori inicial de l'usuari seran eliminats juntament amb "
+"el mateix directori inicial i la gestió de cues del correu de l'usuari. "
+"Substitueix la configuració."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_userdel.8.xml:56
@@ -9789,6 +10566,9 @@ msgid ""
"Files in the user's home directory will NOT be removed along with the home "
"directory itself and the user's mail spool. Overrides the configuration."
msgstr ""
+"Els fitxers al directori inicial de l'usuari no seran eliminats juntament "
+"amb el mateix directori inicial i la gestió de cues del correu de l'usuari. "
+"Substitueix la configuració."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_userdel.8.xml:68
@@ -9801,26 +10581,29 @@ msgid ""
"This option forces <command>sss_userdel</command> to remove the user's home "
"directory and mail spool, even if they are not owned by the specified user."
msgstr ""
+"Aquesta opció obliga a <command>sss_userdel</command> a suprimir el "
+"directori inicial i la gestió de cues del correu de l'usuari, encara que no "
+"siguin de la propietat de l'usuari especificat."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_userdel.8.xml:80
msgid "<option>-k</option>,<option>--kick</option>"
-msgstr ""
+msgstr "<option>-k</option>,<option>--kick</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_userdel.8.xml:84
msgid "Before actually deleting the user, terminate all his processes."
-msgstr ""
+msgstr "Abans d'eliminar realment a l'usuari, acaba tots els seus processos."
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sss_groupdel.8.xml:10 sss_groupdel.8.xml:15
msgid "sss_groupdel"
-msgstr ""
+msgstr "sss_groupdel"
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
#: sss_groupdel.8.xml:16
msgid "delete a group"
-msgstr ""
+msgstr "suprimeix un grup"
#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
#: sss_groupdel.8.xml:21
@@ -9829,6 +10612,8 @@ msgid ""
"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
"arg>"
msgstr ""
+"<command>sss_groupdel</command> <arg choice='opt'> <replaceable>opcions</"
+"replaceable> </arg> <arg choice='plain'><replaceable>GRUP</replaceable></arg>"
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_groupdel.8.xml:32
@@ -9836,16 +10621,18 @@ msgid ""
"<command>sss_groupdel</command> deletes a group identified by its name "
"<replaceable>GROUP</replaceable> from the system."
msgstr ""
+"<command>sss_groupdel</command> suprimeix un grup identificat amb el seu nom "
+"de <replaceable>GRUP</replaceable> del sistema."
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sss_groupshow.8.xml:10 sss_groupshow.8.xml:15
msgid "sss_groupshow"
-msgstr ""
+msgstr "sss_groupshow"
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
#: sss_groupshow.8.xml:16
msgid "print properties of a group"
-msgstr ""
+msgstr "imprimeix les propietats d'un grup"
#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
#: sss_groupshow.8.xml:21
@@ -9854,6 +10641,8 @@ msgid ""
"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
"arg>"
msgstr ""
+"<command>sss_groupshow</command> <arg choice='opt'> <replaceable>opcions</"
+"replaceable> </arg> <arg choice='plain'><replaceable>GRUP</replaceable></arg>"
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_groupshow.8.xml:32
@@ -9862,11 +10651,14 @@ msgid ""
"identified by its name <replaceable>GROUP</replaceable>. The information "
"includes the group ID number, members of the group and the parent group."
msgstr ""
+"<command>sss_groupshow</command> mostra la informació sobre un grup "
+"identificat amb el seu nom de <replaceable>GRUP</replaceable>. La informació "
+"inclou el número de l'id. del grup, els membres del grup i el grup primari."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_groupshow.8.xml:43
msgid "<option>-R</option>,<option>--recursive</option>"
-msgstr ""
+msgstr "<option>-R</option>,<option>--recursive</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_groupshow.8.xml:47
@@ -9879,12 +10671,12 @@ msgstr ""
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sss_usermod.8.xml:10 sss_usermod.8.xml:15
msgid "sss_usermod"
-msgstr ""
+msgstr "sss_usermod"
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
#: sss_usermod.8.xml:16
msgid "modify a user account"
-msgstr ""
+msgstr "modifica el compte d'un usuari"
#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
#: sss_usermod.8.xml:21
@@ -9893,6 +10685,9 @@ msgid ""
"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
"arg>"
msgstr ""
+"<command>sss_usermod</command> <arg choice='opt'> <replaceable>OPCIONS</"
+"replaceable></arg> <arg choice='plain'> <replaceable>USUARI</replaceable></"
+"arg>"
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_usermod.8.xml:32
@@ -9901,16 +10696,19 @@ msgid ""
"<replaceable>LOGIN</replaceable> to reflect the changes that are specified "
"on the command line."
msgstr ""
+"<command>sss_usermod</command> modifica el compte especificat amb "
+"<replaceable>USUARI</replaceable> per reflectir els canvis que "
+"s'especifiquen a la línia d'ordres."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_usermod.8.xml:60
msgid "The home directory of the user account."
-msgstr ""
+msgstr "El directori inicial del compte de l'usuari."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_usermod.8.xml:71
msgid "The user's login shell."
-msgstr ""
+msgstr "El shell d'inici de sessió de l'usuari."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_usermod.8.xml:82
@@ -9919,6 +10717,9 @@ msgid ""
"replaceable> parameter. The <replaceable>GROUPS</replaceable> parameter is "
"a comma separated list of group names."
msgstr ""
+"Annexa aquest usuari als grups que s'especifiquen amb el paràmetre dels "
+"<replaceable>GRUPS</replaceable>. El paràmetre dels <replaceable>GRUPS</"
+"replaceable> és una llista delimitada per comes dels noms dels grups."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_usermod.8.xml:96
@@ -9930,42 +10731,44 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_usermod.8.xml:103
msgid "<option>-l</option>,<option>--lock</option>"
-msgstr ""
+msgstr "<option>-l</option>,<option>--lock</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_usermod.8.xml:107
msgid "Lock the user account. The user won't be able to log in."
-msgstr ""
+msgstr "Bloqueja el compte de l'usuari. L'usuari no podrà iniciar la sessió."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_usermod.8.xml:114
msgid "<option>-u</option>,<option>--unlock</option>"
-msgstr ""
+msgstr "<option>-u</option>,<option>--unlock</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_usermod.8.xml:118
msgid "Unlock the user account."
-msgstr ""
+msgstr "Desbloqueja el compte de l'usuari."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_usermod.8.xml:129
msgid "The SELinux user for the user's login."
-msgstr ""
+msgstr "L'usuari de SELinux per a l'inici de sessió de l'usuari."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_usermod.8.xml:135
msgid "<option>--addattr</option> <replaceable>ATTR_NAME_VAL</replaceable>"
msgstr ""
+"<option>--addattr</option> <replaceable>NOM_ATRIBUT_VALOR</replaceable>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_usermod.8.xml:140
msgid "Add an attribute/value pair. The format is attrname=value."
-msgstr ""
+msgstr "Afegeix una parella atribut/valor. El format és nomatribut=valor."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_usermod.8.xml:147
msgid "<option>--setattr</option> <replaceable>ATTR_NAME_VAL</replaceable>"
msgstr ""
+"<option>--setattr</option> <replaceable>NOM_ATRIBUT_VALOR</replaceable>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_usermod.8.xml:152
@@ -9973,26 +10776,30 @@ msgid ""
"Set an attribute to a name/value pair. The format is attrname=value. For "
"multi-valued attributes, the command replaces the values already present"
msgstr ""
+"Estableix un atribut a la parella nom/valor. El format és nomatribut=valor. "
+"Per als atributs amb múltiples valors, l'ordre substitueix els valors ja "
+"presents"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_usermod.8.xml:160
msgid "<option>--delattr</option> <replaceable>ATTR_NAME_VAL</replaceable>"
msgstr ""
+"<option>--delattr</option> <replaceable>NOM_ATRIBUT_VALOR</replaceable>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_usermod.8.xml:165
msgid "Delete an attribute/value pair. The format is attrname=value."
-msgstr ""
+msgstr "Elimina una parella atribut/valor. El format és nomatribut=valor."
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sss_cache.8.xml:10 sss_cache.8.xml:15
msgid "sss_cache"
-msgstr ""
+msgstr "sss_cache"
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
#: sss_cache.8.xml:16
msgid "perform cache cleanup"
-msgstr ""
+msgstr "fa neteja de la memòria cau"
#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
#: sss_cache.8.xml:21
@@ -10000,6 +10807,8 @@ msgid ""
"<command>sss_cache</command> <arg choice='opt'> <replaceable>options</"
"replaceable> </arg>"
msgstr ""
+"<command>sss_cache</command> <arg choice='opt'> <replaceable>opcions</"
+"replaceable> </arg>"
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_cache.8.xml:31
@@ -10008,32 +10817,39 @@ msgid ""
"records are forced to be reloaded from server as soon as related SSSD "
"backend is online."
msgstr ""
+"<command>sss_cache</command> invalida els registres a la memòria cau de "
+"l'SSSD. Els registres invalidats es veuen obligats a recarregar-se des del "
+"servidor tan aviat com la capa d'accés de dades implicada de l'SSSD estigui "
+"en línia."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_cache.8.xml:42
msgid "<option>-E</option>,<option>--everything</option>"
-msgstr ""
+msgstr "<option>-E</option>,<option>--everything</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_cache.8.xml:46
msgid "Invalidate all cached entries except for sudo rules."
msgstr ""
+"Invalida totes les entrades de la memòria cau amb l'excepció de les regles "
+"sudo."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_cache.8.xml:52
msgid ""
"<option>-u</option>,<option>--user</option> <replaceable>login</replaceable>"
msgstr ""
+"<option>-u</option>,<option>--user</option> <replaceable>usuari</replaceable>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_cache.8.xml:57
msgid "Invalidate specific user."
-msgstr ""
+msgstr "Invalida un usuari específic."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_cache.8.xml:63
msgid "<option>-U</option>,<option>--users</option>"
-msgstr ""
+msgstr "<option>-U</option>,<option>--users</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_cache.8.xml:67
@@ -10041,22 +10857,25 @@ msgid ""
"Invalidate all user records. This option overrides invalidation of specific "
"user if it was also set."
msgstr ""
+"Invalida tots els registres dels usuaris. Aquesta opció anul·la la "
+"invalidació d'un usuari específic, si també es va especificar."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_cache.8.xml:74
msgid ""
"<option>-g</option>,<option>--group</option> <replaceable>group</replaceable>"
msgstr ""
+"<option>-g</option>,<option>--group</option> <replaceable>grup</replaceable>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_cache.8.xml:79
msgid "Invalidate specific group."
-msgstr ""
+msgstr "Invalida un grup específic."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_cache.8.xml:85
msgid "<option>-G</option>,<option>--groups</option>"
-msgstr ""
+msgstr "<option>-G</option>,<option>--groups</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_cache.8.xml:89
@@ -10064,6 +10883,8 @@ msgid ""
"Invalidate all group records. This option overrides invalidation of specific "
"group if it was also set."
msgstr ""
+"Invalida tots els registres dels grups. Aquesta opció anul·la la invalidació "
+"d'un grup específic, si també es va especificar."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_cache.8.xml:96
@@ -10071,16 +10892,18 @@ msgid ""
"<option>-n</option>,<option>--netgroup</option> <replaceable>netgroup</"
"replaceable>"
msgstr ""
+"<option>-n</option>,<option>--netgroup</option> <replaceable>grup-de-xarxa</"
+"replaceable>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_cache.8.xml:101
msgid "Invalidate specific netgroup."
-msgstr ""
+msgstr "invalida un grup de xarxa específic."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_cache.8.xml:107
msgid "<option>-N</option>,<option>--netgroups</option>"
-msgstr ""
+msgstr "<option>-N</option>,<option>--netgroups</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_cache.8.xml:111
@@ -10088,6 +10911,8 @@ msgid ""
"Invalidate all netgroup records. This option overrides invalidation of "
"specific netgroup if it was also set."
msgstr ""
+"Invalida tots els registres dels grups de xarxa. Aquesta opció anul·la la "
+"invalidació d'un grup de xarxa específic, si també es va especificar."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_cache.8.xml:118
@@ -10095,16 +10920,18 @@ msgid ""
"<option>-s</option>,<option>--service</option> <replaceable>service</"
"replaceable>"
msgstr ""
+"<option>-s</option>,<option>--service</option> <replaceable>servei</"
+"replaceable>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_cache.8.xml:123
msgid "Invalidate specific service."
-msgstr ""
+msgstr "invalida un servei específic."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_cache.8.xml:129
msgid "<option>-S</option>,<option>--services</option>"
-msgstr ""
+msgstr "<option>-S</option>,<option>--services</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_cache.8.xml:133
@@ -10112,6 +10939,8 @@ msgid ""
"Invalidate all service records. This option overrides invalidation of "
"specific service if it was also set."
msgstr ""
+"Invalida tots els registres dels serveis. Aquesta opció anul·la la "
+"invalidació d'un servei específic, si també es va especificar."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_cache.8.xml:140
@@ -10119,16 +10948,18 @@ msgid ""
"<option>-a</option>,<option>--autofs-map</option> <replaceable>autofs-map</"
"replaceable>"
msgstr ""
+"<option>-a</option>,<option>--autofs-map</option> <replaceable>assignació-"
+"autofs</replaceable>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_cache.8.xml:145
msgid "Invalidate specific autofs maps."
-msgstr ""
+msgstr "Invalida una assignació autofs específica."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_cache.8.xml:151
msgid "<option>-A</option>,<option>--autofs-maps</option>"
-msgstr ""
+msgstr "<option>-A</option>,<option>--autofs-maps</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_cache.8.xml:155
@@ -10136,6 +10967,9 @@ msgid ""
"Invalidate all autofs maps. This option overrides invalidation of specific "
"map if it was also set."
msgstr ""
+"Invalida tots els registres de les assignacions autofs. Aquesta opció "
+"anul·la la invalidació d'una assignació autofs específica, si també es va "
+"especificar."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_cache.8.xml:162
@@ -10143,16 +10977,18 @@ msgid ""
"<option>-h</option>,<option>--ssh-host</option> <replaceable>hostname</"
"replaceable>"
msgstr ""
+"<option>-h</option>,<option>--ssh-host</option> <replaceable>nom-amfitrió</"
+"replaceable>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_cache.8.xml:167
msgid "Invalidate SSH public keys of a specific host."
-msgstr ""
+msgstr "Invalida les claus públiques SSH d'un amfitrió especific."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_cache.8.xml:173
msgid "<option>-H</option>,<option>--ssh-hosts</option>"
-msgstr ""
+msgstr "<option>-H</option>,<option>--ssh-hosts</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_cache.8.xml:177
@@ -10160,28 +10996,74 @@ msgid ""
"Invalidate SSH public keys of all hosts. This option overrides invalidation "
"of SSH public keys of specific host if it was also set."
msgstr ""
+"Invalida tots els registres de les claus públiques SSH de tots els "
+"amfitrions. Aquesta opció anul·la la invalidació d'una clau pública SSH d'un "
+"amfitrió específic, si també es va especificar."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_cache.8.xml:185
+#, fuzzy
+#| msgid ""
+#| "<option>-g</option>,<option>--group</option> <replaceable>group</"
+#| "replaceable>"
msgid ""
-"<option>-d</option>,<option>--domain</option> <replaceable>domain</"
+"<option>-r</option>,<option>--sudo-rule</option> <replaceable>rule</"
"replaceable>"
msgstr ""
+"<option>-g</option>,<option>--group</option> <replaceable>grup</replaceable>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_cache.8.xml:190
-msgid "Restrict invalidation process only to a particular domain."
+#, fuzzy
+#| msgid "Invalidate all cached entries except for sudo rules."
+msgid "Invalidate particular sudo rule."
+msgstr ""
+"Invalida totes les entrades de la memòria cau amb l'excepció de les regles "
+"sudo."
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:196
+#, fuzzy
+#| msgid "<option>-U</option>,<option>--users</option>"
+msgid "<option>-R</option>,<option>--sudo-rules</option>"
+msgstr "<option>-U</option>,<option>--users</option>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:200
+#, fuzzy
+#| msgid ""
+#| "Invalidate all user records. This option overrides invalidation of "
+#| "specific user if it was also set."
+msgid ""
+"Invalidate all cached sudo rules. This option overrides invalidation of "
+"specific sudo rule if it was also set."
msgstr ""
+"Invalida tots els registres dels usuaris. Aquesta opció anul·la la "
+"invalidació d'un usuari específic, si també es va especificar."
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:208
+msgid ""
+"<option>-d</option>,<option>--domain</option> <replaceable>domain</"
+"replaceable>"
+msgstr ""
+"<option>-d</option>,<option>--domain</option> <replaceable>domini</"
+"replaceable>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:213
+msgid "Restrict invalidation process only to a particular domain."
+msgstr "Restringeix el procés d'invalidació a tan sols un domini concret."
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sss_debuglevel.8.xml:10 sss_debuglevel.8.xml:15
msgid "sss_debuglevel"
-msgstr ""
+msgstr "sss_debuglevel"
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
#: sss_debuglevel.8.xml:16
msgid "change debug level while SSSD is running"
-msgstr ""
+msgstr "canvia el nivell de depuració mentre s'està executant l'SSSD"
#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
#: sss_debuglevel.8.xml:21
@@ -10190,6 +11072,9 @@ msgid ""
"replaceable> </arg> <arg choice='plain'><replaceable>NEW_DEBUG_LEVEL</"
"replaceable></arg>"
msgstr ""
+"<command>sss_debuglevel</command> <arg choice='opt'> <replaceable>opcions</"
+"replaceable> </arg> <arg "
+"choice='plain'><replaceable>NOU_NIVELL_DE_DEPURACIÓ</replaceable></arg>"
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_debuglevel.8.xml:32
@@ -10198,21 +11083,24 @@ msgid ""
"providers to <replaceable>NEW_DEBUG_LEVEL</replaceable> while SSSD is "
"running."
msgstr ""
+"<command>sss_debuglevel</command> canvia el nivell de depuració del monitor "
+"i dels proveïdors de l'SSSD monitor al <replaceable>NOU_NIVELL_DE_DEPURACIÓ</"
+"replaceable> mentre s'està executant l'SSSD."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_debuglevel.8.xml:59
msgid "<replaceable>NEW_DEBUG_LEVEL</replaceable>"
-msgstr ""
+msgstr "<replaceable>NOU_NIVELL_DE_DEPURACIÓ</replaceable>"
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sss_seed.8.xml:10 sss_seed.8.xml:15
msgid "sss_seed"
-msgstr ""
+msgstr "sss_seed"
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
#: sss_seed.8.xml:16
msgid "seed the SSSD cache with a user"
-msgstr ""
+msgstr "implanta la memòria cau de l'SSSD amb un usuari"
#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
#: sss_seed.8.xml:21
@@ -10222,6 +11110,10 @@ msgid ""
"replaceable></arg> <arg choice='plain'>-n <replaceable>USER</replaceable></"
"arg>"
msgstr ""
+"<command>sss_seed</command> <arg choice='opt'> <replaceable>opcions</"
+"replaceable> </arg> <arg choice='plain'>-D <replaceable>DOMINI</"
+"replaceable></arg> <arg choice='plain'>-n <replaceable>USUARI</replaceable></"
+"arg>"
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_seed.8.xml:33
@@ -10230,6 +11122,10 @@ msgid ""
"temporary password. If a user entry is already present in the SSSD cache "
"then the entry is updated with the temporary password."
msgstr ""
+"<command>sss_seed</command> implanta la memòria cau de l'SSSD amb una "
+"entrada d'un usuari i la contrasenya temporal. Si l'entrada d'un usuari ja "
+"està present a la memòria cau de l'SSSD aleshores s'actualitza l'entrada amb "
+"la contrasenya temporal."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_seed.8.xml:46
@@ -10237,6 +11133,8 @@ msgid ""
"<option>-D</option>,<option>--domain</option> <replaceable>DOMAIN</"
"replaceable>"
msgstr ""
+"<option>-D</option>,<option>--domain</option> <replaceable>DOMINI</"
+"replaceable>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_seed.8.xml:51
@@ -10247,6 +11145,11 @@ msgid ""
"Information retrieved from the domain overrides what is provided in the "
"options."
msgstr ""
+"Proporciona el nom del domini en el qual l'usuari n'és membre. El domini "
+"també s'utilitza per recuperar la informació de l'usuari. El domini ha "
+"d'estar configurat a l'sssd.conf. S'ha de proporcionar l'opció del "
+"<replaceable>DOMINI</replaceable>. La informació recuperada del domini "
+"anul·la aquella que es proporcioni a les opcions."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_seed.8.xml:63
@@ -10261,27 +11164,33 @@ msgid ""
"The username of the entry to be created or modified in the cache. The "
"<replaceable>USER</replaceable> option must be provided."
msgstr ""
+"L'entrada del nom d'usuari a crear o modificar a la memòria cau. S'ha de "
+"proporcionar l'opció de l'<replaceable>USUARI</replaceable>."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_seed.8.xml:81
msgid "Set the UID of the user to <replaceable>UID</replaceable>."
-msgstr ""
+msgstr "Estableix l'UID de l'usuari a <replaceable>UID</replaceable>."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_seed.8.xml:93
msgid "Set the GID of the user to <replaceable>GID</replaceable>."
-msgstr ""
+msgstr "Estableix el GID de l'usuari a <replaceable>GID</replaceable>."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_seed.8.xml:117
msgid ""
"Set the home directory of the user to <replaceable>HOME_DIR</replaceable>."
msgstr ""
+"Establix el directori inicial de l'usuari a <replaceable>DIRECTORI_INICIAL</"
+"replaceable>."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_seed.8.xml:129
msgid "Set the login shell of the user to <replaceable>SHELL</replaceable>."
msgstr ""
+"Estableix el shell d'inici de sessió de l'usuari a <replaceable>SHELL</"
+"replaceable>."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_seed.8.xml:140
@@ -10289,6 +11198,9 @@ msgid ""
"Interactive mode for entering user information. This option will only prompt "
"for information not provided in the options or retrieved from the domain."
msgstr ""
+"Mode interactiu per a la introducció de la informació de l'usuari. Aquesta "
+"opció només demanà la informació no proporcionada a les opcions o que no es "
+"recuperi del domini."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_seed.8.xml:148
@@ -10296,6 +11208,8 @@ msgid ""
"<option>-p</option>,<option>--password-file</option> <replaceable>PASS_FILE</"
"replaceable>"
msgstr ""
+"<option>-p</option>,<option>--password-file</option> "
+"<replaceable>FITXER_CONTRASENYA</replaceable>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_seed.8.xml:153
@@ -10303,6 +11217,8 @@ msgid ""
"Specify file to read user's password from. (if not specified password is "
"prompted for)"
msgstr ""
+"Especifica el fitxer des d'on llegir la contrasenya de l'usuari. (si no "
+"s'especifica, es demana per la contrasenya)"
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_seed.8.xml:165
@@ -10311,16 +11227,20 @@ msgid ""
"password-file option) must be less than or equal to PASS_MAX bytes (64 bytes "
"on systems with no globally-defined PASS_MAX value)."
msgstr ""
+"La longitud de la contrasenya (o la mida del fitxer que s'especifica amb "
+"l'opció -p o --password-file) ha de ser més petita o igual que PASS_MAX "
+"bytes (64 bytes en els sistemes que no defineixen globalment el valor de "
+"PASS_MAX)."
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sssd-ifp.5.xml:10 sssd-ifp.5.xml:16
msgid "sssd-ifp"
-msgstr ""
+msgstr "sssd-ifp"
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
#: sssd-ifp.5.xml:17
msgid "SSSD InfoPipe responder"
-msgstr ""
+msgstr "contestador de l'InfoPipe de l'SSSD"
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ifp.5.xml:23
@@ -10331,6 +11251,12 @@ msgid ""
"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</"
"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page."
msgstr ""
+"En aquesta pàgina del manual es descriu la configuració del contestador de "
+"l'InfoPipe per a <citerefentry> <refentrytitle>sssd</refentrytitle> "
+"<manvolnum>8</manvolnum> </citerefentry>. Per a una referència detallada de "
+"la sintaxi, consulteu la secció <quote>FORMAT DEL FITXER</quote> de la "
+"pàgina del manual <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ifp.5.xml:36
@@ -10339,11 +11265,17 @@ msgid ""
"system bus. The interface allows the user to query information about remote "
"users and groups over the system bus."
msgstr ""
+"El contestador de l'InfoPipe proporciona una interfície D-Bus publica que es "
+"pot accedir a través del bus del sistema. La interfície permet que l'usuari "
+"consulti informació sobre els usuaris i els grups remots a través del bus "
+"del sistema."
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ifp.5.xml:46
msgid "These options can be used to configure the InfoPipe responder."
msgstr ""
+"Es poden utilitzar aquestes opcions per configurar el contestador de "
+"l'InfoPipe."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sssd-ifp.5.xml:53
@@ -10352,12 +11284,17 @@ msgid ""
"allowed to access the InfoPipe responder. User names are resolved to UIDs at "
"startup."
msgstr ""
+"Especifica una llista separada per comes dels valors dels UID o dels noms "
+"d'usuaris que estan assignats per accedir al contestador de l'InfoPipe. Els "
+"noms d'usuaris es resolen als UID en la preparació."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sssd-ifp.5.xml:59
msgid ""
"Default: 0 (only the root user is allowed to access the InfoPipe responder)"
msgstr ""
+"Per defecte: 0 (únicament a l'usuari root se li permet l'accés al "
+"contestador de l'InfoPipe)"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sssd-ifp.5.xml:63
@@ -10367,66 +11304,72 @@ msgid ""
"access the InfoPipe responder, which would be the typical case, you have to "
"add 0 to the list of allowed UIDs as well."
msgstr ""
+"Tingueu en compte que encara que s'utilitzi l'UID 0 com a valor per defecte "
+"se sobreescriurà amb aquesta opció. Si encara voleu permetre que l'usuari "
+"root accedeixi al contestador de l'InfoPipe, el que seria el cas típic, "
+"també cal afegir 0 a la llista dels UID permesos."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sssd-ifp.5.xml:77
msgid "Specifies the comma-separated list of white or blacklisted attributes."
msgstr ""
+"Especifica una llista separada per comes dels atributs de la llista negra o "
+"blanca."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
#: sssd-ifp.5.xml:91
msgid "name"
-msgstr ""
+msgstr "name"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-ifp.5.xml:92
msgid "user's login name"
-msgstr ""
+msgstr "nom d'inici de sessió de l'usuari"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
#: sssd-ifp.5.xml:95
msgid "uidNumber"
-msgstr ""
+msgstr "uidNumber"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-ifp.5.xml:96
msgid "user ID"
-msgstr ""
+msgstr "id. de l'usuari"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
#: sssd-ifp.5.xml:99
msgid "gidNumber"
-msgstr ""
+msgstr "gidNumber"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-ifp.5.xml:100
msgid "primary group ID"
-msgstr ""
+msgstr "id. del grup primari"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
#: sssd-ifp.5.xml:103
msgid "gecos"
-msgstr ""
+msgstr "gecos"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-ifp.5.xml:104
msgid "user information, typically full name"
-msgstr ""
+msgstr "informació de l'usuari, normalment el nom complet "
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
#: sssd-ifp.5.xml:107
msgid "homeDirectory"
-msgstr ""
+msgstr "homeDirectory"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
#: sssd-ifp.5.xml:111
msgid "loginShell"
-msgstr ""
+msgstr "loginShell"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: sssd-ifp.5.xml:112
msgid "user shell"
-msgstr ""
+msgstr "shell de l'usuari"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sssd-ifp.5.xml:81
@@ -10437,6 +11380,11 @@ msgid ""
"manvolnum> </citerefentry> and includes: <placeholder type=\"variablelist\" "
"id=\"0\"/>"
msgstr ""
+"Per defecte, el contestador de l'InfoPipe únicament permet que se "
+"sol·licitin el conjunt per defecte dels atributs POSIX. Aquest conjunt és el "
+"mateix que es retorna amb <citerefentry> <refentrytitle>getpwnam</"
+"refentrytitle> <manvolnum>3</manvolnum> </citerefentry> i inclou: "
+"<placeholder type=\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
#: sssd-ifp.5.xml:125
@@ -10445,6 +11393,8 @@ msgid ""
"user_attributes = +telephoneNumber, -loginShell\n"
" "
msgstr ""
+"user_attributes = +telephoneNumber, -loginShell\n"
+" "
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sssd-ifp.5.xml:117
@@ -10455,11 +11405,18 @@ msgid ""
"deny <quote>loginShell</quote>, you would use the following configuration: "
"<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
+"Es poden afegir altres atributs a aquest conjunt amb <quote>+nom_atribut</"
+"quote> o suprimir explícitament un atribut amb <quote>-nom_atribut</quote>. "
+"Per exemple, per permetre <quote>telephoneNumber</quote> però denegar "
+"<quote>loginShell</quote>, podríeu utilitzar la següent configuració: "
+"<placeholder type=\"programlisting\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sssd-ifp.5.xml:129
msgid "Default: not set. Only the default set of POSIX attributes is allowed."
msgstr ""
+"Per defecte: sense establir. Únicament es permet el conjunt per defecte dels "
+"atributs POSIX."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sssd-ifp.5.xml:139
@@ -10483,21 +11440,27 @@ msgid ""
"<contrib>Developer (2014-)</contrib> <email>tsnoam@gmail.com</email> </"
"author>"
msgstr ""
+"<productname>sss rpc.idmapd plugin</productname> <author> <firstname>Noam</"
+"firstname> <surname>Meltzer</surname> <affiliation> <orgname>Primary Data "
+"Inc.</orgname> </affiliation> <contrib>Desenvolupador (2013-2014)</contrib> "
+"</author> <author> <firstname>Noam</firstname> <surname>Meltzer</surname> "
+"<contrib>Desenvolupador (2014-)</contrib> <email>tsnoam@gmail.com</email> </"
+"author>"
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sss_rpcidmapd.5.xml:26 sss_rpcidmapd.5.xml:32
msgid "sss_rpcidmapd"
-msgstr ""
+msgstr "sss_rpcidmapd"
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
#: sss_rpcidmapd.5.xml:33
msgid "sss plugin configuration directives for rpc.idmapd"
-msgstr ""
+msgstr "les directrius de configuració del complement sss per al rpc.idmapd"
#. type: Content of: <reference><refentry><refsect1><title>
#: sss_rpcidmapd.5.xml:37
msgid "CONFIGURATION FILE"
-msgstr ""
+msgstr "FITXER DE CONFIGURACIÓ"
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_rpcidmapd.5.xml:39
@@ -10506,16 +11469,19 @@ msgid ""
"conf</emphasis>. See <citerefentry> <refentrytitle>idmapd.conf</"
"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more information."
msgstr ""
+"El fitxer de configuració rpc.idmapd normalment es troba a <emphasis>/etc/"
+"idmapd.conf</emphasis>. Vegeu <citerefentry> <refentrytitle>idmapd.conf</"
+"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> per més informació."
#. type: Content of: <reference><refentry><refsect1><title>
#: sss_rpcidmapd.5.xml:49
msgid "SSS CONFIGURATION EXTENSION"
-msgstr ""
+msgstr "AMPLIACIÓ DE LA CONFIGURACIÓ DE L'SSS"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
#: sss_rpcidmapd.5.xml:51
msgid "Enable SSS plugin"
-msgstr ""
+msgstr "Habilita el complement SSS"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
#: sss_rpcidmapd.5.xml:53
@@ -10523,11 +11489,13 @@ msgid ""
"In section <quote>[Translation]</quote>, modify/set <quote>Method</quote> "
"attribute to contain <emphasis>sss</emphasis>."
msgstr ""
+"En la secció <quote>[Translation]</quote>, modifiqueu o establiu l'atribut "
+"<quote>Method</quote> per abastar <emphasis>sss</emphasis>."
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
#: sss_rpcidmapd.5.xml:59
msgid "[sss] config section"
-msgstr ""
+msgstr "Secció de configuració [sss]"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
#: sss_rpcidmapd.5.xml:61
@@ -10536,26 +11504,30 @@ msgid ""
"<emphasis>sss</emphasis> plugin listed below you will need to create a "
"config section for it, named <quote>[sss]</quote>."
msgstr ""
+"Per canviar el valor per defecte d'un dels atributs de configuració del "
+"connector de l'<emphasis>sss</emphasis> que es llisten a continuació, "
+"necessitareu crear-li una secció de configuració, anomenada <quote>[sss]</"
+"quote>."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
#: sss_rpcidmapd.5.xml:67
msgid "Configuration attributes"
-msgstr ""
+msgstr "Atributs de configuració"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#: sss_rpcidmapd.5.xml:69
msgid "memcache (bool)"
-msgstr ""
+msgstr "memcache (booleà)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sss_rpcidmapd.5.xml:72
msgid "Indicates whether or not to use memcache optimisation technique."
-msgstr ""
+msgstr "Indica si s'utilitza o no la tècnica d'optimització de la memòria cau."
#. type: Content of: <reference><refentry><refsect1><title>
#: sss_rpcidmapd.5.xml:85
msgid "SSSD INTEGRATION"
-msgstr ""
+msgstr "INTEGRACIÓ DE L'SSSD"
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_rpcidmapd.5.xml:87
@@ -10563,6 +11535,8 @@ msgid ""
"The sss plugin requires the <emphasis>NSS Responder</emphasis> to be enabled "
"in sssd."
msgstr ""
+"El connector sss requereix que s'habiliti el <emphasis>contestador del NSS</"
+"emphasis> al sssd."
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_rpcidmapd.5.xml:91
@@ -10571,6 +11545,9 @@ msgid ""
"all domains (NFSv4 clients expect a fully qualified name to be sent on the "
"wire)."
msgstr ""
+"L'atribut <quote>use_fully_qualified_names</quote> ha d'estar habilitat en "
+"tots els dominis (els clients de NFSv4 esperen un FQN per a ser enviats al "
+"cable)."
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
#: sss_rpcidmapd.5.xml:103
@@ -10589,6 +11566,18 @@ msgid ""
"[Translation]\n"
"Method = sss\n"
msgstr ""
+"[General]\n"
+"Verbosity = 2\n"
+"# el domini ha de sincronitzar-se entre el servidor i els clients del NFSv4\n"
+"# Solaris/Illumos/AIX utilitzen \"localdomain\" com a predeterminat!\n"
+"Domain = default\n"
+"\n"
+"[Mapping]\n"
+"Nobody-User = nfsnobody\n"
+"Nobody-Group = nfsnobody\n"
+"\n"
+"[Translation]\n"
+"Method = sss\n"
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_rpcidmapd.5.xml:100
@@ -10596,6 +11585,8 @@ msgid ""
"The following example shows a minimal idmapd.conf which makes use of the sss "
"plugin. <placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
+"En el següent exemple es mostra un idmapd.conf mínim que fa ús del connector "
+"sss. <placeholder type=\"programlisting\" id=\"0\"/>"
#. type: Content of: <refsect1><title>
#: sss_rpcidmapd.5.xml:120 include/seealso.xml:2
@@ -10609,21 +11600,24 @@ msgid ""
"citerefentry>, <citerefentry> <refentrytitle>idmapd.conf</refentrytitle> "
"<manvolnum>5</manvolnum> </citerefentry>"
msgstr ""
+"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>idmapd.conf</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry>"
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sss_ssh_authorizedkeys.1.xml:10 sss_ssh_authorizedkeys.1.xml:15
msgid "sss_ssh_authorizedkeys"
-msgstr ""
+msgstr "sss_ssh_authorizedkeys"
#. type: Content of: <reference><refentry><refmeta><manvolnum>
#: sss_ssh_authorizedkeys.1.xml:11 sss_ssh_knownhostsproxy.1.xml:11
msgid "1"
-msgstr ""
+msgstr "1"
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
#: sss_ssh_authorizedkeys.1.xml:16
msgid "get OpenSSH authorized keys"
-msgstr ""
+msgstr "obté les claus autoritzades de l'OpenSSH"
#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
#: sss_ssh_authorizedkeys.1.xml:21
@@ -10632,6 +11626,9 @@ msgid ""
"<replaceable>options</replaceable> </arg> <arg "
"choice='plain'><replaceable>USER</replaceable></arg>"
msgstr ""
+"<command>sss_ssh_authorizedkeys</command> <arg choice='opt'> "
+"<replaceable>opcions</replaceable> </arg> <arg "
+"choice='plain'><replaceable>USUARI</replaceable></arg>"
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_ssh_authorizedkeys.1.xml:32
@@ -10645,25 +11642,41 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_ssh_authorizedkeys.1.xml:41
+#, fuzzy
+#| msgid ""
+#| "This manual page describes the configuration of LDAP domains for "
+#| "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</"
+#| "manvolnum> </citerefentry>. Refer to the <quote>FILE FORMAT</quote> "
+#| "section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
+#| "<manvolnum>5</manvolnum> </citerefentry> manual page for detailed syntax "
+#| "information."
msgid ""
"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
"citerefentry> can be configured to use <command>sss_ssh_authorizedkeys</"
"command> for public key user authentication if it is compiled with support "
-"for either <quote>AuthorizedKeysCommand</quote> or <quote>PubkeyAgent</"
-"quote> <citerefentry> <refentrytitle>sshd_config</refentrytitle> "
-"<manvolnum>5</manvolnum></citerefentry> options."
+"for <quote>AuthorizedKeysCommand</quote> option. Please refer to the "
+"<citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</"
+"manvolnum></citerefentry> man page for more details about this option."
msgstr ""
+"En aquesta pàgina del manual es descriu la configuració de dominis LDAP per "
+"a <citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</"
+"manvolnum> </citerefentry>. Consulteu la secció <quote>FORMAT DE FITXER</"
+"quote> de la pàgina del manual <citerefentry> <refentrytitle>sssd.conf</"
+"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> per obtenir "
+"informació detallada de la sintaxi."
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sss_ssh_authorizedkeys.1.xml:58
+#: sss_ssh_authorizedkeys.1.xml:59
#, no-wrap
msgid ""
" AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n"
" AuthorizedKeysCommandUser nobody\n"
msgstr ""
+" AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n"
+" AuthorizedKeysCommandUser nobody\n"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:51
+#: sss_ssh_authorizedkeys.1.xml:52
msgid ""
"If <quote>AuthorizedKeysCommand</quote> is supported, "
"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
@@ -10673,36 +11686,19 @@ msgid ""
"\" id=\"0\"/>"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sss_ssh_authorizedkeys.1.xml:70
-#, no-wrap
-msgid "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:63
-msgid ""
-"If <quote>PubkeyAgent</quote> is supported, "
-"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
-"citerefentry> can be configured to use it by using the following directive "
-"for <citerefentry> <refentrytitle>sshd</refentrytitle> <manvolnum>8</"
-"manvolnum></citerefentry> configuration: <placeholder type=\"programlisting"
-"\" id=\"0\"/>"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_ssh_authorizedkeys.1.xml:85
+#: sss_ssh_authorizedkeys.1.xml:75
msgid ""
"Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_ssh_authorizedkeys.1.xml:94 sss_ssh_knownhostsproxy.1.xml:92
+#: sss_ssh_authorizedkeys.1.xml:84 sss_ssh_knownhostsproxy.1.xml:92
msgid "EXIT STATUS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:96 sss_ssh_knownhostsproxy.1.xml:94
+#: sss_ssh_authorizedkeys.1.xml:86 sss_ssh_knownhostsproxy.1.xml:94
msgid ""
"In case of success, an exit value of 0 is returned. Otherwise, 1 is returned."
msgstr ""
@@ -10710,12 +11706,12 @@ msgstr ""
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sss_ssh_knownhostsproxy.1.xml:10 sss_ssh_knownhostsproxy.1.xml:15
msgid "sss_ssh_knownhostsproxy"
-msgstr ""
+msgstr "sss_ssh_knownhostsproxy"
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
#: sss_ssh_knownhostsproxy.1.xml:16
msgid "get OpenSSH host keys"
-msgstr ""
+msgstr "obté les claus de l'amfitrió de l'OpenSSH"
#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
#: sss_ssh_knownhostsproxy.1.xml:21
@@ -10767,6 +11763,7 @@ msgstr ""
msgid ""
"<option>-p</option>,<option>--port</option> <replaceable>PORT</replaceable>"
msgstr ""
+"<option>-p</option>,<option>--port</option> <replaceable>PORT</replaceable>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_ssh_knownhostsproxy.1.xml:71
@@ -10797,7 +11794,7 @@ msgstr ""
#. type: Content of: <refsect1><refsect2><title>
#: include/service_discovery.xml:9 include/ldap_id_mapping.xml:99
msgid "Configuration"
-msgstr ""
+msgstr "Configuració"
#. type: Content of: <refsect1><refsect2><para>
#: include/service_discovery.xml:11
@@ -10814,7 +11811,7 @@ msgstr ""
#. type: Content of: <refsect1><refsect2><title>
#: include/service_discovery.xml:23
msgid "The domain name"
-msgstr ""
+msgstr "El nom del domini"
#. type: Content of: <refsect1><refsect2><para>
#: include/service_discovery.xml:25
@@ -10827,7 +11824,7 @@ msgstr ""
#. type: Content of: <refsect1><refsect2><title>
#: include/service_discovery.xml:35
msgid "The protocol"
-msgstr ""
+msgstr "El protocol"
#. type: Content of: <refsect1><refsect2><para>
#: include/service_discovery.xml:37
@@ -10839,7 +11836,7 @@ msgstr ""
#. type: Content of: <refsect1><refsect2><title>
#: include/service_discovery.xml:42
msgid "See Also"
-msgstr ""
+msgstr "Vegeu també"
#. type: Content of: <refsect1><refsect2><para>
#: include/service_discovery.xml:44
@@ -10850,7 +11847,7 @@ msgstr ""
#. type: Content of: outside any tag (error?)
#: include/upstream.xml:1
msgid "<placeholder type=\"refentryinfo\" id=\"0\"/>"
-msgstr ""
+msgstr "<placeholder type=\"refentryinfo\" id=\"0\"/>"
#. type: Content of: <refsect1><title>
#: include/failover.xml:2
@@ -11069,7 +12066,7 @@ msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
#: include/ldap_id_mapping.xml:120
msgid "ldap_idmap_range_min (integer)"
-msgstr ""
+msgstr "ldap_idmap_range_min (enter)"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
#: include/ldap_id_mapping.xml:123
@@ -11089,14 +12086,14 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:137 include/ldap_id_mapping.xml:189
+#: include/ldap_id_mapping.xml:137 include/ldap_id_mapping.xml:191
msgid "Default: 200000"
-msgstr ""
+msgstr "Per defecte: 200000"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
#: include/ldap_id_mapping.xml:142
msgid "ldap_idmap_range_max (integer)"
-msgstr ""
+msgstr "ldap_idmap_range_max (enter)"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
#: include/ldap_id_mapping.xml:145
@@ -11118,12 +12115,12 @@ msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
#: include/ldap_id_mapping.xml:159
msgid "Default: 2000200000"
-msgstr ""
+msgstr "Per defecte: 2000200000"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
#: include/ldap_id_mapping.xml:164
msgid "ldap_idmap_range_size (integer)"
-msgstr ""
+msgstr "ldap_idmap_range_size (enter)"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
#: include/ldap_id_mapping.xml:167
@@ -11146,11 +12143,12 @@ msgstr ""
msgid ""
"For example, if your most recently-added Active Directory user has "
"objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, "
-"<quote>ldap_idmap_range_size</quote> must be at least 1107."
+"<quote>ldap_idmap_range_size</quote> must be at least 1108 as range size is "
+"equal to maximal SID minus minimal SID plus one (e.g. 1108 = 1107 - 0 + 1)."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:184
+#: include/ldap_id_mapping.xml:186
msgid ""
"It is important to plan ahead for future expansion, as changing this value "
"will result in changing all of the ID mappings on the system, leading to "
@@ -11158,12 +12156,12 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:194
+#: include/ldap_id_mapping.xml:196
msgid "ldap_idmap_default_domain_sid (string)"
-msgstr ""
+msgstr "ldap_idmap_default_domain_sid (cadena)"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:197
+#: include/ldap_id_mapping.xml:199
msgid ""
"Specify the domain SID of the default domain. This will guarantee that this "
"domain will always be assigned to slice zero in the ID map, bypassing the "
@@ -11171,36 +12169,36 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:208
+#: include/ldap_id_mapping.xml:210
msgid "ldap_idmap_default_domain (string)"
-msgstr ""
+msgstr "ldap_idmap_default_domain (cadena)"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:211
+#: include/ldap_id_mapping.xml:213
msgid "Specify the name of the default domain."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:219
+#: include/ldap_id_mapping.xml:221
msgid "ldap_idmap_autorid_compat (boolean)"
-msgstr ""
+msgstr "ldap_idmap_autorid_compat (booleà)"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:222
+#: include/ldap_id_mapping.xml:224
msgid ""
"Changes the behavior of the ID-mapping algorithm to behave more similarly to "
"winbind's <quote>idmap_autorid</quote> algorithm."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:227
+#: include/ldap_id_mapping.xml:229
msgid ""
"When this option is configured, domains will be allocated starting with "
"slice zero and increasing monatomically with each additional domain."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:232
+#: include/ldap_id_mapping.xml:234
msgid ""
"NOTE: This algorithm is non-deterministic (it depends on the order that "
"users and groups are requested). If this mode is required for compatibility "
@@ -11209,13 +12207,36 @@ msgid ""
"least one domain is consistently allocated to slice zero."
msgstr ""
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:249
+#, fuzzy
+#| msgid "ldap_idmap_range_size (integer)"
+msgid "ldap_idmap_helper_table_size (integer)"
+msgstr "ldap_idmap_range_size (enter)"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:252
+msgid ""
+"Maximal number of secondary slices that is tried when performing mapping "
+"from UNIX id to SID."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:256
+msgid ""
+"Note: Additional secondary slices might be generated when SID is being "
+"mapped to UNIX id and RID part of SID is out of range for secondary slices "
+"generated so far. If value of ldap_idmap_helper_table_size is equal to 0 "
+"then no additional secondary slices are generated."
+msgstr ""
+
#. type: Content of: <refsect1><refsect2><title>
-#: include/ldap_id_mapping.xml:251
+#: include/ldap_id_mapping.xml:273
msgid "Well-Known SIDs"
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:253
+#: include/ldap_id_mapping.xml:275
msgid ""
"SSSD supports to look up the names of Well-Known SIDs, i.e. SIDs with a "
"special hardcoded meaning. Since the generic users and groups related to "
@@ -11224,51 +12245,51 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:259
+#: include/ldap_id_mapping.xml:281
msgid ""
"The SID name space is organized in authorities which can be seen as "
"different domains. The authorities for the Well-Known SIDs are"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:262
+#: include/ldap_id_mapping.xml:284
msgid "Null Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:263
+#: include/ldap_id_mapping.xml:285
msgid "World Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:264
+#: include/ldap_id_mapping.xml:286
msgid "Local Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:265
+#: include/ldap_id_mapping.xml:287
msgid "Creator Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:266
+#: include/ldap_id_mapping.xml:288
msgid "NT Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:267
+#: include/ldap_id_mapping.xml:289
msgid "Built-in"
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:269
+#: include/ldap_id_mapping.xml:291
msgid ""
"The capitalized version of these names are used as domain names when "
"returning the fully qualified name of a Well-Known SID."
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:273
+#: include/ldap_id_mapping.xml:295
msgid ""
"Since some utilities allow to modify SID based access control information "
"with the help of a name instead of using the SID directly SSSD supports to "
@@ -11288,12 +12309,12 @@ msgstr ""
#. type: Content of: <varlistentry><listitem><para>
#: include/param_help.xml:7 include/param_help_py.xml:7
msgid "Display help message and exit."
-msgstr ""
+msgstr "Mostra el missatge d'ajuda i surt."
#. type: Content of: <varlistentry><term>
#: include/param_help_py.xml:3
msgid "<option>-h</option>,<option>--help</option>"
-msgstr ""
+msgstr "<option>-h</option>,<option>--help</option>"
#. type: Content of: <listitem><para>
#: include/debug_levels.xml:3
@@ -11304,6 +12325,12 @@ msgid ""
"is to specify a hexadecimal bitmask to enable or disable specific levels "
"(such as if you wish to suppress a level)."
msgstr ""
+"L'SSSD admet dues representacions per a l'especificació del nivell de "
+"depuració. La més senzilla és especificar un número del 0-9, que representa "
+"el que permet cada nivell i tots els missatges de depuració de nivell baix. "
+"L'opció més exhaustiva és especificar una màscara de bits en hexadecimal per "
+"activar o desactivar els nivells específics (per exemple, si voleu suprimir "
+"un nivell)."
#. type: Content of: <listitem><para>
#: include/debug_levels.xml:10
@@ -11314,6 +12341,12 @@ msgid ""
"responder or provider processes. The <quote>debug_level</quote> parameter "
"should be added to all sections that you wish to produce debug logs from."
msgstr ""
+"Si us plau, tingueu en compte que cadascun dels serveis de l'SSSD registra "
+"el seu fitxer propi de registre. També tingueu en compte que l'habilitació "
+"del <quote>debug_level</quote> a la secció <quote>[sssd]</quote>únicament "
+"habilita la depuració del mateix procés de l'sssd, no per al procés del "
+"contestador o del proveïdor. El paràmetre <quote>debug_level</quote> s'ha "
+"d'afegir en totes les seccions que vulgueu que generin registres."
#. type: Content of: <listitem><para>
#: include/debug_levels.xml:18
@@ -11324,11 +12357,16 @@ msgid ""
"<citerefentry> <refentrytitle>sss_debuglevel</refentrytitle> <manvolnum>8</"
"manvolnum> </citerefentry> tool."
msgstr ""
+"A més de canviar el nivell del registre al fitxer de configuració amb el "
+"paràmetre <quote>debug_level</quote>, que és permanent, però requereix que "
+"es reiniciï l'SSSD, també és possible canviar el nivell de depuració al vol "
+"amb l'eina <citerefentry> <refentrytitle>sss_debuglevel</refentrytitle> "
+"<manvolnum>8</manvolnum> </citerefentry>."
#. type: Content of: <listitem><para>
#: include/debug_levels.xml:29
msgid "Currently supported debug levels:"
-msgstr ""
+msgstr "Els nivells de depuració que s'admeten actualment:"
#. type: Content of: <listitem><para>
#: include/debug_levels.xml:32
@@ -11337,6 +12375,9 @@ msgid ""
"Anything that would prevent SSSD from starting up or causes it to cease "
"running."
msgstr ""
+"<emphasis>0</emphasis>, <emphasis>0x0010</emphasis>: Fallides fatals. "
+"Qualsevol cosa que impedeixi la posada en marxa de l'SSSD o provoqui el seu "
+"cessament."
#. type: Content of: <listitem><para>
#: include/debug_levels.xml:38
@@ -11345,6 +12386,9 @@ msgid ""
"error that doesn't kill the SSSD, but one that indicates that at least one "
"major feature is not going to work properly."
msgstr ""
+"<emphasis>1</emphasis>, <emphasis>0x0020</emphasis>: Fallides crítiques. Un "
+"error que no mata a l'SSSD, però un que indica que almenys hi ha una "
+"característica important que no funcionarà correctament."
#. type: Content of: <listitem><para>
#: include/debug_levels.xml:45
@@ -11352,6 +12396,8 @@ msgid ""
"<emphasis>2</emphasis>, <emphasis>0x0040</emphasis>: Serious failures. An "
"error announcing that a particular request or operation has failed."
msgstr ""
+"<emphasis>2</emphasis>, <emphasis>0x0040</emphasis>: Fallides serioses. Un "
+"error que anuncia que una petició o una operació en particular ha fallat."
#. type: Content of: <listitem><para>
#: include/debug_levels.xml:50
@@ -11359,17 +12405,23 @@ msgid ""
"<emphasis>3</emphasis>, <emphasis>0x0080</emphasis>: Minor failures. These "
"are the errors that would percolate down to cause the operation failure of 2."
msgstr ""
+"<emphasis>3</emphasis>, <emphasis>0x0080</emphasis>: Fallides menors. "
+"Aquests són els errors que enterboleixen i poden fer fracassar l'operació "
+"dels 2."
#. type: Content of: <listitem><para>
#: include/debug_levels.xml:55
msgid ""
"<emphasis>4</emphasis>, <emphasis>0x0100</emphasis>: Configuration settings."
msgstr ""
+"<emphasis>4</emphasis>, <emphasis>0x0100</emphasis>: Ajusts de la "
+"configuració."
#. type: Content of: <listitem><para>
#: include/debug_levels.xml:59
msgid "<emphasis>5</emphasis>, <emphasis>0x0200</emphasis>: Function data."
msgstr ""
+"<emphasis>5</emphasis>, <emphasis>0x0200</emphasis>: Dades de les funcions."
#. type: Content of: <listitem><para>
#: include/debug_levels.xml:63
@@ -11377,6 +12429,8 @@ msgid ""
"<emphasis>6</emphasis>, <emphasis>0x0400</emphasis>: Trace messages for "
"operation functions."
msgstr ""
+"<emphasis>6</emphasis>, <emphasis>0x0400</emphasis>: Missatges de traça per "
+"al funcionament de les funcions."
#. type: Content of: <listitem><para>
#: include/debug_levels.xml:67
@@ -11384,6 +12438,8 @@ msgid ""
"<emphasis>7</emphasis>, <emphasis>0x1000</emphasis>: Trace messages for "
"internal control functions."
msgstr ""
+"<emphasis>7</emphasis>, <emphasis>0x1000</emphasis>: Missatges de traça per "
+"a les funcions internes de control."
#. type: Content of: <listitem><para>
#: include/debug_levels.xml:72
@@ -11391,6 +12447,8 @@ msgid ""
"<emphasis>8</emphasis>, <emphasis>0x2000</emphasis>: Contents of function-"
"internal variables that may be interesting."
msgstr ""
+"<emphasis>8</emphasis>, <emphasis>0x2000</emphasis>: Contingut de les "
+"variables de les funcions internes que poden ser interessants."
#. type: Content of: <listitem><para>
#: include/debug_levels.xml:77
@@ -11398,6 +12456,8 @@ msgid ""
"<emphasis>9</emphasis>, <emphasis>0x4000</emphasis>: Extremely low-level "
"tracing information."
msgstr ""
+"<emphasis>9</emphasis>, <emphasis>0x4000</emphasis>: Informació de traçat "
+"extremadament de baix nivell."
#. type: Content of: <listitem><para>
#: include/debug_levels.xml:81
@@ -11405,6 +12465,9 @@ msgid ""
"To log required bitmask debug levels, simply add their numbers together as "
"shown in following examples:"
msgstr ""
+"Per registrar els nivells de depuració de la màscara de bits que es "
+"requereixi, només heu d'afegir els seus números com es mostra en els "
+"següents exemples:"
#. type: Content of: <listitem><para>
#: include/debug_levels.xml:85
@@ -11412,6 +12475,9 @@ msgid ""
"<emphasis>Example</emphasis>: To log fatal failures, critical failures, "
"serious failures and function data use 0x0270."
msgstr ""
+"<emphasis>Exemple</emphasis>: Per registrar les fallides fatals, les "
+"fallides crítiques, les fallides serioses i les dades de les funcions, "
+"utilitzeu0x0270."
#. type: Content of: <listitem><para>
#: include/debug_levels.xml:89
@@ -11419,6 +12485,9 @@ msgid ""
"<emphasis>Example</emphasis>: To log fatal failures, configuration settings, "
"function data, trace messages for internal control functions use 0x1310."
msgstr ""
+"<emphasis>Exemple</emphasis>: Per registrar les fallides fatals, els ajusts "
+"de la configuració, les dades de les funcions, els missatges de traça per a "
+"les funcions internes de control, utilitzeu 0x1310."
#. type: Content of: <listitem><para>
#: include/debug_levels.xml:94
@@ -11426,11 +12495,13 @@ msgid ""
"<emphasis>Note</emphasis>: The bitmask format of debug levels was introduced "
"in 1.7.0."
msgstr ""
+"<emphasis>Nota</emphasis>: El format de la màscara de bits dels nivells de "
+"depuració es va introduir en la versió 1.7.0."
#. type: Content of: <listitem><para>
#: include/debug_levels.xml:98
msgid "<emphasis>Default</emphasis>: 0"
-msgstr ""
+msgstr "<emphasis>Per defecte</emphasis>: 0"
#. type: Content of: outside any tag (error?)
#: include/experimental.xml:1
@@ -11442,7 +12513,7 @@ msgstr ""
#. type: Content of: <refsect1><title>
#: include/local.xml:2
msgid "THE LOCAL DOMAIN"
-msgstr ""
+msgstr "EL DOMINI LOCAL"
#. type: Content of: <refsect1><para>
#: include/local.xml:4
@@ -11450,6 +12521,8 @@ msgid ""
"In order to function correctly, a domain with <quote>id_provider=local</"
"quote> must be created and the SSSD must be running."
msgstr ""
+"Per a un funcionament correcte, s'ha de crear un domini amb "
+"<quote>id_provider=local</quote> i l'SSSD ha d'estar en execució."
#. type: Content of: <refsect1><para>
#: include/local.xml:9
@@ -11462,6 +12535,14 @@ msgid ""
"<command>sss_user*</command> and <command>sss_group*</command> tools use a "
"local LDB storage to store users and groups."
msgstr ""
+"L'administrador pot ser que vulgui utilitzar els usuaris locals de l'SSSD en "
+"lloc dels usuaris tradicionals d'UNIX en els casos en què es requereixi la "
+"imbricació dels grups (vegeu <citerefentry> <refentrytitle>sss_groupadd</"
+"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>). Els usuaris locals "
+"també són útils per provar i desplegar l'SSSD sense haver de desplegar tot "
+"un servidor remot. Les eines <command>sss_user*</command> i "
+"<command>sss_group*</command> utilitzen l'emmagatzematge LDB local per "
+"emmagatzemar els usuaris i els grups."
#. type: Content of: <refsect1><para>
#: include/seealso.xml:4
@@ -11507,6 +12588,46 @@ msgid ""
"<refentrytitle>sss_rpcidmapd</refentrytitle> <manvolnum>5</manvolnum> </"
"citerefentry>"
msgstr ""
+"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sssd.conf</"
+"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
+"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sssd-simple</refentrytitle><manvolnum>5</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sssd-ipa</"
+"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sssd-ad</refentrytitle><manvolnum>5</manvolnum> </"
+"citerefentry>, <phrase condition=\"with_sudo\"> <citerefentry> "
+"<refentrytitle>sssd-sudo</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry>, </phrase> <citerefentry> <refentrytitle>sss_cache</"
+"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sss_debuglevel</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
+"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</"
+"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
+"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
+"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sss_obfuscate</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_seed</"
+"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sssd_krb5_locator_plugin</refentrytitle><manvolnum>8</"
+"manvolnum> </citerefentry>, <phrase condition=\"with_ssh\"> <citerefentry> "
+"<refentrytitle>sss_ssh_authorizedkeys</refentrytitle> <manvolnum>8</"
+"manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle> <manvolnum>8</"
+"manvolnum> </citerefentry>, </phrase> <phrase condition=\"with_ifp\"> "
+"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry>, </phrase> <citerefentry> <refentrytitle>pam_sss</"
+"refentrytitle><manvolnum>8</manvolnum> </citerefentry>. <citerefentry> "
+"<refentrytitle>sss_rpcidmapd</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry>"
#. type: Content of: <listitem><para>
#: include/ldap_search_bases.xml:3
@@ -11560,7 +12681,7 @@ msgstr ""
#. type: Content of: <varlistentry><term>
#: include/override_homedir.xml:2
msgid "override_homedir (string)"
-msgstr ""
+msgstr "override_homedir (cadena)"
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#: include/override_homedir.xml:16
@@ -11636,7 +12757,7 @@ msgstr ""
#. type: Content of: <varlistentry><term>
#: include/homedir_substring.xml:2
msgid "homedir_substring (string)"
-msgstr ""
+msgstr "homedir_substring (cadena)"
#. type: Content of: <varlistentry><listitem><para>
#: include/homedir_substring.xml:5
@@ -11653,4 +12774,10 @@ msgstr ""
#. type: Content of: <varlistentry><listitem><para>
#: include/homedir_substring.xml:15
msgid "Default: /home"
-msgstr ""
+msgstr "Per defecte: /home"
+
+#~ msgid "Default: ou"
+#~ msgstr "Per defecte: ou"
+
+#~ msgid "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n"
+#~ msgstr "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n"
diff --git a/src/man/po/cs.po b/src/man/po/cs.po
index b6bb9e7cb..17737349e 100644
--- a/src/man/po/cs.po
+++ b/src/man/po/cs.po
@@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: sssd-docs 1.12.90\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2015-09-30 11:58+0200\n"
+"POT-Creation-Date: 2016-06-20 21:22+0200\n"
"PO-Revision-Date: 2014-06-04 02:04-0400\n"
"Last-Translator: jhrozek <jhrozek@redhat.com>\n"
"Language-Team: Czech (http://www.transifex.com/projects/p/sssd/language/"
@@ -18,7 +18,7 @@ msgstr ""
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=3; plural=(n==1) ? 0 : (n>=2 && n<=4) ? 1 : 2;\n"
-"X-Generator: Zanata 3.7.2\n"
+"X-Generator: Zanata 3.8.4\n"
#. type: Content of: <reference><title>
#: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5
@@ -61,7 +61,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:53
+#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:56
#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21
#: sssd-ad.5.xml:21 sssd-sudo.5.xml:21 sssd.8.xml:29 sss_obfuscate.8.xml:30
#: sss_override.8.xml:30 sss_useradd.8.xml:30 sssd-krb5.5.xml:21
@@ -80,11 +80,11 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:39 pam_sss.8.xml:60 sssd.8.xml:42 sss_obfuscate.8.xml:58
+#: sss_groupmod.8.xml:39 pam_sss.8.xml:63 sssd.8.xml:42 sss_obfuscate.8.xml:58
#: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
#: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
#: sss_cache.8.xml:38 sss_debuglevel.8.xml:38 sss_seed.8.xml:42
-#: sss_ssh_authorizedkeys.1.xml:76 sss_ssh_knownhostsproxy.1.xml:62
+#: sss_ssh_authorizedkeys.1.xml:66 sss_ssh_knownhostsproxy.1.xml:62
msgid "OPTIONS"
msgstr "VOLBY"
@@ -215,113 +215,128 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:73
-msgid "debug_timestamps (bool)"
+msgid "debug (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:76
msgid ""
+"SSSD 1.14 and later also includes the <replaceable>debug</replaceable> alias "
+"for <replaceable>debug_level</replaceable> as a convenience feature. If both "
+"are specified, the value of <replaceable>debug_level</replaceable> will be "
+"used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:86
+msgid "debug_timestamps (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:89
+msgid ""
"Add a timestamp to the debug messages. If journald is enabled for SSSD "
"debug logging this option is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:81 sssd.conf.5.xml:605 sssd.conf.5.xml:1081
-#: sssd-ldap.5.xml:1647 sssd-ldap.5.xml:1744 sssd-ldap.5.xml:1806
-#: sssd-ldap.5.xml:2363 sssd-ldap.5.xml:2428 sssd-ldap.5.xml:2446
-#: sssd-ipa.5.xml:405 sssd-ipa.5.xml:440 sssd-ad.5.xml:166 sssd-ad.5.xml:264
-#: sssd-ad.5.xml:733 sssd-ad.5.xml:852 sssd-krb5.5.xml:499
+#: sssd.conf.5.xml:94 sssd.conf.5.xml:672 sssd.conf.5.xml:1207
+#: sssd-ldap.5.xml:1665 sssd-ldap.5.xml:1762 sssd-ldap.5.xml:1824
+#: sssd-ldap.5.xml:2381 sssd-ldap.5.xml:2446 sssd-ldap.5.xml:2464
+#: sssd-ipa.5.xml:405 sssd-ipa.5.xml:440 sssd-ad.5.xml:174 sssd-ad.5.xml:272
+#: sssd-ad.5.xml:809 sssd-ad.5.xml:928 sssd-krb5.5.xml:499
msgid "Default: true"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:86
+#: sssd.conf.5.xml:99
msgid "debug_microseconds (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:89
+#: sssd.conf.5.xml:102
msgid ""
"Add microseconds to the timestamp in debug messages. If journald is enabled "
"for SSSD debug logging this option is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:94 sssd.conf.5.xml:1035 sssd.conf.5.xml:2164
-#: sssd-ldap.5.xml:692 sssd-ldap.5.xml:1521 sssd-ldap.5.xml:1540
-#: sssd-ldap.5.xml:1716 sssd-ldap.5.xml:2133 sssd-ipa.5.xml:139
+#: sssd.conf.5.xml:107 sssd.conf.5.xml:1161 sssd.conf.5.xml:2456
+#: sssd-ldap.5.xml:692 sssd-ldap.5.xml:1539 sssd-ldap.5.xml:1558
+#: sssd-ldap.5.xml:1734 sssd-ldap.5.xml:2151 sssd-ipa.5.xml:139
#: sssd-ipa.5.xml:211 sssd-ipa.5.xml:542 sssd-krb5.5.xml:266
#: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471
msgid "Default: false"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:67 sssd.conf.5.xml:105 sssd-ldap.5.xml:2171
+#: sssd.conf.5.xml:67 sssd.conf.5.xml:118 sssd-ldap.5.xml:2189
msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:103
+#: sssd.conf.5.xml:116
msgid "Options usable in SERVICE and DOMAIN sections"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:107
+#: sssd.conf.5.xml:120
msgid "timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:110
+#: sssd.conf.5.xml:123
msgid ""
"Timeout in seconds between heartbeats for this service. This is used to "
"ensure that the process is alive and capable of answering requests."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:115 sssd.conf.5.xml:999 sssd-ldap.5.xml:1392
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:128 sssd.conf.5.xml:1125 sssd-ldap.5.xml:1410
+#: include/ldap_id_mapping.xml:264
msgid "Default: 10"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:125
+#: sssd.conf.5.xml:138
msgid "SPECIAL SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:128
+#: sssd.conf.5.xml:141
msgid "The [sssd] section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:137 sssd.conf.5.xml:2272
+#: sssd.conf.5.xml:150 sssd.conf.5.xml:2472
msgid "Section parameters"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:139
+#: sssd.conf.5.xml:152
msgid "config_file_version (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:142
+#: sssd.conf.5.xml:155
msgid ""
"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use "
"version 2."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:148
+#: sssd.conf.5.xml:161
msgid "services"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:151
+#: sssd.conf.5.xml:164
msgid ""
"Comma separated list of services that are started when sssd itself starts."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:155
+#: sssd.conf.5.xml:168
msgid ""
"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> "
"<phrase condition=\"with_autofs\">, autofs</phrase> <phrase condition="
@@ -330,29 +345,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:165 sssd.conf.5.xml:390
+#: sssd.conf.5.xml:178 sssd.conf.5.xml:468
msgid "reconnection_retries (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:168 sssd.conf.5.xml:393
+#: sssd.conf.5.xml:181 sssd.conf.5.xml:471
msgid ""
"Number of times services should attempt to reconnect in the event of a Data "
"Provider crash or restart before they give up"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:173 sssd.conf.5.xml:398
+#: sssd.conf.5.xml:186 sssd.conf.5.xml:476
msgid "Default: 3"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:178
+#: sssd.conf.5.xml:191
msgid "domains"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:181
+#: sssd.conf.5.xml:194
msgid ""
"A domain is a database containing user information. SSSD can use more "
"domains at the same time, but at least one must be configured or SSSD won't "
@@ -362,19 +377,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:193 sssd.conf.5.xml:1947
+#: sssd.conf.5.xml:206 sssd.conf.5.xml:2105
msgid "re_expression (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:196
+#: sssd.conf.5.xml:209
msgid ""
"Default regular expression that describes how to parse the string containing "
"user name and domain into these components."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:201
+#: sssd.conf.5.xml:214
msgid ""
"Each domain can have an individual regular expression configured. For some "
"ID providers there are also default regular expressions. See DOMAIN "
@@ -382,12 +397,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:210 sssd.conf.5.xml:1998
+#: sssd.conf.5.xml:223 sssd.conf.5.xml:2156
msgid "full_name_format (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:213 sssd.conf.5.xml:2001
+#: sssd.conf.5.xml:226 sssd.conf.5.xml:2159
msgid ""
"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
"manvolnum> </citerefentry>-compatible format that describes how to compose a "
@@ -395,58 +410,58 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:224 sssd.conf.5.xml:2012
+#: sssd.conf.5.xml:237 sssd.conf.5.xml:2170
msgid "%1$s"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:225 sssd.conf.5.xml:2013
+#: sssd.conf.5.xml:238 sssd.conf.5.xml:2171
msgid "user name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:228 sssd.conf.5.xml:2016
+#: sssd.conf.5.xml:241 sssd.conf.5.xml:2174
msgid "%2$s"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:231 sssd.conf.5.xml:2019
+#: sssd.conf.5.xml:244 sssd.conf.5.xml:2177
msgid "domain name as specified in the SSSD config file."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:237 sssd.conf.5.xml:2025
+#: sssd.conf.5.xml:250 sssd.conf.5.xml:2183
msgid "%3$s"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:240 sssd.conf.5.xml:2028
+#: sssd.conf.5.xml:253 sssd.conf.5.xml:2186
msgid ""
"domain flat name. Mostly usable for Active Directory domains, both directly "
"configured or discovered via IPA trusts."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:221 sssd.conf.5.xml:2009
+#: sssd.conf.5.xml:234 sssd.conf.5.xml:2167
msgid ""
"The following expansions are supported: <placeholder type=\"variablelist\" "
"id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:250
+#: sssd.conf.5.xml:263
msgid ""
"Each domain can have an individual format string configured. see DOMAIN "
"SECTIONS for more info on this option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:256
+#: sssd.conf.5.xml:269
msgid "try_inotify (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:259
+#: sssd.conf.5.xml:272
msgid ""
"SSSD monitors the state of resolv.conf to identify when it needs to update "
"its internal DNS resolver. By default, we will attempt to use inotify for "
@@ -455,7 +470,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:267
+#: sssd.conf.5.xml:280
msgid ""
"There are some limited situations where it is preferred that we should skip "
"even trying to use inotify. In these rare cases, this option should be set "
@@ -463,69 +478,69 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:273
+#: sssd.conf.5.xml:286
msgid ""
"Default: true on platforms where inotify is supported. False on other "
"platforms."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:277
+#: sssd.conf.5.xml:290
msgid ""
"Note: this option will have no effect on platforms where inotify is "
"unavailable. On these platforms, polling will always be used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:284
+#: sssd.conf.5.xml:297
msgid "krb5_rcache_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:287
+#: sssd.conf.5.xml:300
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:291
+#: sssd.conf.5.xml:304
msgid ""
"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct "
"SSSD to let libkrb5 decide the appropriate location for the replay cache."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:297
+#: sssd.conf.5.xml:310
msgid ""
"Default: Distribution-specific and specified at build-time. "
"(__LIBKRB5_DEFAULTS__ if not configured)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:304
+#: sssd.conf.5.xml:317
msgid "user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:307
+#: sssd.conf.5.xml:320
msgid ""
"The user to drop the privileges to where appropriate to avoid running as the "
"root user."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:312
+#: sssd.conf.5.xml:325
msgid "Default: not set, process will run as root"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:317
+#: sssd.conf.5.xml:330
msgid "default_domain_suffix (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:320
+#: sssd.conf.5.xml:333
msgid ""
"This string will be used as a default domain name for all names without a "
"domain name component. The main use case is environments where the primary "
@@ -535,7 +550,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:330
+#: sssd.conf.5.xml:343
msgid ""
"Please note that if this option is set all users from the primary domain "
"have to use their fully qualified name, e.g. user@domain.name, to log in. "
@@ -545,20 +560,20 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:339 sssd-ldap.5.xml:663 sssd-ldap.5.xml:1480
-#: sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1574 sssd-ad.5.xml:576
-#: sssd-ad.5.xml:646 sssd-krb5.5.xml:410 sssd-krb5.5.xml:550
-#: include/ldap_id_mapping.xml:203 include/ldap_id_mapping.xml:214
+#: sssd.conf.5.xml:352 sssd-ldap.5.xml:663 sssd-ldap.5.xml:1498
+#: sssd-ldap.5.xml:1510 sssd-ldap.5.xml:1592 sssd-ad.5.xml:614
+#: sssd-ad.5.xml:689 sssd-krb5.5.xml:410 sssd-krb5.5.xml:550
+#: include/ldap_id_mapping.xml:205 include/ldap_id_mapping.xml:216
msgid "Default: not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:344
+#: sssd.conf.5.xml:357
msgid "override_space (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:347
+#: sssd.conf.5.xml:360
msgid ""
"This parameter will replace spaces (space bar) with the given character for "
"user and group names. e.g. (_). User name &quot;john doe&quot; will be "
@@ -568,7 +583,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:356
+#: sssd.conf.5.xml:369
msgid ""
"Please note it is a configuration error to use a replacement character that "
"might be used in user or group names. If a name contains the replacement "
@@ -577,12 +592,97 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:364
+#: sssd.conf.5.xml:377
msgid "Default: not set (spaces will not be replaced)"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:382
+msgid "certificate_verification (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:390
+msgid "no_ocsp"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:392
+msgid ""
+"Disables Online Certificate Status Protocol (OCSP) checks. This might be "
+"needed if the OCSP servers defined in the certificate are not reachable from "
+"the client."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:400
+msgid "no_verification"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:402
+msgid ""
+"Disables verification completely. This option should only be used for "
+"testing."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:408
+msgid "ocsp_default_responder=URL"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:410
+msgid ""
+"Sets the OCSP default responder which should be used instead of the one "
+"mentioned in the certificate. URL must be replaced with the URL of the OCSP "
+"default responder e.g. http://example.com:80/ocsp."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:416
+msgid ""
+"This option must be used together with ocsp_default_responder_signing_cert."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:424
+msgid "ocsp_default_responder_signing_cert=NAME"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:426
+msgid ""
+"The nickname of the cert to trust (expected) to sign the OCSP responses. "
+"The certificate with the given nickname must be availble in the systems NSS "
+"database."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:431
+msgid "This option must be used together with ocsp_default_responder."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:385
+msgid ""
+"With this parameter the certificate verification can be tuned with a comma "
+"separated list of options. Supported options are: <placeholder type="
+"\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:438
+msgid "Unknown options are reported but ignored."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:441
+msgid "Default: not set, i.e. do not restrict certificate vertification"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:130
+#: sssd.conf.5.xml:143
msgid ""
"Individual pieces of SSSD functionality are provided by special SSSD "
"services that are started and stopped together with SSSD. The services are "
@@ -593,12 +693,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:375
+#: sssd.conf.5.xml:453
msgid "SERVICES SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:377
+#: sssd.conf.5.xml:455
msgid ""
"Settings that can be used to configure different services are described in "
"this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -607,22 +707,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:384
+#: sssd.conf.5.xml:462
msgid "General service configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:386
+#: sssd.conf.5.xml:464
msgid "These options can be used to configure any service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:403
+#: sssd.conf.5.xml:481
msgid "fd_limit"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:406
+#: sssd.conf.5.xml:484
msgid ""
"This option specifies the maximum number of file descriptors that may be "
"opened at one time by this SSSD process. On systems where SSSD is granted "
@@ -632,17 +732,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:415
+#: sssd.conf.5.xml:493
msgid "Default: 8192 (or limits.conf \"hard\" limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:420
+#: sssd.conf.5.xml:498
msgid "client_idle_timeout"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:423
+#: sssd.conf.5.xml:501
msgid ""
"This option specifies the number of seconds that a client of an SSSD process "
"can hold onto a file descriptor without communicating on it. This value is "
@@ -650,19 +750,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:430 sssd.conf.5.xml:446 sssd.conf.5.xml:478
-#: sssd.conf.5.xml:736 sssd.conf.5.xml:922 sssd.conf.5.xml:1289
-#: sssd-ldap.5.xml:1219
+#: sssd.conf.5.xml:508 sssd.conf.5.xml:524 sssd.conf.5.xml:556
+#: sssd.conf.5.xml:803 sssd.conf.5.xml:995 sssd.conf.5.xml:1428
+#: sssd-ldap.5.xml:1237
msgid "Default: 60"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:435 sssd.conf.5.xml:1278
+#: sssd.conf.5.xml:513 sssd.conf.5.xml:1417
msgid "force_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:438 sssd.conf.5.xml:1281
+#: sssd.conf.5.xml:516 sssd.conf.5.xml:1420
msgid ""
"If a service is not responding to ping checks (see the <quote>timeout</"
"quote> option), it is first sent the SIGTERM signal that instructs it to "
@@ -672,12 +772,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:451
+#: sssd.conf.5.xml:529
msgid "offline_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:454
+#: sssd.conf.5.xml:532
msgid ""
"When SSSD switches to offline mode the amount of time before it tries to go "
"back online will increase based upon the time spent disconnected. This "
@@ -685,117 +785,65 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:461
+#: sssd.conf.5.xml:539
msgid "offline_timeout + random_offset"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:464
+#: sssd.conf.5.xml:542
msgid ""
"The random offset can increment up to 30 seconds. After each unsuccessful "
"attempt to go online, the new interval is recalculated by the following:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:469
+#: sssd.conf.5.xml:547
msgid "new_interval = old_interval*2 + random_offset"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:472
+#: sssd.conf.5.xml:550
msgid ""
"Note that the maximum length of each interval is currently limited to one "
"hour. If the calculated length of new_interval is greater than an hour, it "
"will be forced to one hour."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:483
-msgid "subdomain_inherit (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:486
-msgid ""
-"Specifies a list of configuration parameters that should be inherited by a "
-"subdomain. Please note that only selected parameters can be inherited. "
-"Currently the following options can be inherited:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:492
-msgid "ignore_group_members"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:495
-msgid "ldap_purge_cache_timeout"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:498 sssd-ldap.5.xml:1036
-msgid "ldap_use_tokengroups"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:501
-msgid "ldap_user_principal"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:506
-#, no-wrap
-msgid ""
-"subdomain_inherit = ldap_purge_cache_timeout\n"
-" "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:504
-msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:510 sssd.conf.5.xml:966 sssd.conf.5.xml:987
-#: sssd.conf.5.xml:1272 sssd-ldap.5.xml:1775
-msgid "Default: none"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:518
+#: sssd.conf.5.xml:564
msgid "NSS configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:520
+#: sssd.conf.5.xml:566
msgid ""
"These options can be used to configure the Name Service Switch (NSS) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:525
+#: sssd.conf.5.xml:571
msgid "enum_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:528
+#: sssd.conf.5.xml:574
msgid ""
"How many seconds should nss_sss cache enumerations (requests for info about "
"all users)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:532
+#: sssd.conf.5.xml:578
msgid "Default: 120"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:537
+#: sssd.conf.5.xml:583
msgid "entry_cache_nowait_percentage (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
+#: sssd.conf.5.xml:586
msgid ""
"The entry cache can be set to automatically update entries in the background "
"if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -803,7 +851,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:546
+#: sssd.conf.5.xml:592
msgid ""
"For example, if the domain's entry_cache_timeout is set to 30s and "
"entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -813,7 +861,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:556
+#: sssd.conf.5.xml:602
msgid ""
"Valid values for this option are 0-99 and represent a percentage of the "
"entry_cache_timeout for each domain. For performance reasons, this "
@@ -822,17 +870,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:564
+#: sssd.conf.5.xml:610
msgid "Default: 50"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:569
+#: sssd.conf.5.xml:615
msgid "entry_negative_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:572
+#: sssd.conf.5.xml:618
msgid ""
"Specifies for how many seconds nss_sss should cache negative cache hits "
"(that is, queries for invalid database entries, like nonexistent ones) "
@@ -840,60 +888,86 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:578 sssd.conf.5.xml:1059
+#: sssd.conf.5.xml:624 sssd.conf.5.xml:1185
msgid "Default: 15"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:583
+#: sssd.conf.5.xml:629
+msgid "local_negative_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:632
+msgid ""
+"Specifies for how many seconds nss_sss should keep local users and groups in "
+"negative cache before trying to look it up in the back end again."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:637 sssd.conf.5.xml:983 sssd.conf.5.xml:2406 sssd.8.xml:79
+msgid "Default: 0"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:642
msgid "filter_users, filter_groups (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:586
+#: sssd.conf.5.xml:645
+msgid ""
+"Exclude certain users or groups from being fetched from the sss NSS "
+"database. This is particularly useful for system accounts. This option can "
+"also be set per-domain or include fully-qualified names to filter only users "
+"from the particular domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:652
msgid ""
-"Exclude certain users from being fetched from the sss NSS database. This is "
-"particularly useful for system accounts. This option can also be set per-"
-"domain or include fully-qualified names to filter only users from the "
-"particular domain."
+"NOTE: The filter_groups option doesn't affect inheritance of nested group "
+"members, since filtering happens after they are propagated for returning via "
+"NSS. E.g. a group having a member group filtered out will still have the "
+"member users of the latter listed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:593
+#: sssd.conf.5.xml:660
msgid "Default: root"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:598
+#: sssd.conf.5.xml:665
msgid "filter_users_in_groups (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:601
+#: sssd.conf.5.xml:668
msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:612
+#: sssd.conf.5.xml:679
msgid "fallback_homedir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:615
+#: sssd.conf.5.xml:682
msgid ""
"Set a default template for a user's home directory if one is not specified "
"explicitly by the domain's data provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:620
+#: sssd.conf.5.xml:687
msgid ""
"The available values for this option are the same as for override_homedir."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:626
+#: sssd.conf.5.xml:693
#, no-wrap
msgid ""
"fallback_homedir = /home/%u\n"
@@ -901,23 +975,23 @@ msgid ""
msgstr ""
#. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:624 sssd.conf.5.xml:981 sssd-krb5.5.xml:533
-#: include/override_homedir.xml:55
+#: sssd.conf.5.xml:691 sssd.conf.5.xml:1062 sssd.conf.5.xml:1081
+#: sssd-krb5.5.xml:533 include/override_homedir.xml:55
msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:630
+#: sssd.conf.5.xml:697
msgid "Default: not set (no substitution for unset home directories)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:636
+#: sssd.conf.5.xml:703
msgid "override_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:639
+#: sssd.conf.5.xml:706
msgid ""
"Override the login shell for all users. This option supersedes any other "
"shell options if it takes effect and can be set either in the [nss] section "
@@ -925,47 +999,47 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:645
+#: sssd.conf.5.xml:712
msgid "Default: not set (SSSD will use the value retrieved from LDAP)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:651
+#: sssd.conf.5.xml:718
msgid "allowed_shells (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:654
+#: sssd.conf.5.xml:721
msgid ""
"Restrict user shell to one of the listed values. The order of evaluation is:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:657
+#: sssd.conf.5.xml:724
msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:661
+#: sssd.conf.5.xml:728
msgid ""
"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
"quote>, use the value of the shell_fallback parameter."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:666
+#: sssd.conf.5.xml:733
msgid ""
"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
"shells</quote>, a nologin shell is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:671
+#: sssd.conf.5.xml:738
msgid "The wildcard (*) can be used to allow any shell."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:674
+#: sssd.conf.5.xml:741
msgid ""
"The (*) is useful if you want to use shell_fallback in case that user's "
"shell is not in <quote>/etc/shells</quote> and maintaining list of all "
@@ -973,103 +1047,110 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:681
+#: sssd.conf.5.xml:748
msgid "An empty string for shell is passed as-is to libc."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:684
+#: sssd.conf.5.xml:751
msgid ""
"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
"that a restart of the SSSD is required in case a new shell is installed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:688
+#: sssd.conf.5.xml:755
msgid "Default: Not set. The user shell is automatically used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:693
+#: sssd.conf.5.xml:760
msgid "vetoed_shells (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:696
+#: sssd.conf.5.xml:763
msgid "Replace any instance of these shells with the shell_fallback"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:701
+#: sssd.conf.5.xml:768
msgid "shell_fallback (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:704
+#: sssd.conf.5.xml:771
msgid ""
"The default shell to use if an allowed shell is not installed on the machine."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:708
+#: sssd.conf.5.xml:775
msgid "Default: /bin/sh"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:713
+#: sssd.conf.5.xml:780
msgid "default_shell"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:716
+#: sssd.conf.5.xml:783
msgid ""
"The default shell to use if the provider does not return one during lookup. "
"This option can be specified globally in the [nss] section or per-domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:722
+#: sssd.conf.5.xml:789
msgid ""
"Default: not set (Return NULL if no shell is specified and rely on libc to "
"substitute something sensible when necessary, usually /bin/sh)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:729 sssd.conf.5.xml:915
+#: sssd.conf.5.xml:796 sssd.conf.5.xml:988
msgid "get_domains_timeout (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:732 sssd.conf.5.xml:918
+#: sssd.conf.5.xml:799 sssd.conf.5.xml:991
msgid ""
"Specifies time in seconds for which the list of subdomains will be "
"considered valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:741
+#: sssd.conf.5.xml:808
msgid "memcache_timeout (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:744
+#: sssd.conf.5.xml:811
msgid ""
"Specifies time in seconds for which records in the in-memory cache will be "
-"valid"
+"valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:748 sssd-ldap.5.xml:706
+#: sssd.conf.5.xml:815 sssd.conf.5.xml:1299 sssd-ldap.5.xml:706
msgid "Default: 300"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:818
+msgid ""
+"NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", "
+"client applications will not use the fast in-memory cache."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:753 sssd-ifp.5.xml:74
+#: sssd.conf.5.xml:826 sssd-ifp.5.xml:74
msgid "user_attributes (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:829
msgid ""
"Some of the additional NSS responder requests can return more attributes "
"than just the POSIX ones defined by the NSS interface. The list of "
@@ -1080,72 +1161,72 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:769
+#: sssd.conf.5.xml:842
msgid ""
"To make configuration more easy the NSS responder will check the InfoPipe "
"option if it is not set for the NSS responder."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:774
+#: sssd.conf.5.xml:847
msgid "Default: not set, fallback to InfoPipe option"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:781
+#: sssd.conf.5.xml:854
msgid "PAM configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:856
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:788
+#: sssd.conf.5.xml:861
msgid "offline_credentials_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:791
+#: sssd.conf.5.xml:864
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:796 sssd.conf.5.xml:809
+#: sssd.conf.5.xml:869 sssd.conf.5.xml:882
msgid "Default: 0 (No limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:802
+#: sssd.conf.5.xml:875
msgid "offline_failed_login_attempts (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:805
+#: sssd.conf.5.xml:878
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:815
+#: sssd.conf.5.xml:888
msgid "offline_failed_login_delay (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:818
+#: sssd.conf.5.xml:891
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:823
+#: sssd.conf.5.xml:896
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -1153,59 +1234,59 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:829 sssd.conf.5.xml:882
+#: sssd.conf.5.xml:902 sssd.conf.5.xml:955
msgid "Default: 5"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:835
+#: sssd.conf.5.xml:908
msgid "pam_verbosity (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:838
+#: sssd.conf.5.xml:911
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:843
+#: sssd.conf.5.xml:916
msgid "Currently sssd supports the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:846
+#: sssd.conf.5.xml:919
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:849
+#: sssd.conf.5.xml:922
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:853
+#: sssd.conf.5.xml:926
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:856
+#: sssd.conf.5.xml:929
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:860 sssd.8.xml:63
+#: sssd.conf.5.xml:933 sssd.8.xml:63
msgid "Default: 1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:865
+#: sssd.conf.5.xml:938
msgid "pam_id_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:941
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -1213,7 +1294,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:874
+#: sssd.conf.5.xml:947
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
@@ -1222,17 +1303,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:888
+#: sssd.conf.5.xml:961
msgid "pam_pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:891 sssd.conf.5.xml:1492
+#: sssd.conf.5.xml:964 sssd.conf.5.xml:1631
msgid "Display a warning N days before the password expires."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:894
+#: sssd.conf.5.xml:967
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -1240,117 +1321,183 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:900 sssd.conf.5.xml:1495
+#: sssd.conf.5.xml:973 sssd.conf.5.xml:1634
msgid ""
"If zero is set, then this filter is not applied, i.e. if the expiration "
"warning was received from backend server, it will automatically be displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:905
+#: sssd.conf.5.xml:978
msgid ""
"This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
"emphasis> for a particular domain."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:910 sssd.conf.5.xml:2224 sssd.8.xml:79
-msgid "Default: 0"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:927
+#: sssd.conf.5.xml:1000
msgid "pam_trusted_users (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:930
+#: sssd.conf.5.xml:1003
msgid ""
"Specifies the comma-separated list of UID values or user names that are "
-"allowed to access the PAM responder. User names are resolved to UIDs at "
+"allowed to run PAM conversations against trusted domains. Users not "
+"included in this list can only access domains marked as public with "
+"<quote>pam_public_domains</quote>. User names are resolved to UIDs at "
"startup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:936
-msgid "Default: all (All users are allowed to access the PAM responder)"
+#: sssd.conf.5.xml:1013
+msgid "Default: All users are considered trusted by default"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940
+#: sssd.conf.5.xml:1017
msgid ""
"Please note that UID 0 is always allowed to access the PAM responder even in "
"case it is not in the pam_trusted_users list."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:947
+#: sssd.conf.5.xml:1024
msgid "pam_public_domains (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:950
+#: sssd.conf.5.xml:1027
msgid ""
"Specifies the comma-separated list of domain names that are accessible even "
"to untrusted users."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:954
+#: sssd.conf.5.xml:1031
msgid "Two special values for pam_public_domains option are defined:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:958
+#: sssd.conf.5.xml:1035
msgid ""
"all (Untrusted users are allowed to access all domains in PAM responder.)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:962
+#: sssd.conf.5.xml:1039
msgid ""
"none (Untrusted users are not allowed to access any domains PAM in "
"responder.)"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1043 sssd.conf.5.xml:1068 sssd.conf.5.xml:1087
+#: sssd.conf.5.xml:1411 sssd.conf.5.xml:2342 sssd-ldap.5.xml:1793
+msgid "Default: none"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:971
+#: sssd.conf.5.xml:1048
msgid "pam_account_expired_message (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:974
+#: sssd.conf.5.xml:1051
+msgid ""
+"Allows a custom expiration message to be set, replacing the default "
+"'Permission denied' message."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1056
+msgid ""
+"Note: Please be aware that message is only printed for the SSH service "
+"unless pam_verbostiy is set to 3 (show all messages and debug information)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd.conf.5.xml:1064
+#, no-wrap
+msgid ""
+"pam_account_expired_message = Account expired, please contact help desk.\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1073
+msgid "pam_account_locked_message (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1076
msgid ""
-"If user is authenticating using SSH keys and account is expired then by "
-"default 'Permission denied' is output. This output will be changed to "
-"content of this variable if it is set."
+"Allows a custom lockout message to be set, replacing the default 'Permission "
+"denied' message."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:983
+#: sssd.conf.5.xml:1083
#, no-wrap
msgid ""
-"pam_account_expired_message = Account expired, please call help desk.\n"
+"pam_account_locked_message = Account locked, please contact help desk.\n"
" "
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:992
+#: sssd.conf.5.xml:1092
+msgid "pam_cert_auth (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1095
+msgid ""
+"Enable certificate based Smartcard authentication. Since this requires "
+"additional communication with the Smartcard which will delay the "
+"authentication process this option is disabled by default."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1101 sssd-ldap.5.xml:1021 sssd-ldap.5.xml:1048
+#: sssd-ldap.5.xml:1339 sssd-ldap.5.xml:1360 sssd-ldap.5.xml:1866
+#: include/ldap_id_mapping.xml:244
+msgid "Default: False"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1106
+msgid "pam_cert_db_path (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1109
+msgid ""
+"The path to the certificate database which contain the PKCS#11 modules to "
+"access the Smartcard."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1113
+msgid "Default: /etc/pki/nssdb (NSS version)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1118
msgid "p11_child_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:995
+#: sssd.conf.5.xml:1121
msgid "How many seconds will pam_sss wait for p11_child to finish."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1008
+#: sssd.conf.5.xml:1134
msgid "SUDO configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1010
+#: sssd.conf.5.xml:1136
msgid ""
"These options can be used to configure the sudo service. The detailed "
"instructions for configuration of <citerefentry> <refentrytitle>sudo</"
@@ -1361,34 +1508,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1027
+#: sssd.conf.5.xml:1153
msgid "sudo_timed (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1030
+#: sssd.conf.5.xml:1156
msgid ""
"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
"that implement time-dependent sudoers entries."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1043
+#: sssd.conf.5.xml:1169
msgid "AUTOFS configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1045
+#: sssd.conf.5.xml:1171
msgid "These options can be used to configure the autofs service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1049
+#: sssd.conf.5.xml:1175
msgid "autofs_negative_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1052
+#: sssd.conf.5.xml:1178
msgid ""
"Specifies for how many seconds should the autofs responder negative cache "
"hits (that is, queries for invalid map entries, like nonexistent ones) "
@@ -1396,68 +1543,68 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1068
+#: sssd.conf.5.xml:1194
msgid "SSH configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1070
+#: sssd.conf.5.xml:1196
msgid "These options can be used to configure the SSH service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1074
+#: sssd.conf.5.xml:1200
msgid "ssh_hash_known_hosts (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1077
+#: sssd.conf.5.xml:1203
msgid ""
"Whether or not to hash host names and addresses in the managed known_hosts "
"file."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1086
+#: sssd.conf.5.xml:1212
msgid "ssh_known_hosts_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1089
+#: sssd.conf.5.xml:1215
msgid ""
"How many seconds to keep a host in the managed known_hosts file after its "
"host keys were requested."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1093
+#: sssd.conf.5.xml:1219
msgid "Default: 180"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1098
+#: sssd.conf.5.xml:1224
msgid "ca_db (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1101
+#: sssd.conf.5.xml:1227
msgid ""
"Path to a storage of trusted CA certificates. The option is used to validate "
"user certificates before deriving public ssh keys from them."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1106
+#: sssd.conf.5.xml:1232
msgid "Default: /etc/pki/nssdb"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1114
+#: sssd.conf.5.xml:1240
msgid "PAC responder configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1116
+#: sssd.conf.5.xml:1242
msgid ""
"The PAC responder works together with the authorization data plugin for MIT "
"Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the "
@@ -1469,7 +1616,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1125
+#: sssd.conf.5.xml:1251
msgid ""
"If the remote user does not exist in the cache, it is created. The uid is "
"determined with the help of the SID, trusted domains will have UPGs and the "
@@ -1480,24 +1627,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1133
+#: sssd.conf.5.xml:1259
msgid ""
"If there are SIDs of groups from domains sssd knows about, the user will be "
"added to those groups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1139
+#: sssd.conf.5.xml:1265
msgid "These options can be used to configure the PAC responder."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1143 sssd-ifp.5.xml:50
+#: sssd.conf.5.xml:1269 sssd-ifp.5.xml:50
msgid "allowed_uids (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1146
+#: sssd.conf.5.xml:1272
msgid ""
"Specifies the comma-separated list of UID values or user names that are "
"allowed to access the PAC responder. User names are resolved to UIDs at "
@@ -1505,12 +1652,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1152
+#: sssd.conf.5.xml:1278
msgid "Default: 0 (only the root user is allowed to access the PAC responder)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1156
+#: sssd.conf.5.xml:1282
msgid ""
"Please note that although the UID 0 is used as the default it will be "
"overwritten with this option. If you still want to allow the root user to "
@@ -1518,25 +1665,37 @@ msgid ""
"to the list of allowed UIDs as well."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1291
+msgid "pac_lifetime (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1294
+msgid ""
+"Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC "
+"data can be used to determine the group memberships of a user."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1170
+#: sssd.conf.5.xml:1309
msgid "DOMAIN SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1177
+#: sssd.conf.5.xml:1316
msgid "min_id,max_id (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1180
+#: sssd.conf.5.xml:1319
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1185
+#: sssd.conf.5.xml:1324
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -1545,46 +1704,46 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1192
+#: sssd.conf.5.xml:1331
msgid ""
"These ID limits affect even saving entries to cache, not only returning them "
"by name or ID."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1196
+#: sssd.conf.5.xml:1335
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1202
+#: sssd.conf.5.xml:1341
msgid "enumerate (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1205
+#: sssd.conf.5.xml:1344
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1209
+#: sssd.conf.5.xml:1348
msgid "TRUE = Users and groups are enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1212
+#: sssd.conf.5.xml:1351
msgid "FALSE = No enumerations for this domain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1215 sssd.conf.5.xml:1447 sssd.conf.5.xml:1614
+#: sssd.conf.5.xml:1354 sssd.conf.5.xml:1586 sssd.conf.5.xml:1753
msgid "Default: FALSE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1218
+#: sssd.conf.5.xml:1357
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -1596,14 +1755,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1231
+#: sssd.conf.5.xml:1370
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1236
+#: sssd.conf.5.xml:1375
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -1612,39 +1771,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1244
+#: sssd.conf.5.xml:1383
msgid ""
"For the reasons cited above, enabling enumeration is not recommended, "
"especially in large environments."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1252
+#: sssd.conf.5.xml:1391
msgid "subdomain_enumerate (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1259
+#: sssd.conf.5.xml:1398
msgid "all"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1260
+#: sssd.conf.5.xml:1399
msgid "All discovered trusted domains will be enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1263
+#: sssd.conf.5.xml:1402
msgid "none"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1264
+#: sssd.conf.5.xml:1403
msgid "No discovered trusted domains will be enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1255
+#: sssd.conf.5.xml:1394
msgid ""
"Whether any of autodetected trusted domains should be enumerated. The "
"supported values are: <placeholder type=\"variablelist\" id=\"0\"/> "
@@ -1653,19 +1812,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1295
+#: sssd.conf.5.xml:1434
msgid "entry_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1298
+#: sssd.conf.5.xml:1437
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1302
+#: sssd.conf.5.xml:1441
msgid ""
"The cache expiration timestamps are stored as attributes of individual "
"objects in the cache. Therefore, changing the cache timeout only has effect "
@@ -1676,151 +1835,151 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1315
+#: sssd.conf.5.xml:1454
msgid "Default: 5400"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1321
+#: sssd.conf.5.xml:1460
msgid "entry_cache_user_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1324
+#: sssd.conf.5.xml:1463
msgid ""
"How many seconds should nss_sss consider user entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1328 sssd.conf.5.xml:1341 sssd.conf.5.xml:1354
-#: sssd.conf.5.xml:1367 sssd.conf.5.xml:1380 sssd.conf.5.xml:1394
-#: sssd.conf.5.xml:1408
+#: sssd.conf.5.xml:1467 sssd.conf.5.xml:1480 sssd.conf.5.xml:1493
+#: sssd.conf.5.xml:1506 sssd.conf.5.xml:1519 sssd.conf.5.xml:1533
+#: sssd.conf.5.xml:1547
msgid "Default: entry_cache_timeout"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1334
+#: sssd.conf.5.xml:1473
msgid "entry_cache_group_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1337
+#: sssd.conf.5.xml:1476
msgid ""
"How many seconds should nss_sss consider group entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1347
+#: sssd.conf.5.xml:1486
msgid "entry_cache_netgroup_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1350
+#: sssd.conf.5.xml:1489
msgid ""
"How many seconds should nss_sss consider netgroup entries valid before "
"asking the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1360
+#: sssd.conf.5.xml:1499
msgid "entry_cache_service_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1363
+#: sssd.conf.5.xml:1502
msgid ""
"How many seconds should nss_sss consider service entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1373
+#: sssd.conf.5.xml:1512
msgid "entry_cache_sudo_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1376
+#: sssd.conf.5.xml:1515
msgid ""
"How many seconds should sudo consider rules valid before asking the backend "
"again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1386
+#: sssd.conf.5.xml:1525
msgid "entry_cache_autofs_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1389
+#: sssd.conf.5.xml:1528
msgid ""
"How many seconds should the autofs service consider automounter maps valid "
"before asking the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1400
+#: sssd.conf.5.xml:1539
msgid "entry_cache_ssh_host_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1403
+#: sssd.conf.5.xml:1542
msgid ""
"How many seconds to keep a host ssh key after refresh. IE how long to cache "
"the host key for."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1414
+#: sssd.conf.5.xml:1553
msgid "refresh_expired_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1417
+#: sssd.conf.5.xml:1556
msgid ""
"Specifies how many seconds SSSD has to wait before triggering a background "
"refresh task which will refresh all expired or nearly expired records."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1422
+#: sssd.conf.5.xml:1561
msgid ""
"The background refresh will process users, groups and netgroups in the cache."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1426
+#: sssd.conf.5.xml:1565
msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1430 sssd-ldap.5.xml:730 sssd-ipa.5.xml:227
+#: sssd.conf.5.xml:1569 sssd-ldap.5.xml:730 sssd-ipa.5.xml:227
msgid "Default: 0 (disabled)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1436
+#: sssd.conf.5.xml:1575
msgid "cache_credentials (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1439
+#: sssd.conf.5.xml:1578
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1443
+#: sssd.conf.5.xml:1582
msgid "User credentials are stored in a SHA512 hash, not in plaintext"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1453
+#: sssd.conf.5.xml:1592
msgid "cache_credentials_minimal_first_factor_length (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1456
+#: sssd.conf.5.xml:1595
msgid ""
"If 2-Factor-Authentication (2FA) is used and credentials should be saved "
"this value determines the minimal length the first authentication factor "
@@ -1828,24 +1987,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1463
+#: sssd.conf.5.xml:1602
msgid ""
"This should avoid that the short PINs of a PIN based 2FA scheme are saved in "
"the cache which would make them easy targets for brute-force attacks."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1468
+#: sssd.conf.5.xml:1607
msgid "Default: 8"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1474
+#: sssd.conf.5.xml:1613
msgid "account_cache_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1477
+#: sssd.conf.5.xml:1616
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -1854,17 +2013,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1484
+#: sssd.conf.5.xml:1623
msgid "Default: 0 (unlimited)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1489
+#: sssd.conf.5.xml:1628
msgid "pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1500
+#: sssd.conf.5.xml:1639
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -1873,33 +2032,33 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1507
+#: sssd.conf.5.xml:1646
msgid "Default: 7 (Kerberos), 0 (LDAP)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1513
+#: sssd.conf.5.xml:1652
msgid "id_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1516
+#: sssd.conf.5.xml:1655
msgid ""
"The identification provider used for the domain. Supported ID providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1520
+#: sssd.conf.5.xml:1659
msgid "<quote>proxy</quote>: Support a legacy NSS provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1523 sssd.conf.5.xml:1660
+#: sssd.conf.5.xml:1662 sssd.conf.5.xml:1799
msgid "<quote>local</quote>: SSSD internal provider for local users"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1527
+#: sssd.conf.5.xml:1666
msgid ""
"<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-"
"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
@@ -1907,8 +2066,8 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1535 sssd.conf.5.xml:1640 sssd.conf.5.xml:1695
-#: sssd.conf.5.xml:1748
+#: sssd.conf.5.xml:1674 sssd.conf.5.xml:1779 sssd.conf.5.xml:1834
+#: sssd.conf.5.xml:1897
msgid ""
"<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management "
"provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
@@ -1917,8 +2076,8 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1544 sssd.conf.5.xml:1649 sssd.conf.5.xml:1704
-#: sssd.conf.5.xml:1757
+#: sssd.conf.5.xml:1683 sssd.conf.5.xml:1788 sssd.conf.5.xml:1843
+#: sssd.conf.5.xml:1906
msgid ""
"<quote>ad</quote>: Active Directory provider. See <citerefentry> "
"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1926,19 +2085,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1555
+#: sssd.conf.5.xml:1694
msgid "use_fully_qualified_names (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1558
+#: sssd.conf.5.xml:1697
msgid ""
"Use the full name and domain (as formatted by the domain's full_name_format) "
"as the user's login name reported to NSS."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1563
+#: sssd.conf.5.xml:1702
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -1947,7 +2106,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1571
+#: sssd.conf.5.xml:1710
msgid ""
"NOTE: This option has no effect on netgroup lookups due to their tendency to "
"include nested netgroups without qualified names. For netgroups, all domains "
@@ -1955,22 +2114,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1578
+#: sssd.conf.5.xml:1717
msgid "Default: FALSE (TRUE if default_domain_suffix is used)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1584
+#: sssd.conf.5.xml:1723
msgid "ignore_group_members (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1587
+#: sssd.conf.5.xml:1726
msgid "Do not return group members for group lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1590
+#: sssd.conf.5.xml:1729
msgid ""
"If set to TRUE, the group membership attribute is not requested from the "
"ldap server, and group members are not returned when processing group lookup "
@@ -1982,7 +2141,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1608
+#: sssd.conf.5.xml:1747
msgid ""
"Enabling this option can also make access provider checks for group "
"membership significantly faster, especially for groups containing many "
@@ -1990,19 +2149,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1619
+#: sssd.conf.5.xml:1758
msgid "auth_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1622
+#: sssd.conf.5.xml:1761
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1626 sssd.conf.5.xml:1688
+#: sssd.conf.5.xml:1765 sssd.conf.5.xml:1827
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2010,7 +2169,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1633
+#: sssd.conf.5.xml:1772
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2018,30 +2177,30 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1657
+#: sssd.conf.5.xml:1796
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1664
+#: sssd.conf.5.xml:1803
msgid "<quote>none</quote> disables authentication explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1667
+#: sssd.conf.5.xml:1806
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1673
+#: sssd.conf.5.xml:1812
msgid "access_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1676
+#: sssd.conf.5.xml:1815
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -2049,19 +2208,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1682
+#: sssd.conf.5.xml:1821
msgid ""
"<quote>permit</quote> always allow access. It's the only permitted access "
"provider for a local domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1685
+#: sssd.conf.5.xml:1824
msgid "<quote>deny</quote> always deny access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1712
+#: sssd.conf.5.xml:1851
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -2070,24 +2229,37 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1719
+#: sssd.conf.5.xml:1858
+msgid ""
+"<quote>krb5</quote>: .k5login based access control. See <citerefentry> "
+"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></"
+"citerefentry> for more information on configuring Kerberos."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1865
+msgid "<quote>proxy</quote> for relaying access control to another PAM module."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1868
msgid "Default: <quote>permit</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1724
+#: sssd.conf.5.xml:1873
msgid "chpass_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1727
+#: sssd.conf.5.xml:1876
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1732
+#: sssd.conf.5.xml:1881
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -2095,7 +2267,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1740
+#: sssd.conf.5.xml:1889
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2103,35 +2275,35 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1765
+#: sssd.conf.5.xml:1914
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1769
+#: sssd.conf.5.xml:1918
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1772
+#: sssd.conf.5.xml:1921
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1779
+#: sssd.conf.5.xml:1928
msgid "sudo_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1782
+#: sssd.conf.5.xml:1931
msgid "The SUDO provider used for the domain. Supported SUDO providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1786
+#: sssd.conf.5.xml:1935
msgid ""
"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2139,32 +2311,32 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1794
+#: sssd.conf.5.xml:1943
msgid ""
"<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default "
"settings."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1798
+#: sssd.conf.5.xml:1947
msgid ""
"<quote>ad</quote> the same as <quote>ldap</quote> but with AD default "
"settings."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1802
+#: sssd.conf.5.xml:1951
msgid "<quote>none</quote> disables SUDO explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1805 sssd.conf.5.xml:1883 sssd.conf.5.xml:1915
-#: sssd.conf.5.xml:1940
+#: sssd.conf.5.xml:1954 sssd.conf.5.xml:2032 sssd.conf.5.xml:2073
+#: sssd.conf.5.xml:2098
msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1809
+#: sssd.conf.5.xml:1958
msgid ""
"The detailed instructions for configuration of sudo_provider are in the "
"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -2175,12 +2347,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1826
+#: sssd.conf.5.xml:1975
msgid "selinux_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1829
+#: sssd.conf.5.xml:1978
msgid ""
"The provider which should handle loading of selinux settings. Note that this "
"provider will be called right after access provider ends. Supported selinux "
@@ -2188,7 +2360,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1835
+#: sssd.conf.5.xml:1984
msgid ""
"<quote>ipa</quote> to load selinux settings from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2196,31 +2368,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1843
+#: sssd.conf.5.xml:1992
msgid "<quote>none</quote> disallows fetching selinux settings explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1846
+#: sssd.conf.5.xml:1995
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"selinux loading requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1852
+#: sssd.conf.5.xml:2001
msgid "subdomains_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1855
+#: sssd.conf.5.xml:2004
msgid ""
"The provider which should handle fetching of subdomains. This value should "
"be always the same as id_provider. Supported subdomain providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1861
+#: sssd.conf.5.xml:2010
msgid ""
"<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2228,7 +2400,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1870
+#: sssd.conf.5.xml:2019
msgid ""
"<quote>ad</quote> to load a list of subdomains from an Active Directory "
"server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> "
@@ -2237,23 +2409,23 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1879
+#: sssd.conf.5.xml:2028
msgid "<quote>none</quote> disallows fetching subdomains explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1890
+#: sssd.conf.5.xml:2039
msgid "autofs_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1893
+#: sssd.conf.5.xml:2042
msgid ""
"The autofs provider used for the domain. Supported autofs providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1897
+#: sssd.conf.5.xml:2046
msgid ""
"<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2261,7 +2433,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1904
+#: sssd.conf.5.xml:2053
msgid ""
"<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2269,24 +2441,32 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1912
+#: sssd.conf.5.xml:2061
+msgid ""
+"<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> "
+"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> for more information on configuring the AD provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2070
msgid "<quote>none</quote> disables autofs explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1922
+#: sssd.conf.5.xml:2080
msgid "hostid_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1925
+#: sssd.conf.5.xml:2083
msgid ""
"The provider used for retrieving host identity information. Supported "
"hostid providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1929
+#: sssd.conf.5.xml:2087
msgid ""
"<quote>ipa</quote> to load host identity stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2294,12 +2474,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1937
+#: sssd.conf.5.xml:2095
msgid "<quote>none</quote> disables hostid explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1950
+#: sssd.conf.5.xml:2108
msgid ""
"Regular expression for this domain that describes how to parse the string "
"containing user name and domain into these components. The \"domain\" can "
@@ -2309,7 +2489,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1959
+#: sssd.conf.5.xml:2117
msgid ""
"Default for the AD and IPA provider: <quote>(((?P&lt;domain&gt;[^\\\\]+)\\"
"\\(?P&lt;name&gt;.+$))|((?P&lt;name&gt;[^@]+)@(?P&lt;domain&gt;.+$))|(^(?"
@@ -2318,29 +2498,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1964
+#: sssd.conf.5.xml:2122
msgid "username"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1967
+#: sssd.conf.5.xml:2125
msgid "username@domain.name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1970
+#: sssd.conf.5.xml:2128
msgid "domain\\username"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1973
+#: sssd.conf.5.xml:2131
msgid ""
"While the first two correspond to the general default the third one is "
"introduced to allow easy integration of users from Windows domains."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1978
+#: sssd.conf.5.xml:2136
msgid ""
"Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
"which translates to \"the name is everything up to the <quote>@</quote> "
@@ -2348,7 +2528,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1984
+#: sssd.conf.5.xml:2142
msgid ""
"PLEASE NOTE: the support for non-unique named subpatterns is not available "
"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
@@ -2356,66 +2536,66 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1991
+#: sssd.conf.5.xml:2149
msgid ""
"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
"P&lt;name&gt;) to label subpatterns."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2038
+#: sssd.conf.5.xml:2196
msgid "Default: <quote>%1$s@%2$s</quote>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2044
+#: sssd.conf.5.xml:2202
msgid "lookup_family_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2047
+#: sssd.conf.5.xml:2205
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2051
+#: sssd.conf.5.xml:2209
msgid "Supported values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2054
+#: sssd.conf.5.xml:2212
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2057
+#: sssd.conf.5.xml:2215
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2060
+#: sssd.conf.5.xml:2218
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2063
+#: sssd.conf.5.xml:2221
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2066
+#: sssd.conf.5.xml:2224
msgid "Default: ipv4_first"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2072
+#: sssd.conf.5.xml:2230
msgid "dns_resolver_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2075
+#: sssd.conf.5.xml:2233
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -2423,70 +2603,70 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2081 sssd-ldap.5.xml:1203 sssd-ldap.5.xml:1245
-#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:248
+#: sssd.conf.5.xml:2239 sssd-ldap.5.xml:1221 sssd-ldap.5.xml:1263
+#: sssd-ldap.5.xml:1281 sssd-krb5.5.xml:248
msgid "Default: 6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2087
+#: sssd.conf.5.xml:2245
msgid "dns_discovery_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2090
+#: sssd.conf.5.xml:2248
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2094
+#: sssd.conf.5.xml:2252
msgid "Default: Use the domain part of machine's hostname"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2100
+#: sssd.conf.5.xml:2258
msgid "override_gid (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2103
+#: sssd.conf.5.xml:2261
msgid "Override the primary GID value with the one specified."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2109
+#: sssd.conf.5.xml:2267
msgid "case_sensitive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2117
+#: sssd.conf.5.xml:2275
msgid "True"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2120
+#: sssd.conf.5.xml:2278
msgid "Case sensitive. This value is invalid for AD provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2126
+#: sssd.conf.5.xml:2284
msgid "False"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2128
+#: sssd.conf.5.xml:2286
msgid "Case insensitive."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2132
+#: sssd.conf.5.xml:2290
msgid "Preserving"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2135
+#: sssd.conf.5.xml:2293
msgid ""
"Same as False (case insensitive), but does not lowercase names in the result "
"of NSS operations. Note that name aliases (and in case of services also "
@@ -2494,7 +2674,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2112
+#: sssd.conf.5.xml:2270
msgid ""
"Treat user and group names as case sensitive. At the moment, this option is "
"not supported in the local provider. Possible option values are: "
@@ -2502,41 +2682,85 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2147
+#: sssd.conf.5.xml:2305
msgid "Default: True (False for AD provider)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2153
-msgid "proxy_fast_alias (boolean)"
+#: sssd.conf.5.xml:2311
+msgid "subdomain_inherit (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2156
+#: sssd.conf.5.xml:2314
msgid ""
-"When a user or group is looked up by name in the proxy provider, a second "
-"lookup by ID is performed to \"canonicalize\" the name in case the requested "
-"name was an alias. Setting this option to true would cause the SSSD to "
-"perform the ID lookup from cache for performance reasons."
+"Specifies a list of configuration parameters that should be inherited by a "
+"subdomain. Please note that only selected parameters can be inherited. "
+"Currently the following options can be inherited:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2320
+msgid "ignore_group_members"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2323
+msgid "ldap_purge_cache_timeout"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2170
+#: sssd.conf.5.xml:2326 sssd-ldap.5.xml:1054
+msgid "ldap_use_tokengroups"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2329
+msgid "ldap_user_principal"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2332
+msgid ""
+"ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab "
+"is not set explicitly)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd.conf.5.xml:2338
+#, no-wrap
+msgid ""
+"subdomain_inherit = ldap_purge_cache_timeout\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2336
+msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2345
+msgid "Note: This option only works with the IPA and AD provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2352
msgid "subdomain_homedir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2181
+#: sssd.conf.5.xml:2363
msgid "%F"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2182
+#: sssd.conf.5.xml:2364
msgid "flat (NetBIOS) name of a subdomain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2173
+#: sssd.conf.5.xml:2355
msgid ""
"Use this homedir as default value for all subdomains within this domain in "
"IPA AD trust. See <emphasis>override_homedir</emphasis> for info about "
@@ -2546,34 +2770,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2187
+#: sssd.conf.5.xml:2369
msgid ""
"The value can be overridden by <emphasis>override_homedir</emphasis> option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2191
+#: sssd.conf.5.xml:2373
msgid "Default: <filename>/home/%d/%u</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2196
+#: sssd.conf.5.xml:2378
msgid "realmd_tags (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2199
+#: sssd.conf.5.xml:2381
msgid ""
"Various tags stored by the realmd configuration service for this domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2205
+#: sssd.conf.5.xml:2387
msgid "cached_auth_timeout (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2208
+#: sssd.conf.5.xml:2390
msgid ""
"Specifies time in seconds since last successful online authentication for "
"which user will be authenticated using cached credentials while SSSD is in "
@@ -2581,12 +2805,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2214
+#: sssd.conf.5.xml:2396
msgid "Special value 0 implies that this feature is disabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2218
+#: sssd.conf.5.xml:2400
msgid ""
"Please note that if <quote>cached_auth_timeout</quote> is longer than "
"<quote>pam_id_timeout</quote> then the back end could be called to handle "
@@ -2594,7 +2818,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1172
+#: sssd.conf.5.xml:1311
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -2602,49 +2826,63 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2236
+#: sssd.conf.5.xml:2418
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2239
+#: sssd.conf.5.xml:2421
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2242
+#: sssd.conf.5.xml:2424
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2250
+#: sssd.conf.5.xml:2432
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2253
+#: sssd.conf.5.xml:2435
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
"for example _nss_files_getpwent."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2445
+msgid "proxy_fast_alias (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2448
+msgid ""
+"When a user or group is looked up by name in the proxy provider, a second "
+"lookup by ID is performed to \"canonicalize\" the name in case the requested "
+"name was an alias. Setting this option to true would cause the SSSD to "
+"perform the ID lookup from cache for performance reasons."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2232
+#: sssd.conf.5.xml:2414
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2265
+#: sssd.conf.5.xml:2465
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2267
+#: sssd.conf.5.xml:2467
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -2652,73 +2890,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2274
+#: sssd.conf.5.xml:2474
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2277
+#: sssd.conf.5.xml:2477
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2281
+#: sssd.conf.5.xml:2481
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2286
+#: sssd.conf.5.xml:2486
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2289
+#: sssd.conf.5.xml:2489
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2294
+#: sssd.conf.5.xml:2494
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2299
+#: sssd.conf.5.xml:2499
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2302
+#: sssd.conf.5.xml:2502
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2306 sssd.conf.5.xml:2318
+#: sssd.conf.5.xml:2506 sssd.conf.5.xml:2518
msgid "Default: TRUE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2311
+#: sssd.conf.5.xml:2511
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2314
+#: sssd.conf.5.xml:2514
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2323
+#: sssd.conf.5.xml:2523
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2326
+#: sssd.conf.5.xml:2526
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -2726,17 +2964,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2334
+#: sssd.conf.5.xml:2534
msgid "Default: 077"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2339
+#: sssd.conf.5.xml:2539
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2342
+#: sssd.conf.5.xml:2542
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -2745,17 +2983,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2352
+#: sssd.conf.5.xml:2552
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2357
+#: sssd.conf.5.xml:2557
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2360
+#: sssd.conf.5.xml:2560
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -2763,17 +3001,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2367
+#: sssd.conf.5.xml:2567
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2372
+#: sssd.conf.5.xml:2572
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2375
+#: sssd.conf.5.xml:2575
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -2781,19 +3019,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2381
+#: sssd.conf.5.xml:2581
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:2391 sssd-ldap.5.xml:2611 sssd-simple.5.xml:131
-#: sssd-ipa.5.xml:717 sssd-ad.5.xml:889 sssd-krb5.5.xml:564
+#: sssd.conf.5.xml:2591 sssd-ldap.5.xml:2629 sssd-simple.5.xml:131
+#: sssd-ipa.5.xml:717 sssd-ad.5.xml:965 sssd-krb5.5.xml:564
#: sss_rpcidmapd.5.xml:98
msgid "EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:2397
+#: sssd.conf.5.xml:2597
#, no-wrap
msgid ""
"[sssd]\n"
@@ -2823,7 +3061,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2393
+#: sssd.conf.5.xml:2593
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -2869,7 +3107,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:88
+#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:89
#: sssd-krb5.5.xml:63 sssd-ifp.5.xml:44
msgid "CONFIGURATION OPTIONS"
msgstr ""
@@ -2969,8 +3207,8 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:646 sssd-ad.5.xml:212
-#: sss_override.8.xml:99 sss_override.8.xml:167
+#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:646 sssd-ad.5.xml:220
+#: sss_override.8.xml:137 sss_override.8.xml:234
msgid "Examples:"
msgstr ""
@@ -3259,14 +3497,14 @@ msgid "ldap_user_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:373 sssd-ldap.5.xml:914 sssd-ldap.5.xml:1119
+#: sssd-ldap.5.xml:373 sssd-ldap.5.xml:914 sssd-ldap.5.xml:1137
msgid ""
"The LDAP attribute that contains timestamp of the last modification of the "
"parent object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:377 sssd-ldap.5.xml:918 sssd-ldap.5.xml:1126
+#: sssd-ldap.5.xml:377 sssd-ldap.5.xml:918 sssd-ldap.5.xml:1144
msgid "Default: modifyTimestamp"
msgstr ""
@@ -3661,8 +3899,8 @@ msgid "The LDAP attribute that corresponds to the user's full name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:743 sssd-ldap.5.xml:850 sssd-ldap.5.xml:1077
-#: sssd-ldap.5.xml:1151 sssd-ldap.5.xml:2192 sssd-ipa.5.xml:590
+#: sssd-ldap.5.xml:743 sssd-ldap.5.xml:850 sssd-ldap.5.xml:1095
+#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:2210 sssd-ipa.5.xml:590
msgid "Default: cn"
msgstr ""
@@ -3866,19 +4104,36 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:945
-msgid "ldap_group_nesting_level (integer)"
+msgid "ldap_group_external_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:948
msgid ""
+"The LDAP attribute that references group members that are defined in an "
+"external domain. At the moment, only IPA's external members are supported."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:954
+msgid "Default: ipaExternalMember in the IPA provider, otherwise unset."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:961
+msgid "ldap_group_nesting_level (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:964
+msgid ""
"If ldap_schema is set to a schema format that supports nested groups (e.g. "
"RFC2307bis), then this option controls how many levels of nesting SSSD will "
"follow. This option has no effect on the RFC2307 schema."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:955
+#: sssd-ldap.5.xml:971
msgid ""
"Note: This option specifies the guaranteed level of nested groups to be "
"processed for any lookup. However, nested groups beyond this limit "
@@ -3888,26 +4143,27 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:964
+#: sssd-ldap.5.xml:980
msgid ""
"If ldap_group_nesting_level is set to 0 then no nested groups are processed "
-"at all. However, when connected to Active-Directory Server 2008 and later it "
-"is furthermore required to disable usage of Token-Groups by setting "
-"ldap_use_tokengroups to false."
+"at all. However, when connected to Active-Directory Server 2008 and later "
+"using <quote>id_provider=ad</quote> it is furthermore required to disable "
+"usage of Token-Groups by setting ldap_use_tokengroups to false in order to "
+"restrict group nesting."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:971
+#: sssd-ldap.5.xml:989
msgid "Default: 2"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:977
+#: sssd-ldap.5.xml:995
msgid "ldap_groups_use_matching_rule_in_chain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:980
+#: sssd-ldap.5.xml:998
msgid ""
"This option tells SSSD to take advantage of an Active Directory-specific "
"feature which may speed up group lookup operations on deployments with "
@@ -3915,14 +4171,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:986
+#: sssd-ldap.5.xml:1004
msgid ""
"In most common cases, it is best to leave this option disabled. It generally "
"only provides a performance increase on very complex nestings."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:991 sssd-ldap.5.xml:1018
+#: sssd-ldap.5.xml:1009 sssd-ldap.5.xml:1036
msgid ""
"If this option is enabled, SSSD will use it if it detects that the server "
"supports it during initial connection. So \"True\" here essentially means "
@@ -3930,7 +4186,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:997 sssd-ldap.5.xml:1024
+#: sssd-ldap.5.xml:1015 sssd-ldap.5.xml:1042
msgid ""
"Note: This feature is currently known to work only with Active Directory "
"2008 R1 and later. See <ulink url=\"http://msdn.microsoft.com/en-us/library/"
@@ -3938,19 +4194,13 @@ msgid ""
"for more details."
msgstr ""
-#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1003 sssd-ldap.5.xml:1030 sssd-ldap.5.xml:1321
-#: sssd-ldap.5.xml:1342 sssd-ldap.5.xml:1848 include/ldap_id_mapping.xml:242
-msgid "Default: False"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1009
+#: sssd-ldap.5.xml:1027
msgid "ldap_initgroups_use_matching_rule_in_chain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1012
+#: sssd-ldap.5.xml:1030
msgid ""
"This option tells SSSD to take advantage of an Active Directory-specific "
"feature which might speed up initgroups operations (most notably when "
@@ -3958,168 +4208,168 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1039
+#: sssd-ldap.5.xml:1057
msgid ""
"This options enables or disables use of Token-Groups attribute when "
"performing initgroup for users from Active Directory Server 2008 and later."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1044
+#: sssd-ldap.5.xml:1062
msgid "Default: True for AD and IPA otherwise False."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1050
+#: sssd-ldap.5.xml:1068
msgid "ldap_netgroup_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1053
+#: sssd-ldap.5.xml:1071
msgid "The object class of a netgroup entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1056
+#: sssd-ldap.5.xml:1074
msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1060
+#: sssd-ldap.5.xml:1078
msgid "Default: nisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1066
+#: sssd-ldap.5.xml:1084
msgid "ldap_netgroup_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1069
+#: sssd-ldap.5.xml:1087
msgid "The LDAP attribute that corresponds to the netgroup name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1073
+#: sssd-ldap.5.xml:1091
msgid "In IPA provider, ipa_netgroup_name should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1083
+#: sssd-ldap.5.xml:1101
msgid "ldap_netgroup_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1086
+#: sssd-ldap.5.xml:1104
msgid "The LDAP attribute that contains the names of the netgroup's members."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1090
+#: sssd-ldap.5.xml:1108
msgid "In IPA provider, ipa_netgroup_member should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1094
+#: sssd-ldap.5.xml:1112
msgid "Default: memberNisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1100
+#: sssd-ldap.5.xml:1118
msgid "ldap_netgroup_triple (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1103
+#: sssd-ldap.5.xml:1121
msgid ""
"The LDAP attribute that contains the (host, user, domain) netgroup triples."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1107 sssd-ldap.5.xml:1123
+#: sssd-ldap.5.xml:1125 sssd-ldap.5.xml:1141
msgid "This option is not available in IPA provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1110
+#: sssd-ldap.5.xml:1128
msgid "Default: nisNetgroupTriple"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1116
+#: sssd-ldap.5.xml:1134
msgid "ldap_netgroup_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1132
+#: sssd-ldap.5.xml:1150
msgid "ldap_service_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1135
+#: sssd-ldap.5.xml:1153
msgid "The object class of a service entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1138
+#: sssd-ldap.5.xml:1156
msgid "Default: ipService"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1144
+#: sssd-ldap.5.xml:1162
msgid "ldap_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1147
+#: sssd-ldap.5.xml:1165
msgid ""
"The LDAP attribute that contains the name of service attributes and their "
"aliases."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1157
+#: sssd-ldap.5.xml:1175
msgid "ldap_service_port (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1160
+#: sssd-ldap.5.xml:1178
msgid "The LDAP attribute that contains the port managed by this service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1164
+#: sssd-ldap.5.xml:1182
msgid "Default: ipServicePort"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1170
+#: sssd-ldap.5.xml:1188
msgid "ldap_service_proto (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1173
+#: sssd-ldap.5.xml:1191
msgid ""
"The LDAP attribute that contains the protocols understood by this service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1177
+#: sssd-ldap.5.xml:1195
msgid "Default: ipServiceProtocol"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1183
+#: sssd-ldap.5.xml:1201
msgid "ldap_service_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1188
+#: sssd-ldap.5.xml:1206
msgid "ldap_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1191
+#: sssd-ldap.5.xml:1209
msgid ""
"Specifies the timeout (in seconds) that ldap searches are allowed to run "
"before they are cancelled and cached results are returned (and offline mode "
@@ -4127,7 +4377,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1197
+#: sssd-ldap.5.xml:1215
msgid ""
"Note: this option is subject to change in future versions of the SSSD. It "
"will likely be replaced at some point by a series of timeouts for specific "
@@ -4135,12 +4385,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1209
+#: sssd-ldap.5.xml:1227
msgid "ldap_enumeration_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1212
+#: sssd-ldap.5.xml:1230
msgid ""
"Specifies the timeout (in seconds) that ldap searches for user and group "
"enumerations are allowed to run before they are cancelled and cached results "
@@ -4148,12 +4398,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1225
+#: sssd-ldap.5.xml:1243
msgid "ldap_network_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1228
+#: sssd-ldap.5.xml:1246
msgid ""
"Specifies the timeout (in seconds) after which the <citerefentry> "
"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
@@ -4164,12 +4414,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1251
+#: sssd-ldap.5.xml:1269
msgid "ldap_opt_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1254
+#: sssd-ldap.5.xml:1272
msgid ""
"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
"will abort if no response is received. Also controls the timeout when "
@@ -4178,12 +4428,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1269
+#: sssd-ldap.5.xml:1287
msgid "ldap_connection_expire_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1272
+#: sssd-ldap.5.xml:1290
msgid ""
"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
"maintained. After this time, the connection will be re-established. If used "
@@ -4192,34 +4442,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1280 sssd-ldap.5.xml:2349
+#: sssd-ldap.5.xml:1298 sssd-ldap.5.xml:2367
msgid "Default: 900 (15 minutes)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1286
+#: sssd-ldap.5.xml:1304
msgid "ldap_page_size (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1289
+#: sssd-ldap.5.xml:1307
msgid ""
"Specify the number of records to retrieve from LDAP in a single request. "
"Some LDAP servers enforce a maximum limit per-request."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1294
+#: sssd-ldap.5.xml:1312
msgid "Default: 1000"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1300
+#: sssd-ldap.5.xml:1318
msgid "ldap_disable_paging (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1303
+#: sssd-ldap.5.xml:1321
msgid ""
"Disable the LDAP paging control. This option should be used if the LDAP "
"server reports that it supports the LDAP paging control in its RootDSE but "
@@ -4227,14 +4477,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1309
+#: sssd-ldap.5.xml:1327
msgid ""
"Example: OpenLDAP servers with the paging control module installed on the "
"server but not enabled will report it in the RootDSE but be unable to use it."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1315
+#: sssd-ldap.5.xml:1333
msgid ""
"Example: 389 DS has a bug where it can only support a one paging control at "
"a time on a single connection. On busy clients, this can result in some "
@@ -4242,17 +4492,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1327
+#: sssd-ldap.5.xml:1345
msgid "ldap_disable_range_retrieval (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1330
+#: sssd-ldap.5.xml:1348
msgid "Disable Active Directory range retrieval."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1333
+#: sssd-ldap.5.xml:1351
msgid ""
"Active Directory limits the number of members to be retrieved in a single "
"lookup using the MaxValRange policy (which defaults to 1500 members). If a "
@@ -4262,12 +4512,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1348
+#: sssd-ldap.5.xml:1366
msgid "ldap_sasl_minssf (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1351
+#: sssd-ldap.5.xml:1369
msgid ""
"When communicating with an LDAP server using SASL, specify the minimum "
"security level necessary to establish the connection. The values of this "
@@ -4275,17 +4525,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1357
+#: sssd-ldap.5.xml:1375
msgid "Default: Use the system default (usually specified by ldap.conf)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1364
+#: sssd-ldap.5.xml:1382
msgid "ldap_deref_threshold (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1367
+#: sssd-ldap.5.xml:1385
msgid ""
"Specify the number of group members that must be missing from the internal "
"cache in order to trigger a dereference lookup. If less members are missing, "
@@ -4293,13 +4543,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1373
+#: sssd-ldap.5.xml:1391
msgid ""
"You can turn off dereference lookups completely by setting the value to 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1377
+#: sssd-ldap.5.xml:1395
msgid ""
"A dereference lookup is a means of fetching all group members in a single "
"LDAP call. Different LDAP servers may implement different dereference "
@@ -4308,7 +4558,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1385
+#: sssd-ldap.5.xml:1403
msgid ""
"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
"filter, then the dereference lookup performance enhancement will be disabled "
@@ -4316,26 +4566,26 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1398
+#: sssd-ldap.5.xml:1416
msgid "ldap_tls_reqcert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1401
+#: sssd-ldap.5.xml:1419
msgid ""
"Specifies what checks to perform on server certificates in a TLS session, if "
"any. It can be specified as one of the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1407
+#: sssd-ldap.5.xml:1425
msgid ""
"<emphasis>never</emphasis> = The client will not request or check any server "
"certificate."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1411
+#: sssd-ldap.5.xml:1429
msgid ""
"<emphasis>allow</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -4343,7 +4593,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1418
+#: sssd-ldap.5.xml:1436
msgid ""
"<emphasis>try</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -4351,7 +4601,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1424
+#: sssd-ldap.5.xml:1442
msgid ""
"<emphasis>demand</emphasis> = The server certificate is requested. If no "
"certificate is provided, or a bad certificate is provided, the session is "
@@ -4359,41 +4609,41 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1430
+#: sssd-ldap.5.xml:1448
msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1434
+#: sssd-ldap.5.xml:1452
msgid "Default: hard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1440
+#: sssd-ldap.5.xml:1458
msgid "ldap_tls_cacert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1443
+#: sssd-ldap.5.xml:1461
msgid ""
"Specifies the file that contains certificates for all of the Certificate "
"Authorities that <command>sssd</command> will recognize."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1448 sssd-ldap.5.xml:1466 sssd-ldap.5.xml:1507
+#: sssd-ldap.5.xml:1466 sssd-ldap.5.xml:1484 sssd-ldap.5.xml:1525
msgid ""
"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
"conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1455
+#: sssd-ldap.5.xml:1473
msgid "ldap_tls_cacertdir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1458
+#: sssd-ldap.5.xml:1476
msgid ""
"Specifies the path of a directory that contains Certificate Authority "
"certificates in separate individual files. Typically the file names need to "
@@ -4402,32 +4652,32 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1473
+#: sssd-ldap.5.xml:1491
msgid "ldap_tls_cert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1476
+#: sssd-ldap.5.xml:1494
msgid "Specifies the file that contains the certificate for the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1486
+#: sssd-ldap.5.xml:1504
msgid "ldap_tls_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1489
+#: sssd-ldap.5.xml:1507
msgid "Specifies the file that contains the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1498
+#: sssd-ldap.5.xml:1516
msgid "ldap_tls_cipher_suite (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1501
+#: sssd-ldap.5.xml:1519
msgid ""
"Specifies acceptable cipher suites. Typically this is a colon separated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -4435,24 +4685,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1514
+#: sssd-ldap.5.xml:1532
msgid "ldap_id_use_start_tls (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1517
+#: sssd-ldap.5.xml:1535
msgid ""
"Specifies that the id_provider connection must also use <systemitem class="
"\"protocol\">tls</systemitem> to protect the channel."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1527
+#: sssd-ldap.5.xml:1545
msgid "ldap_id_mapping (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1530
+#: sssd-ldap.5.xml:1548
msgid ""
"Specifies that SSSD should attempt to map user and group IDs from the "
"ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
@@ -4460,17 +4710,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1536
+#: sssd-ldap.5.xml:1554
msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1546
+#: sssd-ldap.5.xml:1564
msgid "ldap_min_id, ldap_max_id (interger)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1549
+#: sssd-ldap.5.xml:1567
msgid ""
"In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
"set to true the allowed ID range for ldap_user_uid_number and "
@@ -4481,29 +4731,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1561
+#: sssd-ldap.5.xml:1579
msgid "Default: not set (both options are set to 0)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1567
+#: sssd-ldap.5.xml:1585
msgid "ldap_sasl_mech (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1570
+#: sssd-ldap.5.xml:1588
msgid ""
"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
"supported."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1580
+#: sssd-ldap.5.xml:1598
msgid "ldap_sasl_authid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1583
+#: sssd-ldap.5.xml:1601
msgid ""
"Specify the SASL authorization id to use. When GSSAPI is used, this "
"represents the Kerberos principal used for authentication to the directory. "
@@ -4512,17 +4762,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1591
+#: sssd-ldap.5.xml:1609
msgid "Default: host/hostname@REALM"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1597
+#: sssd-ldap.5.xml:1615
msgid "ldap_sasl_realm (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1600
+#: sssd-ldap.5.xml:1618
msgid ""
"Specify the SASL realm to use. When not specified, this option defaults to "
"the value of krb5_realm. If the ldap_sasl_authid contains the realm as "
@@ -4530,49 +4780,49 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1606
+#: sssd-ldap.5.xml:1624
msgid "Default: the value of krb5_realm."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1612
+#: sssd-ldap.5.xml:1630
msgid "ldap_sasl_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1615
+#: sssd-ldap.5.xml:1633
msgid ""
"If set to true, the LDAP library would perform a reverse lookup to "
"canonicalize the host name during a SASL bind."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1620
+#: sssd-ldap.5.xml:1638
msgid "Default: false;"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1626
+#: sssd-ldap.5.xml:1644
msgid "ldap_krb5_keytab (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1629
+#: sssd-ldap.5.xml:1647
msgid "Specify the keytab to use when using SASL/GSSAPI."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1632
+#: sssd-ldap.5.xml:1650
msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1638
+#: sssd-ldap.5.xml:1656
msgid "ldap_krb5_init_creds (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1641
+#: sssd-ldap.5.xml:1659
msgid ""
"Specifies that the id_provider should init Kerberos credentials (TGT). This "
"action is performed only if SASL is used and the mechanism selected is "
@@ -4580,27 +4830,27 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1653
+#: sssd-ldap.5.xml:1671
msgid "ldap_krb5_ticket_lifetime (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1656
+#: sssd-ldap.5.xml:1674
msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1660 sssd-ad.5.xml:783
+#: sssd-ldap.5.xml:1678 sssd-ad.5.xml:859
msgid "Default: 86400 (24 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1666 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1684 sssd-krb5.5.xml:74
msgid "krb5_server, krb5_backup_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1669
+#: sssd-ldap.5.xml:1687
msgid ""
"Specifies the comma-separated list of IP addresses or hostnames of the "
"Kerberos servers to which SSSD should connect in the order of preference. "
@@ -4612,7 +4862,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1681 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1699 sssd-krb5.5.xml:89
msgid ""
"When using service discovery for KDC or kpasswd servers, SSSD first searches "
"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -4620,7 +4870,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1686 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1704 sssd-krb5.5.xml:94
msgid ""
"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
"While the legacy name is recognized for the time being, users are advised to "
@@ -4628,39 +4878,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1695 sssd-ipa.5.xml:415 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1713 sssd-ipa.5.xml:415 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1698
+#: sssd-ldap.5.xml:1716
msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1701
+#: sssd-ldap.5.xml:1719
msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1707 sssd-ipa.5.xml:430 sssd-krb5.5.xml:462
+#: sssd-ldap.5.xml:1725 sssd-ipa.5.xml:430 sssd-krb5.5.xml:462
msgid "krb5_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1710
+#: sssd-ldap.5.xml:1728
msgid ""
"Specifies if the host principal should be canonicalized when connecting to "
"LDAP server. This feature is available with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1722 sssd-krb5.5.xml:477
+#: sssd-ldap.5.xml:1740 sssd-krb5.5.xml:477
msgid "krb5_use_kdcinfo (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1725 sssd-krb5.5.xml:480
+#: sssd-ldap.5.xml:1743 sssd-krb5.5.xml:480
msgid ""
"Specifies if the SSSD should instruct the Kerberos libraries what realm and "
"which KDCs to use. This option is on by default, if you disable it, you need "
@@ -4670,7 +4920,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1736 sssd-krb5.5.xml:491
+#: sssd-ldap.5.xml:1754 sssd-krb5.5.xml:491
msgid ""
"See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
@@ -4678,26 +4928,26 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1750
+#: sssd-ldap.5.xml:1768
msgid "ldap_pwd_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1753
+#: sssd-ldap.5.xml:1771
msgid ""
"Select the policy to evaluate the password expiration on the client side. "
"The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1758
+#: sssd-ldap.5.xml:1776
msgid ""
"<emphasis>none</emphasis> - No evaluation on the client side. This option "
"cannot disable server-side password policies."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1763
+#: sssd-ldap.5.xml:1781
msgid ""
"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -4705,7 +4955,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1769
+#: sssd-ldap.5.xml:1787
msgid ""
"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
"to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -4713,31 +4963,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1778
+#: sssd-ldap.5.xml:1796
msgid ""
"<emphasis>Note</emphasis>: if a password policy is configured on server "
"side, it always takes precedence over policy set with this option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1786
+#: sssd-ldap.5.xml:1804
msgid "ldap_referrals (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1789
+#: sssd-ldap.5.xml:1807
msgid "Specifies whether automatic referral chasing should be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1793
+#: sssd-ldap.5.xml:1811
msgid ""
"Please note that sssd only supports referral chasing when it is compiled "
"with OpenLDAP version 2.4.13 or higher."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1798
+#: sssd-ldap.5.xml:1816
msgid ""
"Chasing referrals may incur a performance penalty in environments that use "
"them heavily, a notable example is Microsoft Active Directory. If your setup "
@@ -4746,56 +4996,56 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1812
+#: sssd-ldap.5.xml:1830
msgid "ldap_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1815
+#: sssd-ldap.5.xml:1833
msgid "Specifies the service name to use when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1819
+#: sssd-ldap.5.xml:1837
msgid "Default: ldap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1825
+#: sssd-ldap.5.xml:1843
msgid "ldap_chpass_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1828
+#: sssd-ldap.5.xml:1846
msgid ""
"Specifies the service name to use to find an LDAP server which allows "
"password changes when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1833
+#: sssd-ldap.5.xml:1851
msgid "Default: not set, i.e. service discovery is disabled"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1839
+#: sssd-ldap.5.xml:1857
msgid "ldap_chpass_update_last_change (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1842
+#: sssd-ldap.5.xml:1860
msgid ""
"Specifies whether to update the ldap_user_shadow_last_change attribute with "
"days since the Epoch after a password change operation."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1854
+#: sssd-ldap.5.xml:1872
msgid "ldap_access_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1857
+#: sssd-ldap.5.xml:1875
msgid ""
"If using access_provider = ldap and ldap_access_order = filter (default), "
"this option is mandatory. It specifies an LDAP search filter criteria that "
@@ -4811,12 +5061,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1877
+#: sssd-ldap.5.xml:1895
msgid "Example:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1880
+#: sssd-ldap.5.xml:1898
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -4825,14 +5075,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1884
+#: sssd-ldap.5.xml:1902
msgid ""
"This example means that access to this host is restricted to users whose "
"employeeType attribute is set to \"admin\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1889
+#: sssd-ldap.5.xml:1907
msgid ""
"Offline caching for this feature is limited to determining whether the "
"user's last online login was granted access permission. If they were granted "
@@ -4841,24 +5091,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1897 sssd-ldap.5.xml:1954
+#: sssd-ldap.5.xml:1915 sssd-ldap.5.xml:1972
msgid "Default: Empty"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1903
+#: sssd-ldap.5.xml:1921
msgid "ldap_account_expire_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1906
+#: sssd-ldap.5.xml:1924
msgid ""
"With this option a client side evaluation of access control attributes can "
"be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1910
+#: sssd-ldap.5.xml:1928
msgid ""
"Please note that it is always recommended to use server side access control, "
"i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -4866,19 +5116,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1917
+#: sssd-ldap.5.xml:1935
msgid "The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1920
+#: sssd-ldap.5.xml:1938
msgid ""
"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
"determine if the account is expired."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1925
+#: sssd-ldap.5.xml:1943
msgid ""
"<emphasis>ad</emphasis>: use the value of the 32bit field "
"ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -4887,7 +5137,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1932
+#: sssd-ldap.5.xml:1950
msgid ""
"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
"emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -4895,7 +5145,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1938
+#: sssd-ldap.5.xml:1956
msgid ""
"<emphasis>nds</emphasis>: the values of "
"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -4904,7 +5154,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1947
+#: sssd-ldap.5.xml:1965
msgid ""
"Please note that the ldap_access_order configuration option <emphasis>must</"
"emphasis> include <quote>expire</quote> in order for the "
@@ -4912,22 +5162,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1960
+#: sssd-ldap.5.xml:1978
msgid "ldap_access_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1963
+#: sssd-ldap.5.xml:1981
msgid "Comma separated list of access control options. Allowed values are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1967
+#: sssd-ldap.5.xml:1985
msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1970
+#: sssd-ldap.5.xml:1988
msgid ""
"<emphasis>lockout</emphasis>: use account locking. If set, this option "
"denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -4937,14 +5187,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1980
+#: sssd-ldap.5.xml:1998
msgid ""
"<emphasis> Please note that this option is superseded by the <quote>ppolicy</"
"quote> option and might be removed in a future release. </emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1987
+#: sssd-ldap.5.xml:2005
msgid ""
"<emphasis>ppolicy</emphasis>: use account locking. If set, this option "
"denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -4957,12 +5207,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2004
+#: sssd-ldap.5.xml:2022
msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2008
+#: sssd-ldap.5.xml:2026
msgid ""
"<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, "
"pwd_expire_policy_renew: </emphasis> These options are useful if users are "
@@ -4972,7 +5222,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2018
+#: sssd-ldap.5.xml:2036
msgid ""
"The difference between these options is the action taken if user password is "
"expired: pwd_expire_policy_reject - user is denied to log in, "
@@ -4982,49 +5232,49 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2026
+#: sssd-ldap.5.xml:2044
msgid ""
"Note If user password is expired no explicit message is prompted by SSSD."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2030
+#: sssd-ldap.5.xml:2048
msgid ""
"Please note that 'access_provider = ldap' must be set for this feature to "
"work. Also 'ldap_pwd_policy' must be set to an appropriate password policy."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2035
+#: sssd-ldap.5.xml:2053
msgid ""
"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
"to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2040
+#: sssd-ldap.5.xml:2058
msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2044
+#: sssd-ldap.5.xml:2062
msgid "Default: filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2047
+#: sssd-ldap.5.xml:2065
msgid ""
"Please note that it is a configuration error if a value is used more than "
"once."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2054
+#: sssd-ldap.5.xml:2072
msgid "ldap_pwdlockout_dn (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2057
+#: sssd-ldap.5.xml:2075
msgid ""
"This option specifies the DN of password policy entry on LDAP server. Please "
"note that absence of this option in sssd.conf in case of enabled account "
@@ -5033,74 +5283,74 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2065
+#: sssd-ldap.5.xml:2083
msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2068
+#: sssd-ldap.5.xml:2086
msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2074
+#: sssd-ldap.5.xml:2092
msgid "ldap_deref (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2077
+#: sssd-ldap.5.xml:2095
msgid ""
"Specifies how alias dereferencing is done when performing a search. The "
"following options are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2082
+#: sssd-ldap.5.xml:2100
msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2086
+#: sssd-ldap.5.xml:2104
msgid ""
"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
"the base object, but not in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2091
+#: sssd-ldap.5.xml:2109
msgid ""
"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
"the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2096
+#: sssd-ldap.5.xml:2114
msgid ""
"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
"in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2101
+#: sssd-ldap.5.xml:2119
msgid ""
"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
"client libraries)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2109
+#: sssd-ldap.5.xml:2127
msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2112
+#: sssd-ldap.5.xml:2130
msgid ""
"Allows to retain local users as members of an LDAP group for servers that "
"use the RFC2307 schema."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2116
+#: sssd-ldap.5.xml:2134
msgid ""
"In some environments where the RFC2307 schema is used, local users are made "
"members of LDAP groups by adding their names to the memberUid attribute. "
@@ -5111,7 +5361,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2127
+#: sssd-ldap.5.xml:2145
msgid ""
"This option falls back to checking if local users are referenced, and caches "
"them so that later initgroups() calls will augment the local users with the "
@@ -5119,24 +5369,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2139 sssd-ifp.5.xml:136
+#: sssd-ldap.5.xml:2157 sssd-ifp.5.xml:136
msgid "wildcart_limit (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2142
+#: sssd-ldap.5.xml:2160
msgid ""
"Specifies an upper limit on the number of entries that are downloaded during "
"a wildcard lookup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2146
+#: sssd-ldap.5.xml:2164
msgid "At the moment, only the InfoPipe responder supports wildcard lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2150
+#: sssd-ldap.5.xml:2168
msgid "Default: 1000 (often the size of one page)"
msgstr ""
@@ -5151,12 +5401,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2160
+#: sssd-ldap.5.xml:2178
msgid "SUDO OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2162
+#: sssd-ldap.5.xml:2180
msgid ""
"The detailed instructions for configuration of sudo_provider are in the "
"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -5164,208 +5414,208 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2173
+#: sssd-ldap.5.xml:2191
msgid "ldap_sudorule_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2176
+#: sssd-ldap.5.xml:2194
msgid "The object class of a sudo rule entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2179
+#: sssd-ldap.5.xml:2197
msgid "Default: sudoRole"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2185
+#: sssd-ldap.5.xml:2203
msgid "ldap_sudorule_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2188
+#: sssd-ldap.5.xml:2206
msgid "The LDAP attribute that corresponds to the sudo rule name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2198
+#: sssd-ldap.5.xml:2216
msgid "ldap_sudorule_command (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2201
+#: sssd-ldap.5.xml:2219
msgid "The LDAP attribute that corresponds to the command name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2205
+#: sssd-ldap.5.xml:2223
msgid "Default: sudoCommand"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2211
+#: sssd-ldap.5.xml:2229
msgid "ldap_sudorule_host (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2214
+#: sssd-ldap.5.xml:2232
msgid ""
"The LDAP attribute that corresponds to the host name (or host IP address, "
"host IP network, or host netgroup)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2219
+#: sssd-ldap.5.xml:2237
msgid "Default: sudoHost"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2225
+#: sssd-ldap.5.xml:2243
msgid "ldap_sudorule_user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2228
+#: sssd-ldap.5.xml:2246
msgid ""
"The LDAP attribute that corresponds to the user name (or UID, group name or "
"user's netgroup)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2232
+#: sssd-ldap.5.xml:2250
msgid "Default: sudoUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2238
+#: sssd-ldap.5.xml:2256
msgid "ldap_sudorule_option (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2241
+#: sssd-ldap.5.xml:2259
msgid "The LDAP attribute that corresponds to the sudo options."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2245
+#: sssd-ldap.5.xml:2263
msgid "Default: sudoOption"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2251
+#: sssd-ldap.5.xml:2269
msgid "ldap_sudorule_runasuser (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2254
+#: sssd-ldap.5.xml:2272
msgid ""
"The LDAP attribute that corresponds to the user name that commands may be "
"run as."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2258
+#: sssd-ldap.5.xml:2276
msgid "Default: sudoRunAsUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2264
+#: sssd-ldap.5.xml:2282
msgid "ldap_sudorule_runasgroup (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2267
+#: sssd-ldap.5.xml:2285
msgid ""
"The LDAP attribute that corresponds to the group name or group GID that "
"commands may be run as."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2271
+#: sssd-ldap.5.xml:2289
msgid "Default: sudoRunAsGroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2277
+#: sssd-ldap.5.xml:2295
msgid "ldap_sudorule_notbefore (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2280
+#: sssd-ldap.5.xml:2298
msgid ""
"The LDAP attribute that corresponds to the start date/time for when the sudo "
"rule is valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2284
+#: sssd-ldap.5.xml:2302
msgid "Default: sudoNotBefore"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2290
+#: sssd-ldap.5.xml:2308
msgid "ldap_sudorule_notafter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2293
+#: sssd-ldap.5.xml:2311
msgid ""
"The LDAP attribute that corresponds to the expiration date/time, after which "
"the sudo rule will no longer be valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2298
+#: sssd-ldap.5.xml:2316
msgid "Default: sudoNotAfter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2304
+#: sssd-ldap.5.xml:2322
msgid "ldap_sudorule_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2307
+#: sssd-ldap.5.xml:2325
msgid "The LDAP attribute that corresponds to the ordering index of the rule."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2311
+#: sssd-ldap.5.xml:2329
msgid "Default: sudoOrder"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2317
+#: sssd-ldap.5.xml:2335
msgid "ldap_sudo_full_refresh_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2320
+#: sssd-ldap.5.xml:2338
msgid ""
"How many seconds SSSD will wait between executing a full refresh of sudo "
"rules (which downloads all rules that are stored on the server)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2325
+#: sssd-ldap.5.xml:2343
msgid ""
"The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
"emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2330
+#: sssd-ldap.5.xml:2348
msgid "Default: 21600 (6 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2336
+#: sssd-ldap.5.xml:2354
msgid "ldap_sudo_smart_refresh_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2339
+#: sssd-ldap.5.xml:2357
msgid ""
"How many seconds SSSD has to wait before executing a smart refresh of sudo "
"rules (which downloads all rules that have USN higher than the highest USN "
@@ -5373,101 +5623,101 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2345
+#: sssd-ldap.5.xml:2363
msgid ""
"If USN attributes are not supported by the server, the modifyTimestamp "
"attribute is used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2355
+#: sssd-ldap.5.xml:2373
msgid "ldap_sudo_use_host_filter (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2358
+#: sssd-ldap.5.xml:2376
msgid ""
"If true, SSSD will download only rules that are applicable to this machine "
"(using the IPv4 or IPv6 host/network addresses and hostnames)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2369
+#: sssd-ldap.5.xml:2387
msgid "ldap_sudo_hostnames (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2372
+#: sssd-ldap.5.xml:2390
msgid ""
"Space separated list of hostnames or fully qualified domain names that "
"should be used to filter the rules."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2377
+#: sssd-ldap.5.xml:2395
msgid ""
"If this option is empty, SSSD will try to discover the hostname and the "
"fully qualified domain name automatically."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2382 sssd-ldap.5.xml:2405 sssd-ldap.5.xml:2423
-#: sssd-ldap.5.xml:2441
+#: sssd-ldap.5.xml:2400 sssd-ldap.5.xml:2423 sssd-ldap.5.xml:2441
+#: sssd-ldap.5.xml:2459
msgid ""
"If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
"emphasis> then this option has no effect."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2387 sssd-ldap.5.xml:2410
+#: sssd-ldap.5.xml:2405 sssd-ldap.5.xml:2428
msgid "Default: not specified"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2393
+#: sssd-ldap.5.xml:2411
msgid "ldap_sudo_ip (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2396
+#: sssd-ldap.5.xml:2414
msgid ""
"Space separated list of IPv4 or IPv6 host/network addresses that should be "
"used to filter the rules."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2401
+#: sssd-ldap.5.xml:2419
msgid ""
"If this option is empty, SSSD will try to discover the addresses "
"automatically."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2416
+#: sssd-ldap.5.xml:2434
msgid "ldap_sudo_include_netgroups (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2419
+#: sssd-ldap.5.xml:2437
msgid ""
"If true then SSSD will download every rule that contains a netgroup in "
"sudoHost attribute."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2434
+#: sssd-ldap.5.xml:2452
msgid "ldap_sudo_include_regexp (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2437
+#: sssd-ldap.5.xml:2455
msgid ""
"If true then SSSD will download every rule that contains a wildcard in "
"sudoHost attribute."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2453
+#: sssd-ldap.5.xml:2471
msgid ""
"This manual page only describes attribute name mapping. For detailed "
"explanation of sudo related attribute semantics, see <citerefentry> "
@@ -5476,108 +5726,108 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2463
+#: sssd-ldap.5.xml:2481
msgid "AUTOFS OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2465
+#: sssd-ldap.5.xml:2483
msgid ""
"Some of the defaults for the parameters below are dependent on the LDAP "
"schema."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2471
+#: sssd-ldap.5.xml:2489
msgid "ldap_autofs_map_master_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2474
+#: sssd-ldap.5.xml:2492
msgid "The name of the automount master map in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2477
+#: sssd-ldap.5.xml:2495
msgid "Default: auto.master"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2484
+#: sssd-ldap.5.xml:2502
msgid "ldap_autofs_map_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2487
+#: sssd-ldap.5.xml:2505
msgid "The object class of an automount map entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2490
+#: sssd-ldap.5.xml:2508
msgid "Default: automountMap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2497
+#: sssd-ldap.5.xml:2515
msgid "ldap_autofs_map_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2500
+#: sssd-ldap.5.xml:2518
msgid "The name of an automount map entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2503
+#: sssd-ldap.5.xml:2521
msgid "Default: ou (rfc2307), automountMapName (rfc2307bis, ipa, ad)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2511
+#: sssd-ldap.5.xml:2529
msgid "ldap_autofs_entry_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2514
+#: sssd-ldap.5.xml:2532
msgid ""
"The object class of an automount entry in LDAP. The entry usually "
"corresponds to a mount point."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2519
+#: sssd-ldap.5.xml:2537
msgid "Default: automount"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2526
+#: sssd-ldap.5.xml:2544
msgid "ldap_autofs_entry_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2529 sssd-ldap.5.xml:2544
+#: sssd-ldap.5.xml:2547 sssd-ldap.5.xml:2562
msgid ""
"The key of an automount entry in LDAP. The entry usually corresponds to a "
"mount point."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2533
+#: sssd-ldap.5.xml:2551
msgid "Default: cn (rfc2307), automountKey (rfc2307bis, ipa, ad)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2541
+#: sssd-ldap.5.xml:2559
msgid "ldap_autofs_entry_value (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2548
+#: sssd-ldap.5.xml:2566
msgid "Default: automountInformation"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2469
+#: sssd-ldap.5.xml:2487
msgid ""
"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
@@ -5586,32 +5836,32 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2558
+#: sssd-ldap.5.xml:2576
msgid "ADVANCED OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2565
+#: sssd-ldap.5.xml:2583
msgid "ldap_netgroup_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2570
+#: sssd-ldap.5.xml:2588
msgid "ldap_user_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2575
+#: sssd-ldap.5.xml:2593
msgid "ldap_group_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><note>
-#: sssd-ldap.5.xml:2580
+#: sssd-ldap.5.xml:2598
msgid "<note>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para>
-#: sssd-ldap.5.xml:2582
+#: sssd-ldap.5.xml:2600
msgid ""
"If the option <quote>ldap_use_tokengroups</quote> is enabled. The searches "
"against Active Directory will not be restricted and return all groups "
@@ -5620,22 +5870,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist>
-#: sssd-ldap.5.xml:2589
+#: sssd-ldap.5.xml:2607
msgid "</note>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2591
+#: sssd-ldap.5.xml:2609
msgid "ldap_sudo_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2596
+#: sssd-ldap.5.xml:2614
msgid "ldap_autofs_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2560
+#: sssd-ldap.5.xml:2578
msgid ""
"These options are supported by LDAP domains, but they should be used with "
"caution. Please include them in your configuration only if you know what you "
@@ -5644,7 +5894,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2613
+#: sssd-ldap.5.xml:2631
msgid ""
"The following example assumes that SSSD is correctly configured and LDAP is "
"set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -5652,7 +5902,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2619
+#: sssd-ldap.5.xml:2637
#, no-wrap
msgid ""
"[domain/LDAP]\n"
@@ -5665,26 +5915,26 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: sssd-ldap.5.xml:2618 sssd-ldap.5.xml:2636 sssd-simple.5.xml:139
-#: sssd-ipa.5.xml:725 sssd-ad.5.xml:897 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98
+#: sssd-ldap.5.xml:2636 sssd-ldap.5.xml:2654 sssd-simple.5.xml:139
+#: sssd-ipa.5.xml:725 sssd-ad.5.xml:973 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98
#: sssd-krb5.5.xml:573 include/ldap_id_mapping.xml:105
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2630
+#: sssd-ldap.5.xml:2648
msgid "LDAP ACCESS FILTER EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2632
+#: sssd-ldap.5.xml:2650
msgid ""
"The following example assumes that SSSD is correctly configured and to use "
"the ldap_access_order=lockout."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2637
+#: sssd-ldap.5.xml:2655
#, no-wrap
msgid ""
"[domain/LDAP]\n"
@@ -5700,13 +5950,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2652 sssd_krb5_locator_plugin.8.xml:61
-#: sssd-simple.5.xml:148 sssd-ad.5.xml:912 sssd.8.xml:195 sss_seed.8.xml:163
+#: sssd-ldap.5.xml:2670 sssd_krb5_locator_plugin.8.xml:61
+#: sssd-simple.5.xml:148 sssd-ad.5.xml:988 sssd.8.xml:195 sss_seed.8.xml:163
msgid "NOTES"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2654
+#: sssd-ldap.5.xml:2672
msgid ""
"The descriptions of some of the configuration options in this manual page "
"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -5743,11 +5993,12 @@ msgid ""
"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </"
"arg> <arg choice='opt'> <replaceable>ignore_unknown_user</replaceable> </"
"arg> <arg choice='opt'> <replaceable>ignore_authinfo_unavail</replaceable> </"
-"arg> <arg choice='opt'> <replaceable>domains=X</replaceable> </arg>"
+"arg> <arg choice='opt'> <replaceable>domains=X</replaceable> </arg> <arg "
+"choice='opt'> <replaceable>allow_missing_name</replaceable> </arg>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:54
+#: pam_sss.8.xml:57
msgid ""
"<command>pam_sss.so</command> is the PAM interface to the System Security "
"Services daemon (SSSD). Errors and results are logged through "
@@ -5755,34 +6006,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:64
+#: pam_sss.8.xml:67
msgid "<option>quiet</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:67
+#: pam_sss.8.xml:70
msgid "Suppress log messages for unknown users."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:72
+#: pam_sss.8.xml:75
msgid "<option>forward_pass</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:75
+#: pam_sss.8.xml:78
msgid ""
"If <option>forward_pass</option> is set the entered password is put on the "
"stack for other PAM modules to use."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:82
+#: pam_sss.8.xml:85
msgid "<option>use_first_pass</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:85
+#: pam_sss.8.xml:88
msgid ""
"The argument use_first_pass forces the module to use a previous stacked "
"modules password and will never prompt the user - if no password is "
@@ -5790,31 +6041,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:93
+#: pam_sss.8.xml:96
msgid "<option>use_authtok</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:96
+#: pam_sss.8.xml:99
msgid ""
"When password changing enforce the module to set the new password to the one "
"provided by a previously stacked password module."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:103
+#: pam_sss.8.xml:106
msgid "<option>retry=N</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:106
+#: pam_sss.8.xml:109
msgid ""
"If specified the user is asked another N times for a password if "
"authentication fails. Default is 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:108
+#: pam_sss.8.xml:111
msgid ""
"Please note that this option might not work as expected if the application "
"calling PAM handles the user dialog on its own. A typical example is "
@@ -5822,36 +6073,36 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:117
+#: pam_sss.8.xml:120
msgid "<option>ignore_unknown_user</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:120
+#: pam_sss.8.xml:123
msgid ""
"If this option is specified and the user does not exist, the PAM module will "
"return PAM_IGNORE. This causes the PAM framework to ignore this module."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:127
+#: pam_sss.8.xml:130
msgid "<option>ignore_authinfo_unavail</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:131
+#: pam_sss.8.xml:134
msgid ""
"Specifies that the PAM module should return PAM_IGNORE if it cannot contact "
"the SSSD daemon. This causes the PAM framework to ignore this module."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:138
+#: pam_sss.8.xml:141
msgid "<option>domains</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:142
+#: pam_sss.8.xml:145
msgid ""
"Allows the administrator to restrict the domains a particular PAM service is "
"allowed to authenticate against. The format is a comma-separated list of "
@@ -5859,7 +6110,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:148
+#: pam_sss.8.xml:151
msgid ""
"NOTE: Must be used in conjunction with the <quote>pam_trusted_users</quote> "
"and <quote>pam_public_domains</quote> options. Please see the "
@@ -5868,25 +6119,56 @@ msgid ""
"responder options."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:165
+msgid "<option>allow_missing_name</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:169
+msgid ""
+"The main purpose of this option is to let SSSD determine the user name based "
+"on additional information, e.g. the certificate from a Smartcard."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
+#: pam_sss.8.xml:179
+#, no-wrap
+msgid ""
+" auth sufficient pam_sss.so allow_missing_name\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:174
+msgid ""
+"The current use case are login managers which can monitor a Smartcard reader "
+"for card events. In case a Smartcard is inserted the login manager will call "
+"a PAM stack which includes a line like <placeholder type=\"programlisting\" "
+"id=\"0\"/> In this case SSSD will try to determine the user name based on "
+"the content of the Smartcard, returns it to pam_sss which will finally put "
+"it on the PAM stack."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:164
+#: pam_sss.8.xml:191
msgid "MODULE TYPES PROVIDED"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:165
+#: pam_sss.8.xml:192
msgid ""
"All module types (<option>account</option>, <option>auth</option>, "
"<option>password</option> and <option>session</option>) are provided."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:171
+#: pam_sss.8.xml:198
msgid "FILES"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:172
+#: pam_sss.8.xml:199
msgid ""
"If a password reset by root fails, because the corresponding SSSD provider "
"does not support password resets, an individual message can be displayed. "
@@ -5894,7 +6176,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:177
+#: pam_sss.8.xml:204
msgid ""
"The message is read from the file <filename>pam_sss_pw_reset_message.LOC</"
"filename> where LOC stands for a locale string returned by <citerefentry> "
@@ -5906,7 +6188,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:187
+#: pam_sss.8.xml:214
msgid ""
"These files are searched in the directory <filename>/etc/sssd/customize/"
"DOMAIN_NAME/</filename>. If no matching file is present a generic message is "
@@ -6065,7 +6347,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:89
+#: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:90
msgid ""
"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -6213,7 +6495,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:116 sssd-ad.5.xml:714
+#: sssd-ipa.5.xml:116 sssd-ad.5.xml:790
msgid "dyndns_update (boolean)"
msgstr ""
@@ -6221,14 +6503,14 @@ msgstr ""
#: sssd-ipa.5.xml:119
msgid ""
"Optional. This option tells SSSD to automatically update the DNS server "
-"built into FreeIPA v2 with the IP address of this client. The update is "
-"secured using GSS-TSIG. The IP address of the IPA LDAP connection is used "
-"for the updates, if it is not otherwise specified by using the "
-"<quote>dyndns_iface</quote> option."
+"built into FreeIPA with the IP address of this client. The update is secured "
+"using GSS-TSIG. The IP address of the IPA LDAP connection is used for the "
+"updates, if it is not otherwise specified by using the <quote>dyndns_iface</"
+"quote> option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:128 sssd-ad.5.xml:728
+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:804
msgid ""
"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
"the default Kerberos realm must be set properly in /etc/krb5.conf"
@@ -6243,12 +6525,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:145 sssd-ad.5.xml:739
+#: sssd-ipa.5.xml:145 sssd-ad.5.xml:815
msgid "dyndns_ttl (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:148 sssd-ad.5.xml:742
+#: sssd-ipa.5.xml:148 sssd-ad.5.xml:818
msgid ""
"The TTL to apply to the client DNS record when updating it. If "
"dyndns_update is false this has no effect. This will override the TTL "
@@ -6269,12 +6551,12 @@ msgid "Default: 1200 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:165 sssd-ad.5.xml:753
+#: sssd-ipa.5.xml:165 sssd-ad.5.xml:829
msgid "dyndns_iface (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168 sssd-ad.5.xml:756
+#: sssd-ipa.5.xml:168 sssd-ad.5.xml:832
msgid ""
"Optional. Applicable only when dyndns_update is true. Choose the interface "
"or a list of interfaces whose IP addresses should be used for dynamic DNS "
@@ -6298,7 +6580,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:185 sssd-ad.5.xml:767
+#: sssd-ipa.5.xml:185 sssd-ad.5.xml:843
msgid "Example: dyndns_iface = em1, vnet1, vnet2"
msgstr ""
@@ -6308,7 +6590,7 @@ msgid "ipa_enable_dns_sites (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:194 sssd-ad.5.xml:152
+#: sssd-ipa.5.xml:194 sssd-ad.5.xml:160
msgid "Enables DNS sites - location based service discovery."
msgstr ""
@@ -6325,12 +6607,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:217 sssd-ad.5.xml:773
+#: sssd-ipa.5.xml:217 sssd-ad.5.xml:849
msgid "dyndns_refresh_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:220 sssd-ad.5.xml:776
+#: sssd-ipa.5.xml:220 sssd-ad.5.xml:852
msgid ""
"How often should the back end perform periodic DNS update in addition to the "
"automatic update performed when the back end goes online. This option is "
@@ -6338,12 +6620,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:233 sssd-ad.5.xml:789
+#: sssd-ipa.5.xml:233 sssd-ad.5.xml:865
msgid "dyndns_update_ptr (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:236 sssd-ad.5.xml:792
+#: sssd-ipa.5.xml:236 sssd-ad.5.xml:868
msgid ""
"Whether the PTR record should also be explicitly updated when updating the "
"client's DNS records. Applicable only when dyndns_update is true."
@@ -6362,50 +6644,50 @@ msgid "Default: False (disabled)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:253 sssd-ad.5.xml:803
+#: sssd-ipa.5.xml:253 sssd-ad.5.xml:879
msgid "dyndns_force_tcp (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:256 sssd-ad.5.xml:806
+#: sssd-ipa.5.xml:256 sssd-ad.5.xml:882
msgid ""
"Whether the nsupdate utility should default to using TCP for communicating "
"with the DNS server."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:260 sssd-ad.5.xml:810
+#: sssd-ipa.5.xml:260 sssd-ad.5.xml:886
msgid "Default: False (let nsupdate choose the protocol)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:266 sssd-ad.5.xml:816
+#: sssd-ipa.5.xml:266 sssd-ad.5.xml:892
msgid "dyndns_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:269 sssd-ad.5.xml:819
+#: sssd-ipa.5.xml:269 sssd-ad.5.xml:895
msgid ""
"The DNS server to use when performing a DNS update. In most setups, it's "
"recommended to leave this option unset."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:274 sssd-ad.5.xml:824
+#: sssd-ipa.5.xml:274 sssd-ad.5.xml:900
msgid ""
"Setting this option makes sense for environments where the DNS server is "
"different from the identity server."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:279 sssd-ad.5.xml:829
+#: sssd-ipa.5.xml:279 sssd-ad.5.xml:905
msgid ""
"Please note that this option will be only used in fallback attempt when "
"previous attempt using autodetected settings failed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:284 sssd-ad.5.xml:834
+#: sssd-ipa.5.xml:284 sssd-ad.5.xml:910
msgid "Default: None (let nsupdate choose the server)"
msgstr ""
@@ -6515,7 +6797,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:408 sssd-ad.5.xml:855
+#: sssd-ipa.5.xml:408 sssd-ad.5.xml:931
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
@@ -6589,26 +6871,26 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:480 sssd-ad.5.xml:862
+#: sssd-ipa.5.xml:480 sssd-ad.5.xml:938
msgid "krb5_confd_path (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:483 sssd-ad.5.xml:865
+#: sssd-ipa.5.xml:483 sssd-ad.5.xml:941
msgid ""
"Absolute path of a directory where SSSD should place Kerberos configuration "
"snippets."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:487 sssd-ad.5.xml:869
+#: sssd-ipa.5.xml:487 sssd-ad.5.xml:945
msgid ""
"To disable the creation of the configuration snippets set the parameter to "
"'none'."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:491 sssd-ad.5.xml:873
+#: sssd-ipa.5.xml:491 sssd-ad.5.xml:949
msgid ""
"Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
msgstr ""
@@ -6627,7 +6909,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:508 sssd-ipa.5.xml:524 sssd-ad.5.xml:347
+#: sssd-ipa.5.xml:508 sssd-ipa.5.xml:524 sssd-ad.5.xml:355
msgid "Default: 5 (seconds)"
msgstr ""
@@ -6925,13 +7207,14 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ad.5.xml:45
msgid ""
-"The AD provider is able to provide identity information and authentication "
-"for entities from trusted domains as well. Currently only trusted domains in "
-"the same forest are recognized."
+"The AD provider can be used to get user information and authenticate users "
+"from trusted domains. Currently only trusted domains in the same forest are "
+"recognized. In addition servers from trusted domains are always auto-"
+"discovered."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:50
+#: sssd-ad.5.xml:51
msgid ""
"The AD provider accepts the same options used by the <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -6941,15 +7224,15 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:62
+#: sssd-ad.5.xml:63
msgid ""
"However, it is neither necessary nor recommended to set these options. The "
-"AD provider can also be used as an access, chpass and sudo provider. No "
-"configuration of the access provider is required on the client side."
+"AD provider can also be used as an access, chpass, sudo and autofs provider. "
+"No configuration of the access provider is required on the client side."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:74
+#: sssd-ad.5.xml:75
#, no-wrap
msgid ""
"ldap_id_mapping = False\n"
@@ -6957,7 +7240,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:68
+#: sssd-ad.5.xml:69
msgid ""
"By default, the AD provider will map UID and GID values from the objectSID "
"parameter in Active Directory. For details on this, see the <quote>ID "
@@ -6970,7 +7253,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:81
+#: sssd-ad.5.xml:82
msgid ""
"Users, groups and other entities served by SSSD are always treated as case-"
"insensitive in the AD provider for compatibility with Active Directory's "
@@ -6978,53 +7261,65 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:96
+#: sssd-ad.5.xml:97
msgid "ad_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:99
+#: sssd-ad.5.xml:100
msgid ""
"Specifies the name of the Active Directory domain. This is optional. If not "
"provided, the configuration domain name is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:104
+#: sssd-ad.5.xml:105
msgid ""
"For proper operation, this option should be specified as the lower-case "
"version of the long version of the Active Directory domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:109
+#: sssd-ad.5.xml:110
msgid ""
"The short domain name (also known as the NetBIOS or the flat name) is "
"autodetected by the SSSD."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:116
+#: sssd-ad.5.xml:117
msgid "ad_server, ad_backup_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:119
+#: sssd-ad.5.xml:120
msgid ""
"The comma-separated list of hostnames of the AD servers to which SSSD should "
"connect in order of preference. For more information on failover and server "
-"redundancy, see the <quote>FAILOVER</quote> section. This is optional if "
-"autodiscovery is enabled. For more information on service discovery, refer "
-"to the <quote>SERVICE DISCOVERY</quote> section."
+"redundancy, see the <quote>FAILOVER</quote> section."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:127
+msgid ""
+"This is optional if autodiscovery is enabled. For more information on "
+"service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ad.5.xml:132
+msgid ""
+"Note: Trusted domains will always auto-discover servers even if the primary "
+"server is explicitly defined in the ad_server option."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:140
msgid "ad_hostname (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:135
+#: sssd-ad.5.xml:143
msgid ""
"Optional. May be set on machines where the hostname(5) does not reflect the "
"fully qualified name used in the Active Directory domain to identify this "
@@ -7032,19 +7327,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:141
+#: sssd-ad.5.xml:149
msgid ""
"This field is used to determine the host principal in use in the keytab. It "
"must match the hostname for which the keytab was issued."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:149
+#: sssd-ad.5.xml:157
msgid "ad_enable_dns_sites (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:156
+#: sssd-ad.5.xml:164
msgid ""
"If true and service discovery (see Service Discovery paragraph at the bottom "
"of the man page) is enabled, the SSSD will first attempt to discover the "
@@ -7055,12 +7350,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:172
+#: sssd-ad.5.xml:180
msgid "ad_access_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:175
+#: sssd-ad.5.xml:183
msgid ""
"This option specifies LDAP access control filter that the user must match in "
"order to be allowed access. Please note that the <quote>access_provider</"
@@ -7069,7 +7364,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:183
+#: sssd-ad.5.xml:191
msgid ""
"The option also supports specifying different filters per domain or forest. "
"This extended filter would consist of: <quote>KEYWORD:NAME:FILTER</quote>. "
@@ -7078,7 +7373,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:191
+#: sssd-ad.5.xml:199
msgid ""
"If the keyword equals to <quote>DOM</quote> or is missing, then <quote>NAME</"
"quote> specifies the domain or subdomain the filter applies to. If the "
@@ -7087,14 +7382,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:199
+#: sssd-ad.5.xml:207
msgid ""
"Multiple filters can be separated with the <quote>?</quote> character, "
"similarly to how search bases work."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:204
+#: sssd-ad.5.xml:212
msgid ""
"The most specific match is always used. For example, if the option specified "
"filter for a domain the user is a member of and a global filter, the per-"
@@ -7103,7 +7398,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ad.5.xml:215
+#: sssd-ad.5.xml:223
#, no-wrap
msgid ""
"# apply filter on domain called dom1 only:\n"
@@ -7118,29 +7413,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:225 sssd-ad.5.xml:239
+#: sssd-ad.5.xml:233 sssd-ad.5.xml:247
msgid "Default: Not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:231
+#: sssd-ad.5.xml:239
msgid "ad_site (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:234
+#: sssd-ad.5.xml:242
msgid ""
"Specify AD site to which client should try to connect. If this option is "
"not provided, the AD site will be auto-discovered."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:245
+#: sssd-ad.5.xml:253
msgid "ad_enable_gc (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:248
+#: sssd-ad.5.xml:256
msgid ""
"By default, the SSSD connects to the Global Catalog first to retrieve users "
"from trusted domains and uses the LDAP port to retrieve group memberships or "
@@ -7149,7 +7444,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:256
+#: sssd-ad.5.xml:264
msgid ""
"Please note that disabling Global Catalog support does not disable "
"retrieving users from trusted domains. The SSSD would connect to the LDAP "
@@ -7158,12 +7453,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:270
+#: sssd-ad.5.xml:278
msgid "ad_gpo_access_control (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:273
+#: sssd-ad.5.xml:281
msgid ""
"This option specifies the operation mode for GPO-based access control "
"functionality: whether it operates in disabled mode, enforcing mode, or "
@@ -7173,14 +7468,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:282
+#: sssd-ad.5.xml:290
msgid ""
"GPO-based access control functionality uses GPO policy settings to determine "
"whether or not a particular user is allowed to logon to a particular host."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:288
+#: sssd-ad.5.xml:296
msgid ""
"NOTE: If the operation mode is set to enforcing, it is possible that users "
"that were previously allowed logon access will now be denied logon access "
@@ -7193,23 +7488,23 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:301
+#: sssd-ad.5.xml:309
msgid "There are three supported values for this option:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:305
+#: sssd-ad.5.xml:313
msgid ""
"disabled: GPO-based access control rules are neither evaluated nor enforced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:311
+#: sssd-ad.5.xml:319
msgid "enforcing: GPO-based access control rules are evaluated and enforced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:317
+#: sssd-ad.5.xml:325
msgid ""
"permissive: GPO-based access control rules are evaluated, but not enforced. "
"Instead, a syslog message will be emitted indicating that the user would "
@@ -7217,22 +7512,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:328
+#: sssd-ad.5.xml:336
msgid "Default: permissive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:331
+#: sssd-ad.5.xml:339
msgid "Default: enforcing"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:337
+#: sssd-ad.5.xml:345
msgid "ad_gpo_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:340
+#: sssd-ad.5.xml:348
msgid ""
"The amount of time between lookups of GPO policy files against the AD "
"server. This will reduce the latency and load on the AD server if there are "
@@ -7240,12 +7535,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:353
+#: sssd-ad.5.xml:361
msgid "ad_gpo_map_interactive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:356
+#: sssd-ad.5.xml:364
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the InteractiveLogonRight and "
@@ -7253,14 +7548,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:362
+#: sssd-ad.5.xml:370
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on locally\" and \"Deny log on locally\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:376
+#: sssd-ad.5.xml:384
#, no-wrap
msgid ""
"ad_gpo_map_interactive = +my_pam_service, -login\n"
@@ -7268,7 +7563,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:367
+#: sssd-ad.5.xml:375
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7280,53 +7575,78 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:380 sssd-ad.5.xml:451 sssd-ad.5.xml:492 sssd-ad.5.xml:537
-#: sssd-ad.5.xml:603
+#: sssd-ad.5.xml:388 sssd-ad.5.xml:484 sssd-ad.5.xml:530 sssd-ad.5.xml:575
+#: sssd-ad.5.xml:641
msgid "Default: the default set of PAM service names includes:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:384
+#: sssd-ad.5.xml:392
msgid "login"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:389
+#: sssd-ad.5.xml:397
msgid "su"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:394
+#: sssd-ad.5.xml:402
msgid "su-l"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:399
+#: sssd-ad.5.xml:407
msgid "gdm-fingerprint"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:404
+#: sssd-ad.5.xml:412
msgid "gdm-password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:409
+#: sssd-ad.5.xml:417
msgid "gdm-smartcard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:414
+#: sssd-ad.5.xml:422
msgid "kdm"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:427
+msgid "lightdm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:432
+msgid "lxdm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:437
+msgid "sddm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:442
+msgid "unity"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:447
+msgid "xdm"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:423
+#: sssd-ad.5.xml:456
msgid "ad_gpo_map_remote_interactive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:426
+#: sssd-ad.5.xml:459
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the RemoteInteractiveLogonRight and "
@@ -7334,7 +7654,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:432
+#: sssd-ad.5.xml:465
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on through Remote Desktop Services\" and \"Deny log on through Remote "
@@ -7342,7 +7662,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:447
+#: sssd-ad.5.xml:480
#, no-wrap
msgid ""
"ad_gpo_map_remote_interactive = +my_pam_service, -sshd\n"
@@ -7350,7 +7670,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:438
+#: sssd-ad.5.xml:471
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7362,17 +7682,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:455
+#: sssd-ad.5.xml:488
msgid "sshd"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:493
+msgid "cockpit"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:464
+#: sssd-ad.5.xml:502
msgid "ad_gpo_map_network (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:467
+#: sssd-ad.5.xml:505
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the NetworkLogonRight and "
@@ -7380,7 +7705,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:473
+#: sssd-ad.5.xml:511
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Access "
"this computer from the network\" and \"Deny access to this computer from the "
@@ -7388,7 +7713,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:488
+#: sssd-ad.5.xml:526
#, no-wrap
msgid ""
"ad_gpo_map_network = +my_pam_service, -ftp\n"
@@ -7396,7 +7721,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:479
+#: sssd-ad.5.xml:517
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7408,22 +7733,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:496
+#: sssd-ad.5.xml:534
msgid "ftp"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:501
+#: sssd-ad.5.xml:539
msgid "samba"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:510
+#: sssd-ad.5.xml:548
msgid "ad_gpo_map_batch (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:513
+#: sssd-ad.5.xml:551
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the BatchLogonRight and DenyBatchLogonRight "
@@ -7431,14 +7756,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:519
+#: sssd-ad.5.xml:557
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on as a batch job\" and \"Deny log on as a batch job\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:533
+#: sssd-ad.5.xml:571
#, no-wrap
msgid ""
"ad_gpo_map_batch = +my_pam_service, -crond\n"
@@ -7446,7 +7771,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:524
+#: sssd-ad.5.xml:562
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7458,17 +7783,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:541
+#: sssd-ad.5.xml:579
msgid "crond"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:550
+#: sssd-ad.5.xml:588
msgid "ad_gpo_map_service (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:553
+#: sssd-ad.5.xml:591
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the ServiceLogonRight and "
@@ -7476,14 +7801,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:559
+#: sssd-ad.5.xml:597
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on as a service\" and \"Deny log on as a service\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:572
+#: sssd-ad.5.xml:610
#, no-wrap
msgid ""
"ad_gpo_map_service = +my_pam_service\n"
@@ -7491,7 +7816,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:564 sssd-ad.5.xml:634
+#: sssd-ad.5.xml:602 sssd-ad.5.xml:677
msgid ""
"It is possible to add a PAM service name to the default set by using <quote>"
"+service_name</quote>. Since the default set is empty, it is not possible "
@@ -7502,19 +7827,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:582
+#: sssd-ad.5.xml:620
msgid "ad_gpo_map_permit (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:585
+#: sssd-ad.5.xml:623
msgid ""
"A comma-separated list of PAM service names for which GPO-based access is "
"always granted, regardless of any GPO Logon Rights."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:599
+#: sssd-ad.5.xml:637
#, no-wrap
msgid ""
"ad_gpo_map_permit = +my_pam_service, -sudo\n"
@@ -7522,7 +7847,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:590
+#: sssd-ad.5.xml:628
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7534,34 +7859,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:607
+#: sssd-ad.5.xml:645
+msgid "polkit-1"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:650
msgid "sudo"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:612
+#: sssd-ad.5.xml:655
msgid "sudo-i"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:617
+#: sssd-ad.5.xml:660
msgid "systemd-user"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:626
+#: sssd-ad.5.xml:669
msgid "ad_gpo_map_deny (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:629
+#: sssd-ad.5.xml:672
msgid ""
"A comma-separated list of PAM service names for which GPO-based access is "
"always denied, regardless of any GPO Logon Rights."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:642
+#: sssd-ad.5.xml:685
#, no-wrap
msgid ""
"ad_gpo_map_deny = +my_pam_service\n"
@@ -7569,12 +7899,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:652
+#: sssd-ad.5.xml:695
msgid "ad_gpo_default_right (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:655
+#: sssd-ad.5.xml:698
msgid ""
"This option defines how access control is evaluated for PAM service names "
"that are not explicitly listed in one of the ad_gpo_map_* options. This "
@@ -7587,52 +7917,90 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:668
+#: sssd-ad.5.xml:711
msgid "Supported values for this option include:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:672
+#: sssd-ad.5.xml:715
msgid "interactive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:677
+#: sssd-ad.5.xml:720
msgid "remote_interactive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:682
+#: sssd-ad.5.xml:725
msgid "network"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:687
+#: sssd-ad.5.xml:730
msgid "batch"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:692
+#: sssd-ad.5.xml:735
msgid "service"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:697
+#: sssd-ad.5.xml:740
msgid "permit"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:702
+#: sssd-ad.5.xml:745
msgid "deny"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:708
+#: sssd-ad.5.xml:751
msgid "Default: deny"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:757
+msgid "ad_maximum_machine_account_password_age (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:760
+msgid ""
+"SSSD will check once a day if the machine account password is older than the "
+"given age in days and try to renew it. A value of 0 will disable the renewal "
+"attempt."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:766
+msgid "Default: 30 days"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:772
+msgid "ad_machine_account_password_renewal_opts (string)"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:717
+#: sssd-ad.5.xml:775
+msgid ""
+"This option should only be used to test the machine account renewal task. "
+"The option expect 2 integers seperated by a colon (':'). The first integer "
+"defines the interval in seconds how often the task is run. The second "
+"specifies the inital timeout in seconds before the task is run for the first "
+"time after startup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:784
+msgid "Default: 86400:750 (24h and 15m)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:793
msgid ""
"Optional. This option tells SSSD to automatically update the Active "
"Directory DNS server with the IP address of this client. The update is "
@@ -7643,36 +8011,36 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:747
+#: sssd-ad.5.xml:823
msgid "Default: 3600 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:763
+#: sssd-ad.5.xml:839
msgid ""
"Default: Use the IP addresses of the interface which is used for AD LDAP "
"connection"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:797 sss_rpcidmapd.5.xml:76
+#: sssd-ad.5.xml:873 sss_rpcidmapd.5.xml:76
msgid "Default: True"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:843 sssd-krb5.5.xml:505
+#: sssd-ad.5.xml:919 sssd-krb5.5.xml:505
msgid "krb5_use_enterprise_principal (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:846 sssd-krb5.5.xml:508
+#: sssd-ad.5.xml:922 sssd-krb5.5.xml:508
msgid ""
"Specifies if the user principal should be treated as enterprise principal. "
"See section 5 of RFC 6806 for more details about enterprise principals."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:891
+#: sssd-ad.5.xml:967
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -7680,7 +8048,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:898
+#: sssd-ad.5.xml:974
#, no-wrap
msgid ""
"[domain/EXAMPLE]\n"
@@ -7695,7 +8063,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:918
+#: sssd-ad.5.xml:994
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -7704,7 +8072,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:914
+#: sssd-ad.5.xml:990
msgid ""
"The AD access control provider checks if the account is expired. It has the "
"same effect as the following configuration of the LDAP provider: "
@@ -7712,7 +8080,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:924
+#: sssd-ad.5.xml:1000
msgid ""
"However, unless the <quote>ad</quote> access control provider is explicitly "
"configured, the default access provider is <quote>permit</quote>. Please "
@@ -7721,6 +8089,14 @@ msgid ""
"encryption details) manually."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ad.5.xml:1008
+msgid ""
+"When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema "
+"attribute mapping (nisMap, nisObject, ...) is used, because these attributes "
+"are included in the default Active Directory schema."
+msgstr ""
+
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16
msgid "sssd-sudo"
@@ -8179,7 +8555,7 @@ msgid "The password to obfuscate will be read from standard input."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:80
+#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:70
#: sss_ssh_knownhostsproxy.1.xml:78
msgid ""
"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
@@ -8246,17 +8622,22 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_override.8.xml:37
msgid ""
-"Overrides data are stored in SSSD cache. If the cache is deleted all local "
-"overrides are lost."
+"Overrides data are stored in the SSSD cache. If the cache is deleted, all "
+"local overrides are lost. Please note that after the first override is "
+"created using any of the following <emphasis>user-add</emphasis>, "
+"<emphasis>group-add</emphasis>, <emphasis>user-import</emphasis> or "
+"<emphasis>group-import</emphasis> command. SSSD needs to be restarted to "
+"take effect. <emphasis>sss_override</emphasis> prints message when a "
+"restart is required."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_override.8.xml:43
+#: sss_override.8.xml:50
msgid "AVAILABLE COMMANDS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_override.8.xml:45
+#: sss_override.8.xml:52
msgid ""
"Argument <emphasis>NAME</emphasis> is the name of original object in all "
"commands. It is not possible to override <emphasis>uid</emphasis> or "
@@ -8264,50 +8645,82 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:52
+#: sss_override.8.xml:59
msgid ""
"<option>user-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--"
"name</option> NAME</optional> <optional><option>-u,--uid</option> UID</"
"optional> <optional><option>-g,--gid</option> GID</optional> "
"<optional><option>-h,--home</option> HOME</optional> <optional><option>-s,--"
"shell</option> SHELL</optional> <optional><option>-c,--gecos</option> GECOS</"
-"optional>"
+"optional> <optional><option>-x,--certificate</option> BASE64 ENCODED "
+"CERTIFICATE</optional>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:63
-msgid "Override attributes of an user."
+#: sss_override.8.xml:72
+msgid ""
+"Override attributes of an user. Please be aware that calling this command "
+"will replace any previous override for the (NAMEd) user."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:69
+#: sss_override.8.xml:80
msgid "<option>user-del</option> <emphasis>NAME</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:74
-msgid "Remove user overrides."
+#: sss_override.8.xml:85
+msgid ""
+"Remove user overrides. However be aware that overridden attributes might be "
+"returned from memory cache. Please see SSSD option "
+"<emphasis>memcache_timeout</emphasis> for more details."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:80
+#: sss_override.8.xml:94
+#, fuzzy
+#| msgid "<option>-h</option>,<option>--help</option>"
+msgid ""
+"<option>user-find</option> <optional><option>-d,--domain</option> DOMAIN</"
+"optional>"
+msgstr "<option>-h</option>,<option>--help</option>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:99
+msgid ""
+"List all users with set overrides. If <emphasis>DOMAIN</emphasis> parameter "
+"is set, only users from the domain are listed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:107
+msgid "<option>user-show</option> <emphasis>NAME</emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:112
+msgid "Show user overrides."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:118
msgid "<option>user-import</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:85
+#: sss_override.8.xml:123
msgid ""
"Import user overrides from <emphasis>FILE</emphasis>. Data format is "
"similar to standard passwd file. The format is:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:90
-msgid "original_name:name:uid:gid:gecos:home:shell"
+#: sss_override.8.xml:128
+msgid "original_name:name:uid:gid:gecos:home:shell:base64_encoded_certificate"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:93
+#: sss_override.8.xml:131
msgid ""
"where original_name is original name of the user whose attributes should be "
"overridden. The rest of fields correspond to new values. You can omit a "
@@ -8315,29 +8728,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:102
+#: sss_override.8.xml:140
msgid "ckent:superman::::::"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:105
-msgid "ckent@krypton.com::501:501:Superman:/home/earth:/bin/bash"
+#: sss_override.8.xml:143
+msgid "ckent@krypton.com::501:501:Superman:/home/earth:/bin/bash:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:111
+#: sss_override.8.xml:149
msgid "<option>user-export</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:116
+#: sss_override.8.xml:154
msgid ""
"Export all overridden attributes and store them in <emphasis>FILE</"
"emphasis>. See <emphasis>user-import</emphasis> for data format."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:124
+#: sss_override.8.xml:162
msgid ""
"<option>group-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--"
"name</option> NAME</optional> <optional><option>-g,--gid</option> GID</"
@@ -8345,39 +8758,68 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:131
-msgid "Override attributes of a group."
+#: sss_override.8.xml:169
+msgid ""
+"Override attributes of a group. Please be aware that calling this command "
+"will replace any previous override for the (NAMEd) group."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:137
+#: sss_override.8.xml:177
msgid "<option>group-del</option> <emphasis>NAME</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:142
-msgid "Remove group overrides."
+#: sss_override.8.xml:182
+msgid ""
+"Remove group overrides. However be aware that overridden attributes might be "
+"returned from memory cache. Please see SSSD option "
+"<emphasis>memcache_timeout</emphasis> for more details."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:191
+msgid ""
+"<option>group-find</option> <optional><option>-d,--domain</option> DOMAIN</"
+"optional>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:196
+msgid ""
+"List all groups with set overrides. If <emphasis>DOMAIN</emphasis> "
+"parameter is set, only groups from the domain are listed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:204
+msgid "<option>group-show</option> <emphasis>NAME</emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:209
+msgid "Show group overrides."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:148
+#: sss_override.8.xml:215
msgid "<option>group-import</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:153
+#: sss_override.8.xml:220
msgid ""
"Import group overrides from <emphasis>FILE</emphasis>. Data format is "
"similar to standard group file. The format is:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:158
+#: sss_override.8.xml:225
msgid "original_name:name:gid"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:161
+#: sss_override.8.xml:228
msgid ""
"where original_name is original name of the group whose attributes should be "
"overridden. The rest of fields correspond to new values. You can omit a "
@@ -8385,41 +8827,41 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:170
+#: sss_override.8.xml:237
msgid "admins:administrators:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:173
+#: sss_override.8.xml:240
msgid "Domain Users:Users:501"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:179
+#: sss_override.8.xml:246
msgid "<option>group-export</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:184
+#: sss_override.8.xml:251
msgid ""
"Export all overridden attributes and store them in <emphasis>FILE</"
"emphasis>. See <emphasis>group-import</emphasis> for data format."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_override.8.xml:194
+#: sss_override.8.xml:261
#, fuzzy
#| msgid "OPTIONS"
msgid "COMMON OPTIONS"
msgstr "VOLBY"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_override.8.xml:196
+#: sss_override.8.xml:263
msgid "Those options are available with all commands."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:201
+#: sss_override.8.xml:268
msgid "<option>--debug</option> <replaceable>LEVEL</replaceable>"
msgstr ""
@@ -9565,13 +10007,41 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_cache.8.xml:185
+#, fuzzy
+#| msgid "<option>-h</option>,<option>--help</option>"
+msgid ""
+"<option>-r</option>,<option>--sudo-rule</option> <replaceable>rule</"
+"replaceable>"
+msgstr "<option>-h</option>,<option>--help</option>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:190
+msgid "Invalidate particular sudo rule."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:196
+#, fuzzy
+#| msgid "<option>-h</option>,<option>--help</option>"
+msgid "<option>-R</option>,<option>--sudo-rules</option>"
+msgstr "<option>-h</option>,<option>--help</option>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:200
+msgid ""
+"Invalidate all cached sudo rules. This option overrides invalidation of "
+"specific sudo rule if it was also set."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:208
msgid ""
"<option>-d</option>,<option>--domain</option> <replaceable>domain</"
"replaceable>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_cache.8.xml:190
+#: sss_cache.8.xml:213
msgid "Restrict invalidation process only to a particular domain."
msgstr ""
@@ -10051,13 +10521,13 @@ msgid ""
"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
"citerefentry> can be configured to use <command>sss_ssh_authorizedkeys</"
"command> for public key user authentication if it is compiled with support "
-"for either <quote>AuthorizedKeysCommand</quote> or <quote>PubkeyAgent</"
-"quote> <citerefentry> <refentrytitle>sshd_config</refentrytitle> "
-"<manvolnum>5</manvolnum></citerefentry> options."
+"for <quote>AuthorizedKeysCommand</quote> option. Please refer to the "
+"<citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</"
+"manvolnum></citerefentry> man page for more details about this option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sss_ssh_authorizedkeys.1.xml:58
+#: sss_ssh_authorizedkeys.1.xml:59
#, no-wrap
msgid ""
" AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n"
@@ -10065,7 +10535,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:51
+#: sss_ssh_authorizedkeys.1.xml:52
msgid ""
"If <quote>AuthorizedKeysCommand</quote> is supported, "
"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
@@ -10075,36 +10545,19 @@ msgid ""
"\" id=\"0\"/>"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sss_ssh_authorizedkeys.1.xml:70
-#, no-wrap
-msgid "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:63
-msgid ""
-"If <quote>PubkeyAgent</quote> is supported, "
-"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
-"citerefentry> can be configured to use it by using the following directive "
-"for <citerefentry> <refentrytitle>sshd</refentrytitle> <manvolnum>8</"
-"manvolnum></citerefentry> configuration: <placeholder type=\"programlisting"
-"\" id=\"0\"/>"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_ssh_authorizedkeys.1.xml:85
+#: sss_ssh_authorizedkeys.1.xml:75
msgid ""
"Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_ssh_authorizedkeys.1.xml:94 sss_ssh_knownhostsproxy.1.xml:92
+#: sss_ssh_authorizedkeys.1.xml:84 sss_ssh_knownhostsproxy.1.xml:92
msgid "EXIT STATUS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:96 sss_ssh_knownhostsproxy.1.xml:94
+#: sss_ssh_authorizedkeys.1.xml:86 sss_ssh_knownhostsproxy.1.xml:94
msgid ""
"In case of success, an exit value of 0 is returned. Otherwise, 1 is returned."
msgstr ""
@@ -10491,7 +10944,7 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:137 include/ldap_id_mapping.xml:189
+#: include/ldap_id_mapping.xml:137 include/ldap_id_mapping.xml:191
msgid "Default: 200000"
msgstr ""
@@ -10548,11 +11001,12 @@ msgstr ""
msgid ""
"For example, if your most recently-added Active Directory user has "
"objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, "
-"<quote>ldap_idmap_range_size</quote> must be at least 1107."
+"<quote>ldap_idmap_range_size</quote> must be at least 1108 as range size is "
+"equal to maximal SID minus minimal SID plus one (e.g. 1108 = 1107 - 0 + 1)."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:184
+#: include/ldap_id_mapping.xml:186
msgid ""
"It is important to plan ahead for future expansion, as changing this value "
"will result in changing all of the ID mappings on the system, leading to "
@@ -10560,12 +11014,12 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:194
+#: include/ldap_id_mapping.xml:196
msgid "ldap_idmap_default_domain_sid (string)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:197
+#: include/ldap_id_mapping.xml:199
msgid ""
"Specify the domain SID of the default domain. This will guarantee that this "
"domain will always be assigned to slice zero in the ID map, bypassing the "
@@ -10573,36 +11027,36 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:208
+#: include/ldap_id_mapping.xml:210
msgid "ldap_idmap_default_domain (string)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:211
+#: include/ldap_id_mapping.xml:213
msgid "Specify the name of the default domain."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:219
+#: include/ldap_id_mapping.xml:221
msgid "ldap_idmap_autorid_compat (boolean)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:222
+#: include/ldap_id_mapping.xml:224
msgid ""
"Changes the behavior of the ID-mapping algorithm to behave more similarly to "
"winbind's <quote>idmap_autorid</quote> algorithm."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:227
+#: include/ldap_id_mapping.xml:229
msgid ""
"When this option is configured, domains will be allocated starting with "
"slice zero and increasing monatomically with each additional domain."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:232
+#: include/ldap_id_mapping.xml:234
msgid ""
"NOTE: This algorithm is non-deterministic (it depends on the order that "
"users and groups are requested). If this mode is required for compatibility "
@@ -10611,13 +11065,34 @@ msgid ""
"least one domain is consistently allocated to slice zero."
msgstr ""
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:249
+msgid "ldap_idmap_helper_table_size (integer)"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:252
+msgid ""
+"Maximal number of secondary slices that is tried when performing mapping "
+"from UNIX id to SID."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:256
+msgid ""
+"Note: Additional secondary slices might be generated when SID is being "
+"mapped to UNIX id and RID part of SID is out of range for secondary slices "
+"generated so far. If value of ldap_idmap_helper_table_size is equal to 0 "
+"then no additional secondary slices are generated."
+msgstr ""
+
#. type: Content of: <refsect1><refsect2><title>
-#: include/ldap_id_mapping.xml:251
+#: include/ldap_id_mapping.xml:273
msgid "Well-Known SIDs"
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:253
+#: include/ldap_id_mapping.xml:275
msgid ""
"SSSD supports to look up the names of Well-Known SIDs, i.e. SIDs with a "
"special hardcoded meaning. Since the generic users and groups related to "
@@ -10626,51 +11101,51 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:259
+#: include/ldap_id_mapping.xml:281
msgid ""
"The SID name space is organized in authorities which can be seen as "
"different domains. The authorities for the Well-Known SIDs are"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:262
+#: include/ldap_id_mapping.xml:284
msgid "Null Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:263
+#: include/ldap_id_mapping.xml:285
msgid "World Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:264
+#: include/ldap_id_mapping.xml:286
msgid "Local Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:265
+#: include/ldap_id_mapping.xml:287
msgid "Creator Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:266
+#: include/ldap_id_mapping.xml:288
msgid "NT Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:267
+#: include/ldap_id_mapping.xml:289
msgid "Built-in"
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:269
+#: include/ldap_id_mapping.xml:291
msgid ""
"The capitalized version of these names are used as domain names when "
"returning the fully qualified name of a Well-Known SID."
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:273
+#: include/ldap_id_mapping.xml:295
msgid ""
"Since some utilities allow to modify SID based access control information "
"with the help of a name instead of using the SID directly SSSD supports to "
diff --git a/src/man/po/de.po b/src/man/po/de.po
index 9c8c99133..33cf758ae 100644
--- a/src/man/po/de.po
+++ b/src/man/po/de.po
@@ -10,7 +10,7 @@ msgid ""
msgstr ""
"Project-Id-Version: sssd-docs 1.12.90\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2015-09-30 11:58+0200\n"
+"POT-Creation-Date: 2016-06-20 21:22+0200\n"
"PO-Revision-Date: 2014-06-09 02:21-0400\n"
"Last-Translator: Mario Blättermann <mario.blaettermann@gmail.com>\n"
"Language-Team: German (http://www.transifex.com/projects/p/sssd/language/"
@@ -20,7 +20,7 @@ msgstr ""
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=2; plural=(n != 1);\n"
-"X-Generator: Zanata 3.7.2\n"
+"X-Generator: Zanata 3.8.4\n"
#. type: Content of: <reference><title>
#: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5
@@ -66,7 +66,7 @@ msgstr ""
"arg>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:53
+#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:56
#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21
#: sssd-ad.5.xml:21 sssd-sudo.5.xml:21 sssd.8.xml:29 sss_obfuscate.8.xml:30
#: sss_override.8.xml:30 sss_useradd.8.xml:30 sssd-krb5.5.xml:21
@@ -87,11 +87,11 @@ msgstr ""
"Befehlszeile angegebenen Änderungen widerzuspiegeln."
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:39 pam_sss.8.xml:60 sssd.8.xml:42 sss_obfuscate.8.xml:58
+#: sss_groupmod.8.xml:39 pam_sss.8.xml:63 sssd.8.xml:42 sss_obfuscate.8.xml:58
#: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
#: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
#: sss_cache.8.xml:38 sss_debuglevel.8.xml:38 sss_seed.8.xml:42
-#: sss_ssh_authorizedkeys.1.xml:76 sss_ssh_knownhostsproxy.1.xml:62
+#: sss_ssh_authorizedkeys.1.xml:66 sss_ssh_knownhostsproxy.1.xml:62
msgid "OPTIONS"
msgstr "OPTIONEN"
@@ -246,63 +246,79 @@ msgstr "debug_level (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:73
+#, fuzzy
+#| msgid "debug_level (integer)"
+msgid "debug (integer)"
+msgstr "debug_level (Ganzzahl)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:76
+msgid ""
+"SSSD 1.14 and later also includes the <replaceable>debug</replaceable> alias "
+"for <replaceable>debug_level</replaceable> as a convenience feature. If both "
+"are specified, the value of <replaceable>debug_level</replaceable> will be "
+"used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:86
msgid "debug_timestamps (bool)"
msgstr "debug_timestamps (Boolesch)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:76
+#: sssd.conf.5.xml:89
msgid ""
"Add a timestamp to the debug messages. If journald is enabled for SSSD "
"debug logging this option is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:81 sssd.conf.5.xml:605 sssd.conf.5.xml:1081
-#: sssd-ldap.5.xml:1647 sssd-ldap.5.xml:1744 sssd-ldap.5.xml:1806
-#: sssd-ldap.5.xml:2363 sssd-ldap.5.xml:2428 sssd-ldap.5.xml:2446
-#: sssd-ipa.5.xml:405 sssd-ipa.5.xml:440 sssd-ad.5.xml:166 sssd-ad.5.xml:264
-#: sssd-ad.5.xml:733 sssd-ad.5.xml:852 sssd-krb5.5.xml:499
+#: sssd.conf.5.xml:94 sssd.conf.5.xml:672 sssd.conf.5.xml:1207
+#: sssd-ldap.5.xml:1665 sssd-ldap.5.xml:1762 sssd-ldap.5.xml:1824
+#: sssd-ldap.5.xml:2381 sssd-ldap.5.xml:2446 sssd-ldap.5.xml:2464
+#: sssd-ipa.5.xml:405 sssd-ipa.5.xml:440 sssd-ad.5.xml:174 sssd-ad.5.xml:272
+#: sssd-ad.5.xml:809 sssd-ad.5.xml:928 sssd-krb5.5.xml:499
msgid "Default: true"
msgstr "Voreinstellung: »true«"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:86
+#: sssd.conf.5.xml:99
msgid "debug_microseconds (bool)"
msgstr "debug_microseconds (Boolesch)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:89
+#: sssd.conf.5.xml:102
msgid ""
"Add microseconds to the timestamp in debug messages. If journald is enabled "
"for SSSD debug logging this option is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:94 sssd.conf.5.xml:1035 sssd.conf.5.xml:2164
-#: sssd-ldap.5.xml:692 sssd-ldap.5.xml:1521 sssd-ldap.5.xml:1540
-#: sssd-ldap.5.xml:1716 sssd-ldap.5.xml:2133 sssd-ipa.5.xml:139
+#: sssd.conf.5.xml:107 sssd.conf.5.xml:1161 sssd.conf.5.xml:2456
+#: sssd-ldap.5.xml:692 sssd-ldap.5.xml:1539 sssd-ldap.5.xml:1558
+#: sssd-ldap.5.xml:1734 sssd-ldap.5.xml:2151 sssd-ipa.5.xml:139
#: sssd-ipa.5.xml:211 sssd-ipa.5.xml:542 sssd-krb5.5.xml:266
#: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471
msgid "Default: false"
msgstr "Voreinstellung: »false«"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:67 sssd.conf.5.xml:105 sssd-ldap.5.xml:2171
+#: sssd.conf.5.xml:67 sssd.conf.5.xml:118 sssd-ldap.5.xml:2189
msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
msgstr "<placeholder type=\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:103
+#: sssd.conf.5.xml:116
msgid "Options usable in SERVICE and DOMAIN sections"
msgstr "In den Abschnitten SERVICE und DOMAIN verwendbare Optionen"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:107
+#: sssd.conf.5.xml:120
msgid "timeout (integer)"
msgstr "timeout (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:110
+#: sssd.conf.5.xml:123
msgid ""
"Timeout in seconds between heartbeats for this service. This is used to "
"ensure that the process is alive and capable of answering requests."
@@ -311,33 +327,34 @@ msgstr ""
"dient dazu, sicherzustellen, dass ein Prozess läuft und in der Lage ist, "
"Anfragen zu beantworten."
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:115 sssd.conf.5.xml:999 sssd-ldap.5.xml:1392
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:128 sssd.conf.5.xml:1125 sssd-ldap.5.xml:1410
+#: include/ldap_id_mapping.xml:264
msgid "Default: 10"
msgstr "Voreinstellung: 10"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:125
+#: sssd.conf.5.xml:138
msgid "SPECIAL SECTIONS"
msgstr "BESONDERE ABSCHNITTE"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:128
+#: sssd.conf.5.xml:141
msgid "The [sssd] section"
msgstr "Der Abschnitt [sssd]"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:137 sssd.conf.5.xml:2272
+#: sssd.conf.5.xml:150 sssd.conf.5.xml:2472
msgid "Section parameters"
msgstr "Abschnittsparameter"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:139
+#: sssd.conf.5.xml:152
msgid "config_file_version (integer)"
msgstr "config_file_version (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:142
+#: sssd.conf.5.xml:155
msgid ""
"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use "
"version 2."
@@ -346,12 +363,12 @@ msgstr ""
"Version 2."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:148
+#: sssd.conf.5.xml:161
msgid "services"
msgstr "Dienste"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:151
+#: sssd.conf.5.xml:164
msgid ""
"Comma separated list of services that are started when sssd itself starts."
msgstr ""
@@ -359,7 +376,7 @@ msgstr ""
"gestartet werden."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:155
+#: sssd.conf.5.xml:168
msgid ""
"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> "
"<phrase condition=\"with_autofs\">, autofs</phrase> <phrase condition="
@@ -372,12 +389,12 @@ msgstr ""
"\">, pac</phrase> <phrase condition=\"with_ifp\">, ifp</phrase>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:165 sssd.conf.5.xml:390
+#: sssd.conf.5.xml:178 sssd.conf.5.xml:468
msgid "reconnection_retries (integer)"
msgstr "reconnection_retries (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:168 sssd.conf.5.xml:393
+#: sssd.conf.5.xml:181 sssd.conf.5.xml:471
msgid ""
"Number of times services should attempt to reconnect in the event of a Data "
"Provider crash or restart before they give up"
@@ -387,17 +404,17 @@ msgstr ""
"startet."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:173 sssd.conf.5.xml:398
+#: sssd.conf.5.xml:186 sssd.conf.5.xml:476
msgid "Default: 3"
msgstr "Voreinstellung: 3"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:178
+#: sssd.conf.5.xml:191
msgid "domains"
msgstr "Domains"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:181
+#: sssd.conf.5.xml:194
msgid ""
"A domain is a database containing user information. SSSD can use more "
"domains at the same time, but at least one must be configured or SSSD won't "
@@ -407,12 +424,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:193 sssd.conf.5.xml:1947
+#: sssd.conf.5.xml:206 sssd.conf.5.xml:2105
msgid "re_expression (string)"
msgstr "re_expression (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:196
+#: sssd.conf.5.xml:209
msgid ""
"Default regular expression that describes how to parse the string containing "
"user name and domain into these components."
@@ -422,7 +439,7 @@ msgstr ""
"werden sollen."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:201
+#: sssd.conf.5.xml:214
msgid ""
"Each domain can have an individual regular expression configured. For some "
"ID providers there are also default regular expressions. See DOMAIN "
@@ -434,12 +451,12 @@ msgstr ""
"unter DOMAIN-ABSCHNITTE."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:210 sssd.conf.5.xml:1998
+#: sssd.conf.5.xml:223 sssd.conf.5.xml:2156
msgid "full_name_format (string)"
msgstr "full_name_format (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:213 sssd.conf.5.xml:2001
+#: sssd.conf.5.xml:226 sssd.conf.5.xml:2159
msgid ""
"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
"manvolnum> </citerefentry>-compatible format that describes how to compose a "
@@ -451,32 +468,32 @@ msgstr ""
"zusammengestellt wird."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:224 sssd.conf.5.xml:2012
+#: sssd.conf.5.xml:237 sssd.conf.5.xml:2170
msgid "%1$s"
msgstr "%1$s"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:225 sssd.conf.5.xml:2013
+#: sssd.conf.5.xml:238 sssd.conf.5.xml:2171
msgid "user name"
msgstr "Benutzername"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:228 sssd.conf.5.xml:2016
+#: sssd.conf.5.xml:241 sssd.conf.5.xml:2174
msgid "%2$s"
msgstr "%2$s"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:231 sssd.conf.5.xml:2019
+#: sssd.conf.5.xml:244 sssd.conf.5.xml:2177
msgid "domain name as specified in the SSSD config file."
msgstr "Domain-Name, wie er durch die SSSD-Konfigurationsdatei angegeben wird"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:237 sssd.conf.5.xml:2025
+#: sssd.conf.5.xml:250 sssd.conf.5.xml:2183
msgid "%3$s"
msgstr "%3$s"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:240 sssd.conf.5.xml:2028
+#: sssd.conf.5.xml:253 sssd.conf.5.xml:2186
msgid ""
"domain flat name. Mostly usable for Active Directory domains, both directly "
"configured or discovered via IPA trusts."
@@ -485,7 +502,7 @@ msgstr ""
"direkt konfiguriert als auch über IPA-Trust"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:221 sssd.conf.5.xml:2009
+#: sssd.conf.5.xml:234 sssd.conf.5.xml:2167
msgid ""
"The following expansions are supported: <placeholder type=\"variablelist\" "
"id=\"0\"/>"
@@ -494,7 +511,7 @@ msgstr ""
"\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:250
+#: sssd.conf.5.xml:263
msgid ""
"Each domain can have an individual format string configured. see DOMAIN "
"SECTIONS for more info on this option."
@@ -504,12 +521,12 @@ msgstr ""
"ABSCHNITTE."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:256
+#: sssd.conf.5.xml:269
msgid "try_inotify (boolean)"
msgstr "try_inotify (Boolesch)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:259
+#: sssd.conf.5.xml:272
msgid ""
"SSSD monitors the state of resolv.conf to identify when it needs to update "
"its internal DNS resolver. By default, we will attempt to use inotify for "
@@ -523,7 +540,7 @@ msgstr ""
"abzufragen."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:267
+#: sssd.conf.5.xml:280
msgid ""
"There are some limited situations where it is preferred that we should skip "
"even trying to use inotify. In these rare cases, this option should be set "
@@ -534,7 +551,7 @@ msgstr ""
"sollte diese Option auf »false« gesetzt werden."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:273
+#: sssd.conf.5.xml:286
msgid ""
"Default: true on platforms where inotify is supported. False on other "
"platforms."
@@ -543,7 +560,7 @@ msgstr ""
"»false« auf anderen Plattformen."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:277
+#: sssd.conf.5.xml:290
msgid ""
"Note: this option will have no effect on platforms where inotify is "
"unavailable. On these platforms, polling will always be used."
@@ -552,12 +569,12 @@ msgstr ""
"verfügbar ist, keine Auswirkungen haben."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:284
+#: sssd.conf.5.xml:297
msgid "krb5_rcache_dir (string)"
msgstr "krb5_rcache_dir (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:287
+#: sssd.conf.5.xml:300
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
@@ -566,7 +583,7 @@ msgstr ""
"Zwischenspeichers speichern sollte."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:291
+#: sssd.conf.5.xml:304
msgid ""
"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct "
"SSSD to let libkrb5 decide the appropriate location for the replay cache."
@@ -576,7 +593,7 @@ msgstr ""
"Ort für den Replay-Zwischenspeicher ist."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:297
+#: sssd.conf.5.xml:310
msgid ""
"Default: Distribution-specific and specified at build-time. "
"(__LIBKRB5_DEFAULTS__ if not configured)"
@@ -585,29 +602,29 @@ msgstr ""
"(__LIBKRB5_DEFAULTS__, falls nicht konfiguriert)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:304
+#: sssd.conf.5.xml:317
msgid "user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:307
+#: sssd.conf.5.xml:320
msgid ""
"The user to drop the privileges to where appropriate to avoid running as the "
"root user."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:312
+#: sssd.conf.5.xml:325
msgid "Default: not set, process will run as root"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:317
+#: sssd.conf.5.xml:330
msgid "default_domain_suffix (string)"
msgstr "default_domain_suffix (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:320
+#: sssd.conf.5.xml:333
msgid ""
"This string will be used as a default domain name for all names without a "
"domain name component. The main use case is environments where the primary "
@@ -623,7 +640,7 @@ msgstr ""
"ihrem Benutzernamen ohne auch eine Domain anzugeben."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:330
+#: sssd.conf.5.xml:343
msgid ""
"Please note that if this option is set all users from the primary domain "
"have to use their fully qualified name, e.g. user@domain.name, to log in. "
@@ -633,20 +650,20 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:339 sssd-ldap.5.xml:663 sssd-ldap.5.xml:1480
-#: sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1574 sssd-ad.5.xml:576
-#: sssd-ad.5.xml:646 sssd-krb5.5.xml:410 sssd-krb5.5.xml:550
-#: include/ldap_id_mapping.xml:203 include/ldap_id_mapping.xml:214
+#: sssd.conf.5.xml:352 sssd-ldap.5.xml:663 sssd-ldap.5.xml:1498
+#: sssd-ldap.5.xml:1510 sssd-ldap.5.xml:1592 sssd-ad.5.xml:614
+#: sssd-ad.5.xml:689 sssd-krb5.5.xml:410 sssd-krb5.5.xml:550
+#: include/ldap_id_mapping.xml:205 include/ldap_id_mapping.xml:216
msgid "Default: not set"
msgstr "Voreinstellung: nicht gesetzt"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:344
+#: sssd.conf.5.xml:357
msgid "override_space (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:347
+#: sssd.conf.5.xml:360
msgid ""
"This parameter will replace spaces (space bar) with the given character for "
"user and group names. e.g. (_). User name &quot;john doe&quot; will be "
@@ -656,7 +673,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:356
+#: sssd.conf.5.xml:369
msgid ""
"Please note it is a configuration error to use a replacement character that "
"might be used in user or group names. If a name contains the replacement "
@@ -665,12 +682,105 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:364
+#: sssd.conf.5.xml:377
msgid "Default: not set (spaces will not be replaced)"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:382
+#, fuzzy
+#| msgid "re_expression (string)"
+msgid "certificate_verification (string)"
+msgstr "re_expression (Zeichenkette)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:390
+msgid "no_ocsp"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:392
+msgid ""
+"Disables Online Certificate Status Protocol (OCSP) checks. This might be "
+"needed if the OCSP servers defined in the certificate are not reachable from "
+"the client."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:400
+msgid "no_verification"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:402
+msgid ""
+"Disables verification completely. This option should only be used for "
+"testing."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:408
+msgid "ocsp_default_responder=URL"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:410
+msgid ""
+"Sets the OCSP default responder which should be used instead of the one "
+"mentioned in the certificate. URL must be replaced with the URL of the OCSP "
+"default responder e.g. http://example.com:80/ocsp."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:416
+msgid ""
+"This option must be used together with ocsp_default_responder_signing_cert."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:424
+msgid "ocsp_default_responder_signing_cert=NAME"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:426
+msgid ""
+"The nickname of the cert to trust (expected) to sign the OCSP responses. "
+"The certificate with the given nickname must be availble in the systems NSS "
+"database."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:431
+#, fuzzy
+#| msgid "These options can be used to configure the InfoPipe responder."
+msgid "This option must be used together with ocsp_default_responder."
+msgstr ""
+"Diese Optionen können zur Konfiguration des InfoPipe-Responders verwendet "
+"werden."
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:385
+msgid ""
+"With this parameter the certificate verification can be tuned with a comma "
+"separated list of options. Supported options are: <placeholder type="
+"\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:438
+msgid "Unknown options are reported but ignored."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:441
+#, fuzzy
+#| msgid "Default: not set, i.e. service discovery is disabled"
+msgid "Default: not set, i.e. do not restrict certificate vertification"
+msgstr "Voreinstellung: nicht gesetzt, d.h. Dienstsuche ist deaktiviert"
+
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:130
+#: sssd.conf.5.xml:143
msgid ""
"Individual pieces of SSSD functionality are provided by special SSSD "
"services that are started and stopped together with SSSD. The services are "
@@ -687,12 +797,12 @@ msgstr ""
"verwendet. <placeholder type=\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:375
+#: sssd.conf.5.xml:453
msgid "SERVICES SECTIONS"
msgstr "DIENSTABSCHNITTE"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:377
+#: sssd.conf.5.xml:455
msgid ""
"Settings that can be used to configure different services are described in "
"this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -705,22 +815,22 @@ msgstr ""
"Abschnitt zum Beispiel <quote>[nss]</quote>."
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:384
+#: sssd.conf.5.xml:462
msgid "General service configuration options"
msgstr "Allgemeine Optionen zum Konfigurieren von Diensten"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:386
+#: sssd.conf.5.xml:464
msgid "These options can be used to configure any service."
msgstr "Diese Optionen können zur Konfiguration jedes Dienstes benutzt werden."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:403
+#: sssd.conf.5.xml:481
msgid "fd_limit"
msgstr "fd_limit"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:406
+#: sssd.conf.5.xml:484
msgid ""
"This option specifies the maximum number of file descriptors that may be "
"opened at one time by this SSSD process. On systems where SSSD is granted "
@@ -736,17 +846,17 @@ msgstr ""
"Begrenzung in der »limit.conf« sein."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:415
+#: sssd.conf.5.xml:493
msgid "Default: 8192 (or limits.conf \"hard\" limit)"
msgstr "Voreinstellung: 8192 (oder die »harte« Begrenzung der »limit.conf«)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:420
+#: sssd.conf.5.xml:498
msgid "client_idle_timeout"
msgstr "client_idle_timeout"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:423
+#: sssd.conf.5.xml:501
msgid ""
"This option specifies the number of seconds that a client of an SSSD process "
"can hold onto a file descriptor without communicating on it. This value is "
@@ -758,19 +868,19 @@ msgstr ""
"des Systems blockiert werden."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:430 sssd.conf.5.xml:446 sssd.conf.5.xml:478
-#: sssd.conf.5.xml:736 sssd.conf.5.xml:922 sssd.conf.5.xml:1289
-#: sssd-ldap.5.xml:1219
+#: sssd.conf.5.xml:508 sssd.conf.5.xml:524 sssd.conf.5.xml:556
+#: sssd.conf.5.xml:803 sssd.conf.5.xml:995 sssd.conf.5.xml:1428
+#: sssd-ldap.5.xml:1237
msgid "Default: 60"
msgstr "Voreinstellung: 60"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:435 sssd.conf.5.xml:1278
+#: sssd.conf.5.xml:513 sssd.conf.5.xml:1417
msgid "force_timeout (integer)"
msgstr "force_timeout (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:438 sssd.conf.5.xml:1281
+#: sssd.conf.5.xml:516 sssd.conf.5.xml:1420
msgid ""
"If a service is not responding to ping checks (see the <quote>timeout</"
"quote> option), it is first sent the SIGTERM signal that instructs it to "
@@ -785,12 +895,12 @@ msgstr ""
"SIGKILL erzwingen."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:451
+#: sssd.conf.5.xml:529
msgid "offline_timeout (integer)"
msgstr "offline_timeout (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:454
+#: sssd.conf.5.xml:532
msgid ""
"When SSSD switches to offline mode the amount of time before it tries to go "
"back online will increase based upon the time spent disconnected. This "
@@ -798,89 +908,37 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:461
+#: sssd.conf.5.xml:539
msgid "offline_timeout + random_offset"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:464
+#: sssd.conf.5.xml:542
msgid ""
"The random offset can increment up to 30 seconds. After each unsuccessful "
"attempt to go online, the new interval is recalculated by the following:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:469
+#: sssd.conf.5.xml:547
msgid "new_interval = old_interval*2 + random_offset"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:472
+#: sssd.conf.5.xml:550
msgid ""
"Note that the maximum length of each interval is currently limited to one "
"hour. If the calculated length of new_interval is greater than an hour, it "
"will be forced to one hour."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:483
-msgid "subdomain_inherit (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:486
-msgid ""
-"Specifies a list of configuration parameters that should be inherited by a "
-"subdomain. Please note that only selected parameters can be inherited. "
-"Currently the following options can be inherited:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:492
-msgid "ignore_group_members"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:495
-msgid "ldap_purge_cache_timeout"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:498 sssd-ldap.5.xml:1036
-msgid "ldap_use_tokengroups"
-msgstr "ldap_use_tokengroups"
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:501
-msgid "ldap_user_principal"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:506
-#, no-wrap
-msgid ""
-"subdomain_inherit = ldap_purge_cache_timeout\n"
-" "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:504
-msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:510 sssd.conf.5.xml:966 sssd.conf.5.xml:987
-#: sssd.conf.5.xml:1272 sssd-ldap.5.xml:1775
-msgid "Default: none"
-msgstr "Voreinstellung: none"
-
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:518
+#: sssd.conf.5.xml:564
msgid "NSS configuration options"
msgstr "NSS-Konfigurationsoptionen"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:520
+#: sssd.conf.5.xml:566
msgid ""
"These options can be used to configure the Name Service Switch (NSS) service."
msgstr ""
@@ -888,12 +946,12 @@ msgstr ""
"benutzt werden"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:525
+#: sssd.conf.5.xml:571
msgid "enum_cache_timeout (integer)"
msgstr "enum_cache_timeout (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:528
+#: sssd.conf.5.xml:574
msgid ""
"How many seconds should nss_sss cache enumerations (requests for info about "
"all users)"
@@ -902,17 +960,17 @@ msgstr ""
"über alle Nutzer) zwischenspeichern?"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:532
+#: sssd.conf.5.xml:578
msgid "Default: 120"
msgstr "Voreinstellung: 120"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:537
+#: sssd.conf.5.xml:583
msgid "entry_cache_nowait_percentage (integer)"
msgstr "entry_cache_nowait_percentage (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
+#: sssd.conf.5.xml:586
msgid ""
"The entry cache can be set to automatically update entries in the background "
"if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -924,7 +982,7 @@ msgstr ""
"werden."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:546
+#: sssd.conf.5.xml:592
msgid ""
"For example, if the domain's entry_cache_timeout is set to 30s and "
"entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -941,7 +999,7 @@ msgstr ""
"Zwischenspeicheraktualisierung zu warten."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:556
+#: sssd.conf.5.xml:602
msgid ""
"Valid values for this option are 0-99 and represent a percentage of the "
"entry_cache_timeout for each domain. For performance reasons, this "
@@ -954,17 +1012,17 @@ msgstr ""
"Sekunden senken. (0 schaltet diese Funktionalität aus.)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:564
+#: sssd.conf.5.xml:610
msgid "Default: 50"
msgstr "Voreinstellung: 50"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:569
+#: sssd.conf.5.xml:615
msgid "entry_negative_timeout (integer)"
msgstr "entry_negative_timeout (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:572
+#: sssd.conf.5.xml:618
msgid ""
"Specifies for how many seconds nss_sss should cache negative cache hits "
"(that is, queries for invalid database entries, like nonexistent ones) "
@@ -976,22 +1034,56 @@ msgstr ""
"Backend erneut gefragt wird)."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:578 sssd.conf.5.xml:1059
+#: sssd.conf.5.xml:624 sssd.conf.5.xml:1185
msgid "Default: 15"
msgstr "Voreinstellung: 15"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:583
+#: sssd.conf.5.xml:629
+#, fuzzy
+#| msgid "autofs_negative_timeout (integer)"
+msgid "local_negative_timeout (integer)"
+msgstr "autofs_negative_timeout (Ganzzahl)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:632
+#, fuzzy
+#| msgid ""
+#| "Specifies for how many seconds nss_sss should cache negative cache hits "
+#| "(that is, queries for invalid database entries, like nonexistent ones) "
+#| "before asking the back end again."
+msgid ""
+"Specifies for how many seconds nss_sss should keep local users and groups in "
+"negative cache before trying to look it up in the back end again."
+msgstr ""
+"gibt an, für wie viele Sekunden lang »nss_sss« negative "
+"Zwischenspeichertreffer zwischenspeichern soll (das heißt, Abfragen "
+"ungültiger Datenbankeinträge, wie solche, die nicht existieren), bevor das "
+"Backend erneut gefragt wird)."
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:637 sssd.conf.5.xml:983 sssd.conf.5.xml:2406 sssd.8.xml:79
+msgid "Default: 0"
+msgstr "Voreinstellung: 0"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:642
msgid "filter_users, filter_groups (string)"
msgstr "filter_users, filter_groups (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:586
+#: sssd.conf.5.xml:645
+#, fuzzy
+#| msgid ""
+#| "Exclude certain users from being fetched from the sss NSS database. This "
+#| "is particularly useful for system accounts. This option can also be set "
+#| "per-domain or include fully-qualified names to filter only users from the "
+#| "particular domain."
msgid ""
-"Exclude certain users from being fetched from the sss NSS database. This is "
-"particularly useful for system accounts. This option can also be set per-"
-"domain or include fully-qualified names to filter only users from the "
-"particular domain."
+"Exclude certain users or groups from being fetched from the sss NSS "
+"database. This is particularly useful for system accounts. This option can "
+"also be set per-domain or include fully-qualified names to filter only users "
+"from the particular domain."
msgstr ""
"schließt bestimmte Nutzer von der Abfrage aus der SSS-NSS-Datenbank aus, was "
"insbesondere für Systemkonten nützlich ist. Diese Option kann auch pro "
@@ -999,17 +1091,26 @@ msgstr ""
"von einer bestimmten Domain herauszufiltern."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:593
+#: sssd.conf.5.xml:652
+msgid ""
+"NOTE: The filter_groups option doesn't affect inheritance of nested group "
+"members, since filtering happens after they are propagated for returning via "
+"NSS. E.g. a group having a member group filtered out will still have the "
+"member users of the latter listed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:660
msgid "Default: root"
msgstr "Voreinstellung: root"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:598
+#: sssd.conf.5.xml:665
msgid "filter_users_in_groups (bool)"
msgstr "filter_users_in_groups (Boolesch)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:601
+#: sssd.conf.5.xml:668
msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
@@ -1017,12 +1118,12 @@ msgstr ""
"setzen Sie diese Option auf »false«."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:612
+#: sssd.conf.5.xml:679
msgid "fallback_homedir (string)"
msgstr "fallback_homedir (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:615
+#: sssd.conf.5.xml:682
msgid ""
"Set a default template for a user's home directory if one is not specified "
"explicitly by the domain's data provider."
@@ -1031,7 +1132,7 @@ msgstr ""
"es nicht explizit durch den Datenanbieter der Domain angegeben wurde."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:620
+#: sssd.conf.5.xml:687
msgid ""
"The available values for this option are the same as for override_homedir."
msgstr ""
@@ -1039,7 +1140,7 @@ msgstr ""
"»override_homedir«."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:626
+#: sssd.conf.5.xml:693
#, no-wrap
msgid ""
"fallback_homedir = /home/%u\n"
@@ -1049,25 +1150,25 @@ msgstr ""
" "
#. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:624 sssd.conf.5.xml:981 sssd-krb5.5.xml:533
-#: include/override_homedir.xml:55
+#: sssd.conf.5.xml:691 sssd.conf.5.xml:1062 sssd.conf.5.xml:1081
+#: sssd-krb5.5.xml:533 include/override_homedir.xml:55
msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
msgstr "Beispiel: <placeholder type=\"programlisting\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:630
+#: sssd.conf.5.xml:697
msgid "Default: not set (no substitution for unset home directories)"
msgstr ""
"Voreinstellung: nicht gesetzt (kein Ersetzen nicht gesetzter Home-"
"Verzeichnisse)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:636
+#: sssd.conf.5.xml:703
msgid "override_shell (string)"
msgstr "override_shell (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:639
+#: sssd.conf.5.xml:706
msgid ""
"Override the login shell for all users. This option supersedes any other "
"shell options if it takes effect and can be set either in the [nss] section "
@@ -1078,19 +1179,19 @@ msgstr ""
"entweder im Abschnitt [nss] oder für jede Domain gesetzt werden."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:645
+#: sssd.conf.5.xml:712
msgid "Default: not set (SSSD will use the value retrieved from LDAP)"
msgstr ""
"Voreinstellung: nicht gesetzt (SSSD wird den von LDAP erhaltenen Wert "
"benutzen)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:651
+#: sssd.conf.5.xml:718
msgid "allowed_shells (string)"
msgstr "allowed_shells (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:654
+#: sssd.conf.5.xml:721
msgid ""
"Restrict user shell to one of the listed values. The order of evaluation is:"
msgstr ""
@@ -1098,12 +1199,12 @@ msgstr ""
"Reihenfolge der Auswertung ist:"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:657
+#: sssd.conf.5.xml:724
msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
msgstr "1. Falls die Shell in »/etc/shells« vorhanden ist, wird sie benutzt."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:661
+#: sssd.conf.5.xml:728
msgid ""
"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
"quote>, use the value of the shell_fallback parameter."
@@ -1112,7 +1213,7 @@ msgstr ""
"shells« steht, wird der Wert des Parameters »shell_fallback« verwendet."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:666
+#: sssd.conf.5.xml:733
msgid ""
"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
"shells</quote>, a nologin shell is used."
@@ -1121,12 +1222,12 @@ msgstr ""
"steht, wird eine Nicht-Login-Shell benutzt."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:671
+#: sssd.conf.5.xml:738
msgid "The wildcard (*) can be used to allow any shell."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:674
+#: sssd.conf.5.xml:741
msgid ""
"The (*) is useful if you want to use shell_fallback in case that user's "
"shell is not in <quote>/etc/shells</quote> and maintaining list of all "
@@ -1134,13 +1235,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:681
+#: sssd.conf.5.xml:748
msgid "An empty string for shell is passed as-is to libc."
msgstr ""
"Eine leere Zeichenkette als Shell wird, so wie sie ist, an Libc übergeben."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:684
+#: sssd.conf.5.xml:751
msgid ""
"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
"that a restart of the SSSD is required in case a new shell is installed."
@@ -1149,28 +1250,28 @@ msgstr ""
"Fall einer neu installierten Shell ein Neustart von SSSD nötig ist."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:688
+#: sssd.conf.5.xml:755
msgid "Default: Not set. The user shell is automatically used."
msgstr ""
"Voreinstellung: nicht gesetzt. Die Benutzer-Shell wird automatisch verwendet."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:693
+#: sssd.conf.5.xml:760
msgid "vetoed_shells (string)"
msgstr "vetoed_shells (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:696
+#: sssd.conf.5.xml:763
msgid "Replace any instance of these shells with the shell_fallback"
msgstr "ersetzt jedwede Instanz dieser Shells durch die aus »shell_fallback«."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:701
+#: sssd.conf.5.xml:768
msgid "shell_fallback (string)"
msgstr "shell_fallback (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:704
+#: sssd.conf.5.xml:771
msgid ""
"The default shell to use if an allowed shell is not installed on the machine."
msgstr ""
@@ -1178,17 +1279,17 @@ msgstr ""
"auf dem Rechner installiert ist."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:708
+#: sssd.conf.5.xml:775
msgid "Default: /bin/sh"
msgstr "Voreinstellung: /bin/sh"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:713
+#: sssd.conf.5.xml:780
msgid "default_shell"
msgstr "default_shell"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:716
+#: sssd.conf.5.xml:783
msgid ""
"The default shell to use if the provider does not return one during lookup. "
"This option can be specified globally in the [nss] section or per-domain."
@@ -1198,7 +1299,7 @@ msgstr ""
"jede Domain gesetzt werden."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:722
+#: sssd.conf.5.xml:789
msgid ""
"Default: not set (Return NULL if no shell is specified and rely on libc to "
"substitute something sensible when necessary, usually /bin/sh)"
@@ -1208,12 +1309,12 @@ msgstr ""
"Vernünftiges, üblicherweise /bin/sh, ersetzt.)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:729 sssd.conf.5.xml:915
+#: sssd.conf.5.xml:796 sssd.conf.5.xml:988
msgid "get_domains_timeout (int)"
msgstr "get_domains_timeout (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:732 sssd.conf.5.xml:918
+#: sssd.conf.5.xml:799 sssd.conf.5.xml:991
msgid ""
"Specifies time in seconds for which the list of subdomains will be "
"considered valid."
@@ -1222,31 +1323,49 @@ msgstr ""
"gültig erachtet wird."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:741
+#: sssd.conf.5.xml:808
msgid "memcache_timeout (int)"
msgstr "memcache_timeout (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:744
+#: sssd.conf.5.xml:811
+#, fuzzy
+#| msgid ""
+#| "Specifies time in seconds for which records in the in-memory cache will "
+#| "be valid"
msgid ""
"Specifies time in seconds for which records in the in-memory cache will be "
-"valid"
+"valid."
msgstr ""
"gibt die Zeit in Sekunden an, in denen Datensätze im speicherinternen "
"Zwischenspeicher als gültig erachtet werden."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:748 sssd-ldap.5.xml:706
+#: sssd.conf.5.xml:815 sssd.conf.5.xml:1299 sssd-ldap.5.xml:706
msgid "Default: 300"
msgstr "Voreinstellung: 300"
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:818
+#, fuzzy
+#| msgid ""
+#| "If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client "
+#| "applications will not use the fast in memory cache."
+msgid ""
+"NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", "
+"client applications will not use the fast in-memory cache."
+msgstr ""
+"Falls die Umgebungsvariable SSS_NSS_USE_MEMCACHE auf »NO« gesetzt ist, "
+"nutzen Client-Anwendungen den schnellen speicherinternen Zwischenspeicher "
+"nicht."
+
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:753 sssd-ifp.5.xml:74
+#: sssd.conf.5.xml:826 sssd-ifp.5.xml:74
msgid "user_attributes (string)"
msgstr "user_attributes (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:829
msgid ""
"Some of the additional NSS responder requests can return more attributes "
"than just the POSIX ones defined by the NSS interface. The list of "
@@ -1257,24 +1376,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:769
+#: sssd.conf.5.xml:842
msgid ""
"To make configuration more easy the NSS responder will check the InfoPipe "
"option if it is not set for the NSS responder."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:774
+#: sssd.conf.5.xml:847
msgid "Default: not set, fallback to InfoPipe option"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:781
+#: sssd.conf.5.xml:854
msgid "PAM configuration options"
msgstr "PAM-Konfigurationsoptionen"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:856
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
@@ -1283,12 +1402,12 @@ msgstr ""
"Authentication Module« (PAM) einzurichten."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:788
+#: sssd.conf.5.xml:861
msgid "offline_credentials_expiration (integer)"
msgstr "offline_credentials_expiration (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:791
+#: sssd.conf.5.xml:864
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
@@ -1298,17 +1417,17 @@ msgstr ""
"erfolgreichen Anmeldung)?"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:796 sssd.conf.5.xml:809
+#: sssd.conf.5.xml:869 sssd.conf.5.xml:882
msgid "Default: 0 (No limit)"
msgstr "Voreinstellung: 0 (unbegrenzt)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:802
+#: sssd.conf.5.xml:875
msgid "offline_failed_login_attempts (integer)"
msgstr "offline_failed_login_attempts (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:805
+#: sssd.conf.5.xml:878
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
@@ -1317,12 +1436,12 @@ msgstr ""
"Authentifizierungsanbieter offline ist?"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:815
+#: sssd.conf.5.xml:888
msgid "offline_failed_login_delay (integer)"
msgstr "offline_failed_login_delay (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:818
+#: sssd.conf.5.xml:891
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
@@ -1332,7 +1451,7 @@ msgstr ""
"Anmeldeversuch möglich ist."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:823
+#: sssd.conf.5.xml:896
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -1344,17 +1463,17 @@ msgstr ""
"Authentifizierung reaktivieren."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:829 sssd.conf.5.xml:882
+#: sssd.conf.5.xml:902 sssd.conf.5.xml:955
msgid "Default: 5"
msgstr "Voreinstellung: 5"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:835
+#: sssd.conf.5.xml:908
msgid "pam_verbosity (integer)"
msgstr "pam_verbosity (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:838
+#: sssd.conf.5.xml:911
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
@@ -1363,43 +1482,43 @@ msgstr ""
"angezeigt werden. Je höher die Zahl, desto mehr Nachrichten werden angezeigt."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:843
+#: sssd.conf.5.xml:916
msgid "Currently sssd supports the following values:"
msgstr "Derzeit unterstützt SSSD folgende Werte:"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:846
+#: sssd.conf.5.xml:919
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr "<emphasis>0</emphasis>: keine Nachricht anzeigen"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:849
+#: sssd.conf.5.xml:922
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr "<emphasis>1</emphasis>: nur wichtige Nachrichten anzeigen"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:853
+#: sssd.conf.5.xml:926
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr "<emphasis>2</emphasis>: nur informative Nachrichten anzeigen"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:856
+#: sssd.conf.5.xml:929
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
"<emphasis>3</emphasis>: alle Nachrichten und Debug-Informationen anzeigen"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:860 sssd.8.xml:63
+#: sssd.conf.5.xml:933 sssd.8.xml:63
msgid "Default: 1"
msgstr "Voreinstellung: 1"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:865
+#: sssd.conf.5.xml:938
msgid "pam_id_timeout (integer)"
msgstr "pam_id_timeout (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:941
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -1411,7 +1530,7 @@ msgstr ""
"den neusten Informationen erfolgt."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:874
+#: sssd.conf.5.xml:947
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
@@ -1425,17 +1544,17 @@ msgstr ""
"viele Abfragen der Identitätsanbieter zu vermeiden."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:888
+#: sssd.conf.5.xml:961
msgid "pam_pwd_expiration_warning (integer)"
msgstr "pam_pwd_expiration_warning (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:891 sssd.conf.5.xml:1492
+#: sssd.conf.5.xml:964 sssd.conf.5.xml:1631
msgid "Display a warning N days before the password expires."
msgstr "zeigt N Tage vor Ablauf des Passworts eine Warnung an."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:894
+#: sssd.conf.5.xml:967
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -1446,7 +1565,7 @@ msgstr ""
"SSSD keine Warnung anzeigen."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:900 sssd.conf.5.xml:1495
+#: sssd.conf.5.xml:973 sssd.conf.5.xml:1634
msgid ""
"If zero is set, then this filter is not applied, i.e. if the expiration "
"warning was received from backend server, it will automatically be displayed."
@@ -1456,7 +1575,7 @@ msgstr ""
"automatisch angezeigt."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:905
+#: sssd.conf.5.xml:978
msgid ""
"This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
"emphasis> for a particular domain."
@@ -1464,106 +1583,186 @@ msgstr ""
"Diese Einstellung kann durch Setzen von <emphasis>pwd_expiration_warning</"
"emphasis> für eine bestimmte Domain außer Kraft gesetzt werden."
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:910 sssd.conf.5.xml:2224 sssd.8.xml:79
-msgid "Default: 0"
-msgstr "Voreinstellung: 0"
-
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:927
+#: sssd.conf.5.xml:1000
msgid "pam_trusted_users (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:930
+#: sssd.conf.5.xml:1003
+#, fuzzy
+#| msgid ""
+#| "Specifies the comma-separated list of UID values or user names that are "
+#| "allowed to access the InfoPipe responder. User names are resolved to UIDs "
+#| "at startup."
msgid ""
"Specifies the comma-separated list of UID values or user names that are "
-"allowed to access the PAM responder. User names are resolved to UIDs at "
+"allowed to run PAM conversations against trusted domains. Users not "
+"included in this list can only access domains marked as public with "
+"<quote>pam_public_domains</quote>. User names are resolved to UIDs at "
"startup."
msgstr ""
+"Gibt eine durch Kommata getrennte Liste der Benutzer-ID-Werte oder "
+"Benutzernamen an, denen der Zugriff auf den InfoPipe-Responder erlaubt ist. "
+"Benutzernamen werden beim Start in Benutzer-IDs aufgelöst."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:936
-msgid "Default: all (All users are allowed to access the PAM responder)"
+#: sssd.conf.5.xml:1013
+msgid "Default: All users are considered trusted by default"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940
+#: sssd.conf.5.xml:1017
msgid ""
"Please note that UID 0 is always allowed to access the PAM responder even in "
"case it is not in the pam_trusted_users list."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:947
+#: sssd.conf.5.xml:1024
msgid "pam_public_domains (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:950
+#: sssd.conf.5.xml:1027
msgid ""
"Specifies the comma-separated list of domain names that are accessible even "
"to untrusted users."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:954
+#: sssd.conf.5.xml:1031
msgid "Two special values for pam_public_domains option are defined:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:958
+#: sssd.conf.5.xml:1035
msgid ""
"all (Untrusted users are allowed to access all domains in PAM responder.)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:962
+#: sssd.conf.5.xml:1039
msgid ""
"none (Untrusted users are not allowed to access any domains PAM in "
"responder.)"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1043 sssd.conf.5.xml:1068 sssd.conf.5.xml:1087
+#: sssd.conf.5.xml:1411 sssd.conf.5.xml:2342 sssd-ldap.5.xml:1793
+msgid "Default: none"
+msgstr "Voreinstellung: none"
+
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:971
+#: sssd.conf.5.xml:1048
msgid "pam_account_expired_message (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:974
+#: sssd.conf.5.xml:1051
+msgid ""
+"Allows a custom expiration message to be set, replacing the default "
+"'Permission denied' message."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1056
msgid ""
-"If user is authenticating using SSH keys and account is expired then by "
-"default 'Permission denied' is output. This output will be changed to "
-"content of this variable if it is set."
+"Note: Please be aware that message is only printed for the SSH service "
+"unless pam_verbostiy is set to 3 (show all messages and debug information)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:983
+#: sssd.conf.5.xml:1064
#, no-wrap
msgid ""
-"pam_account_expired_message = Account expired, please call help desk.\n"
+"pam_account_expired_message = Account expired, please contact help desk.\n"
" "
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:992
+#: sssd.conf.5.xml:1073
+#, fuzzy
+#| msgid "ldap_ns_account_lock (string)"
+msgid "pam_account_locked_message (string)"
+msgstr "ldap_ns_account_lock (Zeichenkette)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1076
+msgid ""
+"Allows a custom lockout message to be set, replacing the default 'Permission "
+"denied' message."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd.conf.5.xml:1083
+#, no-wrap
+msgid ""
+"pam_account_locked_message = Account locked, please contact help desk.\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1092
+#, fuzzy
+#| msgid "enumerate (bool)"
+msgid "pam_cert_auth (bool)"
+msgstr "enumerate (Boolesch)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1095
+msgid ""
+"Enable certificate based Smartcard authentication. Since this requires "
+"additional communication with the Smartcard which will delay the "
+"authentication process this option is disabled by default."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1101 sssd-ldap.5.xml:1021 sssd-ldap.5.xml:1048
+#: sssd-ldap.5.xml:1339 sssd-ldap.5.xml:1360 sssd-ldap.5.xml:1866
+#: include/ldap_id_mapping.xml:244
+msgid "Default: False"
+msgstr "Voreinstellung: False"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1106
+#, fuzzy
+#| msgid "ipa_hbac_search_base (string)"
+msgid "pam_cert_db_path (string)"
+msgstr "ipa_hbac_search_base (Zeichenkette)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1109
+msgid ""
+"The path to the certificate database which contain the PKCS#11 modules to "
+"access the Smartcard."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1113
+msgid "Default: /etc/pki/nssdb (NSS version)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1118
#, fuzzy
#| msgid "pam_id_timeout (integer)"
msgid "p11_child_timeout (integer)"
msgstr "pam_id_timeout (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:995
+#: sssd.conf.5.xml:1121
msgid "How many seconds will pam_sss wait for p11_child to finish."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1008
+#: sssd.conf.5.xml:1134
msgid "SUDO configuration options"
msgstr "Sudo-Konfigurationsoptionen"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1010
+#: sssd.conf.5.xml:1136
msgid ""
"These options can be used to configure the sudo service. The detailed "
"instructions for configuration of <citerefentry> <refentrytitle>sudo</"
@@ -1581,12 +1780,12 @@ msgstr ""
"manvolnum> </citerefentry>."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1027
+#: sssd.conf.5.xml:1153
msgid "sudo_timed (bool)"
msgstr "sudo_timed (Boolesch)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1030
+#: sssd.conf.5.xml:1156
msgid ""
"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
"that implement time-dependent sudoers entries."
@@ -1596,23 +1795,23 @@ msgstr ""
"nicht."
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1043
+#: sssd.conf.5.xml:1169
msgid "AUTOFS configuration options"
msgstr "AUTOFS-Konfigurationsoptionen"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1045
+#: sssd.conf.5.xml:1171
msgid "These options can be used to configure the autofs service."
msgstr ""
"Diese Optionen können zum Konfigurieren des Dienstes »autofs« benutzt werden."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1049
+#: sssd.conf.5.xml:1175
msgid "autofs_negative_timeout (integer)"
msgstr "autofs_negative_timeout (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1052
+#: sssd.conf.5.xml:1178
msgid ""
"Specifies for how many seconds should the autofs responder negative cache "
"hits (that is, queries for invalid map entries, like nonexistent ones) "
@@ -1623,23 +1822,23 @@ msgstr ""
"nicht existierende), bevor das Backend erneut befragt wird."
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1068
+#: sssd.conf.5.xml:1194
msgid "SSH configuration options"
msgstr "SSH-Konfigurationsoptionen"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1070
+#: sssd.conf.5.xml:1196
msgid "These options can be used to configure the SSH service."
msgstr ""
"Diese Optionen können zum Konfigurieren des SSH-Dienstes benutzt werden."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1074
+#: sssd.conf.5.xml:1200
msgid "ssh_hash_known_hosts (bool)"
msgstr "ssh_hash_known_hosts (Boolesch)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1077
+#: sssd.conf.5.xml:1203
msgid ""
"Whether or not to hash host names and addresses in the managed known_hosts "
"file."
@@ -1648,12 +1847,12 @@ msgstr ""
"»known_hosts« zusammengemischt werden oder nicht."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1086
+#: sssd.conf.5.xml:1212
msgid "ssh_known_hosts_timeout (integer)"
msgstr "ssh_known_hosts_timeout (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1089
+#: sssd.conf.5.xml:1215
msgid ""
"How many seconds to keep a host in the managed known_hosts file after its "
"host keys were requested."
@@ -1662,38 +1861,38 @@ msgstr ""
"»known_hosts« behalten wird, bevor seine Rechnerschlüssel abgefragt werden."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1093
+#: sssd.conf.5.xml:1219
msgid "Default: 180"
msgstr "Voreinstellung: 180"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1098
+#: sssd.conf.5.xml:1224
#, fuzzy
#| msgid "mail_dir (string)"
msgid "ca_db (string)"
msgstr "mail_dir (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1101
+#: sssd.conf.5.xml:1227
msgid ""
"Path to a storage of trusted CA certificates. The option is used to validate "
"user certificates before deriving public ssh keys from them."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1106
+#: sssd.conf.5.xml:1232
#, fuzzy
#| msgid "Default: /etc/krb5.keytab"
msgid "Default: /etc/pki/nssdb"
msgstr "Voreinstellung: /etc/krb5.keytab"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1114
+#: sssd.conf.5.xml:1240
msgid "PAC responder configuration options"
msgstr "PAC-Responder-Konfigurationsoptionen"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1116
+#: sssd.conf.5.xml:1242
msgid ""
"The PAC responder works together with the authorization data plugin for MIT "
"Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the "
@@ -1712,7 +1911,7 @@ msgstr ""
"ausgewertet wurde, werden einige der folgenden Transaktionen durchgeführt:"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1125
+#: sssd.conf.5.xml:1251
msgid ""
"If the remote user does not exist in the cache, it is created. The uid is "
"determined with the help of the SID, trusted domains will have UPGs and the "
@@ -1730,7 +1929,7 @@ msgstr ""
"werden."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1133
+#: sssd.conf.5.xml:1259
msgid ""
"If there are SIDs of groups from domains sssd knows about, the user will be "
"added to those groups."
@@ -1739,18 +1938,18 @@ msgstr ""
"diesen Gruppen hinzugefügt."
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1139
+#: sssd.conf.5.xml:1265
msgid "These options can be used to configure the PAC responder."
msgstr ""
"Diese Optionen können zur Konfiguration des PAC-Responders verwendet werden."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1143 sssd-ifp.5.xml:50
+#: sssd.conf.5.xml:1269 sssd-ifp.5.xml:50
msgid "allowed_uids (string)"
msgstr "allowed_uids (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1146
+#: sssd.conf.5.xml:1272
msgid ""
"Specifies the comma-separated list of UID values or user names that are "
"allowed to access the PAC responder. User names are resolved to UIDs at "
@@ -1761,14 +1960,14 @@ msgstr ""
"beim Starten zu UIDs aufgelöst."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1152
+#: sssd.conf.5.xml:1278
msgid "Default: 0 (only the root user is allowed to access the PAC responder)"
msgstr ""
"Voreinstellung: 0 (Nur dem Benutzer Root ist der Zugriff auf den PAC-"
"Responder gestattet.)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1156
+#: sssd.conf.5.xml:1282
msgid ""
"Please note that although the UID 0 is used as the default it will be "
"overwritten with this option. If you still want to allow the root user to "
@@ -1780,18 +1979,32 @@ msgstr ""
"auf den PAC-Responder gewähren möchten, was der Normalfall ist, müssen Sie "
"der Liste der erlaubten UIDs auch die 0 hinzufügen."
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1291
+#, fuzzy
+#| msgid "pam_id_timeout (integer)"
+msgid "pac_lifetime (integer)"
+msgstr "pam_id_timeout (Ganzzahl)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1294
+msgid ""
+"Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC "
+"data can be used to determine the group memberships of a user."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1170
+#: sssd.conf.5.xml:1309
msgid "DOMAIN SECTIONS"
msgstr "DOMAIN-ABSCHNITTE"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1177
+#: sssd.conf.5.xml:1316
msgid "min_id,max_id (integer)"
msgstr "min_id,max_id (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1180
+#: sssd.conf.5.xml:1319
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
@@ -1800,7 +2013,7 @@ msgstr ""
"enthält, der jenseits dieser Beschränkungen liegt, wird er ignoriert."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1185
+#: sssd.conf.5.xml:1324
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -1813,7 +2026,7 @@ msgstr ""
"werden jene, die im Bereich liegen, wie erwartet gemeldet."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1192
+#: sssd.conf.5.xml:1331
msgid ""
"These ID limits affect even saving entries to cache, not only returning them "
"by name or ID."
@@ -1822,17 +2035,17 @@ msgstr ""
"den Zwischenspeicher und nicht nur ihre Rückgabe über Name oder ID."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1196
+#: sssd.conf.5.xml:1335
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr "Voreinstellung: 1 für »min_id«, 0 (keine Beschränkung) für »max_id«"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1202
+#: sssd.conf.5.xml:1341
msgid "enumerate (bool)"
msgstr "enumerate (Boolesch)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1205
+#: sssd.conf.5.xml:1344
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
@@ -1841,22 +2054,22 @@ msgstr ""
"der folgenden Werte haben:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1209
+#: sssd.conf.5.xml:1348
msgid "TRUE = Users and groups are enumerated"
msgstr "TRUE = Benutzer und Gruppen werden aufgezählt."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1212
+#: sssd.conf.5.xml:1351
msgid "FALSE = No enumerations for this domain"
msgstr "FALSE = keine Aufzählungen für diese Domain"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1215 sssd.conf.5.xml:1447 sssd.conf.5.xml:1614
+#: sssd.conf.5.xml:1354 sssd.conf.5.xml:1586 sssd.conf.5.xml:1753
msgid "Default: FALSE"
msgstr "Voreinstellung: FALSE"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1218
+#: sssd.conf.5.xml:1357
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -1876,7 +2089,7 @@ msgstr ""
"die Mitgliedschaften neu berechnet werden müssen."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1231
+#: sssd.conf.5.xml:1370
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
@@ -1886,7 +2099,7 @@ msgstr ""
"Ergebnisse zurück."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1236
+#: sssd.conf.5.xml:1375
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -1901,7 +2114,7 @@ msgstr ""
"benutzten »id_provider«."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1244
+#: sssd.conf.5.xml:1383
msgid ""
"For the reasons cited above, enabling enumeration is not recommended, "
"especially in large environments."
@@ -1910,32 +2123,32 @@ msgstr ""
"insbesondere in großen Umgebungen, nicht empfohlen."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1252
+#: sssd.conf.5.xml:1391
msgid "subdomain_enumerate (string)"
msgstr "subdomain_enumerate (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1259
+#: sssd.conf.5.xml:1398
msgid "all"
msgstr "all"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1260
+#: sssd.conf.5.xml:1399
msgid "All discovered trusted domains will be enumerated"
msgstr "Alle entdeckten vertrauenswürdigen Domains werden aufgezählt."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1263
+#: sssd.conf.5.xml:1402
msgid "none"
msgstr "none"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1264
+#: sssd.conf.5.xml:1403
msgid "No discovered trusted domains will be enumerated"
msgstr "Keine der entdeckten vertrauenswürdigen Domains wird aufgezählt."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1255
+#: sssd.conf.5.xml:1394
msgid ""
"Whether any of autodetected trusted domains should be enumerated. The "
"supported values are: <placeholder type=\"variablelist\" id=\"0\"/> "
@@ -1949,12 +2162,12 @@ msgstr ""
"Domains aktivieren."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1295
+#: sssd.conf.5.xml:1434
msgid "entry_cache_timeout (integer)"
msgstr "entry_cache_timeout (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1298
+#: sssd.conf.5.xml:1437
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
@@ -1963,7 +2176,7 @@ msgstr ""
"soll, bevor das Backend erneut abgefragt wird."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1302
+#: sssd.conf.5.xml:1441
msgid ""
"The cache expiration timestamps are stored as attributes of individual "
"objects in the cache. Therefore, changing the cache timeout only has effect "
@@ -1981,17 +2194,17 @@ msgstr ""
"wurden."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1315
+#: sssd.conf.5.xml:1454
msgid "Default: 5400"
msgstr "Voreinstellung: 5400"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1321
+#: sssd.conf.5.xml:1460
msgid "entry_cache_user_timeout (integer)"
msgstr "entry_cache_user_timeout (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1324
+#: sssd.conf.5.xml:1463
msgid ""
"How many seconds should nss_sss consider user entries valid before asking "
"the backend again"
@@ -2000,19 +2213,19 @@ msgstr ""
"betrachten soll, bevor das Backend erneut abgefragt wird."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1328 sssd.conf.5.xml:1341 sssd.conf.5.xml:1354
-#: sssd.conf.5.xml:1367 sssd.conf.5.xml:1380 sssd.conf.5.xml:1394
-#: sssd.conf.5.xml:1408
+#: sssd.conf.5.xml:1467 sssd.conf.5.xml:1480 sssd.conf.5.xml:1493
+#: sssd.conf.5.xml:1506 sssd.conf.5.xml:1519 sssd.conf.5.xml:1533
+#: sssd.conf.5.xml:1547
msgid "Default: entry_cache_timeout"
msgstr "Voreinstellung: entry_cache_timeout"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1334
+#: sssd.conf.5.xml:1473
msgid "entry_cache_group_timeout (integer)"
msgstr "entry_cache_group_timeout (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1337
+#: sssd.conf.5.xml:1476
msgid ""
"How many seconds should nss_sss consider group entries valid before asking "
"the backend again"
@@ -2021,12 +2234,12 @@ msgstr ""
"betrachten soll, bevor das Backend erneut abgefragt wird."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1347
+#: sssd.conf.5.xml:1486
msgid "entry_cache_netgroup_timeout (integer)"
msgstr "entry_cache_netgroup_timeout (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1350
+#: sssd.conf.5.xml:1489
msgid ""
"How many seconds should nss_sss consider netgroup entries valid before "
"asking the backend again"
@@ -2035,12 +2248,12 @@ msgstr ""
"betrachten soll, bevor das Backend erneut abgefragt wird."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1360
+#: sssd.conf.5.xml:1499
msgid "entry_cache_service_timeout (integer)"
msgstr "entry_cache_service_timeout (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1363
+#: sssd.conf.5.xml:1502
msgid ""
"How many seconds should nss_sss consider service entries valid before asking "
"the backend again"
@@ -2049,12 +2262,12 @@ msgstr ""
"betrachten soll, bevor das Backend erneut abgefragt wird."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1373
+#: sssd.conf.5.xml:1512
msgid "entry_cache_sudo_timeout (integer)"
msgstr "entry_cache_sudo_timeout (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1376
+#: sssd.conf.5.xml:1515
msgid ""
"How many seconds should sudo consider rules valid before asking the backend "
"again"
@@ -2063,12 +2276,12 @@ msgstr ""
"bevor das Backend erneut abgefragt wird."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1386
+#: sssd.conf.5.xml:1525
msgid "entry_cache_autofs_timeout (integer)"
msgstr "entry_cache_autofs_timeout (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1389
+#: sssd.conf.5.xml:1528
msgid ""
"How many seconds should the autofs service consider automounter maps valid "
"before asking the backend again"
@@ -2078,24 +2291,24 @@ msgstr ""
"wird."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1400
+#: sssd.conf.5.xml:1539
msgid "entry_cache_ssh_host_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1403
+#: sssd.conf.5.xml:1542
msgid ""
"How many seconds to keep a host ssh key after refresh. IE how long to cache "
"the host key for."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1414
+#: sssd.conf.5.xml:1553
msgid "refresh_expired_interval (integer)"
msgstr "refresh_expired_interval (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1417
+#: sssd.conf.5.xml:1556
msgid ""
"Specifies how many seconds SSSD has to wait before triggering a background "
"refresh task which will refresh all expired or nearly expired records."
@@ -2105,49 +2318,49 @@ msgstr ""
"abgelaufenen oder beinahe abgelaufenen Daten aktualisiert werden."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1422
+#: sssd.conf.5.xml:1561
msgid ""
"The background refresh will process users, groups and netgroups in the cache."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1426
+#: sssd.conf.5.xml:1565
msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
msgstr ""
"Sie können in Betracht ziehen, diesen Wert auf 3/4 * entry_cache_timeout zu "
"setzen."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1430 sssd-ldap.5.xml:730 sssd-ipa.5.xml:227
+#: sssd.conf.5.xml:1569 sssd-ldap.5.xml:730 sssd-ipa.5.xml:227
msgid "Default: 0 (disabled)"
msgstr "Voreinstellung: 0 (deaktiviert)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1436
+#: sssd.conf.5.xml:1575
msgid "cache_credentials (bool)"
msgstr "cache_credentials (Boolesch)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1439
+#: sssd.conf.5.xml:1578
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
"bestimmt, ob auch Benutzerberechtigungen im lokalen LDB-Zwischenspeicher "
"zwischengespeichert werden."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1443
+#: sssd.conf.5.xml:1582
msgid "User credentials are stored in a SHA512 hash, not in plaintext"
msgstr ""
"Benutzerberechtigungen werden in einem SHA512-Hash, nicht im Klartext "
"gespeichert."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1453
+#: sssd.conf.5.xml:1592
msgid "cache_credentials_minimal_first_factor_length (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1456
+#: sssd.conf.5.xml:1595
msgid ""
"If 2-Factor-Authentication (2FA) is used and credentials should be saved "
"this value determines the minimal length the first authentication factor "
@@ -2155,24 +2368,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1463
+#: sssd.conf.5.xml:1602
msgid ""
"This should avoid that the short PINs of a PIN based 2FA scheme are saved in "
"the cache which would make them easy targets for brute-force attacks."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1468
+#: sssd.conf.5.xml:1607
msgid "Default: 8"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1474
+#: sssd.conf.5.xml:1613
msgid "account_cache_expiration (integer)"
msgstr "account_cache_expiration (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1477
+#: sssd.conf.5.xml:1616
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -2185,17 +2398,17 @@ msgstr ""
"Parameters muss größer oder gleich »offline_credentials_expiration« sein."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1484
+#: sssd.conf.5.xml:1623
msgid "Default: 0 (unlimited)"
msgstr "Voreinstellung: 0 (unbegrenzt)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1489
+#: sssd.conf.5.xml:1628
msgid "pwd_expiration_warning (integer)"
msgstr "pwd_expiration_warning (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1500
+#: sssd.conf.5.xml:1639
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -2208,17 +2421,17 @@ msgstr ""
"Authentifizierungsanbieter konfiguriert werden."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1507
+#: sssd.conf.5.xml:1646
msgid "Default: 7 (Kerberos), 0 (LDAP)"
msgstr "Voreinstellung: 7 (Kerberos), 0 (LDAP)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1513
+#: sssd.conf.5.xml:1652
msgid "id_provider (string)"
msgstr "id_provider (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1516
+#: sssd.conf.5.xml:1655
msgid ""
"The identification provider used for the domain. Supported ID providers are:"
msgstr ""
@@ -2226,17 +2439,17 @@ msgstr ""
"werden unterstützt:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1520
+#: sssd.conf.5.xml:1659
msgid "<quote>proxy</quote>: Support a legacy NSS provider"
msgstr "»proxy«: unterstützt einen veralteten NSS-Anbieter."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1523 sssd.conf.5.xml:1660
+#: sssd.conf.5.xml:1662 sssd.conf.5.xml:1799
msgid "<quote>local</quote>: SSSD internal provider for local users"
msgstr "»local«: SSSDs interner Anbieter für lokale Benutzer"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1527
+#: sssd.conf.5.xml:1666
msgid ""
"<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-"
"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
@@ -2247,8 +2460,8 @@ msgstr ""
"<manvolnum>5</manvolnum> </citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1535 sssd.conf.5.xml:1640 sssd.conf.5.xml:1695
-#: sssd.conf.5.xml:1748
+#: sssd.conf.5.xml:1674 sssd.conf.5.xml:1779 sssd.conf.5.xml:1834
+#: sssd.conf.5.xml:1897
msgid ""
"<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management "
"provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
@@ -2261,8 +2474,8 @@ msgstr ""
"manvolnum> </citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1544 sssd.conf.5.xml:1649 sssd.conf.5.xml:1704
-#: sssd.conf.5.xml:1757
+#: sssd.conf.5.xml:1683 sssd.conf.5.xml:1788 sssd.conf.5.xml:1843
+#: sssd.conf.5.xml:1906
msgid ""
"<quote>ad</quote>: Active Directory provider. See <citerefentry> "
"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2274,12 +2487,12 @@ msgstr ""
"citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1555
+#: sssd.conf.5.xml:1694
msgid "use_fully_qualified_names (bool)"
msgstr "use_fully_qualified_names (Boolesch)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1558
+#: sssd.conf.5.xml:1697
msgid ""
"Use the full name and domain (as formatted by the domain's full_name_format) "
"as the user's login name reported to NSS."
@@ -2289,7 +2502,7 @@ msgstr ""
"Benutzers, der an NSS gemeldet wird."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1563
+#: sssd.conf.5.xml:1702
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -2303,7 +2516,7 @@ msgstr ""
"test@LOCAL</command> würde ihn hingegen finden."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1571
+#: sssd.conf.5.xml:1710
msgid ""
"NOTE: This option has no effect on netgroup lookups due to their tendency to "
"include nested netgroups without qualified names. For netgroups, all domains "
@@ -2315,22 +2528,22 @@ msgstr ""
"nicht voll qualifizierter Name angefragt wird."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1578
+#: sssd.conf.5.xml:1717
msgid "Default: FALSE (TRUE if default_domain_suffix is used)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1584
+#: sssd.conf.5.xml:1723
msgid "ignore_group_members (bool)"
msgstr "ignore_group_members (Boolesch)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1587
+#: sssd.conf.5.xml:1726
msgid "Do not return group members for group lookups."
msgstr "gibt beim Nachschlagen der Gruppe nicht die Gruppenmitglieder zurück."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1590
+#: sssd.conf.5.xml:1729
msgid ""
"If set to TRUE, the group membership attribute is not requested from the "
"ldap server, and group members are not returned when processing group lookup "
@@ -2342,7 +2555,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1608
+#: sssd.conf.5.xml:1747
msgid ""
"Enabling this option can also make access provider checks for group "
"membership significantly faster, especially for groups containing many "
@@ -2350,12 +2563,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1619
+#: sssd.conf.5.xml:1758
msgid "auth_provider (string)"
msgstr "auth_provider (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1622
+#: sssd.conf.5.xml:1761
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
@@ -2364,7 +2577,7 @@ msgstr ""
"Authentifizierungsanbieter werden unterstützt:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1626 sssd.conf.5.xml:1688
+#: sssd.conf.5.xml:1765 sssd.conf.5.xml:1827
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2375,7 +2588,7 @@ msgstr ""
"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1633
+#: sssd.conf.5.xml:1772
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2387,19 +2600,19 @@ msgstr ""
"citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1657
+#: sssd.conf.5.xml:1796
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
"»proxy« zur Weitergabe der Authentifizierung an irgendein anderes PAM-Ziel"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1664
+#: sssd.conf.5.xml:1803
msgid "<quote>none</quote> disables authentication explicitly."
msgstr "»none« deaktiviert explizit die Authentifizierung."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1667
+#: sssd.conf.5.xml:1806
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
@@ -2408,12 +2621,12 @@ msgstr ""
"mit Authentifizierungsanfragen umgehen."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1673
+#: sssd.conf.5.xml:1812
msgid "access_provider (string)"
msgstr "access_provider (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1676
+#: sssd.conf.5.xml:1815
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -2424,7 +2637,7 @@ msgstr ""
"Backends enthalten sind). Interne Spezialanbieter sind:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1682
+#: sssd.conf.5.xml:1821
msgid ""
"<quote>permit</quote> always allow access. It's the only permitted access "
"provider for a local domain."
@@ -2433,12 +2646,12 @@ msgstr ""
"für eine lokale Domain."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1685
+#: sssd.conf.5.xml:1824
msgid "<quote>deny</quote> always deny access."
msgstr "»deny« verweigert dem Zugriff immer."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1712
+#: sssd.conf.5.xml:1851
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -2451,17 +2664,44 @@ msgstr ""
"simple</refentrytitle> <manvolnum>5</manvolnum></citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1719
+#: sssd.conf.5.xml:1858
+#, fuzzy
+#| msgid ""
+#| "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
+#| "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
+#| "citerefentry> for more information on configuring Kerberos."
+msgid ""
+"<quote>krb5</quote>: .k5login based access control. See <citerefentry> "
+"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></"
+"citerefentry> for more information on configuring Kerberos."
+msgstr ""
+"»krb5« für Kerberos-Authentifizierung. Weitere Informationen über die "
+"Konfiguration von Kerberos finden Sie unter <citerefentry> "
+"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry>."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1865
+#, fuzzy
+#| msgid ""
+#| "<quote>proxy</quote> for relaying password changes to some other PAM "
+#| "target."
+msgid "<quote>proxy</quote> for relaying access control to another PAM module."
+msgstr ""
+"»proxy« zur Weitergabe der Passwortänderung an irgendein anderes PAM-Ziel"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1868
msgid "Default: <quote>permit</quote>"
msgstr "Voreinstellung: »permit«"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1724
+#: sssd.conf.5.xml:1873
msgid "chpass_provider (string)"
msgstr "chpass_provider (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1727
+#: sssd.conf.5.xml:1876
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
@@ -2470,7 +2710,7 @@ msgstr ""
"Folgende Anbieter von Passwortänderungen werden unterstützt:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1732
+#: sssd.conf.5.xml:1881
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -2482,7 +2722,7 @@ msgstr ""
"manvolnum> </citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1740
+#: sssd.conf.5.xml:1889
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2494,19 +2734,19 @@ msgstr ""
"citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1765
+#: sssd.conf.5.xml:1914
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
"»proxy« zur Weitergabe der Passwortänderung an irgendein anderes PAM-Ziel"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1769
+#: sssd.conf.5.xml:1918
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr "»none« verbietet explizit Passwortänderungen."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1772
+#: sssd.conf.5.xml:1921
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
@@ -2515,19 +2755,19 @@ msgstr ""
"kann mit Passwortänderungsanfragen umgehen."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1779
+#: sssd.conf.5.xml:1928
msgid "sudo_provider (string)"
msgstr "sudo_provider (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1782
+#: sssd.conf.5.xml:1931
msgid "The SUDO provider used for the domain. Supported SUDO providers are:"
msgstr ""
"der für diese Domain benutzte Sudo-Anbieter. Folgende Sudo-Anbieter werden "
"unterstützt:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1786
+#: sssd.conf.5.xml:1935
msgid ""
"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2538,7 +2778,7 @@ msgstr ""
"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1794
+#: sssd.conf.5.xml:1943
msgid ""
"<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default "
"settings."
@@ -2547,7 +2787,7 @@ msgstr ""
"Vorgabeeinstellungen für IPA."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1798
+#: sssd.conf.5.xml:1947
msgid ""
"<quote>ad</quote> the same as <quote>ldap</quote> but with AD default "
"settings."
@@ -2556,19 +2796,19 @@ msgstr ""
"Vorgabeeinstellungen für AD."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1802
+#: sssd.conf.5.xml:1951
msgid "<quote>none</quote> disables SUDO explicitly."
msgstr "»none« deaktiviert explizit Sudo."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1805 sssd.conf.5.xml:1883 sssd.conf.5.xml:1915
-#: sssd.conf.5.xml:1940
+#: sssd.conf.5.xml:1954 sssd.conf.5.xml:2032 sssd.conf.5.xml:2073
+#: sssd.conf.5.xml:2098
msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
msgstr ""
"Voreinstellung: Falls gesetzt, wird der Wert von »id_provider« benutzt."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1809
+#: sssd.conf.5.xml:1958
msgid ""
"The detailed instructions for configuration of sudo_provider are in the "
"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -2585,12 +2825,12 @@ msgstr ""
"<manvolnum>5</manvolnum> </citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1826
+#: sssd.conf.5.xml:1975
msgid "selinux_provider (string)"
msgstr "selinux_provider (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1829
+#: sssd.conf.5.xml:1978
msgid ""
"The provider which should handle loading of selinux settings. Note that this "
"provider will be called right after access provider ends. Supported selinux "
@@ -2601,7 +2841,7 @@ msgstr ""
"Zugriffsanbieter beendet hat. Folgende SELinux-Anbieter werden unterstützt:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1835
+#: sssd.conf.5.xml:1984
msgid ""
"<quote>ipa</quote> to load selinux settings from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2613,12 +2853,12 @@ msgstr ""
"manvolnum> </citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1843
+#: sssd.conf.5.xml:1992
msgid "<quote>none</quote> disallows fetching selinux settings explicitly."
msgstr "»none« verbietet explizit das Abholen von SELinux-Einstellungen."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1846
+#: sssd.conf.5.xml:1995
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"selinux loading requests."
@@ -2627,12 +2867,12 @@ msgstr ""
"kann SELinux-Ladeanfragen handhaben."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1852
+#: sssd.conf.5.xml:2001
msgid "subdomains_provider (string)"
msgstr "subdomains_provider (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1855
+#: sssd.conf.5.xml:2004
msgid ""
"The provider which should handle fetching of subdomains. This value should "
"be always the same as id_provider. Supported subdomain providers are:"
@@ -2642,7 +2882,7 @@ msgstr ""
"werden unterstützt:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1861
+#: sssd.conf.5.xml:2010
msgid ""
"<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2654,7 +2894,7 @@ msgstr ""
"citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1870
+#: sssd.conf.5.xml:2019
msgid ""
"<quote>ad</quote> to load a list of subdomains from an Active Directory "
"server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> "
@@ -2663,17 +2903,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1879
+#: sssd.conf.5.xml:2028
msgid "<quote>none</quote> disallows fetching subdomains explicitly."
msgstr "»none« deaktiviert explizit das Abholen von Subdomains."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1890
+#: sssd.conf.5.xml:2039
msgid "autofs_provider (string)"
msgstr "autofs_provider (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1893
+#: sssd.conf.5.xml:2042
msgid ""
"The autofs provider used for the domain. Supported autofs providers are:"
msgstr ""
@@ -2681,7 +2921,7 @@ msgstr ""
"»autofs« werden unterstützt:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1897
+#: sssd.conf.5.xml:2046
msgid ""
"<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2693,7 +2933,7 @@ msgstr ""
"citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1904
+#: sssd.conf.5.xml:2053
msgid ""
"<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2705,17 +2945,34 @@ msgstr ""
"citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1912
+#: sssd.conf.5.xml:2061
+#, fuzzy
+#| msgid ""
+#| "<quote>ipa</quote> to load maps stored in an IPA server. See "
+#| "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
+#| "manvolnum> </citerefentry> for more information on configuring IPA."
+msgid ""
+"<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> "
+"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> for more information on configuring the AD provider."
+msgstr ""
+"»ipa«, um auf einem IPA-Server gespeicherte Abbilder zu laden. Weitere "
+"Informationen über die Konfiguration von IPA finden Sie unter <citerefentry> "
+"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry>."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2070
msgid "<quote>none</quote> disables autofs explicitly."
msgstr "»none« deaktiviert explizit »autofs«."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1922
+#: sssd.conf.5.xml:2080
msgid "hostid_provider (string)"
msgstr "hostid_provider (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1925
+#: sssd.conf.5.xml:2083
msgid ""
"The provider used for retrieving host identity information. Supported "
"hostid providers are:"
@@ -2724,7 +2981,7 @@ msgstr ""
"wird. Folgende Anbieter von »hostid« werden unterstützt:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1929
+#: sssd.conf.5.xml:2087
msgid ""
"<quote>ipa</quote> to load host identity stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2736,12 +2993,12 @@ msgstr ""
"manvolnum> </citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1937
+#: sssd.conf.5.xml:2095
msgid "<quote>none</quote> disables hostid explicitly."
msgstr "»none« deaktiviert explizit »hostid«."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1950
+#: sssd.conf.5.xml:2108
msgid ""
"Regular expression for this domain that describes how to parse the string "
"containing user name and domain into these components. The \"domain\" can "
@@ -2756,7 +3013,7 @@ msgstr ""
"(NetBIOS-) Namen der Domain entsprechen."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1959
+#: sssd.conf.5.xml:2117
msgid ""
"Default for the AD and IPA provider: <quote>(((?P&lt;domain&gt;[^\\\\]+)\\"
"\\(?P&lt;name&gt;.+$))|((?P&lt;name&gt;[^@]+)@(?P&lt;domain&gt;.+$))|(^(?"
@@ -2768,22 +3025,22 @@ msgstr ""
"P&lt;Name&gt;[^@\\\\]+)$))« "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1964
+#: sssd.conf.5.xml:2122
msgid "username"
msgstr "Benutzername"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1967
+#: sssd.conf.5.xml:2125
msgid "username@domain.name"
msgstr "Benutzername@Domain.Name"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1970
+#: sssd.conf.5.xml:2128
msgid "domain\\username"
msgstr "Domain\\Benutzername"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1973
+#: sssd.conf.5.xml:2131
msgid ""
"While the first two correspond to the general default the third one is "
"introduced to allow easy integration of users from Windows domains."
@@ -2793,7 +3050,7 @@ msgstr ""
"Windows-Domains zu ermöglichen."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1978
+#: sssd.conf.5.xml:2136
msgid ""
"Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
"which translates to \"the name is everything up to the <quote>@</quote> "
@@ -2803,7 +3060,7 @@ msgstr ""
"bedeutet »der Name ist alles bis zum »@«-Zeichen, die Domain alles danach«"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1984
+#: sssd.conf.5.xml:2142
msgid ""
"PLEASE NOTE: the support for non-unique named subpatterns is not available "
"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
@@ -2815,7 +3072,7 @@ msgstr ""
"eindeutig benannte Musterteile unterstützen."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1991
+#: sssd.conf.5.xml:2149
msgid ""
"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
"P&lt;name&gt;) to label subpatterns."
@@ -2824,17 +3081,17 @@ msgstr ""
"Beschriftungsmusterteile nur die Python-Syntax (?P&lt;Name&gt;)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2038
+#: sssd.conf.5.xml:2196
msgid "Default: <quote>%1$s@%2$s</quote>."
msgstr "Voreinstellung: »%1$s@%2$s«"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2044
+#: sssd.conf.5.xml:2202
msgid "lookup_family_order (string)"
msgstr "lookup_family_order (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2047
+#: sssd.conf.5.xml:2205
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
@@ -2842,46 +3099,46 @@ msgstr ""
"ermöglicht es, die bei DNS-Abfragen zu bevorzugende Adressfamilie zu wählen."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2051
+#: sssd.conf.5.xml:2209
msgid "Supported values:"
msgstr "unterstützte Werte:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2054
+#: sssd.conf.5.xml:2212
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
"ipv4_first: versucht die IPv4- und, falls dies fehlschlägt, die IPv6-Adresse "
"nachzuschlagen"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2057
+#: sssd.conf.5.xml:2215
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr "ipv4_only: versucht, nur Rechnernamen zu IPv4-Adressen aufzulösen"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2060
+#: sssd.conf.5.xml:2218
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
"ipv6_first: versucht die IPv6- und, falls dies fehlschlägt, die IPv4-Adresse "
"nachzuschlagen"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2063
+#: sssd.conf.5.xml:2221
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr "ipv6_only: versucht, nur Rechnernamen zu IPv6-Adressen aufzulösen"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2066
+#: sssd.conf.5.xml:2224
msgid "Default: ipv4_first"
msgstr "Voreinstellung: ipv4_first"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2072
+#: sssd.conf.5.xml:2230
msgid "dns_resolver_timeout (integer)"
msgstr "dns_resolver_timeout (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2075
+#: sssd.conf.5.xml:2233
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -2893,18 +3150,18 @@ msgstr ""
"Offline-Modus arbeiten."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2081 sssd-ldap.5.xml:1203 sssd-ldap.5.xml:1245
-#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:248
+#: sssd.conf.5.xml:2239 sssd-ldap.5.xml:1221 sssd-ldap.5.xml:1263
+#: sssd-ldap.5.xml:1281 sssd-krb5.5.xml:248
msgid "Default: 6"
msgstr "Voreinstellung: 6"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2087
+#: sssd.conf.5.xml:2245
msgid "dns_discovery_domain (string)"
msgstr "dns_discovery_domain (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2090
+#: sssd.conf.5.xml:2248
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
@@ -2913,52 +3170,52 @@ msgstr ""
"DNS-Dienstabfrage an."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2094
+#: sssd.conf.5.xml:2252
msgid "Default: Use the domain part of machine's hostname"
msgstr "Voreinstellung: Der Domain-Teil des Rechnernamens wird benutzt."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2100
+#: sssd.conf.5.xml:2258
msgid "override_gid (integer)"
msgstr "override_gid (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2103
+#: sssd.conf.5.xml:2261
msgid "Override the primary GID value with the one specified."
msgstr "überschreibt die Haupt-GID mit der angegebenen."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2109
+#: sssd.conf.5.xml:2267
msgid "case_sensitive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2117
+#: sssd.conf.5.xml:2275
msgid "True"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2120
+#: sssd.conf.5.xml:2278
msgid "Case sensitive. This value is invalid for AD provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2126
+#: sssd.conf.5.xml:2284
msgid "False"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2128
+#: sssd.conf.5.xml:2286
msgid "Case insensitive."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2132
+#: sssd.conf.5.xml:2290
msgid "Preserving"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2135
+#: sssd.conf.5.xml:2293
msgid ""
"Same as False (case insensitive), but does not lowercase names in the result "
"of NSS operations. Note that name aliases (and in case of services also "
@@ -2966,7 +3223,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2112
+#: sssd.conf.5.xml:2270
msgid ""
"Treat user and group names as case sensitive. At the moment, this option is "
"not supported in the local provider. Possible option values are: "
@@ -2974,46 +3231,87 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2147
+#: sssd.conf.5.xml:2305
msgid "Default: True (False for AD provider)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2153
-msgid "proxy_fast_alias (boolean)"
-msgstr "proxy_fast_alias (Boolesch)"
+#: sssd.conf.5.xml:2311
+msgid "subdomain_inherit (string)"
+msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2156
+#: sssd.conf.5.xml:2314
msgid ""
-"When a user or group is looked up by name in the proxy provider, a second "
-"lookup by ID is performed to \"canonicalize\" the name in case the requested "
-"name was an alias. Setting this option to true would cause the SSSD to "
-"perform the ID lookup from cache for performance reasons."
+"Specifies a list of configuration parameters that should be inherited by a "
+"subdomain. Please note that only selected parameters can be inherited. "
+"Currently the following options can be inherited:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2320
+msgid "ignore_group_members"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2323
+msgid "ldap_purge_cache_timeout"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2326 sssd-ldap.5.xml:1054
+msgid "ldap_use_tokengroups"
+msgstr "ldap_use_tokengroups"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2329
+msgid "ldap_user_principal"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2332
+msgid ""
+"ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab "
+"is not set explicitly)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd.conf.5.xml:2338
+#, no-wrap
+msgid ""
+"subdomain_inherit = ldap_purge_cache_timeout\n"
+" "
msgstr ""
-"Wenn ein Benutzer oder eine Gruppe anhand des Namen im Anbieter »proxy« "
-"nachgeschlagen wird, wird zusätzlich auch die ID aufgelöst. So wird der Name "
-"für den Fall, dass er ein Alias ist, in eine »kanonische« Form gebracht. "
-"Diese Option auf »True« zu setzen würde SSSD aus Leistungsgründen dazu "
-"veranlassen, die ID im Zwischenspeicher nachzuschlagen."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2336
+msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2345
+#, fuzzy
+#| msgid "This option is not available in IPA provider."
+msgid "Note: This option only works with the IPA and AD provider."
+msgstr "Diese Option ist für IPA-Anbieter nicht verfügbar."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2170
+#: sssd.conf.5.xml:2352
msgid "subdomain_homedir (string)"
msgstr "subdomain_homedir (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2181
+#: sssd.conf.5.xml:2363
msgid "%F"
msgstr "%F"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2182
+#: sssd.conf.5.xml:2364
msgid "flat (NetBIOS) name of a subdomain."
msgstr "flacher (NetBIOS-) Name einer Subdomain"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2173
+#: sssd.conf.5.xml:2355
msgid ""
"Use this homedir as default value for all subdomains within this domain in "
"IPA AD trust. See <emphasis>override_homedir</emphasis> for info about "
@@ -3028,7 +3326,7 @@ msgstr ""
"verwendet werden. <placeholder type=\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2187
+#: sssd.conf.5.xml:2369
msgid ""
"The value can be overridden by <emphasis>override_homedir</emphasis> option."
msgstr ""
@@ -3036,17 +3334,17 @@ msgstr ""
"überschrieben werden."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2191
+#: sssd.conf.5.xml:2373
msgid "Default: <filename>/home/%d/%u</filename>"
msgstr "Voreinstellung: <filename>/home/%d/%u</filename>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2196
+#: sssd.conf.5.xml:2378
msgid "realmd_tags (string)"
msgstr "realmd_tags (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2199
+#: sssd.conf.5.xml:2381
msgid ""
"Various tags stored by the realmd configuration service for this domain."
msgstr ""
@@ -3054,14 +3352,14 @@ msgstr ""
"Kennzeichnungen"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2205
+#: sssd.conf.5.xml:2387
#, fuzzy
#| msgid "memcache_timeout (int)"
msgid "cached_auth_timeout (int)"
msgstr "memcache_timeout (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2208
+#: sssd.conf.5.xml:2390
msgid ""
"Specifies time in seconds since last successful online authentication for "
"which user will be authenticated using cached credentials while SSSD is in "
@@ -3069,12 +3367,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2214
+#: sssd.conf.5.xml:2396
msgid "Special value 0 implies that this feature is disabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2218
+#: sssd.conf.5.xml:2400
msgid ""
"Please note that if <quote>cached_auth_timeout</quote> is longer than "
"<quote>pam_id_timeout</quote> then the back end could be called to handle "
@@ -3082,7 +3380,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1172
+#: sssd.conf.5.xml:1311
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -3094,17 +3392,17 @@ msgstr ""
"\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2236
+#: sssd.conf.5.xml:2418
msgid "proxy_pam_target (string)"
msgstr "proxy_pam_target (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2239
+#: sssd.conf.5.xml:2421
msgid "The proxy target PAM proxies to."
msgstr "das Proxy-Ziel, an das PAM weiterleitet"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2242
+#: sssd.conf.5.xml:2424
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
@@ -3114,12 +3412,12 @@ msgstr ""
"hinzufügen."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2250
+#: sssd.conf.5.xml:2432
msgid "proxy_lib_name (string)"
msgstr "proxy_lib_name (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2253
+#: sssd.conf.5.xml:2435
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -3129,8 +3427,27 @@ msgstr ""
"Die in der NSS-Funktionen gesuchten Funktionen haben die Form »_nss_"
"$(libName)_$(function)«, zum Beispiel »_nss_files_getpwent«."
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2445
+msgid "proxy_fast_alias (boolean)"
+msgstr "proxy_fast_alias (Boolesch)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2448
+msgid ""
+"When a user or group is looked up by name in the proxy provider, a second "
+"lookup by ID is performed to \"canonicalize\" the name in case the requested "
+"name was an alias. Setting this option to true would cause the SSSD to "
+"perform the ID lookup from cache for performance reasons."
+msgstr ""
+"Wenn ein Benutzer oder eine Gruppe anhand des Namen im Anbieter »proxy« "
+"nachgeschlagen wird, wird zusätzlich auch die ID aufgelöst. So wird der Name "
+"für den Fall, dass er ein Alias ist, in eine »kanonische« Form gebracht. "
+"Diese Option auf »True« zu setzen würde SSSD aus Leistungsgründen dazu "
+"veranlassen, die ID im Zwischenspeicher nachzuschlagen."
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2232
+#: sssd.conf.5.xml:2414
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
@@ -3139,12 +3456,12 @@ msgstr ""
"\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2265
+#: sssd.conf.5.xml:2465
msgid "The local domain section"
msgstr "Der Abschnitt lokale Domain"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2267
+#: sssd.conf.5.xml:2467
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -3155,29 +3472,29 @@ msgstr ""
"<replaceable>ID_Anbieter=lokal</replaceable> benutzt."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2274
+#: sssd.conf.5.xml:2474
msgid "default_shell (string)"
msgstr "default_shell (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2277
+#: sssd.conf.5.xml:2477
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
"die Standard-Shell für Anwender, die mit den SSSD-Werkzeugen für den "
"Benutzerbereich erstellt wurde."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2281
+#: sssd.conf.5.xml:2481
msgid "Default: <filename>/bin/bash</filename>"
msgstr "Voreinstellung: <filename>/bin/bash</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2286
+#: sssd.conf.5.xml:2486
msgid "base_directory (string)"
msgstr "base_directory (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2289
+#: sssd.conf.5.xml:2489
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
@@ -3186,17 +3503,17 @@ msgstr ""
"replaceable> und benutzen dies als Home-Verzeichnis."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2294
+#: sssd.conf.5.xml:2494
msgid "Default: <filename>/home</filename>"
msgstr "Voreinstellung: <filename>/home</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2299
+#: sssd.conf.5.xml:2499
msgid "create_homedir (bool)"
msgstr "create_homedir (Boolesch)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2302
+#: sssd.conf.5.xml:2502
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
@@ -3205,17 +3522,17 @@ msgstr ""
"werden soll; kann auf der Befehlszeile überschrieben werden"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2306 sssd.conf.5.xml:2318
+#: sssd.conf.5.xml:2506 sssd.conf.5.xml:2518
msgid "Default: TRUE"
msgstr "Voreinstellung: TRUE"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2311
+#: sssd.conf.5.xml:2511
msgid "remove_homedir (bool)"
msgstr "remove_homedir (Boolesch)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2314
+#: sssd.conf.5.xml:2514
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
@@ -3224,12 +3541,12 @@ msgstr ""
"entfernt werden soll; kann auf der Befehlszeile überschrieben werden"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2323
+#: sssd.conf.5.xml:2523
msgid "homedir_umask (integer)"
msgstr "homedir_umask (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2326
+#: sssd.conf.5.xml:2526
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -3240,17 +3557,17 @@ msgstr ""
"Standardzugriffsrechte für ein neu erstelltes Home-Verzeichnis anzugeben."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2334
+#: sssd.conf.5.xml:2534
msgid "Default: 077"
msgstr "Voreinstellung: 077"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2339
+#: sssd.conf.5.xml:2539
msgid "skel_dir (string)"
msgstr "skel_dir (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2342
+#: sssd.conf.5.xml:2542
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -3263,17 +3580,17 @@ msgstr ""
"<manvolnum>8</manvolnum> </citerefentry> erstellt wird"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2352
+#: sssd.conf.5.xml:2552
msgid "Default: <filename>/etc/skel</filename>"
msgstr "Voreinstellung: <filename>/etc/skel</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2357
+#: sssd.conf.5.xml:2557
msgid "mail_dir (string)"
msgstr "mail_dir (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2360
+#: sssd.conf.5.xml:2560
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -3284,17 +3601,17 @@ msgstr ""
"wurde. Ist dies nicht angegeben wird ein Standardwert verwendet."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2367
+#: sssd.conf.5.xml:2567
msgid "Default: <filename>/var/mail</filename>"
msgstr "Voreinstellung: <filename>/var/mail</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2372
+#: sssd.conf.5.xml:2572
msgid "userdel_cmd (string)"
msgstr "userdel_cmd (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2375
+#: sssd.conf.5.xml:2575
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -3306,19 +3623,19 @@ msgstr ""
"berücksichtigt."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2381
+#: sssd.conf.5.xml:2581
msgid "Default: None, no command is run"
msgstr "Voreinstellung: keine, es wird kein Befehl ausgeführt"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:2391 sssd-ldap.5.xml:2611 sssd-simple.5.xml:131
-#: sssd-ipa.5.xml:717 sssd-ad.5.xml:889 sssd-krb5.5.xml:564
+#: sssd.conf.5.xml:2591 sssd-ldap.5.xml:2629 sssd-simple.5.xml:131
+#: sssd-ipa.5.xml:717 sssd-ad.5.xml:965 sssd-krb5.5.xml:564
#: sss_rpcidmapd.5.xml:98
msgid "EXAMPLE"
msgstr "BEISPIEL"
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:2397
+#: sssd.conf.5.xml:2597
#, no-wrap
msgid ""
"[sssd]\n"
@@ -3372,7 +3689,7 @@ msgstr ""
"enumerate = False\n"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2393
+#: sssd.conf.5.xml:2593
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -3436,7 +3753,7 @@ msgstr ""
"unter »ldap_access_filter«."
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:88
+#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:89
#: sssd-krb5.5.xml:63 sssd-ifp.5.xml:44
msgid "CONFIGURATION OPTIONS"
msgstr "KONFIGURATIONSOPTIONEN"
@@ -3559,8 +3876,8 @@ msgstr ""
"rfc/rfc2254.txt spezifiziert, sein."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:646 sssd-ad.5.xml:212
-#: sss_override.8.xml:99 sss_override.8.xml:167
+#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:646 sssd-ad.5.xml:220
+#: sss_override.8.xml:137 sss_override.8.xml:234
msgid "Examples:"
msgstr "Beispiele:"
@@ -3883,7 +4200,7 @@ msgid "ldap_user_modify_timestamp (string)"
msgstr "ldap_user_modify_timestamp (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:373 sssd-ldap.5.xml:914 sssd-ldap.5.xml:1119
+#: sssd-ldap.5.xml:373 sssd-ldap.5.xml:914 sssd-ldap.5.xml:1137
msgid ""
"The LDAP attribute that contains timestamp of the last modification of the "
"parent object."
@@ -3892,7 +4209,7 @@ msgstr ""
"übergeordneten Objekt enthält"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:377 sssd-ldap.5.xml:918 sssd-ldap.5.xml:1126
+#: sssd-ldap.5.xml:377 sssd-ldap.5.xml:918 sssd-ldap.5.xml:1144
msgid "Default: modifyTimestamp"
msgstr "Voreinstellung: modifyTimestamp"
@@ -4360,8 +4677,8 @@ msgid "The LDAP attribute that corresponds to the user's full name."
msgstr "das LDAP-Attribut, das dem vollständigen Benutzernamen entspricht"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:743 sssd-ldap.5.xml:850 sssd-ldap.5.xml:1077
-#: sssd-ldap.5.xml:1151 sssd-ldap.5.xml:2192 sssd-ipa.5.xml:590
+#: sssd-ldap.5.xml:743 sssd-ldap.5.xml:850 sssd-ldap.5.xml:1095
+#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:2210 sssd-ipa.5.xml:590
msgid "Default: cn"
msgstr "Voreinstellung: cn"
@@ -4589,11 +4906,32 @@ msgstr "Voreinstellung: groupType im AD-Anbieter, anderenfalls nicht gesetzt"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:945
+#, fuzzy
+#| msgid "ldap_group_member (string)"
+msgid "ldap_group_external_member (string)"
+msgstr "ldap_group_member (Zeichenkette)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:948
+msgid ""
+"The LDAP attribute that references group members that are defined in an "
+"external domain. At the moment, only IPA's external members are supported."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:954
+#, fuzzy
+#| msgid "Default: groupType in the AD provider, othewise not set"
+msgid "Default: ipaExternalMember in the IPA provider, otherwise unset."
+msgstr "Voreinstellung: groupType im AD-Anbieter, anderenfalls nicht gesetzt"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:961
msgid "ldap_group_nesting_level (integer)"
msgstr "ldap_group_nesting_level (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:948
+#: sssd-ldap.5.xml:964
msgid ""
"If ldap_schema is set to a schema format that supports nested groups (e.g. "
"RFC2307bis), then this option controls how many levels of nesting SSSD will "
@@ -4605,7 +4943,7 @@ msgstr ""
"das Schema RFC2307."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:955
+#: sssd-ldap.5.xml:971
msgid ""
"Note: This option specifies the guaranteed level of nested groups to be "
"processed for any lookup. However, nested groups beyond this limit "
@@ -4622,12 +4960,19 @@ msgstr ""
"erfolgt."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:964
+#: sssd-ldap.5.xml:980
+#, fuzzy
+#| msgid ""
+#| "If ldap_group_nesting_level is set to 0 then no nested groups are "
+#| "processed at all. However, when connected to Active-Directory Server 2008 "
+#| "and later it is furthermore required to disable usage of Token-Groups by "
+#| "setting ldap_use_tokengroups to false."
msgid ""
"If ldap_group_nesting_level is set to 0 then no nested groups are processed "
-"at all. However, when connected to Active-Directory Server 2008 and later it "
-"is furthermore required to disable usage of Token-Groups by setting "
-"ldap_use_tokengroups to false."
+"at all. However, when connected to Active-Directory Server 2008 and later "
+"using <quote>id_provider=ad</quote> it is furthermore required to disable "
+"usage of Token-Groups by setting ldap_use_tokengroups to false in order to "
+"restrict group nesting."
msgstr ""
"Falls ldap_group_nesting_level auf 0 gesetzt ist, werden überhaupt keine "
"verschachtelten Gruppen verarbeitet. Es ist außerdem notwendig, für den "
@@ -4636,17 +4981,17 @@ msgstr ""
"auf »falsch« gesetzt wird."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:971
+#: sssd-ldap.5.xml:989
msgid "Default: 2"
msgstr "Voreinstellung: 2"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:977
+#: sssd-ldap.5.xml:995
msgid "ldap_groups_use_matching_rule_in_chain"
msgstr "ldap_groups_use_matching_rule_in_chain"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:980
+#: sssd-ldap.5.xml:998
msgid ""
"This option tells SSSD to take advantage of an Active Directory-specific "
"feature which may speed up group lookup operations on deployments with "
@@ -4658,7 +5003,7 @@ msgstr ""
"beschleunigen."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:986
+#: sssd-ldap.5.xml:1004
msgid ""
"In most common cases, it is best to leave this option disabled. It generally "
"only provides a performance increase on very complex nestings."
@@ -4668,7 +5013,7 @@ msgstr ""
"Leistungssteigerung."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:991 sssd-ldap.5.xml:1018
+#: sssd-ldap.5.xml:1009 sssd-ldap.5.xml:1036
msgid ""
"If this option is enabled, SSSD will use it if it detects that the server "
"supports it during initial connection. So \"True\" here essentially means "
@@ -4679,7 +5024,7 @@ msgstr ""
"»True« eigentlich »auto-detect«."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:997 sssd-ldap.5.xml:1024
+#: sssd-ldap.5.xml:1015 sssd-ldap.5.xml:1042
msgid ""
"Note: This feature is currently known to work only with Active Directory "
"2008 R1 and later. See <ulink url=\"http://msdn.microsoft.com/en-us/library/"
@@ -4691,19 +5036,13 @@ msgstr ""
"der <ulink url=\"http://msdn.microsoft.com/en-us/library/windows/desktop/"
"aa746475%28v=vs.85%29.aspx\"> MSDN™-Dokumentation</ulink>."
-#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1003 sssd-ldap.5.xml:1030 sssd-ldap.5.xml:1321
-#: sssd-ldap.5.xml:1342 sssd-ldap.5.xml:1848 include/ldap_id_mapping.xml:242
-msgid "Default: False"
-msgstr "Voreinstellung: False"
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1009
+#: sssd-ldap.5.xml:1027
msgid "ldap_initgroups_use_matching_rule_in_chain"
msgstr "ldap_initgroups_use_matching_rule_in_chain"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1012
+#: sssd-ldap.5.xml:1030
msgid ""
"This option tells SSSD to take advantage of an Active Directory-specific "
"feature which might speed up initgroups operations (most notably when "
@@ -4715,7 +5054,7 @@ msgstr ""
"verschachtelten Gruppen)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1039
+#: sssd-ldap.5.xml:1057
msgid ""
"This options enables or disables use of Token-Groups attribute when "
"performing initgroup for users from Active Directory Server 2008 and later."
@@ -4725,76 +5064,76 @@ msgstr ""
"und neuere Versionen ausgeführt wird."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1044
+#: sssd-ldap.5.xml:1062
msgid "Default: True for AD and IPA otherwise False."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1050
+#: sssd-ldap.5.xml:1068
msgid "ldap_netgroup_object_class (string)"
msgstr "ldap_netgroup_object_class (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1053
+#: sssd-ldap.5.xml:1071
msgid "The object class of a netgroup entry in LDAP."
msgstr "die Objektklasse eines Netzgruppeneintrags in LDAP"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1056
+#: sssd-ldap.5.xml:1074
msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
msgstr ""
"Beim IPA-Anbieter sollte stattdessen »ipa_netgroup_object_class« benutzt "
"werden."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1060
+#: sssd-ldap.5.xml:1078
msgid "Default: nisNetgroup"
msgstr "Voreinstellung: nisNetgroup"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1066
+#: sssd-ldap.5.xml:1084
msgid "ldap_netgroup_name (string)"
msgstr "ldap_netgroup_name (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1069
+#: sssd-ldap.5.xml:1087
msgid "The LDAP attribute that corresponds to the netgroup name."
msgstr "das LDAP-Attribut, das dem Netzgruppennamen entspricht"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1073
+#: sssd-ldap.5.xml:1091
msgid "In IPA provider, ipa_netgroup_name should be used instead."
msgstr ""
"Beim IPA-Anbieter sollte stattdessen »ipa_netgroup_name« benutzt werden."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1083
+#: sssd-ldap.5.xml:1101
msgid "ldap_netgroup_member (string)"
msgstr "ldap_netgroup_member (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1086
+#: sssd-ldap.5.xml:1104
msgid "The LDAP attribute that contains the names of the netgroup's members."
msgstr "das LDAP-Attribut, das die Namen der Netzgruppenmitglieder enthält"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1090
+#: sssd-ldap.5.xml:1108
msgid "In IPA provider, ipa_netgroup_member should be used instead."
msgstr ""
"Beim IPA-Anbieter sollte stattdessen »ipa_netgroup_member« benutzt werden."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1094
+#: sssd-ldap.5.xml:1112
msgid "Default: memberNisNetgroup"
msgstr "Voreinstellung: memberNisNetgroup"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1100
+#: sssd-ldap.5.xml:1118
msgid "ldap_netgroup_triple (string)"
msgstr "ldap_netgroup_triple (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1103
+#: sssd-ldap.5.xml:1121
msgid ""
"The LDAP attribute that contains the (host, user, domain) netgroup triples."
msgstr ""
@@ -4802,42 +5141,42 @@ msgstr ""
"enthält"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1107 sssd-ldap.5.xml:1123
+#: sssd-ldap.5.xml:1125 sssd-ldap.5.xml:1141
msgid "This option is not available in IPA provider."
msgstr "Diese Option ist für IPA-Anbieter nicht verfügbar."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1110
+#: sssd-ldap.5.xml:1128
msgid "Default: nisNetgroupTriple"
msgstr "Voreinstellung: nisNetgroupTriple"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1116
+#: sssd-ldap.5.xml:1134
msgid "ldap_netgroup_modify_timestamp (string)"
msgstr "ldap_netgroup_modify_timestamp (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1132
+#: sssd-ldap.5.xml:1150
msgid "ldap_service_object_class (string)"
msgstr "ldap_service_object_class (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1135
+#: sssd-ldap.5.xml:1153
msgid "The object class of a service entry in LDAP."
msgstr "die Objektklasse eines Diensteintrags in LDAP"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1138
+#: sssd-ldap.5.xml:1156
msgid "Default: ipService"
msgstr "Voreinstellung: ipService"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1144
+#: sssd-ldap.5.xml:1162
msgid "ldap_service_name (string)"
msgstr "ldap_service_name (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1147
+#: sssd-ldap.5.xml:1165
msgid ""
"The LDAP attribute that contains the name of service attributes and their "
"aliases."
@@ -4845,49 +5184,49 @@ msgstr ""
"das LDAP-Attribut, das die Namen von Dienstattributen und ihre Alias enthält"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1157
+#: sssd-ldap.5.xml:1175
msgid "ldap_service_port (string)"
msgstr "ldap_service_port (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1160
+#: sssd-ldap.5.xml:1178
msgid "The LDAP attribute that contains the port managed by this service."
msgstr "das LDAP-Attribut, das den von diesem Dienst verwalteten Port enthält"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1164
+#: sssd-ldap.5.xml:1182
msgid "Default: ipServicePort"
msgstr "Voreinstellung: ipServicePort"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1170
+#: sssd-ldap.5.xml:1188
msgid "ldap_service_proto (string)"
msgstr "ldap_service_proto (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1173
+#: sssd-ldap.5.xml:1191
msgid ""
"The LDAP attribute that contains the protocols understood by this service."
msgstr ""
"das LDAP-Attribut, das die von diesem Dienst verstandenen Protokolle enthält"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1177
+#: sssd-ldap.5.xml:1195
msgid "Default: ipServiceProtocol"
msgstr "Voreinstellung: ipServiceProtocol"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1183
+#: sssd-ldap.5.xml:1201
msgid "ldap_service_search_base (string)"
msgstr "ldap_service_search_base (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1188
+#: sssd-ldap.5.xml:1206
msgid "ldap_search_timeout (integer)"
msgstr "ldap_search_timeout (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1191
+#: sssd-ldap.5.xml:1209
msgid ""
"Specifies the timeout (in seconds) that ldap searches are allowed to run "
"before they are cancelled and cached results are returned (and offline mode "
@@ -4898,7 +5237,7 @@ msgstr ""
"Ergebnisse zurückgegeben werden (und in den Offline-Modus gegangen wird)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1197
+#: sssd-ldap.5.xml:1215
msgid ""
"Note: this option is subject to change in future versions of the SSSD. It "
"will likely be replaced at some point by a series of timeouts for specific "
@@ -4909,12 +5248,12 @@ msgstr ""
"Zeitüberschreitungspunkten für spezielle Nachschlagetypen ersetzt."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1209
+#: sssd-ldap.5.xml:1227
msgid "ldap_enumeration_search_timeout (integer)"
msgstr "ldap_enumeration_search_timeout (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1212
+#: sssd-ldap.5.xml:1230
msgid ""
"Specifies the timeout (in seconds) that ldap searches for user and group "
"enumerations are allowed to run before they are cancelled and cached results "
@@ -4926,12 +5265,12 @@ msgstr ""
"(und in den Offline-Modus gegangen wird)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1225
+#: sssd-ldap.5.xml:1243
msgid "ldap_network_timeout (integer)"
msgstr "ldap_network_timeout (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1228
+#: sssd-ldap.5.xml:1246
msgid ""
"Specifies the timeout (in seconds) after which the <citerefentry> "
"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
@@ -4948,12 +5287,12 @@ msgstr ""
"citerefentry> zurückkehrt, falls keine Aktivität stattfindet."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1251
+#: sssd-ldap.5.xml:1269
msgid "ldap_opt_timeout (integer)"
msgstr "ldap_opt_timeout (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1254
+#: sssd-ldap.5.xml:1272
msgid ""
"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
"will abort if no response is received. Also controls the timeout when "
@@ -4962,12 +5301,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1269
+#: sssd-ldap.5.xml:1287
msgid "ldap_connection_expire_timeout (integer)"
msgstr "ldap_connection_expire_timeout (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1272
+#: sssd-ldap.5.xml:1290
msgid ""
"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
"maintained. After this time, the connection will be re-established. If used "
@@ -4981,17 +5320,17 @@ msgstr ""
"Lebensdauer) verwendet."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1280 sssd-ldap.5.xml:2349
+#: sssd-ldap.5.xml:1298 sssd-ldap.5.xml:2367
msgid "Default: 900 (15 minutes)"
msgstr "Voreinstellung: 900 (15 Minuten)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1286
+#: sssd-ldap.5.xml:1304
msgid "ldap_page_size (integer)"
msgstr "ldap_page_size (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1289
+#: sssd-ldap.5.xml:1307
msgid ""
"Specify the number of records to retrieve from LDAP in a single request. "
"Some LDAP servers enforce a maximum limit per-request."
@@ -5001,17 +5340,17 @@ msgstr ""
"pro Anfrage."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1294
+#: sssd-ldap.5.xml:1312
msgid "Default: 1000"
msgstr "Voreinstellung: 1000"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1300
+#: sssd-ldap.5.xml:1318
msgid "ldap_disable_paging (boolean)"
msgstr "ldap_disable_paging (Boolesch)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1303
+#: sssd-ldap.5.xml:1321
msgid ""
"Disable the LDAP paging control. This option should be used if the LDAP "
"server reports that it supports the LDAP paging control in its RootDSE but "
@@ -5023,7 +5362,7 @@ msgstr ""
"deaktiviert ist oder sich nicht ordnungsgemäß verhält."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1309
+#: sssd-ldap.5.xml:1327
msgid ""
"Example: OpenLDAP servers with the paging control module installed on the "
"server but not enabled will report it in the RootDSE but be unable to use it."
@@ -5033,7 +5372,7 @@ msgstr ""
"aber nicht in der Lage, es zu benutzen."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1315
+#: sssd-ldap.5.xml:1333
msgid ""
"Example: 389 DS has a bug where it can only support a one paging control at "
"a time on a single connection. On busy clients, this can result in some "
@@ -5045,17 +5384,17 @@ msgstr ""
"abgelehnt werden."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1327
+#: sssd-ldap.5.xml:1345
msgid "ldap_disable_range_retrieval (boolean)"
msgstr "ldap_disable_range_retrieval (Boolesch)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1330
+#: sssd-ldap.5.xml:1348
msgid "Disable Active Directory range retrieval."
msgstr "deaktiviert die Bereichsabfrage von Active Directory"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1333
+#: sssd-ldap.5.xml:1351
msgid ""
"Active Directory limits the number of members to be retrieved in a single "
"lookup using the MaxValRange policy (which defaults to 1500 members). If a "
@@ -5071,12 +5410,12 @@ msgstr ""
"es so aussehen, als ob große Gruppen keine Mitglieder hätten."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1348
+#: sssd-ldap.5.xml:1366
msgid "ldap_sasl_minssf (integer)"
msgstr "ldap_sasl_minssf (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1351
+#: sssd-ldap.5.xml:1369
msgid ""
"When communicating with an LDAP server using SASL, specify the minimum "
"security level necessary to establish the connection. The values of this "
@@ -5087,19 +5426,19 @@ msgstr ""
"Werte dieser Option werden durch OpenLDAP definiert."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1357
+#: sssd-ldap.5.xml:1375
msgid "Default: Use the system default (usually specified by ldap.conf)"
msgstr ""
"Voreinstellung: verwendet die Voreinstellungen des System (normalerweise in "
"»ldap.conf« angegeben)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1364
+#: sssd-ldap.5.xml:1382
msgid "ldap_deref_threshold (integer)"
msgstr "ldap_deref_threshold (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1367
+#: sssd-ldap.5.xml:1385
msgid ""
"Specify the number of group members that must be missing from the internal "
"cache in order to trigger a dereference lookup. If less members are missing, "
@@ -5111,7 +5450,7 @@ msgstr ""
"nachgeschlagen."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1373
+#: sssd-ldap.5.xml:1391
msgid ""
"You can turn off dereference lookups completely by setting the value to 0."
msgstr ""
@@ -5119,7 +5458,7 @@ msgstr ""
"den Wert auf 0 setzen."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1377
+#: sssd-ldap.5.xml:1395
msgid ""
"A dereference lookup is a means of fetching all group members in a single "
"LDAP call. Different LDAP servers may implement different dereference "
@@ -5132,7 +5471,7 @@ msgstr ""
"unterstützten Server sind 389/RHDS, OpenLDAP und Active Directory."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1385
+#: sssd-ldap.5.xml:1403
msgid ""
"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
"filter, then the dereference lookup performance enhancement will be disabled "
@@ -5143,12 +5482,12 @@ msgstr ""
"Nachschlagen ohne Rücksicht auf die Einstellung deaktiviert."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1398
+#: sssd-ldap.5.xml:1416
msgid "ldap_tls_reqcert (string)"
msgstr "ldap_tls_reqcert (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1401
+#: sssd-ldap.5.xml:1419
msgid ""
"Specifies what checks to perform on server certificates in a TLS session, if "
"any. It can be specified as one of the following values:"
@@ -5158,7 +5497,7 @@ msgstr ""
"Werte angegeben werden:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1407
+#: sssd-ldap.5.xml:1425
msgid ""
"<emphasis>never</emphasis> = The client will not request or check any server "
"certificate."
@@ -5167,7 +5506,7 @@ msgstr ""
"oder anfordern."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1411
+#: sssd-ldap.5.xml:1429
msgid ""
"<emphasis>allow</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -5179,7 +5518,7 @@ msgstr ""
"Sitzung fährt normal fort."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1418
+#: sssd-ldap.5.xml:1436
msgid ""
"<emphasis>try</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -5190,7 +5529,7 @@ msgstr ""
"ungültiges Zertifikat bereitgestellt wird, wird die Sitzung sofort beendet."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1424
+#: sssd-ldap.5.xml:1442
msgid ""
"<emphasis>demand</emphasis> = The server certificate is requested. If no "
"certificate is provided, or a bad certificate is provided, the session is "
@@ -5201,22 +5540,22 @@ msgstr ""
"sofort beendet."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1430
+#: sssd-ldap.5.xml:1448
msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
msgstr "<emphasis>hard</emphasis> = entspricht »demand«"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1434
+#: sssd-ldap.5.xml:1452
msgid "Default: hard"
msgstr "Voreinstellung: hard"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1440
+#: sssd-ldap.5.xml:1458
msgid "ldap_tls_cacert (string)"
msgstr "ldap_tls_cacert (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1443
+#: sssd-ldap.5.xml:1461
msgid ""
"Specifies the file that contains certificates for all of the Certificate "
"Authorities that <command>sssd</command> will recognize."
@@ -5225,7 +5564,7 @@ msgstr ""
"die <command>sssd</command> erkennen wird."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1448 sssd-ldap.5.xml:1466 sssd-ldap.5.xml:1507
+#: sssd-ldap.5.xml:1466 sssd-ldap.5.xml:1484 sssd-ldap.5.xml:1525
msgid ""
"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
"conf</filename>"
@@ -5234,12 +5573,12 @@ msgstr ""
"<filename>/etc/openldap/ldap.conf</filename>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1455
+#: sssd-ldap.5.xml:1473
msgid "ldap_tls_cacertdir (string)"
msgstr "ldap_tls_cacertdir (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1458
+#: sssd-ldap.5.xml:1476
msgid ""
"Specifies the path of a directory that contains Certificate Authority "
"certificates in separate individual files. Typically the file names need to "
@@ -5253,33 +5592,33 @@ msgstr ""
"Erstellen der korrekten Namen verwendet werden."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1473
+#: sssd-ldap.5.xml:1491
msgid "ldap_tls_cert (string)"
msgstr "ldap_tls_cert (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1476
+#: sssd-ldap.5.xml:1494
msgid "Specifies the file that contains the certificate for the client's key."
msgstr ""
"gibt die Datei an, die das Zertifikat für den Schlüssel des Clients enthält."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1486
+#: sssd-ldap.5.xml:1504
msgid "ldap_tls_key (string)"
msgstr "ldap_tls_key (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1489
+#: sssd-ldap.5.xml:1507
msgid "Specifies the file that contains the client's key."
msgstr "gibt die Datei an, die den Schlüssel des Clients enthält."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1498
+#: sssd-ldap.5.xml:1516
msgid "ldap_tls_cipher_suite (string)"
msgstr "ldap_tls_cipher_suite (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1501
+#: sssd-ldap.5.xml:1519
msgid ""
"Specifies acceptable cipher suites. Typically this is a colon separated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -5287,12 +5626,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1514
+#: sssd-ldap.5.xml:1532
msgid "ldap_id_use_start_tls (boolean)"
msgstr "ldap_id_use_start_tls (Boolesch)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1517
+#: sssd-ldap.5.xml:1535
msgid ""
"Specifies that the id_provider connection must also use <systemitem class="
"\"protocol\">tls</systemitem> to protect the channel."
@@ -5301,12 +5640,12 @@ msgstr ""
"\">tls</systemitem> benutzen muss, um den Kanal abzusichern."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1527
+#: sssd-ldap.5.xml:1545
msgid "ldap_id_mapping (boolean)"
msgstr "ldap_id_mapping (Boolesch)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1530
+#: sssd-ldap.5.xml:1548
msgid ""
"Specifies that SSSD should attempt to map user and group IDs from the "
"ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
@@ -5318,19 +5657,19 @@ msgstr ""
"verlassen."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1536
+#: sssd-ldap.5.xml:1554
msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
msgstr ""
"Derzeit unterstützt diese Funktionalität nur das Abbilden von Active-"
"Directory-ObjectSIDs."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1546
+#: sssd-ldap.5.xml:1564
msgid "ldap_min_id, ldap_max_id (interger)"
msgstr "ldap_min_id, ldap_max_id (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1549
+#: sssd-ldap.5.xml:1567
msgid ""
"In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
"set to true the allowed ID range for ldap_user_uid_number and "
@@ -5349,17 +5688,17 @@ msgstr ""
"Abbildung von IDs wählen."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1561
+#: sssd-ldap.5.xml:1579
msgid "Default: not set (both options are set to 0)"
msgstr "Voreinstellung: nicht gesetzt (beide Optionen sind auf 0 gesetzt)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1567
+#: sssd-ldap.5.xml:1585
msgid "ldap_sasl_mech (string)"
msgstr "ldap_sasl_mech (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1570
+#: sssd-ldap.5.xml:1588
msgid ""
"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
"supported."
@@ -5368,12 +5707,12 @@ msgstr ""
"GSSAPI getestet und wird unterstützt."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1580
+#: sssd-ldap.5.xml:1598
msgid "ldap_sasl_authid (string)"
msgstr "ldap_sasl_authid (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1583
+#: sssd-ldap.5.xml:1601
msgid ""
"Specify the SASL authorization id to use. When GSSAPI is used, this "
"represents the Kerberos principal used for authentication to the directory. "
@@ -5388,17 +5727,17 @@ msgstr ""
"enthalten."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1591
+#: sssd-ldap.5.xml:1609
msgid "Default: host/hostname@REALM"
msgstr "Voreinstellung Rechner/MeinRechner@BEREICH"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1597
+#: sssd-ldap.5.xml:1615
msgid "ldap_sasl_realm (string)"
msgstr "ldap_sasl_realm (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1600
+#: sssd-ldap.5.xml:1618
msgid ""
"Specify the SASL realm to use. When not specified, this option defaults to "
"the value of krb5_realm. If the ldap_sasl_authid contains the realm as "
@@ -5409,17 +5748,17 @@ msgstr ""
"»ldap_sasl_authid« ebenfalls den Realm enthält, wird diese Option ignoriert."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1606
+#: sssd-ldap.5.xml:1624
msgid "Default: the value of krb5_realm."
msgstr "Voreinstellung: der Wert von »krb5_realm«"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1612
+#: sssd-ldap.5.xml:1630
msgid "ldap_sasl_canonicalize (boolean)"
msgstr "ldap_sasl_canonicalize (Boolesch)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1615
+#: sssd-ldap.5.xml:1633
msgid ""
"If set to true, the LDAP library would perform a reverse lookup to "
"canonicalize the host name during a SASL bind."
@@ -5429,34 +5768,34 @@ msgstr ""
"Bind in eine kanonische Form zu bringen."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1620
+#: sssd-ldap.5.xml:1638
msgid "Default: false;"
msgstr "Voreinstellung: false;"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1626
+#: sssd-ldap.5.xml:1644
msgid "ldap_krb5_keytab (string)"
msgstr "ldap_krb5_keytab (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1629
+#: sssd-ldap.5.xml:1647
msgid "Specify the keytab to use when using SASL/GSSAPI."
msgstr "gibt die Keytab an, wenn SASL/GSSAPI benutzt wird."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1632
+#: sssd-ldap.5.xml:1650
msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
msgstr ""
"Voreinstellung: Keytab des Systems, normalerweise <filename>/etc/krb5."
"keytab</filename>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1638
+#: sssd-ldap.5.xml:1656
msgid "ldap_krb5_init_creds (boolean)"
msgstr "ldap_krb5_init_creds (Boolesch)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1641
+#: sssd-ldap.5.xml:1659
msgid ""
"Specifies that the id_provider should init Kerberos credentials (TGT). This "
"action is performed only if SASL is used and the mechanism selected is "
@@ -5467,28 +5806,28 @@ msgstr ""
"ausgewählte Mechnaismus GSSAPI ist."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1653
+#: sssd-ldap.5.xml:1671
msgid "ldap_krb5_ticket_lifetime (integer)"
msgstr "ldap_krb5_ticket_lifetime (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1656
+#: sssd-ldap.5.xml:1674
msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr ""
"gibt die Lebensdauer eines TGT in Sekunden an, falls GSSAPI benutzt wird."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1660 sssd-ad.5.xml:783
+#: sssd-ldap.5.xml:1678 sssd-ad.5.xml:859
msgid "Default: 86400 (24 hours)"
msgstr "Voreinstellung: 86400 (24 Stunden)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1666 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1684 sssd-krb5.5.xml:74
msgid "krb5_server, krb5_backup_server (string)"
msgstr "krb5_server, krb5_backup_server (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1669
+#: sssd-ldap.5.xml:1687
msgid ""
"Specifies the comma-separated list of IP addresses or hostnames of the "
"Kerberos servers to which SSSD should connect in the order of preference. "
@@ -5507,7 +5846,7 @@ msgstr ""
"Weitere Informationen finden Sie im Abschnitt »DIENSTSUCHE«."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1681 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1699 sssd-krb5.5.xml:89
msgid ""
"When using service discovery for KDC or kpasswd servers, SSSD first searches "
"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -5518,7 +5857,7 @@ msgstr ""
"Protokoll angeben. Falls keine gefunden werden, weicht es auf _tcp aus."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1686 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1704 sssd-krb5.5.xml:94
msgid ""
"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
"While the legacy name is recognized for the time being, users are advised to "
@@ -5530,29 +5869,29 @@ msgstr ""
"migrieren."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1695 sssd-ipa.5.xml:415 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1713 sssd-ipa.5.xml:415 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr "krb5_realm (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1698
+#: sssd-ldap.5.xml:1716
msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
msgstr "gibt den Kerberos-REALM an (für SASL/GSSAPI-Authentifizierung)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1701
+#: sssd-ldap.5.xml:1719
msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
msgstr ""
"Voreinstellung: Systemvoreinstellungen, siehe <filename>/etc/krb5.conf</"
"filename>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1707 sssd-ipa.5.xml:430 sssd-krb5.5.xml:462
+#: sssd-ldap.5.xml:1725 sssd-ipa.5.xml:430 sssd-krb5.5.xml:462
msgid "krb5_canonicalize (boolean)"
msgstr "krb5_canonicalize (Boolesch)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1710
+#: sssd-ldap.5.xml:1728
msgid ""
"Specifies if the host principal should be canonicalized when connecting to "
"LDAP server. This feature is available with MIT Kerberos >= 1.7"
@@ -5562,12 +5901,12 @@ msgstr ""
"Kerberos >= 1.7 verfügbar."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1722 sssd-krb5.5.xml:477
+#: sssd-ldap.5.xml:1740 sssd-krb5.5.xml:477
msgid "krb5_use_kdcinfo (boolean)"
msgstr "krb5_use_kdcinfo (Boolesch)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1725 sssd-krb5.5.xml:480
+#: sssd-ldap.5.xml:1743 sssd-krb5.5.xml:480
msgid ""
"Specifies if the SSSD should instruct the Kerberos libraries what realm and "
"which KDCs to use. This option is on by default, if you disable it, you need "
@@ -5583,7 +5922,7 @@ msgstr ""
"manvolnum> </citerefentry> einrichten."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1736 sssd-krb5.5.xml:491
+#: sssd-ldap.5.xml:1754 sssd-krb5.5.xml:491
msgid ""
"See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
@@ -5594,12 +5933,12 @@ msgstr ""
"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1750
+#: sssd-ldap.5.xml:1768
msgid "ldap_pwd_policy (string)"
msgstr "ldap_pwd_policy (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1753
+#: sssd-ldap.5.xml:1771
msgid ""
"Select the policy to evaluate the password expiration on the client side. "
"The following values are allowed:"
@@ -5608,7 +5947,7 @@ msgstr ""
"Passworts abgeschätzt werden soll. Die folgenden Werte sind erlaubt:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1758
+#: sssd-ldap.5.xml:1776
msgid ""
"<emphasis>none</emphasis> - No evaluation on the client side. This option "
"cannot disable server-side password policies."
@@ -5617,7 +5956,7 @@ msgstr ""
"kann keine Server-seitigen Passwortregelwerke deaktivieren."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1763
+#: sssd-ldap.5.xml:1781
msgid ""
"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -5628,7 +5967,7 @@ msgstr ""
"manvolnum></citerefentry>, um abzuschätzen, ob das Passwort erloschen ist."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1769
+#: sssd-ldap.5.xml:1787
msgid ""
"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
"to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -5640,7 +5979,7 @@ msgstr ""
"Passwort geändert wurde."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1778
+#: sssd-ldap.5.xml:1796
msgid ""
"<emphasis>Note</emphasis>: if a password policy is configured on server "
"side, it always takes precedence over policy set with this option."
@@ -5650,17 +5989,17 @@ msgstr ""
"festgelegten Regel."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1786
+#: sssd-ldap.5.xml:1804
msgid "ldap_referrals (boolean)"
msgstr "ldap_referrals (Boolesch)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1789
+#: sssd-ldap.5.xml:1807
msgid "Specifies whether automatic referral chasing should be enabled."
msgstr "gibt an, ob automatische Verweisverfolgung aktiviert werden soll."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1793
+#: sssd-ldap.5.xml:1811
msgid ""
"Please note that sssd only supports referral chasing when it is compiled "
"with OpenLDAP version 2.4.13 or higher."
@@ -5669,7 +6008,7 @@ msgstr ""
"mit OpenLDAP Version 2.4.13 oder höher kompiliert wurde."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1798
+#: sssd-ldap.5.xml:1816
msgid ""
"Chasing referrals may incur a performance penalty in environments that use "
"them heavily, a notable example is Microsoft Active Directory. If your setup "
@@ -5683,28 +6022,28 @@ msgstr ""
"merkliche Leistungsverbesserung bringen."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1812
+#: sssd-ldap.5.xml:1830
msgid "ldap_dns_service_name (string)"
msgstr "ldap_dns_service_name (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1815
+#: sssd-ldap.5.xml:1833
msgid "Specifies the service name to use when service discovery is enabled."
msgstr ""
"gibt an, welcher Dienstname bei aktivierter Dienstsuche benutzt werden soll."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1819
+#: sssd-ldap.5.xml:1837
msgid "Default: ldap"
msgstr "Voreinstellung: ldap"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1825
+#: sssd-ldap.5.xml:1843
msgid "ldap_chpass_dns_service_name (string)"
msgstr "ldap_chpass_dns_service_name (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1828
+#: sssd-ldap.5.xml:1846
msgid ""
"Specifies the service name to use to find an LDAP server which allows "
"password changes when service discovery is enabled."
@@ -5713,17 +6052,17 @@ msgstr ""
"soll, der Passwortänderungen bei aktivierter Dienstsuche ermöglicht."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1833
+#: sssd-ldap.5.xml:1851
msgid "Default: not set, i.e. service discovery is disabled"
msgstr "Voreinstellung: nicht gesetzt, d.h. Dienstsuche ist deaktiviert"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1839
+#: sssd-ldap.5.xml:1857
msgid "ldap_chpass_update_last_change (bool)"
msgstr "ldap_chpass_update_last_change (Boolesch)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1842
+#: sssd-ldap.5.xml:1860
msgid ""
"Specifies whether to update the ldap_user_shadow_last_change attribute with "
"days since the Epoch after a password change operation."
@@ -5732,12 +6071,12 @@ msgstr ""
"Passwortänderung mit Unix-Zeit geändert wird."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1854
+#: sssd-ldap.5.xml:1872
msgid "ldap_access_filter (string)"
msgstr "ldap_access_filter (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1857
+#: sssd-ldap.5.xml:1875
msgid ""
"If using access_provider = ldap and ldap_access_order = filter (default), "
"this option is mandatory. It specifies an LDAP search filter criteria that "
@@ -5767,12 +6106,12 @@ msgstr ""
"refentrytitle><manvolnum>5</manvolnum> </citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1877
+#: sssd-ldap.5.xml:1895
msgid "Example:"
msgstr "Beispiel:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1880
+#: sssd-ldap.5.xml:1898
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -5784,7 +6123,7 @@ msgstr ""
" "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1884
+#: sssd-ldap.5.xml:1902
msgid ""
"This example means that access to this host is restricted to users whose "
"employeeType attribute is set to \"admin\"."
@@ -5793,7 +6132,7 @@ msgstr ""
"beschränkt, deren employeeType-Attribut auf »admin« gesetzt ist."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1889
+#: sssd-ldap.5.xml:1907
msgid ""
"Offline caching for this feature is limited to determining whether the "
"user's last online login was granted access permission. If they were granted "
@@ -5805,17 +6144,17 @@ msgstr ""
"Falls ja, wird weiterhin offline Zugriff gegeben und umgekehrt."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1897 sssd-ldap.5.xml:1954
+#: sssd-ldap.5.xml:1915 sssd-ldap.5.xml:1972
msgid "Default: Empty"
msgstr "Voreinstellung: leer"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1903
+#: sssd-ldap.5.xml:1921
msgid "ldap_account_expire_policy (string)"
msgstr "ldap_account_expire_policy (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1906
+#: sssd-ldap.5.xml:1924
msgid ""
"With this option a client side evaluation of access control attributes can "
"be enabled."
@@ -5824,7 +6163,7 @@ msgstr ""
"Zugriffssteuerungsattribute aktiviert werden."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1910
+#: sssd-ldap.5.xml:1928
msgid ""
"Please note that it is always recommended to use server side access control, "
"i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -5835,12 +6174,12 @@ msgstr ""
"einem geeigneten Fehlercode zurückweisen, wenn das Passwort korrekt ist."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1917
+#: sssd-ldap.5.xml:1935
msgid "The following values are allowed:"
msgstr "Die folgenden Werte sind erlaubt:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1920
+#: sssd-ldap.5.xml:1938
msgid ""
"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
"determine if the account is expired."
@@ -5849,7 +6188,7 @@ msgstr ""
"»ldap_user_shadow_expire«, um zu bestimmen, ob das Konto abgelaufen ist."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1925
+#: sssd-ldap.5.xml:1943
msgid ""
"<emphasis>ad</emphasis>: use the value of the 32bit field "
"ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -5862,7 +6201,7 @@ msgstr ""
"gewährt. Außerdem wird die Ablaufzeit des Kontos geprüft."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1932
+#: sssd-ldap.5.xml:1950
msgid ""
"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
"emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -5873,7 +6212,7 @@ msgstr ""
"Zugriff erlaubt wird oder nicht."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1938
+#: sssd-ldap.5.xml:1956
msgid ""
"<emphasis>nds</emphasis>: the values of "
"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -5886,7 +6225,7 @@ msgstr ""
"Zugriff gewährt wird. Falls diese Attribute fehlen, wird Zugriff erteilt."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1947
+#: sssd-ldap.5.xml:1965
msgid ""
"Please note that the ldap_access_order configuration option <emphasis>must</"
"emphasis> include <quote>expire</quote> in order for the "
@@ -5897,24 +6236,24 @@ msgstr ""
"»ldap_account_expire_policy« funktioniert."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1960
+#: sssd-ldap.5.xml:1978
msgid "ldap_access_order (string)"
msgstr "ldap_access_order (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1963
+#: sssd-ldap.5.xml:1981
msgid "Comma separated list of access control options. Allowed values are:"
msgstr ""
"durch Kommata getrennte Liste von Zugriffssteuerungsoptionen. Folgende Werte "
"sind erlaubt:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1967
+#: sssd-ldap.5.xml:1985
msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
msgstr "<emphasis>filter</emphasis>: verwendet »ldap_access_filter«."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1970
+#: sssd-ldap.5.xml:1988
msgid ""
"<emphasis>lockout</emphasis>: use account locking. If set, this option "
"denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -5924,14 +6263,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1980
+#: sssd-ldap.5.xml:1998
msgid ""
"<emphasis> Please note that this option is superseded by the <quote>ppolicy</"
"quote> option and might be removed in a future release. </emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1987
+#: sssd-ldap.5.xml:2005
msgid ""
"<emphasis>ppolicy</emphasis>: use account locking. If set, this option "
"denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -5944,12 +6283,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2004
+#: sssd-ldap.5.xml:2022
msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
msgstr "<emphasis>expire</emphasis>: verwendet »ldap_account_expire_policy«."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2008
+#: sssd-ldap.5.xml:2026
msgid ""
"<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, "
"pwd_expire_policy_renew: </emphasis> These options are useful if users are "
@@ -5959,7 +6298,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2018
+#: sssd-ldap.5.xml:2036
msgid ""
"The difference between these options is the action taken if user password is "
"expired: pwd_expire_policy_reject - user is denied to log in, "
@@ -5969,20 +6308,20 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2026
+#: sssd-ldap.5.xml:2044
msgid ""
"Note If user password is expired no explicit message is prompted by SSSD."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2030
+#: sssd-ldap.5.xml:2048
msgid ""
"Please note that 'access_provider = ldap' must be set for this feature to "
"work. Also 'ldap_pwd_policy' must be set to an appropriate password policy."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2035
+#: sssd-ldap.5.xml:2053
msgid ""
"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
"to determine access"
@@ -5991,19 +6330,19 @@ msgstr ""
"»authorizedService«, um zu bestimmen, ob Zugriff gewährt wird."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2040
+#: sssd-ldap.5.xml:2058
msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
msgstr ""
"<emphasis>host</emphasis>: verwendet das Attribut »host«, um zu bestimmen, "
"ob Zugriff gewährt wird."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2044
+#: sssd-ldap.5.xml:2062
msgid "Default: filter"
msgstr "Voreinstellung: filter"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2047
+#: sssd-ldap.5.xml:2065
msgid ""
"Please note that it is a configuration error if a value is used more than "
"once."
@@ -6012,12 +6351,12 @@ msgstr ""
"mehr als einmal benutzt wird."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2054
+#: sssd-ldap.5.xml:2072
msgid "ldap_pwdlockout_dn (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2057
+#: sssd-ldap.5.xml:2075
msgid ""
"This option specifies the DN of password policy entry on LDAP server. Please "
"note that absence of this option in sssd.conf in case of enabled account "
@@ -6026,22 +6365,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2065
+#: sssd-ldap.5.xml:2083
msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2068
+#: sssd-ldap.5.xml:2086
msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2074
+#: sssd-ldap.5.xml:2092
msgid "ldap_deref (string)"
msgstr "ldap_deref (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2077
+#: sssd-ldap.5.xml:2095
msgid ""
"Specifies how alias dereferencing is done when performing a search. The "
"following options are allowed:"
@@ -6050,12 +6389,12 @@ msgstr ""
"folgenden Optionen sind erlaubt:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2082
+#: sssd-ldap.5.xml:2100
msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
msgstr "<emphasis>never</emphasis>: Alias werden nie dereferenziert."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2086
+#: sssd-ldap.5.xml:2104
msgid ""
"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
"the base object, but not in locating the base object of the search."
@@ -6065,7 +6404,7 @@ msgstr ""
"Suche."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2091
+#: sssd-ldap.5.xml:2109
msgid ""
"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
"the base object of the search."
@@ -6074,7 +6413,7 @@ msgstr ""
"der Suche dereferenziert."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2096
+#: sssd-ldap.5.xml:2114
msgid ""
"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
"in locating the base object of the search."
@@ -6083,7 +6422,7 @@ msgstr ""
"Orten des Basisobjekts der Suche dereferenziert."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2101
+#: sssd-ldap.5.xml:2119
msgid ""
"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
"client libraries)"
@@ -6092,12 +6431,12 @@ msgstr ""
"<emphasis>never</emphasis> gehandhabt.)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2109
+#: sssd-ldap.5.xml:2127
msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
msgstr "ldap_rfc2307_fallback_to_local_users (Boolesch)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2112
+#: sssd-ldap.5.xml:2130
msgid ""
"Allows to retain local users as members of an LDAP group for servers that "
"use the RFC2307 schema."
@@ -6106,7 +6445,7 @@ msgstr ""
"beizubehalten, die das Schema RFC2307 benutzen."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2116
+#: sssd-ldap.5.xml:2134
msgid ""
"In some environments where the RFC2307 schema is used, local users are made "
"members of LDAP groups by adding their names to the memberUid attribute. "
@@ -6124,7 +6463,7 @@ msgstr ""
"getpw*() oder initgroups() abzurufen."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2127
+#: sssd-ldap.5.xml:2145
msgid ""
"This option falls back to checking if local users are referenced, and caches "
"them so that later initgroups() calls will augment the local users with the "
@@ -6135,26 +6474,26 @@ msgstr ""
"die lokalen Benutzer um zusätzliche LDAP-Gruppen erweitert werden."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2139 sssd-ifp.5.xml:136
+#: sssd-ldap.5.xml:2157 sssd-ifp.5.xml:136
#, fuzzy
#| msgid "ldap_opt_timeout (integer)"
msgid "wildcart_limit (integer)"
msgstr "ldap_opt_timeout (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2142
+#: sssd-ldap.5.xml:2160
msgid ""
"Specifies an upper limit on the number of entries that are downloaded during "
"a wildcard lookup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2146
+#: sssd-ldap.5.xml:2164
msgid "At the moment, only the InfoPipe responder supports wildcard lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2150
+#: sssd-ldap.5.xml:2168
msgid "Default: 1000 (often the size of one page)"
msgstr ""
@@ -6174,12 +6513,12 @@ msgstr ""
"type=\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2160
+#: sssd-ldap.5.xml:2178
msgid "SUDO OPTIONS"
msgstr "SUDO-OPTIONEN"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2162
+#: sssd-ldap.5.xml:2180
msgid ""
"The detailed instructions for configuration of sudo_provider are in the "
"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -6190,52 +6529,52 @@ msgstr ""
"<manvolnum>5</manvolnum> </citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2173
+#: sssd-ldap.5.xml:2191
msgid "ldap_sudorule_object_class (string)"
msgstr "ldap_sudorule_object_class (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2176
+#: sssd-ldap.5.xml:2194
msgid "The object class of a sudo rule entry in LDAP."
msgstr "die Objektklasse eines Sudo-Regeleintrags in LDAP"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2179
+#: sssd-ldap.5.xml:2197
msgid "Default: sudoRole"
msgstr "Voreinstellung: sudoRole"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2185
+#: sssd-ldap.5.xml:2203
msgid "ldap_sudorule_name (string)"
msgstr "ldap_sudorule_name (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2188
+#: sssd-ldap.5.xml:2206
msgid "The LDAP attribute that corresponds to the sudo rule name."
msgstr "das LDAP-Attribut, das dem Namen der Sudo-Regel entspricht"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2198
+#: sssd-ldap.5.xml:2216
msgid "ldap_sudorule_command (string)"
msgstr "ldap_sudorule_command (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2201
+#: sssd-ldap.5.xml:2219
msgid "The LDAP attribute that corresponds to the command name."
msgstr "das LDAP-Attribut, das dem Namen des Befehls entspricht"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2205
+#: sssd-ldap.5.xml:2223
msgid "Default: sudoCommand"
msgstr "Voreinstellung: sudoCommand"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2211
+#: sssd-ldap.5.xml:2229
msgid "ldap_sudorule_host (string)"
msgstr "ldap_sudorule_host (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2214
+#: sssd-ldap.5.xml:2232
msgid ""
"The LDAP attribute that corresponds to the host name (or host IP address, "
"host IP network, or host netgroup)"
@@ -6244,17 +6583,17 @@ msgstr ""
"Netzwerk oder des Netzwerkgruppe des Rechners) entspricht"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2219
+#: sssd-ldap.5.xml:2237
msgid "Default: sudoHost"
msgstr "Voreinstellung: sudoHost"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2225
+#: sssd-ldap.5.xml:2243
msgid "ldap_sudorule_user (string)"
msgstr "ldap_sudorule_user (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2228
+#: sssd-ldap.5.xml:2246
msgid ""
"The LDAP attribute that corresponds to the user name (or UID, group name or "
"user's netgroup)"
@@ -6263,32 +6602,32 @@ msgstr ""
"oder der Netzwerkgruppe des Benutzers) entspricht"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2232
+#: sssd-ldap.5.xml:2250
msgid "Default: sudoUser"
msgstr "Voreinstellung: sudoUser"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2238
+#: sssd-ldap.5.xml:2256
msgid "ldap_sudorule_option (string)"
msgstr "ldap_sudorule_option (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2241
+#: sssd-ldap.5.xml:2259
msgid "The LDAP attribute that corresponds to the sudo options."
msgstr "das LDAP-Attribut, das den Sudo-Optionen entspricht"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2245
+#: sssd-ldap.5.xml:2263
msgid "Default: sudoOption"
msgstr "Voreinstellung: sudoOption"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2251
+#: sssd-ldap.5.xml:2269
msgid "ldap_sudorule_runasuser (string)"
msgstr "ldap_sudorule_runasuser (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2254
+#: sssd-ldap.5.xml:2272
msgid ""
"The LDAP attribute that corresponds to the user name that commands may be "
"run as."
@@ -6297,17 +6636,17 @@ msgstr ""
"ausgeführt werden können"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2258
+#: sssd-ldap.5.xml:2276
msgid "Default: sudoRunAsUser"
msgstr "Voreinstellung: sudoRunAsUser"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2264
+#: sssd-ldap.5.xml:2282
msgid "ldap_sudorule_runasgroup (string)"
msgstr "ldap_sudorule_runasgroup (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2267
+#: sssd-ldap.5.xml:2285
msgid ""
"The LDAP attribute that corresponds to the group name or group GID that "
"commands may be run as."
@@ -6316,17 +6655,17 @@ msgstr ""
"worunter Befehle ausgeführt werden können"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2271
+#: sssd-ldap.5.xml:2289
msgid "Default: sudoRunAsGroup"
msgstr "Voreinstellung: sudoRunAsGroup"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2277
+#: sssd-ldap.5.xml:2295
msgid "ldap_sudorule_notbefore (string)"
msgstr "ldap_sudorule_notbefore (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2280
+#: sssd-ldap.5.xml:2298
msgid ""
"The LDAP attribute that corresponds to the start date/time for when the sudo "
"rule is valid."
@@ -6335,17 +6674,17 @@ msgstr ""
"Sudo-Regel gültig wird."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2284
+#: sssd-ldap.5.xml:2302
msgid "Default: sudoNotBefore"
msgstr "Voreinstellung: sudoNotBefore"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2290
+#: sssd-ldap.5.xml:2308
msgid "ldap_sudorule_notafter (string)"
msgstr "ldap_sudorule_notafter (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2293
+#: sssd-ldap.5.xml:2311
msgid ""
"The LDAP attribute that corresponds to the expiration date/time, after which "
"the sudo rule will no longer be valid."
@@ -6354,32 +6693,32 @@ msgstr ""
"der die Sudo-Regel nicht länger gültig ist."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2298
+#: sssd-ldap.5.xml:2316
msgid "Default: sudoNotAfter"
msgstr "Voreinstellung: sudoNotAfter"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2304
+#: sssd-ldap.5.xml:2322
msgid "ldap_sudorule_order (string)"
msgstr "ldap_sudorule_order (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2307
+#: sssd-ldap.5.xml:2325
msgid "The LDAP attribute that corresponds to the ordering index of the rule."
msgstr "das LDAP-Attribut, das dem Reihenfolgenindex der Regel entspricht"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2311
+#: sssd-ldap.5.xml:2329
msgid "Default: sudoOrder"
msgstr "Voreinstellung: sudoOrder"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2317
+#: sssd-ldap.5.xml:2335
msgid "ldap_sudo_full_refresh_interval (integer)"
msgstr "ldap_sudo_full_refresh_interval (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2320
+#: sssd-ldap.5.xml:2338
msgid ""
"How many seconds SSSD will wait between executing a full refresh of sudo "
"rules (which downloads all rules that are stored on the server)."
@@ -6389,7 +6728,7 @@ msgstr ""
"heruntergeladen werden)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2325
+#: sssd-ldap.5.xml:2343
msgid ""
"The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
"emphasis>"
@@ -6398,17 +6737,17 @@ msgstr ""
"emphasis> sein."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2330
+#: sssd-ldap.5.xml:2348
msgid "Default: 21600 (6 hours)"
msgstr "Voreinstellung: 21600 (6 Stunden)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2336
+#: sssd-ldap.5.xml:2354
msgid "ldap_sudo_smart_refresh_interval (integer)"
msgstr "ldap_sudo_smart_refresh_interval (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2339
+#: sssd-ldap.5.xml:2357
msgid ""
"How many seconds SSSD has to wait before executing a smart refresh of sudo "
"rules (which downloads all rules that have USN higher than the highest USN "
@@ -6419,7 +6758,7 @@ msgstr ""
"höchste USN der zwischengespeicherten Regeln haben, heruntergeladen werden)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2345
+#: sssd-ldap.5.xml:2363
msgid ""
"If USN attributes are not supported by the server, the modifyTimestamp "
"attribute is used instead."
@@ -6428,12 +6767,12 @@ msgstr ""
"das Attribut »modifyTimestamp« benutzt."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2355
+#: sssd-ldap.5.xml:2373
msgid "ldap_sudo_use_host_filter (boolean)"
msgstr "ldap_sudo_use_host_filter (Boolesch)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2358
+#: sssd-ldap.5.xml:2376
msgid ""
"If true, SSSD will download only rules that are applicable to this machine "
"(using the IPv4 or IPv6 host/network addresses and hostnames)."
@@ -6443,12 +6782,12 @@ msgstr ""
"Netzwerkadressen und Rechnernamen)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2369
+#: sssd-ldap.5.xml:2387
msgid "ldap_sudo_hostnames (string)"
msgstr "ldap_sudo_hostnames (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2372
+#: sssd-ldap.5.xml:2390
msgid ""
"Space separated list of hostnames or fully qualified domain names that "
"should be used to filter the rules."
@@ -6457,7 +6796,7 @@ msgstr ""
"Domain-Namen, die zum Filtern der Regeln benutzt werden sollen"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2377
+#: sssd-ldap.5.xml:2395
msgid ""
"If this option is empty, SSSD will try to discover the hostname and the "
"fully qualified domain name automatically."
@@ -6466,8 +6805,8 @@ msgstr ""
"voll qualifizierten Domain-Namen automatisch herauszufinden."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2382 sssd-ldap.5.xml:2405 sssd-ldap.5.xml:2423
-#: sssd-ldap.5.xml:2441
+#: sssd-ldap.5.xml:2400 sssd-ldap.5.xml:2423 sssd-ldap.5.xml:2441
+#: sssd-ldap.5.xml:2459
msgid ""
"If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
"emphasis> then this option has no effect."
@@ -6476,17 +6815,17 @@ msgstr ""
"emphasis> ist, hat diese Option keine Auswirkungen."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2387 sssd-ldap.5.xml:2410
+#: sssd-ldap.5.xml:2405 sssd-ldap.5.xml:2428
msgid "Default: not specified"
msgstr "Voreinstellung: nicht angegeben"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2393
+#: sssd-ldap.5.xml:2411
msgid "ldap_sudo_ip (string)"
msgstr "ldap_sudo_ip (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2396
+#: sssd-ldap.5.xml:2414
msgid ""
"Space separated list of IPv4 or IPv6 host/network addresses that should be "
"used to filter the rules."
@@ -6495,7 +6834,7 @@ msgstr ""
"Netzwerkadressen, die zum Filtern der Regeln benutzt werden sollen"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2401
+#: sssd-ldap.5.xml:2419
msgid ""
"If this option is empty, SSSD will try to discover the addresses "
"automatically."
@@ -6504,12 +6843,12 @@ msgstr ""
"herauszufinden."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2416
+#: sssd-ldap.5.xml:2434
msgid "ldap_sudo_include_netgroups (boolean)"
msgstr "ldap_sudo_include_netgroups (Boolesch)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2419
+#: sssd-ldap.5.xml:2437
msgid ""
"If true then SSSD will download every rule that contains a netgroup in "
"sudoHost attribute."
@@ -6518,12 +6857,12 @@ msgstr ""
"eine Netzgruppe im Attribut »sudoHost« enthält."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2434
+#: sssd-ldap.5.xml:2452
msgid "ldap_sudo_include_regexp (boolean)"
msgstr "ldap_sudo_include_regexp (Boolesch)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2437
+#: sssd-ldap.5.xml:2455
msgid ""
"If true then SSSD will download every rule that contains a wildcard in "
"sudoHost attribute."
@@ -6532,7 +6871,7 @@ msgstr ""
"einen Platzhalter im Attribut »sudoHost« enthält."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2453
+#: sssd-ldap.5.xml:2471
msgid ""
"This manual page only describes attribute name mapping. For detailed "
"explanation of sudo related attribute semantics, see <citerefentry> "
@@ -6545,71 +6884,71 @@ msgstr ""
"manvolnum> </citerefentry>."
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2463
+#: sssd-ldap.5.xml:2481
msgid "AUTOFS OPTIONS"
msgstr "AUTOFS-OPTIONEN"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2465
+#: sssd-ldap.5.xml:2483
msgid ""
"Some of the defaults for the parameters below are dependent on the LDAP "
"schema."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2471
+#: sssd-ldap.5.xml:2489
msgid "ldap_autofs_map_master_name (string)"
msgstr "ldap_autofs_map_master_name (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2474
+#: sssd-ldap.5.xml:2492
msgid "The name of the automount master map in LDAP."
msgstr "Der Name der Automount-Master-Abbildung in LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2477
+#: sssd-ldap.5.xml:2495
msgid "Default: auto.master"
msgstr "Voreinstellung: auto.master"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2484
+#: sssd-ldap.5.xml:2502
msgid "ldap_autofs_map_object_class (string)"
msgstr "ldap_autofs_map_object_class (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2487
+#: sssd-ldap.5.xml:2505
msgid "The object class of an automount map entry in LDAP."
msgstr "die Objektklasse eines Automount-Abbildungseintrags in LDAP"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2490
+#: sssd-ldap.5.xml:2508
msgid "Default: automountMap"
msgstr "Voreinstellung: automountMap"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2497
+#: sssd-ldap.5.xml:2515
msgid "ldap_autofs_map_name (string)"
msgstr "ldap_autofs_map_name (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2500
+#: sssd-ldap.5.xml:2518
msgid "The name of an automount map entry in LDAP."
msgstr "der Name eines Automount-Abbildungseintrags in LDAP"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2503
+#: sssd-ldap.5.xml:2521
#, fuzzy
#| msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
msgid "Default: ou (rfc2307), automountMapName (rfc2307bis, ipa, ad)"
msgstr "Voreinstellung: memberuid (rfc2307) / member (rfc2307bis)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2511
+#: sssd-ldap.5.xml:2529
msgid "ldap_autofs_entry_object_class (string)"
msgstr "ldap_autofs_entry_object_class (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2514
+#: sssd-ldap.5.xml:2532
#, fuzzy
#| msgid ""
#| "The key of an automount entry in LDAP. The entry usually corresponds to a "
@@ -6622,19 +6961,19 @@ msgstr ""
"Eintrag einem Einhängepunkt."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2519
+#: sssd-ldap.5.xml:2537
#, fuzzy
#| msgid "Default: automountMap"
msgid "Default: automount"
msgstr "Voreinstellung: automountMap"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2526
+#: sssd-ldap.5.xml:2544
msgid "ldap_autofs_entry_key (string)"
msgstr "ldap_autofs_entry_key (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2529 sssd-ldap.5.xml:2544
+#: sssd-ldap.5.xml:2547 sssd-ldap.5.xml:2562
msgid ""
"The key of an automount entry in LDAP. The entry usually corresponds to a "
"mount point."
@@ -6643,24 +6982,24 @@ msgstr ""
"Eintrag einem Einhängepunkt."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2533
+#: sssd-ldap.5.xml:2551
#, fuzzy
#| msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
msgid "Default: cn (rfc2307), automountKey (rfc2307bis, ipa, ad)"
msgstr "Voreinstellung: memberuid (rfc2307) / member (rfc2307bis)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2541
+#: sssd-ldap.5.xml:2559
msgid "ldap_autofs_entry_value (string)"
msgstr "ldap_autofs_entry_value (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2548
+#: sssd-ldap.5.xml:2566
msgid "Default: automountInformation"
msgstr "Voreinstellung: automountInformation"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2469
+#: sssd-ldap.5.xml:2487
msgid ""
"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
@@ -6673,32 +7012,32 @@ msgstr ""
"\"variablelist\" id=\"4\"/> <placeholder type=\"variablelist\" id=\"5\"/>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2558
+#: sssd-ldap.5.xml:2576
msgid "ADVANCED OPTIONS"
msgstr "ERWEITERTE OPTIONEN"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2565
+#: sssd-ldap.5.xml:2583
msgid "ldap_netgroup_search_base (string)"
msgstr "ldap_netgroup_search_base (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2570
+#: sssd-ldap.5.xml:2588
msgid "ldap_user_search_base (string)"
msgstr "ldap_user_search_base (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2575
+#: sssd-ldap.5.xml:2593
msgid "ldap_group_search_base (string)"
msgstr "ldap_group_search_base (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><note>
-#: sssd-ldap.5.xml:2580
+#: sssd-ldap.5.xml:2598
msgid "<note>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para>
-#: sssd-ldap.5.xml:2582
+#: sssd-ldap.5.xml:2600
msgid ""
"If the option <quote>ldap_use_tokengroups</quote> is enabled. The searches "
"against Active Directory will not be restricted and return all groups "
@@ -6707,22 +7046,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist>
-#: sssd-ldap.5.xml:2589
+#: sssd-ldap.5.xml:2607
msgid "</note>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2591
+#: sssd-ldap.5.xml:2609
msgid "ldap_sudo_search_base (string)"
msgstr "ldap_sudo_search_base (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2596
+#: sssd-ldap.5.xml:2614
msgid "ldap_autofs_search_base (string)"
msgstr "ldap_autofs_search_base (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2560
+#: sssd-ldap.5.xml:2578
msgid ""
"These options are supported by LDAP domains, but they should be used with "
"caution. Please include them in your configuration only if you know what you "
@@ -6731,7 +7070,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2613
+#: sssd-ldap.5.xml:2631
msgid ""
"The following example assumes that SSSD is correctly configured and LDAP is "
"set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -6742,7 +7081,7 @@ msgstr ""
"gesetzt ist."
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2619
+#: sssd-ldap.5.xml:2637
#, no-wrap
msgid ""
"[domain/LDAP]\n"
@@ -6755,26 +7094,26 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: sssd-ldap.5.xml:2618 sssd-ldap.5.xml:2636 sssd-simple.5.xml:139
-#: sssd-ipa.5.xml:725 sssd-ad.5.xml:897 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98
+#: sssd-ldap.5.xml:2636 sssd-ldap.5.xml:2654 sssd-simple.5.xml:139
+#: sssd-ipa.5.xml:725 sssd-ad.5.xml:973 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98
#: sssd-krb5.5.xml:573 include/ldap_id_mapping.xml:105
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr "<placeholder type=\"programlisting\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2630
+#: sssd-ldap.5.xml:2648
msgid "LDAP ACCESS FILTER EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2632
+#: sssd-ldap.5.xml:2650
msgid ""
"The following example assumes that SSSD is correctly configured and to use "
"the ldap_access_order=lockout."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2637
+#: sssd-ldap.5.xml:2655
#, no-wrap
msgid ""
"[domain/LDAP]\n"
@@ -6790,13 +7129,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2652 sssd_krb5_locator_plugin.8.xml:61
-#: sssd-simple.5.xml:148 sssd-ad.5.xml:912 sssd.8.xml:195 sss_seed.8.xml:163
+#: sssd-ldap.5.xml:2670 sssd_krb5_locator_plugin.8.xml:61
+#: sssd-simple.5.xml:148 sssd-ad.5.xml:988 sssd.8.xml:195 sss_seed.8.xml:163
msgid "NOTES"
msgstr "ANMERKUNGEN"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2654
+#: sssd-ldap.5.xml:2672
msgid ""
"The descriptions of some of the configuration options in this manual page "
"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -6837,11 +7176,12 @@ msgid ""
"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </"
"arg> <arg choice='opt'> <replaceable>ignore_unknown_user</replaceable> </"
"arg> <arg choice='opt'> <replaceable>ignore_authinfo_unavail</replaceable> </"
-"arg> <arg choice='opt'> <replaceable>domains=X</replaceable> </arg>"
+"arg> <arg choice='opt'> <replaceable>domains=X</replaceable> </arg> <arg "
+"choice='opt'> <replaceable>allow_missing_name</replaceable> </arg>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:54
+#: pam_sss.8.xml:57
msgid ""
"<command>pam_sss.so</command> is the PAM interface to the System Security "
"Services daemon (SSSD). Errors and results are logged through "
@@ -6853,22 +7193,22 @@ msgstr ""
"Fertigkeit LOG_AUTHPRIV protokolliert."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:64
+#: pam_sss.8.xml:67
msgid "<option>quiet</option>"
msgstr "<option>quiet</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:67
+#: pam_sss.8.xml:70
msgid "Suppress log messages for unknown users."
msgstr "unterdrückt Protokollnachrichten für unbekannte Benutzer"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:72
+#: pam_sss.8.xml:75
msgid "<option>forward_pass</option>"
msgstr "<option>forward_pass</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:75
+#: pam_sss.8.xml:78
msgid ""
"If <option>forward_pass</option> is set the entered password is put on the "
"stack for other PAM modules to use."
@@ -6878,12 +7218,12 @@ msgstr ""
"es nutzen können."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:82
+#: pam_sss.8.xml:85
msgid "<option>use_first_pass</option>"
msgstr "<option>use_first_pass</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:85
+#: pam_sss.8.xml:88
msgid ""
"The argument use_first_pass forces the module to use a previous stacked "
"modules password and will never prompt the user - if no password is "
@@ -6895,12 +7235,12 @@ msgstr ""
"ungeeignet ist, wird dem Benutzer der Zugriff verwehrt."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:93
+#: pam_sss.8.xml:96
msgid "<option>use_authtok</option>"
msgstr "<option>use_authtok</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:96
+#: pam_sss.8.xml:99
msgid ""
"When password changing enforce the module to set the new password to the one "
"provided by a previously stacked password module."
@@ -6910,12 +7250,12 @@ msgstr ""
"bereitgestellt wird."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:103
+#: pam_sss.8.xml:106
msgid "<option>retry=N</option>"
msgstr "<option>retry=N</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:106
+#: pam_sss.8.xml:109
msgid ""
"If specified the user is asked another N times for a password if "
"authentication fails. Default is 0."
@@ -6924,7 +7264,7 @@ msgstr ""
"gefragt, falls die Authentifizierung fehlschlägt. Voreinstellung ist 0."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:108
+#: pam_sss.8.xml:111
msgid ""
"Please note that this option might not work as expected if the application "
"calling PAM handles the user dialog on its own. A typical example is "
@@ -6936,12 +7276,12 @@ msgstr ""
"<option>PasswordAuthentication</option>."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:117
+#: pam_sss.8.xml:120
msgid "<option>ignore_unknown_user</option>"
msgstr "<option>ignore_unknown_user</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:120
+#: pam_sss.8.xml:123
msgid ""
"If this option is specified and the user does not exist, the PAM module will "
"return PAM_IGNORE. This causes the PAM framework to ignore this module."
@@ -6951,12 +7291,12 @@ msgstr ""
"Framework dieses Modul ignoriert."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:127
+#: pam_sss.8.xml:130
msgid "<option>ignore_authinfo_unavail</option>"
msgstr "<option>ignore_authinfo_unavail</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:131
+#: pam_sss.8.xml:134
msgid ""
"Specifies that the PAM module should return PAM_IGNORE if it cannot contact "
"the SSSD daemon. This causes the PAM framework to ignore this module."
@@ -6966,12 +7306,12 @@ msgstr ""
"Framework dieses Modul ignoriert."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:138
+#: pam_sss.8.xml:141
msgid "<option>domains</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:142
+#: pam_sss.8.xml:145
msgid ""
"Allows the administrator to restrict the domains a particular PAM service is "
"allowed to authenticate against. The format is a comma-separated list of "
@@ -6979,7 +7319,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:148
+#: pam_sss.8.xml:151
msgid ""
"NOTE: Must be used in conjunction with the <quote>pam_trusted_users</quote> "
"and <quote>pam_public_domains</quote> options. Please see the "
@@ -6988,13 +7328,46 @@ msgid ""
"responder options."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:165
+#, fuzzy
+#| msgid "<option>forward_pass</option>"
+msgid "<option>allow_missing_name</option>"
+msgstr "<option>forward_pass</option>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:169
+msgid ""
+"The main purpose of this option is to let SSSD determine the user name based "
+"on additional information, e.g. the certificate from a Smartcard."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
+#: pam_sss.8.xml:179
+#, no-wrap
+msgid ""
+" auth sufficient pam_sss.so allow_missing_name\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:174
+msgid ""
+"The current use case are login managers which can monitor a Smartcard reader "
+"for card events. In case a Smartcard is inserted the login manager will call "
+"a PAM stack which includes a line like <placeholder type=\"programlisting\" "
+"id=\"0\"/> In this case SSSD will try to determine the user name based on "
+"the content of the Smartcard, returns it to pam_sss which will finally put "
+"it on the PAM stack."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:164
+#: pam_sss.8.xml:191
msgid "MODULE TYPES PROVIDED"
msgstr "BEREITGESTELLTE MODULTYPEN"
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:165
+#: pam_sss.8.xml:192
msgid ""
"All module types (<option>account</option>, <option>auth</option>, "
"<option>password</option> and <option>session</option>) are provided."
@@ -7004,12 +7377,12 @@ msgstr ""
"bereitgestellt."
#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:171
+#: pam_sss.8.xml:198
msgid "FILES"
msgstr "DATEIEN"
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:172
+#: pam_sss.8.xml:199
msgid ""
"If a password reset by root fails, because the corresponding SSSD provider "
"does not support password resets, an individual message can be displayed. "
@@ -7021,7 +7394,7 @@ msgstr ""
"Anweisungen enthalten, wie ein Passwort zurückgesetzt wird."
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:177
+#: pam_sss.8.xml:204
msgid ""
"The message is read from the file <filename>pam_sss_pw_reset_message.LOC</"
"filename> where LOC stands for a locale string returned by <citerefentry> "
@@ -7041,7 +7414,7 @@ msgstr ""
"Leserechte haben dürfen."
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:187
+#: pam_sss.8.xml:214
msgid ""
"These files are searched in the directory <filename>/etc/sssd/customize/"
"DOMAIN_NAME/</filename>. If no matching file is present a generic message is "
@@ -7253,7 +7626,7 @@ msgstr ""
"Lokale Gruppen werden nicht ausgewertet."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:89
+#: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:90
msgid ""
"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -7458,18 +7831,25 @@ msgstr ""
"zu identifizieren."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:116 sssd-ad.5.xml:714
+#: sssd-ipa.5.xml:116 sssd-ad.5.xml:790
msgid "dyndns_update (boolean)"
msgstr "dyndns_update (Boolesch)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:119
+#, fuzzy
+#| msgid ""
+#| "Optional. This option tells SSSD to automatically update the DNS server "
+#| "built into FreeIPA v2 with the IP address of this client. The update is "
+#| "secured using GSS-TSIG. The IP address of the IPA LDAP connection is used "
+#| "for the updates, if it is not otherwise specified by using the "
+#| "<quote>dyndns_iface</quote> option."
msgid ""
"Optional. This option tells SSSD to automatically update the DNS server "
-"built into FreeIPA v2 with the IP address of this client. The update is "
-"secured using GSS-TSIG. The IP address of the IPA LDAP connection is used "
-"for the updates, if it is not otherwise specified by using the "
-"<quote>dyndns_iface</quote> option."
+"built into FreeIPA with the IP address of this client. The update is secured "
+"using GSS-TSIG. The IP address of the IPA LDAP connection is used for the "
+"updates, if it is not otherwise specified by using the <quote>dyndns_iface</"
+"quote> option."
msgstr ""
"optional. Diese Option teilt SSSD mit, dass es den in FreeIPA v2 eingebauten "
"DNS-Server mit der IP-Adresse dieses Clients aktualisieren soll. Die "
@@ -7478,7 +7858,7 @@ msgstr ""
"»dyndns_iface« keine andere angegeben wurde."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:128 sssd-ad.5.xml:728
+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:804
msgid ""
"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
"the default Kerberos realm must be set properly in /etc/krb5.conf"
@@ -7500,12 +7880,12 @@ msgstr ""
"Konfigurationsdatei migrieren."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:145 sssd-ad.5.xml:739
+#: sssd-ipa.5.xml:145 sssd-ad.5.xml:815
msgid "dyndns_ttl (integer)"
msgstr "dyndns_ttl (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:148 sssd-ad.5.xml:742
+#: sssd-ipa.5.xml:148 sssd-ad.5.xml:818
msgid ""
"The TTL to apply to the client DNS record when updating it. If "
"dyndns_update is false this has no effect. This will override the TTL "
@@ -7534,12 +7914,12 @@ msgid "Default: 1200 (seconds)"
msgstr "Voreinstellung: 1200 (Sekunden)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:165 sssd-ad.5.xml:753
+#: sssd-ipa.5.xml:165 sssd-ad.5.xml:829
msgid "dyndns_iface (string)"
msgstr "dyndns_iface (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168 sssd-ad.5.xml:756
+#: sssd-ipa.5.xml:168 sssd-ad.5.xml:832
#, fuzzy
#| msgid ""
#| "Optional. Applicable only when dyndns_update is true. Choose the "
@@ -7576,7 +7956,7 @@ msgid ""
msgstr "Voreinstellung: verwendet die IP-Adresse der IPA-LDAP-Verbindung"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:185 sssd-ad.5.xml:767
+#: sssd-ipa.5.xml:185 sssd-ad.5.xml:843
msgid "Example: dyndns_iface = em1, vnet1, vnet2"
msgstr ""
@@ -7586,7 +7966,7 @@ msgid "ipa_enable_dns_sites (boolean)"
msgstr "ipa_enable_dns_sites (Boolesch)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:194 sssd-ad.5.xml:152
+#: sssd-ipa.5.xml:194 sssd-ad.5.xml:160
msgid "Enables DNS sites - location based service discovery."
msgstr "aktiviert DNS-Sites – standortbasierte Dienstsuche"
@@ -7611,12 +7991,12 @@ msgstr ""
"gefundenen als Sicherungsserver."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:217 sssd-ad.5.xml:773
+#: sssd-ipa.5.xml:217 sssd-ad.5.xml:849
msgid "dyndns_refresh_interval (integer)"
msgstr "dyndns_refresh_interval (Ganzzahl)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:220 sssd-ad.5.xml:776
+#: sssd-ipa.5.xml:220 sssd-ad.5.xml:852
msgid ""
"How often should the back end perform periodic DNS update in addition to the "
"automatic update performed when the back end goes online. This option is "
@@ -7627,12 +8007,12 @@ msgstr ""
"Diese Option ist optional und nur anwendbar, wenn »dyndns_update« »true« ist."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:233 sssd-ad.5.xml:789
+#: sssd-ipa.5.xml:233 sssd-ad.5.xml:865
msgid "dyndns_update_ptr (bool)"
msgstr "dyndns_update_ptr (Boolesch)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:236 sssd-ad.5.xml:792
+#: sssd-ipa.5.xml:236 sssd-ad.5.xml:868
msgid ""
"Whether the PTR record should also be explicitly updated when updating the "
"client's DNS records. Applicable only when dyndns_update is true."
@@ -7657,12 +8037,12 @@ msgid "Default: False (disabled)"
msgstr "Voreinstellung: False (deaktiviert)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:253 sssd-ad.5.xml:803
+#: sssd-ipa.5.xml:253 sssd-ad.5.xml:879
msgid "dyndns_force_tcp (bool)"
msgstr "dyndns_force_tcp (Boolesch)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:256 sssd-ad.5.xml:806
+#: sssd-ipa.5.xml:256 sssd-ad.5.xml:882
msgid ""
"Whether the nsupdate utility should default to using TCP for communicating "
"with the DNS server."
@@ -7671,40 +8051,40 @@ msgstr ""
"DNS-Server verwenden soll"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:260 sssd-ad.5.xml:810
+#: sssd-ipa.5.xml:260 sssd-ad.5.xml:886
msgid "Default: False (let nsupdate choose the protocol)"
msgstr "Voreinstellung: False (lässt Nsupdate das Protokoll auswählen)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:266 sssd-ad.5.xml:816
+#: sssd-ipa.5.xml:266 sssd-ad.5.xml:892
#, fuzzy
#| msgid "dyndns_iface (string)"
msgid "dyndns_server (string)"
msgstr "dyndns_iface (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:269 sssd-ad.5.xml:819
+#: sssd-ipa.5.xml:269 sssd-ad.5.xml:895
msgid ""
"The DNS server to use when performing a DNS update. In most setups, it's "
"recommended to leave this option unset."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:274 sssd-ad.5.xml:824
+#: sssd-ipa.5.xml:274 sssd-ad.5.xml:900
msgid ""
"Setting this option makes sense for environments where the DNS server is "
"different from the identity server."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:279 sssd-ad.5.xml:829
+#: sssd-ipa.5.xml:279 sssd-ad.5.xml:905
msgid ""
"Please note that this option will be only used in fallback attempt when "
"previous attempt using autodetected settings failed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:284 sssd-ad.5.xml:834
+#: sssd-ipa.5.xml:284 sssd-ad.5.xml:910
#, fuzzy
#| msgid "Default: False (let nsupdate choose the protocol)"
msgid "Default: None (let nsupdate choose the server)"
@@ -7829,7 +8209,7 @@ msgstr ""
"prüft mit Hilfe von »krb5_keytab«, ob das erhaltene TGT keine Täuschung ist."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:408 sssd-ad.5.xml:855
+#: sssd-ipa.5.xml:408 sssd-ad.5.xml:931
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
@@ -7925,26 +8305,26 @@ msgstr ""
"Verwendung dieser Option ein Konfigurationsfehler."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:480 sssd-ad.5.xml:862
+#: sssd-ipa.5.xml:480 sssd-ad.5.xml:938
msgid "krb5_confd_path (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:483 sssd-ad.5.xml:865
+#: sssd-ipa.5.xml:483 sssd-ad.5.xml:941
msgid ""
"Absolute path of a directory where SSSD should place Kerberos configuration "
"snippets."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:487 sssd-ad.5.xml:869
+#: sssd-ipa.5.xml:487 sssd-ad.5.xml:945
msgid ""
"To disable the creation of the configuration snippets set the parameter to "
"'none'."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:491 sssd-ad.5.xml:873
+#: sssd-ipa.5.xml:491 sssd-ad.5.xml:949
msgid ""
"Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
msgstr ""
@@ -7966,7 +8346,7 @@ msgstr ""
"Zugriffssteuerungsanfragen in einer kurzen Zeitspanne ankommen."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:508 sssd-ipa.5.xml:524 sssd-ad.5.xml:347
+#: sssd-ipa.5.xml:508 sssd-ipa.5.xml:524 sssd-ad.5.xml:355
msgid "Default: 5 (seconds)"
msgstr "Voreinstellung: 5 (Sekunden)"
@@ -8296,17 +8676,23 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ad.5.xml:45
+#, fuzzy
+#| msgid ""
+#| "The AD provider is able to provide identity information and "
+#| "authentication for entities from trusted domains as well. Currently only "
+#| "trusted domains in the same forest are recognized."
msgid ""
-"The AD provider is able to provide identity information and authentication "
-"for entities from trusted domains as well. Currently only trusted domains in "
-"the same forest are recognized."
+"The AD provider can be used to get user information and authenticate users "
+"from trusted domains. Currently only trusted domains in the same forest are "
+"recognized. In addition servers from trusted domains are always auto-"
+"discovered."
msgstr ""
"Der AD-Anbieter stellt Identitätsinformationen bereit und ermöglicht die "
"Authentifizierung für Einträge in vertrauenswürdigen Domains. Derzeit werden "
"nur vertrauenswürdige Domains im gleichen Wald unterstützt."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:50
+#: sssd-ad.5.xml:51
msgid ""
"The AD provider accepts the same options used by the <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -8321,11 +8707,16 @@ msgstr ""
"citerefentry> benutzt werden, mit einigen unten beschriebenen Ausnahmen."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:62
+#: sssd-ad.5.xml:63
+#, fuzzy
+#| msgid ""
+#| "However, it is neither necessary nor recommended to set these options. "
+#| "The AD provider can also be used as an access, chpass and sudo provider. "
+#| "No configuration of the access provider is required on the client side."
msgid ""
"However, it is neither necessary nor recommended to set these options. The "
-"AD provider can also be used as an access, chpass and sudo provider. No "
-"configuration of the access provider is required on the client side."
+"AD provider can also be used as an access, chpass, sudo and autofs provider. "
+"No configuration of the access provider is required on the client side."
msgstr ""
"Allerdings ist es weder notwendig noch empfehlenswert, diese Optionen zu "
"setzen. Der AD-Anbieter kann auch als Anbieter für »access«, »chpass« und "
@@ -8333,7 +8724,7 @@ msgstr ""
"Zugriffs-Anbieters erforderlich."
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:74
+#: sssd-ad.5.xml:75
#, no-wrap
msgid ""
"ldap_id_mapping = False\n"
@@ -8343,7 +8734,7 @@ msgstr ""
" "
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:68
+#: sssd-ad.5.xml:69
msgid ""
"By default, the AD provider will map UID and GID values from the objectSID "
"parameter in Active Directory. For details on this, see the <quote>ID "
@@ -8365,7 +8756,7 @@ msgstr ""
"Globalen Katalog repliziert werden."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:81
+#: sssd-ad.5.xml:82
msgid ""
"Users, groups and other entities served by SSSD are always treated as case-"
"insensitive in the AD provider for compatibility with Active Directory's "
@@ -8376,12 +8767,12 @@ msgstr ""
"Implementation in Active Directory zu gewährleisten."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:96
+#: sssd-ad.5.xml:97
msgid "ad_domain (string)"
msgstr "ad_domain (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:99
+#: sssd-ad.5.xml:100
msgid ""
"Specifies the name of the Active Directory domain. This is optional. If not "
"provided, the configuration domain name is used."
@@ -8390,7 +8781,7 @@ msgstr ""
"nicht angegeben, wird der Name der konfigurierten Domain benutzt."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:104
+#: sssd-ad.5.xml:105
msgid ""
"For proper operation, this option should be specified as the lower-case "
"version of the long version of the Active Directory domain."
@@ -8400,7 +8791,7 @@ msgstr ""
"angegeben werden."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:109
+#: sssd-ad.5.xml:110
msgid ""
"The short domain name (also known as the NetBIOS or the flat name) is "
"autodetected by the SSSD."
@@ -8409,18 +8800,23 @@ msgstr ""
"SSSD automatisch ermittelt."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:116
+#: sssd-ad.5.xml:117
msgid "ad_server, ad_backup_server (string)"
msgstr "ad_server, ad_backup_server (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:119
+#: sssd-ad.5.xml:120
+#, fuzzy
+#| msgid ""
+#| "The comma-separated list of hostnames of the AD servers to which SSSD "
+#| "should connect in order of preference. For more information on failover "
+#| "and server redundancy, see the <quote>FAILOVER</quote> section. This is "
+#| "optional if autodiscovery is enabled. For more information on service "
+#| "discovery, refer to the <quote>SERVICE DISCOVERY</quote> section."
msgid ""
"The comma-separated list of hostnames of the AD servers to which SSSD should "
"connect in order of preference. For more information on failover and server "
-"redundancy, see the <quote>FAILOVER</quote> section. This is optional if "
-"autodiscovery is enabled. For more information on service discovery, refer "
-"to the <quote>SERVICE DISCOVERY</quote> section."
+"redundancy, see the <quote>FAILOVER</quote> section."
msgstr ""
"Die durch Kommata getrennte Liste von Rechnernamen der AD-Server in der "
"Reihenfolge, in der sich SSSD mit ihnen verbinden soll. Weitere "
@@ -8428,13 +8824,27 @@ msgstr ""
"»AUSFALLSICHERUNG«. Falls automatisches Auffinden aktiviert ist, ist dies "
"optional. Weitere Informationen finden Sie im Abschnitt »DIENSTSUCHE«."
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:127
+msgid ""
+"This is optional if autodiscovery is enabled. For more information on "
+"service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ad.5.xml:132
+msgid ""
+"Note: Trusted domains will always auto-discover servers even if the primary "
+"server is explicitly defined in the ad_server option."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:140
msgid "ad_hostname (string)"
msgstr "ad_hostname (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:135
+#: sssd-ad.5.xml:143
msgid ""
"Optional. May be set on machines where the hostname(5) does not reflect the "
"fully qualified name used in the Active Directory domain to identify this "
@@ -8445,7 +8855,7 @@ msgstr ""
"werden, um sie zu identifizieren."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:141
+#: sssd-ad.5.xml:149
msgid ""
"This field is used to determine the host principal in use in the keytab. It "
"must match the hostname for which the keytab was issued."
@@ -8455,12 +8865,12 @@ msgstr ""
"ausgegeben wurde."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:149
+#: sssd-ad.5.xml:157
msgid "ad_enable_dns_sites (boolean)"
msgstr "ad_enable_dns_sites (Boolesch)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:156
+#: sssd-ad.5.xml:164
msgid ""
"If true and service discovery (see Service Discovery paragraph at the bottom "
"of the man page) is enabled, the SSSD will first attempt to discover the "
@@ -8478,12 +8888,12 @@ msgstr ""
"Aufdeckung verwendet."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:172
+#: sssd-ad.5.xml:180
msgid "ad_access_filter (string)"
msgstr "ad_access_filter (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:175
+#: sssd-ad.5.xml:183
msgid ""
"This option specifies LDAP access control filter that the user must match in "
"order to be allowed access. Please note that the <quote>access_provider</"
@@ -8496,7 +8906,7 @@ msgstr ""
"quote> gesetzt werden muss, damit sie wirksam ist."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:183
+#: sssd-ad.5.xml:191
msgid ""
"The option also supports specifying different filters per domain or forest. "
"This extended filter would consist of: <quote>KEYWORD:NAME:FILTER</quote>. "
@@ -8509,7 +8919,7 @@ msgstr ""
"<quote>FOREST</quote> sein oder auch weggelassen werden."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:191
+#: sssd-ad.5.xml:199
msgid ""
"If the keyword equals to <quote>DOM</quote> or is missing, then <quote>NAME</"
"quote> specifies the domain or subdomain the filter applies to. If the "
@@ -8523,7 +8933,7 @@ msgstr ""
"<quote>NAME</quote> angegeben ist."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:199
+#: sssd-ad.5.xml:207
msgid ""
"Multiple filters can be separated with the <quote>?</quote> character, "
"similarly to how search bases work."
@@ -8532,7 +8942,7 @@ msgstr ""
"so wie es auch in Suchmaschinen üblich ist."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:204
+#: sssd-ad.5.xml:212
msgid ""
"The most specific match is always used. For example, if the option specified "
"filter for a domain the user is a member of and a global filter, the per-"
@@ -8546,7 +8956,7 @@ msgstr ""
"der erste verwendet."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ad.5.xml:215
+#: sssd-ad.5.xml:223
#, no-wrap
msgid ""
"# apply filter on domain called dom1 only:\n"
@@ -8570,29 +8980,29 @@ msgstr ""
" "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:225 sssd-ad.5.xml:239
+#: sssd-ad.5.xml:233 sssd-ad.5.xml:247
msgid "Default: Not set"
msgstr "Voreinstellung: Nicht gesetzt"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:231
+#: sssd-ad.5.xml:239
msgid "ad_site (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:234
+#: sssd-ad.5.xml:242
msgid ""
"Specify AD site to which client should try to connect. If this option is "
"not provided, the AD site will be auto-discovered."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:245
+#: sssd-ad.5.xml:253
msgid "ad_enable_gc (boolean)"
msgstr "ad_enable_gc (Boolesch)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:248
+#: sssd-ad.5.xml:256
msgid ""
"By default, the SSSD connects to the Global Catalog first to retrieve users "
"from trusted domains and uses the LDAP port to retrieve group memberships or "
@@ -8606,7 +9016,7 @@ msgstr ""
"dem LDAP-Port des aktuellen Servers."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:256
+#: sssd-ad.5.xml:264
msgid ""
"Please note that disabling Global Catalog support does not disable "
"retrieving users from trusted domains. The SSSD would connect to the LDAP "
@@ -8621,12 +9031,12 @@ msgstr ""
"können."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:270
+#: sssd-ad.5.xml:278
msgid "ad_gpo_access_control (string)"
msgstr "ad_gpo_access_control (Zeichenkette)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:273
+#: sssd-ad.5.xml:281
msgid ""
"This option specifies the operation mode for GPO-based access control "
"functionality: whether it operates in disabled mode, enforcing mode, or "
@@ -8640,7 +9050,7 @@ msgstr ""
"auf <quote>ad</quote> gesetzt werden muss, damit sie wirksam ist."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:282
+#: sssd-ad.5.xml:290
msgid ""
"GPO-based access control functionality uses GPO policy settings to determine "
"whether or not a particular user is allowed to logon to a particular host."
@@ -8650,7 +9060,7 @@ msgstr ""
"anmelden darf."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:288
+#: sssd-ad.5.xml:296
msgid ""
"NOTE: If the operation mode is set to enforcing, it is possible that users "
"that were previously allowed logon access will now be denied logon access "
@@ -8673,12 +9083,12 @@ msgstr ""
"»enforcing« gesetzt wird."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:301
+#: sssd-ad.5.xml:309
msgid "There are three supported values for this option:"
msgstr "Für diese Option werden drei Werte unterstützt:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:305
+#: sssd-ad.5.xml:313
msgid ""
"disabled: GPO-based access control rules are neither evaluated nor enforced."
msgstr ""
@@ -8686,14 +9096,14 @@ msgstr ""
"deren Anwendung erzwungen."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:311
+#: sssd-ad.5.xml:319
msgid "enforcing: GPO-based access control rules are evaluated and enforced."
msgstr ""
"enforcing: GPO-basierte Zugriffskontrollregeln werden sowohl ausgewertet als "
"auch deren Anwendung erzwungen."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:317
+#: sssd-ad.5.xml:325
msgid ""
"permissive: GPO-based access control rules are evaluated, but not enforced. "
"Instead, a syslog message will be emitted indicating that the user would "
@@ -8705,22 +9115,22 @@ msgstr ""
"verweigert werden würde, wenn die Option auf »enforcing« gesetzt wäre."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:328
+#: sssd-ad.5.xml:336
msgid "Default: permissive"
msgstr "Voreinstellung: permissive"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:331
+#: sssd-ad.5.xml:339
msgid "Default: enforcing"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:337
+#: sssd-ad.5.xml:345
msgid "ad_gpo_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:340
+#: sssd-ad.5.xml:348
msgid ""
"The amount of time between lookups of GPO policy files against the AD "
"server. This will reduce the latency and load on the AD server if there are "
@@ -8728,12 +9138,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:353
+#: sssd-ad.5.xml:361
msgid "ad_gpo_map_interactive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:356
+#: sssd-ad.5.xml:364
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the InteractiveLogonRight and "
@@ -8741,14 +9151,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:362
+#: sssd-ad.5.xml:370
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on locally\" and \"Deny log on locally\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:376
+#: sssd-ad.5.xml:384
#, no-wrap
msgid ""
"ad_gpo_map_interactive = +my_pam_service, -login\n"
@@ -8756,7 +9166,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:367
+#: sssd-ad.5.xml:375
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -8768,53 +9178,78 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:380 sssd-ad.5.xml:451 sssd-ad.5.xml:492 sssd-ad.5.xml:537
-#: sssd-ad.5.xml:603
+#: sssd-ad.5.xml:388 sssd-ad.5.xml:484 sssd-ad.5.xml:530 sssd-ad.5.xml:575
+#: sssd-ad.5.xml:641
msgid "Default: the default set of PAM service names includes:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:384
+#: sssd-ad.5.xml:392
msgid "login"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:389
+#: sssd-ad.5.xml:397
msgid "su"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:394
+#: sssd-ad.5.xml:402
msgid "su-l"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:399
+#: sssd-ad.5.xml:407
msgid "gdm-fingerprint"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:404
+#: sssd-ad.5.xml:412
msgid "gdm-password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:409
+#: sssd-ad.5.xml:417
msgid "gdm-smartcard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:414
+#: sssd-ad.5.xml:422
msgid "kdm"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:427
+msgid "lightdm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:432
+msgid "lxdm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:437
+msgid "sddm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:442
+msgid "unity"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:447
+msgid "xdm"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:423
+#: sssd-ad.5.xml:456
msgid "ad_gpo_map_remote_interactive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:426
+#: sssd-ad.5.xml:459
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the RemoteInteractiveLogonRight and "
@@ -8822,7 +9257,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:432
+#: sssd-ad.5.xml:465
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on through Remote Desktop Services\" and \"Deny log on through Remote "
@@ -8830,7 +9265,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:447
+#: sssd-ad.5.xml:480
#, no-wrap
msgid ""
"ad_gpo_map_remote_interactive = +my_pam_service, -sshd\n"
@@ -8838,7 +9273,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:438
+#: sssd-ad.5.xml:471
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -8850,17 +9285,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:455
+#: sssd-ad.5.xml:488
msgid "sshd"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:493
+msgid "cockpit"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:464
+#: sssd-ad.5.xml:502
msgid "ad_gpo_map_network (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:467
+#: sssd-ad.5.xml:505
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the NetworkLogonRight and "
@@ -8868,7 +9308,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:473
+#: sssd-ad.5.xml:511
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Access "
"this computer from the network\" and \"Deny access to this computer from the "
@@ -8876,7 +9316,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:488
+#: sssd-ad.5.xml:526
#, no-wrap
msgid ""
"ad_gpo_map_network = +my_pam_service, -ftp\n"
@@ -8884,7 +9324,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:479
+#: sssd-ad.5.xml:517
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -8896,22 +9336,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:496
+#: sssd-ad.5.xml:534
msgid "ftp"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:501
+#: sssd-ad.5.xml:539
msgid "samba"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:510
+#: sssd-ad.5.xml:548
msgid "ad_gpo_map_batch (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:513
+#: sssd-ad.5.xml:551
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the BatchLogonRight and DenyBatchLogonRight "
@@ -8919,14 +9359,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:519
+#: sssd-ad.5.xml:557
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on as a batch job\" and \"Deny log on as a batch job\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:533
+#: sssd-ad.5.xml:571
#, no-wrap
msgid ""
"ad_gpo_map_batch = +my_pam_service, -crond\n"
@@ -8934,7 +9374,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:524
+#: sssd-ad.5.xml:562
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -8946,17 +9386,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:541
+#: sssd-ad.5.xml:579
msgid "crond"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:550
+#: sssd-ad.5.xml:588
msgid "ad_gpo_map_service (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:553
+#: sssd-ad.5.xml:591
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the ServiceLogonRight and "
@@ -8964,14 +9404,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:559
+#: sssd-ad.5.xml:597
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on as a service\" and \"Deny log on as a service\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:572
+#: sssd-ad.5.xml:610
#, no-wrap
msgid ""
"ad_gpo_map_service = +my_pam_service\n"
@@ -8979,7 +9419,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:564 sssd-ad.5.xml:634
+#: sssd-ad.5.xml:602 sssd-ad.5.xml:677
msgid ""
"It is possible to add a PAM service name to the default set by using <quote>"
"+service_name</quote>. Since the default set is empty, it is not possible "
@@ -8990,19 +9430,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:582
+#: sssd-ad.5.xml:620
msgid "ad_gpo_map_permit (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:585
+#: sssd-ad.5.xml:623
msgid ""
"A comma-separated list of PAM service names for which GPO-based access is "
"always granted, regardless of any GPO Logon Rights."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:599
+#: sssd-ad.5.xml:637
#, no-wrap
msgid ""
"ad_gpo_map_permit = +my_pam_service, -sudo\n"
@@ -9010,7 +9450,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:590
+#: sssd-ad.5.xml:628
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -9022,34 +9462,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:607
+#: sssd-ad.5.xml:645
+msgid "polkit-1"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:650
msgid "sudo"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:612
+#: sssd-ad.5.xml:655
msgid "sudo-i"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:617
+#: sssd-ad.5.xml:660
msgid "systemd-user"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:626
+#: sssd-ad.5.xml:669
msgid "ad_gpo_map_deny (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:629
+#: sssd-ad.5.xml:672
msgid ""
"A comma-separated list of PAM service names for which GPO-based access is "
"always denied, regardless of any GPO Logon Rights."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:642
+#: sssd-ad.5.xml:685
#, no-wrap
msgid ""
"ad_gpo_map_deny = +my_pam_service\n"
@@ -9057,12 +9502,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:652
+#: sssd-ad.5.xml:695
msgid "ad_gpo_default_right (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:655
+#: sssd-ad.5.xml:698
msgid ""
"This option defines how access control is evaluated for PAM service names "
"that are not explicitly listed in one of the ad_gpo_map_* options. This "
@@ -9075,52 +9520,94 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:668
+#: sssd-ad.5.xml:711
msgid "Supported values for this option include:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:672
+#: sssd-ad.5.xml:715
msgid "interactive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:677
+#: sssd-ad.5.xml:720
msgid "remote_interactive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:682
+#: sssd-ad.5.xml:725
msgid "network"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:687
+#: sssd-ad.5.xml:730
msgid "batch"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:692
+#: sssd-ad.5.xml:735
msgid "service"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:697
+#: sssd-ad.5.xml:740
msgid "permit"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:702
+#: sssd-ad.5.xml:745
msgid "deny"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:708
+#: sssd-ad.5.xml:751
msgid "Default: deny"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:757
+msgid "ad_maximum_machine_account_password_age (integer)"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:717
+#: sssd-ad.5.xml:760
+msgid ""
+"SSSD will check once a day if the machine account password is older than the "
+"given age in days and try to renew it. A value of 0 will disable the renewal "
+"attempt."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:766
+#, fuzzy
+#| msgid "Default: 300"
+msgid "Default: 30 days"
+msgstr "Voreinstellung: 300"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:772
+msgid "ad_machine_account_password_renewal_opts (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:775
+msgid ""
+"This option should only be used to test the machine account renewal task. "
+"The option expect 2 integers seperated by a colon (':'). The first integer "
+"defines the interval in seconds how often the task is run. The second "
+"specifies the inital timeout in seconds before the task is run for the first "
+"time after startup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:784
+#, fuzzy
+#| msgid "Default: 86400 (24 hours)"
+msgid "Default: 86400:750 (24h and 15m)"
+msgstr "Voreinstellung: 86400 (24 Stunden)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:793
msgid ""
"Optional. This option tells SSSD to automatically update the Active "
"Directory DNS server with the IP address of this client. The update is "
@@ -9138,12 +9625,12 @@ msgstr ""
"»dyndns_iface« angegeben wurde."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:747
+#: sssd-ad.5.xml:823
msgid "Default: 3600 (seconds)"
msgstr "Voreinstellung: 3600 (Sekunden)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:763
+#: sssd-ad.5.xml:839
#, fuzzy
#| msgid "Default: Use the IP address of the AD LDAP connection"
msgid ""
@@ -9152,17 +9639,17 @@ msgid ""
msgstr "Voreinstellung: verwendet die IP-Adresse der AD-LDAP-Verbindung"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:797 sss_rpcidmapd.5.xml:76
+#: sssd-ad.5.xml:873 sss_rpcidmapd.5.xml:76
msgid "Default: True"
msgstr "Voreinstellung: True"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:843 sssd-krb5.5.xml:505
+#: sssd-ad.5.xml:919 sssd-krb5.5.xml:505
msgid "krb5_use_enterprise_principal (boolean)"
msgstr "krb5_use_enterprise_principal (Boolesch)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:846 sssd-krb5.5.xml:508
+#: sssd-ad.5.xml:922 sssd-krb5.5.xml:508
msgid ""
"Specifies if the user principal should be treated as enterprise principal. "
"See section 5 of RFC 6806 for more details about enterprise principals."
@@ -9172,7 +9659,7 @@ msgstr ""
"Abschnitt 5 von RFC 6806."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:891
+#: sssd-ad.5.xml:967
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -9184,7 +9671,7 @@ msgstr ""
"Optionen von AD."
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:898
+#: sssd-ad.5.xml:974
#, no-wrap
msgid ""
"[domain/EXAMPLE]\n"
@@ -9208,7 +9695,7 @@ msgstr ""
"ad_domain = example.com\n"
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:918
+#: sssd-ad.5.xml:994
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -9220,7 +9707,7 @@ msgstr ""
"ldap_account_expire_policy = ad\n"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:914
+#: sssd-ad.5.xml:990
msgid ""
"The AD access control provider checks if the account is expired. It has the "
"same effect as the following configuration of the LDAP provider: "
@@ -9231,7 +9718,7 @@ msgstr ""
"<placeholder type=\"programlisting\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:924
+#: sssd-ad.5.xml:1000
msgid ""
"However, unless the <quote>ad</quote> access control provider is explicitly "
"configured, the default access provider is <quote>permit</quote>. Please "
@@ -9240,6 +9727,14 @@ msgid ""
"encryption details) manually."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ad.5.xml:1008
+msgid ""
+"When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema "
+"attribute mapping (nisMap, nisObject, ...) is used, because these attributes "
+"are included in the default Active Directory schema."
+msgstr ""
+
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16
msgid "sssd-sudo"
@@ -9834,7 +10329,7 @@ msgstr ""
"gelesen."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:80
+#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:70
#: sss_ssh_knownhostsproxy.1.xml:78
msgid ""
"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
@@ -9908,17 +10403,22 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_override.8.xml:37
msgid ""
-"Overrides data are stored in SSSD cache. If the cache is deleted all local "
-"overrides are lost."
+"Overrides data are stored in the SSSD cache. If the cache is deleted, all "
+"local overrides are lost. Please note that after the first override is "
+"created using any of the following <emphasis>user-add</emphasis>, "
+"<emphasis>group-add</emphasis>, <emphasis>user-import</emphasis> or "
+"<emphasis>group-import</emphasis> command. SSSD needs to be restarted to "
+"take effect. <emphasis>sss_override</emphasis> prints message when a "
+"restart is required."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_override.8.xml:43
+#: sss_override.8.xml:50
msgid "AVAILABLE COMMANDS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_override.8.xml:45
+#: sss_override.8.xml:52
msgid ""
"Argument <emphasis>NAME</emphasis> is the name of original object in all "
"commands. It is not possible to override <emphasis>uid</emphasis> or "
@@ -9926,52 +10426,90 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:52
+#: sss_override.8.xml:59
msgid ""
"<option>user-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--"
"name</option> NAME</optional> <optional><option>-u,--uid</option> UID</"
"optional> <optional><option>-g,--gid</option> GID</optional> "
"<optional><option>-h,--home</option> HOME</optional> <optional><option>-s,--"
"shell</option> SHELL</optional> <optional><option>-c,--gecos</option> GECOS</"
-"optional>"
+"optional> <optional><option>-x,--certificate</option> BASE64 ENCODED "
+"CERTIFICATE</optional>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:63
-msgid "Override attributes of an user."
+#: sss_override.8.xml:72
+msgid ""
+"Override attributes of an user. Please be aware that calling this command "
+"will replace any previous override for the (NAMEd) user."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:69
+#: sss_override.8.xml:80
#, fuzzy
#| msgid "<option>--delattr</option> <replaceable>ATTR_NAME_VAL</replaceable>"
msgid "<option>user-del</option> <emphasis>NAME</emphasis>"
msgstr "<option>--delattr</option> <replaceable>ATTR_NAME_WERT</replaceable>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:74
-msgid "Remove user overrides."
+#: sss_override.8.xml:85
+msgid ""
+"Remove user overrides. However be aware that overridden attributes might be "
+"returned from memory cache. Please see SSSD option "
+"<emphasis>memcache_timeout</emphasis> for more details."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:80
+#: sss_override.8.xml:94
+#, fuzzy
+#| msgid ""
+#| "<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
+#| "replaceable>"
+msgid ""
+"<option>user-find</option> <optional><option>-d,--domain</option> DOMAIN</"
+"optional>"
+msgstr ""
+"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
+"replaceable>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:99
+msgid ""
+"List all users with set overrides. If <emphasis>DOMAIN</emphasis> parameter "
+"is set, only users from the domain are listed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:107
+#, fuzzy
+#| msgid "<option>--setattr</option> <replaceable>ATTR_NAME_VAL</replaceable>"
+msgid "<option>user-show</option> <emphasis>NAME</emphasis>"
+msgstr "<option>--setattr</option> <replaceable>ATTR_NAME_WERT</replaceable>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:112
+msgid "Show user overrides."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:118
msgid "<option>user-import</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:85
+#: sss_override.8.xml:123
msgid ""
"Import user overrides from <emphasis>FILE</emphasis>. Data format is "
"similar to standard passwd file. The format is:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:90
-msgid "original_name:name:uid:gid:gecos:home:shell"
+#: sss_override.8.xml:128
+msgid "original_name:name:uid:gid:gecos:home:shell:base64_encoded_certificate"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:93
+#: sss_override.8.xml:131
msgid ""
"where original_name is original name of the user whose attributes should be "
"overridden. The rest of fields correspond to new values. You can omit a "
@@ -9979,29 +10517,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:102
+#: sss_override.8.xml:140
msgid "ckent:superman::::::"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:105
-msgid "ckent@krypton.com::501:501:Superman:/home/earth:/bin/bash"
+#: sss_override.8.xml:143
+msgid "ckent@krypton.com::501:501:Superman:/home/earth:/bin/bash:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:111
+#: sss_override.8.xml:149
msgid "<option>user-export</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:116
+#: sss_override.8.xml:154
msgid ""
"Export all overridden attributes and store them in <emphasis>FILE</"
"emphasis>. See <emphasis>user-import</emphasis> for data format."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:124
+#: sss_override.8.xml:162
msgid ""
"<option>group-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--"
"name</option> NAME</optional> <optional><option>-g,--gid</option> GID</"
@@ -10009,43 +10547,76 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:131
-#, fuzzy
-#| msgid "print properties of a group"
-msgid "Override attributes of a group."
-msgstr "gibt die Eigenschaften einer Gruppe aus."
+#: sss_override.8.xml:169
+msgid ""
+"Override attributes of a group. Please be aware that calling this command "
+"will replace any previous override for the (NAMEd) group."
+msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:137
+#: sss_override.8.xml:177
#, fuzzy
#| msgid "<option>--delattr</option> <replaceable>ATTR_NAME_VAL</replaceable>"
msgid "<option>group-del</option> <emphasis>NAME</emphasis>"
msgstr "<option>--delattr</option> <replaceable>ATTR_NAME_WERT</replaceable>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:142
-msgid "Remove group overrides."
+#: sss_override.8.xml:182
+msgid ""
+"Remove group overrides. However be aware that overridden attributes might be "
+"returned from memory cache. Please see SSSD option "
+"<emphasis>memcache_timeout</emphasis> for more details."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:191
+#, fuzzy
+#| msgid ""
+#| "<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
+#| "replaceable>"
+msgid ""
+"<option>group-find</option> <optional><option>-d,--domain</option> DOMAIN</"
+"optional>"
+msgstr ""
+"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
+"replaceable>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:196
+msgid ""
+"List all groups with set overrides. If <emphasis>DOMAIN</emphasis> "
+"parameter is set, only groups from the domain are listed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:204
+msgid "<option>group-show</option> <emphasis>NAME</emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:209
+msgid "Show group overrides."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:148
+#: sss_override.8.xml:215
msgid "<option>group-import</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:153
+#: sss_override.8.xml:220
msgid ""
"Import group overrides from <emphasis>FILE</emphasis>. Data format is "
"similar to standard group file. The format is:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:158
+#: sss_override.8.xml:225
msgid "original_name:name:gid"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:161
+#: sss_override.8.xml:228
msgid ""
"where original_name is original name of the group whose attributes should be "
"overridden. The rest of fields correspond to new values. You can omit a "
@@ -10053,43 +10624,43 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:170
+#: sss_override.8.xml:237
msgid "admins:administrators:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:173
+#: sss_override.8.xml:240
msgid "Domain Users:Users:501"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:179
+#: sss_override.8.xml:246
msgid "<option>group-export</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:184
+#: sss_override.8.xml:251
msgid ""
"Export all overridden attributes and store them in <emphasis>FILE</"
"emphasis>. See <emphasis>group-import</emphasis> for data format."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_override.8.xml:194
+#: sss_override.8.xml:261
#, fuzzy
#| msgid "SUDO OPTIONS"
msgid "COMMON OPTIONS"
msgstr "SUDO-OPTIONEN"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_override.8.xml:196
+#: sss_override.8.xml:263
#, fuzzy
#| msgid "This option is not available in IPA provider."
msgid "Those options are available with all commands."
msgstr "Diese Option ist für IPA-Anbieter nicht verfügbar."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:201
+#: sss_override.8.xml:268
#, fuzzy
#| msgid "<option>--delattr</option> <replaceable>ATTR_NAME_VAL</replaceable>"
msgid "<option>--debug</option> <replaceable>LEVEL</replaceable>"
@@ -11482,6 +12053,47 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_cache.8.xml:185
+#, fuzzy
+#| msgid ""
+#| "<option>-g</option>,<option>--group</option> <replaceable>group</"
+#| "replaceable>"
+msgid ""
+"<option>-r</option>,<option>--sudo-rule</option> <replaceable>rule</"
+"replaceable>"
+msgstr ""
+"<option>-g</option>,<option>--group</option> <replaceable>Gruppe</"
+"replaceable>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:190
+#, fuzzy
+#| msgid "Invalidate all cached entries except for sudo rules."
+msgid "Invalidate particular sudo rule."
+msgstr ""
+"annulliert alle zwischengespeicherten Einträge mit Ausnahme von Sudo-Regeln."
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:196
+#, fuzzy
+#| msgid "<option>-R</option>,<option>--no-remove</option>"
+msgid "<option>-R</option>,<option>--sudo-rules</option>"
+msgstr "<option>-R</option>,<option>--no-remove</option>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:200
+#, fuzzy
+#| msgid ""
+#| "Invalidate all user records. This option overrides invalidation of "
+#| "specific user if it was also set."
+msgid ""
+"Invalidate all cached sudo rules. This option overrides invalidation of "
+"specific sudo rule if it was also set."
+msgstr ""
+"annulliert alle Benutzerdatensätze. Diese Option setzt das Annullieren "
+"bestimmter Benutzer außer Kraft, falls es ebenfalls gesetzt war."
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:208
msgid ""
"<option>-d</option>,<option>--domain</option> <replaceable>domain</"
"replaceable>"
@@ -11490,7 +12102,7 @@ msgstr ""
"replaceable>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_cache.8.xml:190
+#: sss_cache.8.xml:213
msgid "Restrict invalidation process only to a particular domain."
msgstr "begrenzt den Annullierungsprozess auf eine bestimmte Domain."
@@ -12054,13 +12666,22 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_ssh_authorizedkeys.1.xml:41
+#, fuzzy
+#| msgid ""
+#| "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</"
+#| "manvolnum></citerefentry> can be configured to use "
+#| "<command>sss_ssh_authorizedkeys</command> for public key user "
+#| "authentication if it is compiled with support for either "
+#| "<quote>AuthorizedKeysCommand</quote> or <quote>PubkeyAgent</quote> "
+#| "<citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</"
+#| "manvolnum></citerefentry> options."
msgid ""
"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
"citerefentry> can be configured to use <command>sss_ssh_authorizedkeys</"
"command> for public key user authentication if it is compiled with support "
-"for either <quote>AuthorizedKeysCommand</quote> or <quote>PubkeyAgent</"
-"quote> <citerefentry> <refentrytitle>sshd_config</refentrytitle> "
-"<manvolnum>5</manvolnum></citerefentry> options."
+"for <quote>AuthorizedKeysCommand</quote> option. Please refer to the "
+"<citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</"
+"manvolnum></citerefentry> man page for more details about this option."
msgstr ""
"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
"citerefentry> kann so konfiguriert werden, dass es "
@@ -12071,7 +12692,7 @@ msgstr ""
"citerefentry> kompiliert wurde."
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sss_ssh_authorizedkeys.1.xml:58
+#: sss_ssh_authorizedkeys.1.xml:59
#, no-wrap
msgid ""
" AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n"
@@ -12079,7 +12700,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:51
+#: sss_ssh_authorizedkeys.1.xml:52
msgid ""
"If <quote>AuthorizedKeysCommand</quote> is supported, "
"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
@@ -12089,31 +12710,8 @@ msgid ""
"\" id=\"0\"/>"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sss_ssh_authorizedkeys.1.xml:70
-#, no-wrap
-msgid "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n"
-msgstr "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n"
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:63
-msgid ""
-"If <quote>PubkeyAgent</quote> is supported, "
-"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
-"citerefentry> can be configured to use it by using the following directive "
-"for <citerefentry> <refentrytitle>sshd</refentrytitle> <manvolnum>8</"
-"manvolnum></citerefentry> configuration: <placeholder type=\"programlisting"
-"\" id=\"0\"/>"
-msgstr ""
-"Falls »PubkeyAgent« unterstützt wird, kann "
-"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
-"citerefentry> durch Setzen der folgenden Richtlinie in <citerefentry> "
-"<refentrytitle>sshd_config</refentrytitle> <manvolnum>5</manvolnum></"
-"citerefentry> zu seiner Verwendung konfiguriert werden: <placeholder type="
-"\"programlisting\" id=\"0\"/>"
-
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_ssh_authorizedkeys.1.xml:85
+#: sss_ssh_authorizedkeys.1.xml:75
msgid ""
"Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>."
msgstr ""
@@ -12121,12 +12719,12 @@ msgstr ""
"<replaceable>DOMAIN</replaceable>."
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_ssh_authorizedkeys.1.xml:94 sss_ssh_knownhostsproxy.1.xml:92
+#: sss_ssh_authorizedkeys.1.xml:84 sss_ssh_knownhostsproxy.1.xml:92
msgid "EXIT STATUS"
msgstr "EXIT-STATUS"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:96 sss_ssh_knownhostsproxy.1.xml:94
+#: sss_ssh_authorizedkeys.1.xml:86 sss_ssh_knownhostsproxy.1.xml:94
msgid ""
"In case of success, an exit value of 0 is returned. Otherwise, 1 is returned."
msgstr ""
@@ -12651,7 +13249,7 @@ msgstr ""
"kleiner oder gleich »ldap_idmap_range_min« sein sollte."
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:137 include/ldap_id_mapping.xml:189
+#: include/ldap_id_mapping.xml:137 include/ldap_id_mapping.xml:191
msgid "Default: 200000"
msgstr "Voreinstellung: 200000"
@@ -12719,17 +13317,23 @@ msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
#: include/ldap_id_mapping.xml:179
+#, fuzzy
+#| msgid ""
+#| "For example, if your most recently-added Active Directory user has "
+#| "objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, "
+#| "<quote>ldap_idmap_range_size</quote> must be at least 1107."
msgid ""
"For example, if your most recently-added Active Directory user has "
"objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, "
-"<quote>ldap_idmap_range_size</quote> must be at least 1107."
+"<quote>ldap_idmap_range_size</quote> must be at least 1108 as range size is "
+"equal to maximal SID minus minimal SID plus one (e.g. 1108 = 1107 - 0 + 1)."
msgstr ""
"Wenn beispielsweise der zuletzt hinzugefügte Active-Directory-Benutzer "
"objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107 hat, muss "
"<quote>ldap_idmap_range_size</quote> mindestens 1107 sein."
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:184
+#: include/ldap_id_mapping.xml:186
msgid ""
"It is important to plan ahead for future expansion, as changing this value "
"will result in changing all of the ID mappings on the system, leading to "
@@ -12740,12 +13344,12 @@ msgstr ""
"können Benutzer andere lokale IDs als vorher haben."
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:194
+#: include/ldap_id_mapping.xml:196
msgid "ldap_idmap_default_domain_sid (string)"
msgstr "ldap_idmap_default_domain_sid (Zeichenkette)"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:197
+#: include/ldap_id_mapping.xml:199
msgid ""
"Specify the domain SID of the default domain. This will guarantee that this "
"domain will always be assigned to slice zero in the ID map, bypassing the "
@@ -12756,22 +13360,22 @@ msgstr ""
"der oben beschriebene Murmurhash-Algorithmus umgangen."
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:208
+#: include/ldap_id_mapping.xml:210
msgid "ldap_idmap_default_domain (string)"
msgstr "ldap_idmap_default_domain (Zeichenkette)"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:211
+#: include/ldap_id_mapping.xml:213
msgid "Specify the name of the default domain."
msgstr "gibt den Namen der Standard-Domain an."
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:219
+#: include/ldap_id_mapping.xml:221
msgid "ldap_idmap_autorid_compat (boolean)"
msgstr "ldap_idmap_autorid_compat (Boolesch)"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:222
+#: include/ldap_id_mapping.xml:224
msgid ""
"Changes the behavior of the ID-mapping algorithm to behave more similarly to "
"winbind's <quote>idmap_autorid</quote> algorithm."
@@ -12780,7 +13384,7 @@ msgstr ""
"Algorithmus »idmap_autorid« von Winbind ähnlicher ist."
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:227
+#: include/ldap_id_mapping.xml:229
msgid ""
"When this option is configured, domains will be allocated starting with "
"slice zero and increasing monatomically with each additional domain."
@@ -12789,7 +13393,7 @@ msgstr ""
"null reserviert und gleichmäßig mit jeder zusätzlichen Domain vergrößert."
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:232
+#: include/ldap_id_mapping.xml:234
msgid ""
"NOTE: This algorithm is non-deterministic (it depends on the order that "
"users and groups are requested). If this mode is required for compatibility "
@@ -12804,13 +13408,36 @@ msgstr ""
"»ldap_idmap_default_domain_sid« zu verwenden. Dies soll sicherstellen, dass "
"mindestens eine Domain beständig für den Slice null reserviert ist."
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:249
+#, fuzzy
+#| msgid "ldap_idmap_range_size (integer)"
+msgid "ldap_idmap_helper_table_size (integer)"
+msgstr "ldap_idmap_range_size (Ganzzahl)"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:252
+msgid ""
+"Maximal number of secondary slices that is tried when performing mapping "
+"from UNIX id to SID."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:256
+msgid ""
+"Note: Additional secondary slices might be generated when SID is being "
+"mapped to UNIX id and RID part of SID is out of range for secondary slices "
+"generated so far. If value of ldap_idmap_helper_table_size is equal to 0 "
+"then no additional secondary slices are generated."
+msgstr ""
+
#. type: Content of: <refsect1><refsect2><title>
-#: include/ldap_id_mapping.xml:251
+#: include/ldap_id_mapping.xml:273
msgid "Well-Known SIDs"
msgstr "Bekannte Sicherheits-IDs"
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:253
+#: include/ldap_id_mapping.xml:275
msgid ""
"SSSD supports to look up the names of Well-Known SIDs, i.e. SIDs with a "
"special hardcoded meaning. Since the generic users and groups related to "
@@ -12824,7 +13451,7 @@ msgstr ""
"Objekte keine POSIX-IDs verfügbar."
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:259
+#: include/ldap_id_mapping.xml:281
msgid ""
"The SID name space is organized in authorities which can be seen as "
"different domains. The authorities for the Well-Known SIDs are"
@@ -12833,37 +13460,37 @@ msgstr ""
"Domains betrachtet werden können. Die Autoritäten für die bekannten SIDs sind"
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:262
+#: include/ldap_id_mapping.xml:284
msgid "Null Authority"
msgstr "Null-Autorität (Null Authority)"
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:263
+#: include/ldap_id_mapping.xml:285
msgid "World Authority"
msgstr "Weltweit anerkannte Autorität (World Authority)"
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:264
+#: include/ldap_id_mapping.xml:286
msgid "Local Authority"
msgstr "Lokale Autorität (Local Authority)"
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:265
+#: include/ldap_id_mapping.xml:287
msgid "Creator Authority"
msgstr "Ersteller-Autorität (Creator Authority)"
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:266
+#: include/ldap_id_mapping.xml:288
msgid "NT Authority"
msgstr "NT-Autorität (NT Authority)"
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:267
+#: include/ldap_id_mapping.xml:289
msgid "Built-in"
msgstr "Eingebaut"
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:269
+#: include/ldap_id_mapping.xml:291
msgid ""
"The capitalized version of these names are used as domain names when "
"returning the fully qualified name of a Well-Known SID."
@@ -12873,7 +13500,7 @@ msgstr ""
"Sicherheits-ID zurückgegeben wird."
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:273
+#: include/ldap_id_mapping.xml:295
msgid ""
"Since some utilities allow to modify SID based access control information "
"with the help of a name instead of using the SID directly SSSD supports to "
@@ -13358,3 +13985,21 @@ msgstr "Voreinstellung: /home"
#~ msgid "Default: ou"
#~ msgstr "Voreinstellung: ou"
+
+#~ msgid "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n"
+#~ msgstr "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n"
+
+#~ msgid ""
+#~ "If <quote>PubkeyAgent</quote> is supported, "
+#~ "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</"
+#~ "manvolnum></citerefentry> can be configured to use it by using the "
+#~ "following directive for <citerefentry> <refentrytitle>sshd</"
+#~ "refentrytitle> <manvolnum>8</manvolnum></citerefentry> configuration: "
+#~ "<placeholder type=\"programlisting\" id=\"0\"/>"
+#~ msgstr ""
+#~ "Falls »PubkeyAgent« unterstützt wird, kann "
+#~ "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</"
+#~ "manvolnum></citerefentry> durch Setzen der folgenden Richtlinie in "
+#~ "<citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</"
+#~ "manvolnum></citerefentry> zu seiner Verwendung konfiguriert werden: "
+#~ "<placeholder type=\"programlisting\" id=\"0\"/>"
diff --git a/src/man/po/es.po b/src/man/po/es.po
index ade40282a..6d8351dbd 100644
--- a/src/man/po/es.po
+++ b/src/man/po/es.po
@@ -15,7 +15,7 @@ msgid ""
msgstr ""
"Project-Id-Version: sssd-docs 1.12.90\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2015-09-30 11:58+0200\n"
+"POT-Creation-Date: 2016-06-20 21:22+0200\n"
"PO-Revision-Date: 2014-06-04 02:04-0400\n"
"Last-Translator: jhrozek <jhrozek@redhat.com>\n"
"Language-Team: Spanish (http://www.transifex.com/projects/p/sssd/language/"
@@ -25,7 +25,7 @@ msgstr ""
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=2; plural=(n != 1);\n"
-"X-Generator: Zanata 3.7.2\n"
+"X-Generator: Zanata 3.8.4\n"
#. type: Content of: <reference><title>
#: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5
@@ -71,7 +71,7 @@ msgstr ""
"arg>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:53
+#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:56
#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21
#: sssd-ad.5.xml:21 sssd-sudo.5.xml:21 sssd.8.xml:29 sss_obfuscate.8.xml:30
#: sss_override.8.xml:30 sss_useradd.8.xml:30 sssd-krb5.5.xml:21
@@ -92,11 +92,11 @@ msgstr ""
"indicados en la línea de comandos."
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:39 pam_sss.8.xml:60 sssd.8.xml:42 sss_obfuscate.8.xml:58
+#: sss_groupmod.8.xml:39 pam_sss.8.xml:63 sssd.8.xml:42 sss_obfuscate.8.xml:58
#: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
#: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
#: sss_cache.8.xml:38 sss_debuglevel.8.xml:38 sss_seed.8.xml:42
-#: sss_ssh_authorizedkeys.1.xml:76 sss_ssh_knownhostsproxy.1.xml:62
+#: sss_ssh_authorizedkeys.1.xml:66 sss_ssh_knownhostsproxy.1.xml:62
msgid "OPTIONS"
msgstr "OPCIONES"
@@ -251,63 +251,79 @@ msgstr "debug_level (entero)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:73
+#, fuzzy
+#| msgid "debug_level (integer)"
+msgid "debug (integer)"
+msgstr "debug_level (entero)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:76
+msgid ""
+"SSSD 1.14 and later also includes the <replaceable>debug</replaceable> alias "
+"for <replaceable>debug_level</replaceable> as a convenience feature. If both "
+"are specified, the value of <replaceable>debug_level</replaceable> will be "
+"used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:86
msgid "debug_timestamps (bool)"
msgstr "debug_timestamps (bool)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:76
+#: sssd.conf.5.xml:89
msgid ""
"Add a timestamp to the debug messages. If journald is enabled for SSSD "
"debug logging this option is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:81 sssd.conf.5.xml:605 sssd.conf.5.xml:1081
-#: sssd-ldap.5.xml:1647 sssd-ldap.5.xml:1744 sssd-ldap.5.xml:1806
-#: sssd-ldap.5.xml:2363 sssd-ldap.5.xml:2428 sssd-ldap.5.xml:2446
-#: sssd-ipa.5.xml:405 sssd-ipa.5.xml:440 sssd-ad.5.xml:166 sssd-ad.5.xml:264
-#: sssd-ad.5.xml:733 sssd-ad.5.xml:852 sssd-krb5.5.xml:499
+#: sssd.conf.5.xml:94 sssd.conf.5.xml:672 sssd.conf.5.xml:1207
+#: sssd-ldap.5.xml:1665 sssd-ldap.5.xml:1762 sssd-ldap.5.xml:1824
+#: sssd-ldap.5.xml:2381 sssd-ldap.5.xml:2446 sssd-ldap.5.xml:2464
+#: sssd-ipa.5.xml:405 sssd-ipa.5.xml:440 sssd-ad.5.xml:174 sssd-ad.5.xml:272
+#: sssd-ad.5.xml:809 sssd-ad.5.xml:928 sssd-krb5.5.xml:499
msgid "Default: true"
msgstr "Predeterminado: true"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:86
+#: sssd.conf.5.xml:99
msgid "debug_microseconds (bool)"
msgstr "debug_microseconds (bool)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:89
+#: sssd.conf.5.xml:102
msgid ""
"Add microseconds to the timestamp in debug messages. If journald is enabled "
"for SSSD debug logging this option is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:94 sssd.conf.5.xml:1035 sssd.conf.5.xml:2164
-#: sssd-ldap.5.xml:692 sssd-ldap.5.xml:1521 sssd-ldap.5.xml:1540
-#: sssd-ldap.5.xml:1716 sssd-ldap.5.xml:2133 sssd-ipa.5.xml:139
+#: sssd.conf.5.xml:107 sssd.conf.5.xml:1161 sssd.conf.5.xml:2456
+#: sssd-ldap.5.xml:692 sssd-ldap.5.xml:1539 sssd-ldap.5.xml:1558
+#: sssd-ldap.5.xml:1734 sssd-ldap.5.xml:2151 sssd-ipa.5.xml:139
#: sssd-ipa.5.xml:211 sssd-ipa.5.xml:542 sssd-krb5.5.xml:266
#: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471
msgid "Default: false"
msgstr "Predeterminado: false"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:67 sssd.conf.5.xml:105 sssd-ldap.5.xml:2171
+#: sssd.conf.5.xml:67 sssd.conf.5.xml:118 sssd-ldap.5.xml:2189
msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
msgstr "<placeholder type=\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:103
+#: sssd.conf.5.xml:116
msgid "Options usable in SERVICE and DOMAIN sections"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:107
+#: sssd.conf.5.xml:120
msgid "timeout (integer)"
msgstr "timeout (entero)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:110
+#: sssd.conf.5.xml:123
msgid ""
"Timeout in seconds between heartbeats for this service. This is used to "
"ensure that the process is alive and capable of answering requests."
@@ -315,33 +331,34 @@ msgstr ""
"Tiempo de espera en segundos entre latidos para este servicio. Esto se usa "
"para asegurar que el proceso está vivo y capaz de responder peticiones."
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:115 sssd.conf.5.xml:999 sssd-ldap.5.xml:1392
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:128 sssd.conf.5.xml:1125 sssd-ldap.5.xml:1410
+#: include/ldap_id_mapping.xml:264
msgid "Default: 10"
msgstr "Predeterminado: 10"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:125
+#: sssd.conf.5.xml:138
msgid "SPECIAL SECTIONS"
msgstr "SECCIONES ESPECIALES"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:128
+#: sssd.conf.5.xml:141
msgid "The [sssd] section"
msgstr "La sección [sssd]"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:137 sssd.conf.5.xml:2272
+#: sssd.conf.5.xml:150 sssd.conf.5.xml:2472
msgid "Section parameters"
msgstr "Parámetros de sección"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:139
+#: sssd.conf.5.xml:152
msgid "config_file_version (integer)"
msgstr "config_file_version (entero)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:142
+#: sssd.conf.5.xml:155
msgid ""
"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use "
"version 2."
@@ -350,12 +367,12 @@ msgstr ""
"posteriores utilizan una versión 2."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:148
+#: sssd.conf.5.xml:161
msgid "services"
msgstr "servicios"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:151
+#: sssd.conf.5.xml:164
msgid ""
"Comma separated list of services that are started when sssd itself starts."
msgstr ""
@@ -363,7 +380,7 @@ msgstr ""
"enciende sssd."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:155
+#: sssd.conf.5.xml:168
msgid ""
"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> "
"<phrase condition=\"with_autofs\">, autofs</phrase> <phrase condition="
@@ -372,12 +389,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:165 sssd.conf.5.xml:390
+#: sssd.conf.5.xml:178 sssd.conf.5.xml:468
msgid "reconnection_retries (integer)"
msgstr "reconnection_retries (entero)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:168 sssd.conf.5.xml:393
+#: sssd.conf.5.xml:181 sssd.conf.5.xml:471
msgid ""
"Number of times services should attempt to reconnect in the event of a Data "
"Provider crash or restart before they give up"
@@ -386,17 +403,17 @@ msgstr ""
"de datos del proveedor, o de reiniciarse antes de abandonar"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:173 sssd.conf.5.xml:398
+#: sssd.conf.5.xml:186 sssd.conf.5.xml:476
msgid "Default: 3"
msgstr "Predeterminado: 3"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:178
+#: sssd.conf.5.xml:191
msgid "domains"
msgstr "dominios"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:181
+#: sssd.conf.5.xml:194
msgid ""
"A domain is a database containing user information. SSSD can use more "
"domains at the same time, but at least one must be configured or SSSD won't "
@@ -406,12 +423,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:193 sssd.conf.5.xml:1947
+#: sssd.conf.5.xml:206 sssd.conf.5.xml:2105
msgid "re_expression (string)"
msgstr "re_expression (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:196
+#: sssd.conf.5.xml:209
msgid ""
"Default regular expression that describes how to parse the string containing "
"user name and domain into these components."
@@ -420,7 +437,7 @@ msgstr ""
"contiene el nombre de usuario y el dominio en estos componentes."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:201
+#: sssd.conf.5.xml:214
msgid ""
"Each domain can have an individual regular expression configured. For some "
"ID providers there are also default regular expressions. See DOMAIN "
@@ -431,12 +448,12 @@ msgstr ""
"DOMAIN SECTIONS para más información sobre estas expresiones regulares."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:210 sssd.conf.5.xml:1998
+#: sssd.conf.5.xml:223 sssd.conf.5.xml:2156
msgid "full_name_format (string)"
msgstr "full_name_format (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:213 sssd.conf.5.xml:2001
+#: sssd.conf.5.xml:226 sssd.conf.5.xml:2159
msgid ""
"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
"manvolnum> </citerefentry>-compatible format that describes how to compose a "
@@ -444,46 +461,46 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:224 sssd.conf.5.xml:2012
+#: sssd.conf.5.xml:237 sssd.conf.5.xml:2170
msgid "%1$s"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:225 sssd.conf.5.xml:2013
+#: sssd.conf.5.xml:238 sssd.conf.5.xml:2171
msgid "user name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:228 sssd.conf.5.xml:2016
+#: sssd.conf.5.xml:241 sssd.conf.5.xml:2174
msgid "%2$s"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:231 sssd.conf.5.xml:2019
+#: sssd.conf.5.xml:244 sssd.conf.5.xml:2177
msgid "domain name as specified in the SSSD config file."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:237 sssd.conf.5.xml:2025
+#: sssd.conf.5.xml:250 sssd.conf.5.xml:2183
msgid "%3$s"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:240 sssd.conf.5.xml:2028
+#: sssd.conf.5.xml:253 sssd.conf.5.xml:2186
msgid ""
"domain flat name. Mostly usable for Active Directory domains, both directly "
"configured or discovered via IPA trusts."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:221 sssd.conf.5.xml:2009
+#: sssd.conf.5.xml:234 sssd.conf.5.xml:2167
msgid ""
"The following expansions are supported: <placeholder type=\"variablelist\" "
"id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:250
+#: sssd.conf.5.xml:263
msgid ""
"Each domain can have an individual format string configured. see DOMAIN "
"SECTIONS for more info on this option."
@@ -492,12 +509,12 @@ msgstr ""
"SECCIONES DOMINIO para más información sobre esta opción."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:256
+#: sssd.conf.5.xml:269
msgid "try_inotify (boolean)"
msgstr "try_inotify (boolean)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:259
+#: sssd.conf.5.xml:272
msgid ""
"SSSD monitors the state of resolv.conf to identify when it needs to update "
"its internal DNS resolver. By default, we will attempt to use inotify for "
@@ -510,7 +527,7 @@ msgstr ""
"segundos en caso que inotify no pueda ser utilizado."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:267
+#: sssd.conf.5.xml:280
msgid ""
"There are some limited situations where it is preferred that we should skip "
"even trying to use inotify. In these rare cases, this option should be set "
@@ -521,7 +538,7 @@ msgstr ""
"'false' "
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:273
+#: sssd.conf.5.xml:286
msgid ""
"Default: true on platforms where inotify is supported. False on other "
"platforms."
@@ -530,7 +547,7 @@ msgstr ""
"en el resto de las plataformas."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:277
+#: sssd.conf.5.xml:290
msgid ""
"Note: this option will have no effect on platforms where inotify is "
"unavailable. On these platforms, polling will always be used."
@@ -540,12 +557,12 @@ msgstr ""
"utilizada siempre."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:284
+#: sssd.conf.5.xml:297
msgid "krb5_rcache_dir (string)"
msgstr "krb5_rcache_dir (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:287
+#: sssd.conf.5.xml:300
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
@@ -554,7 +571,7 @@ msgstr ""
"reproducción de cache de Kerberos."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:291
+#: sssd.conf.5.xml:304
msgid ""
"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct "
"SSSD to let libkrb5 decide the appropriate location for the replay cache."
@@ -564,7 +581,7 @@ msgstr ""
"de respuesta."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:297
+#: sssd.conf.5.xml:310
msgid ""
"Default: Distribution-specific and specified at build-time. "
"(__LIBKRB5_DEFAULTS__ if not configured)"
@@ -573,29 +590,29 @@ msgstr ""
"tiempo. (si no se configura __LIBKRB5_DEFAULTS__)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:304
+#: sssd.conf.5.xml:317
msgid "user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:307
+#: sssd.conf.5.xml:320
msgid ""
"The user to drop the privileges to where appropriate to avoid running as the "
"root user."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:312
+#: sssd.conf.5.xml:325
msgid "Default: not set, process will run as root"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:317
+#: sssd.conf.5.xml:330
msgid "default_domain_suffix (string)"
msgstr "default_domain_suffix (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:320
+#: sssd.conf.5.xml:333
msgid ""
"This string will be used as a default domain name for all names without a "
"domain name component. The main use case is environments where the primary "
@@ -611,7 +628,7 @@ msgstr ""
"usuario sin dar también un nombre de dominio."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:330
+#: sssd.conf.5.xml:343
msgid ""
"Please note that if this option is set all users from the primary domain "
"have to use their fully qualified name, e.g. user@domain.name, to log in. "
@@ -621,20 +638,20 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:339 sssd-ldap.5.xml:663 sssd-ldap.5.xml:1480
-#: sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1574 sssd-ad.5.xml:576
-#: sssd-ad.5.xml:646 sssd-krb5.5.xml:410 sssd-krb5.5.xml:550
-#: include/ldap_id_mapping.xml:203 include/ldap_id_mapping.xml:214
+#: sssd.conf.5.xml:352 sssd-ldap.5.xml:663 sssd-ldap.5.xml:1498
+#: sssd-ldap.5.xml:1510 sssd-ldap.5.xml:1592 sssd-ad.5.xml:614
+#: sssd-ad.5.xml:689 sssd-krb5.5.xml:410 sssd-krb5.5.xml:550
+#: include/ldap_id_mapping.xml:205 include/ldap_id_mapping.xml:216
msgid "Default: not set"
msgstr "Predeterminado: no definido"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:344
+#: sssd.conf.5.xml:357
msgid "override_space (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:347
+#: sssd.conf.5.xml:360
msgid ""
"This parameter will replace spaces (space bar) with the given character for "
"user and group names. e.g. (_). User name &quot;john doe&quot; will be "
@@ -644,7 +661,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:356
+#: sssd.conf.5.xml:369
msgid ""
"Please note it is a configuration error to use a replacement character that "
"might be used in user or group names. If a name contains the replacement "
@@ -653,12 +670,103 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:364
+#: sssd.conf.5.xml:377
msgid "Default: not set (spaces will not be replaced)"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:382
+#, fuzzy
+#| msgid "re_expression (string)"
+msgid "certificate_verification (string)"
+msgstr "re_expression (cadena)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:390
+msgid "no_ocsp"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:392
+msgid ""
+"Disables Online Certificate Status Protocol (OCSP) checks. This might be "
+"needed if the OCSP servers defined in the certificate are not reachable from "
+"the client."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:400
+msgid "no_verification"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:402
+msgid ""
+"Disables verification completely. This option should only be used for "
+"testing."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:408
+msgid "ocsp_default_responder=URL"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:410
+msgid ""
+"Sets the OCSP default responder which should be used instead of the one "
+"mentioned in the certificate. URL must be replaced with the URL of the OCSP "
+"default responder e.g. http://example.com:80/ocsp."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:416
+msgid ""
+"This option must be used together with ocsp_default_responder_signing_cert."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:424
+msgid "ocsp_default_responder_signing_cert=NAME"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:426
+msgid ""
+"The nickname of the cert to trust (expected) to sign the OCSP responses. "
+"The certificate with the given nickname must be availble in the systems NSS "
+"database."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:431
+#, fuzzy
+#| msgid "These options can be used to configure the PAC responder."
+msgid "This option must be used together with ocsp_default_responder."
+msgstr "Estas opciones pueden ser usadas para configurar el respondedor PAC."
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:385
+msgid ""
+"With this parameter the certificate verification can be tuned with a comma "
+"separated list of options. Supported options are: <placeholder type="
+"\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:438
+msgid "Unknown options are reported but ignored."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:441
+#, fuzzy
+#| msgid "Default: not set, i.e. service discovery is disabled"
+msgid "Default: not set, i.e. do not restrict certificate vertification"
+msgstr "Por defecto: no fijado, esto es servicio descubridor deshabilitado."
+
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:130
+#: sssd.conf.5.xml:143
msgid ""
"Individual pieces of SSSD functionality are provided by special SSSD "
"services that are started and stopped together with SSSD. The services are "
@@ -675,12 +783,12 @@ msgstr ""
"<placeholder type=\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:375
+#: sssd.conf.5.xml:453
msgid "SERVICES SECTIONS"
msgstr "SECCIONES DE SERVICIOS"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:377
+#: sssd.conf.5.xml:455
msgid ""
"Settings that can be used to configure different services are described in "
"this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -693,22 +801,22 @@ msgstr ""
"<quote>[nss]</quote>"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:384
+#: sssd.conf.5.xml:462
msgid "General service configuration options"
msgstr "Opciones de configuración de servicios generales"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:386
+#: sssd.conf.5.xml:464
msgid "These options can be used to configure any service."
msgstr "Estas opciones pueden usarse para configurar cualquier servicio."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:403
+#: sssd.conf.5.xml:481
msgid "fd_limit"
msgstr "fd_limit"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:406
+#: sssd.conf.5.xml:484
msgid ""
"This option specifies the maximum number of file descriptors that may be "
"opened at one time by this SSSD process. On systems where SSSD is granted "
@@ -723,17 +831,17 @@ msgstr ""
"valor más bajo de este o de limite “hard” en limits.conf."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:415
+#: sssd.conf.5.xml:493
msgid "Default: 8192 (or limits.conf \"hard\" limit)"
msgstr "Por defecto: 8192 (o limite “hard” en limits.conf)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:420
+#: sssd.conf.5.xml:498
msgid "client_idle_timeout"
msgstr "client_idle_timeout"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:423
+#: sssd.conf.5.xml:501
msgid ""
"This option specifies the number of seconds that a client of an SSSD process "
"can hold onto a file descriptor without communicating on it. This value is "
@@ -745,19 +853,19 @@ msgstr ""
"sistema."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:430 sssd.conf.5.xml:446 sssd.conf.5.xml:478
-#: sssd.conf.5.xml:736 sssd.conf.5.xml:922 sssd.conf.5.xml:1289
-#: sssd-ldap.5.xml:1219
+#: sssd.conf.5.xml:508 sssd.conf.5.xml:524 sssd.conf.5.xml:556
+#: sssd.conf.5.xml:803 sssd.conf.5.xml:995 sssd.conf.5.xml:1428
+#: sssd-ldap.5.xml:1237
msgid "Default: 60"
msgstr "Predeterminado: 60"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:435 sssd.conf.5.xml:1278
+#: sssd.conf.5.xml:513 sssd.conf.5.xml:1417
msgid "force_timeout (integer)"
msgstr "force_timeout (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:438 sssd.conf.5.xml:1281
+#: sssd.conf.5.xml:516 sssd.conf.5.xml:1420
msgid ""
"If a service is not responding to ping checks (see the <quote>timeout</"
"quote> option), it is first sent the SIGTERM signal that instructs it to "
@@ -772,12 +880,12 @@ msgstr ""
"una señal SIGKILL."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:451
+#: sssd.conf.5.xml:529
msgid "offline_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:454
+#: sssd.conf.5.xml:532
msgid ""
"When SSSD switches to offline mode the amount of time before it tries to go "
"back online will increase based upon the time spent disconnected. This "
@@ -785,89 +893,37 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:461
+#: sssd.conf.5.xml:539
msgid "offline_timeout + random_offset"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:464
+#: sssd.conf.5.xml:542
msgid ""
"The random offset can increment up to 30 seconds. After each unsuccessful "
"attempt to go online, the new interval is recalculated by the following:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:469
+#: sssd.conf.5.xml:547
msgid "new_interval = old_interval*2 + random_offset"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:472
+#: sssd.conf.5.xml:550
msgid ""
"Note that the maximum length of each interval is currently limited to one "
"hour. If the calculated length of new_interval is greater than an hour, it "
"will be forced to one hour."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:483
-msgid "subdomain_inherit (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:486
-msgid ""
-"Specifies a list of configuration parameters that should be inherited by a "
-"subdomain. Please note that only selected parameters can be inherited. "
-"Currently the following options can be inherited:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:492
-msgid "ignore_group_members"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:495
-msgid "ldap_purge_cache_timeout"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:498 sssd-ldap.5.xml:1036
-msgid "ldap_use_tokengroups"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:501
-msgid "ldap_user_principal"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:506
-#, no-wrap
-msgid ""
-"subdomain_inherit = ldap_purge_cache_timeout\n"
-" "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:504
-msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:510 sssd.conf.5.xml:966 sssd.conf.5.xml:987
-#: sssd.conf.5.xml:1272 sssd-ldap.5.xml:1775
-msgid "Default: none"
-msgstr "Predeterminado: none"
-
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:518
+#: sssd.conf.5.xml:564
msgid "NSS configuration options"
msgstr "Opciones de configuración de NSS"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:520
+#: sssd.conf.5.xml:566
msgid ""
"These options can be used to configure the Name Service Switch (NSS) service."
msgstr ""
@@ -875,12 +931,12 @@ msgstr ""
"Switch (NSS)."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:525
+#: sssd.conf.5.xml:571
msgid "enum_cache_timeout (integer)"
msgstr "enum_cache_timeout (entero)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:528
+#: sssd.conf.5.xml:574
msgid ""
"How many seconds should nss_sss cache enumerations (requests for info about "
"all users)"
@@ -889,17 +945,17 @@ msgstr ""
"sobre todos los usuarios)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:532
+#: sssd.conf.5.xml:578
msgid "Default: 120"
msgstr "Predeterminado: 120"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:537
+#: sssd.conf.5.xml:583
msgid "entry_cache_nowait_percentage (integer)"
msgstr "entry_cache_nowait_percentage (entero)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
+#: sssd.conf.5.xml:586
msgid ""
"The entry cache can be set to automatically update entries in the background "
"if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -910,7 +966,7 @@ msgstr ""
"valor de entry_cache_timeout para el dominio."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:546
+#: sssd.conf.5.xml:592
msgid ""
"For example, if the domain's entry_cache_timeout is set to 30s and "
"entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -926,7 +982,7 @@ msgstr ""
"actualización del cache."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:556
+#: sssd.conf.5.xml:602
msgid ""
"Valid values for this option are 0-99 and represent a percentage of the "
"entry_cache_timeout for each domain. For performance reasons, this "
@@ -939,17 +995,17 @@ msgstr ""
"segundos. (0 deshabilita esta función)."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:564
+#: sssd.conf.5.xml:610
msgid "Default: 50"
msgstr "Predeterminado: 50"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:569
+#: sssd.conf.5.xml:615
msgid "entry_negative_timeout (integer)"
msgstr "entry_negative_timeout (entero)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:572
+#: sssd.conf.5.xml:618
msgid ""
"Specifies for how many seconds nss_sss should cache negative cache hits "
"(that is, queries for invalid database entries, like nonexistent ones) "
@@ -960,22 +1016,55 @@ msgstr ""
"entradas no existentes) antes de preguntar al punto final otra vez."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:578 sssd.conf.5.xml:1059
+#: sssd.conf.5.xml:624 sssd.conf.5.xml:1185
msgid "Default: 15"
msgstr "Predeterminado: 15"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:583
+#: sssd.conf.5.xml:629
+#, fuzzy
+#| msgid "autofs_negative_timeout (integer)"
+msgid "local_negative_timeout (integer)"
+msgstr "autofs_negative_timeout (entero)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:632
+#, fuzzy
+#| msgid ""
+#| "Specifies for how many seconds nss_sss should cache negative cache hits "
+#| "(that is, queries for invalid database entries, like nonexistent ones) "
+#| "before asking the back end again."
+msgid ""
+"Specifies for how many seconds nss_sss should keep local users and groups in "
+"negative cache before trying to look it up in the back end again."
+msgstr ""
+"Especifica por cuantos segundos nss_sss escondería golpes negativos al cache "
+"(esto es, consultas para entradas no válidas a la base de datos, como "
+"entradas no existentes) antes de preguntar al punto final otra vez."
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:637 sssd.conf.5.xml:983 sssd.conf.5.xml:2406 sssd.8.xml:79
+msgid "Default: 0"
+msgstr "Predeterminado: 0"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:642
msgid "filter_users, filter_groups (string)"
msgstr "filter_users, filter_groups (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:586
+#: sssd.conf.5.xml:645
+#, fuzzy
+#| msgid ""
+#| "Exclude certain users from being fetched from the sss NSS database. This "
+#| "is particularly useful for system accounts. This option can also be set "
+#| "per-domain or include fully-qualified names to filter only users from the "
+#| "particular domain."
msgid ""
-"Exclude certain users from being fetched from the sss NSS database. This is "
-"particularly useful for system accounts. This option can also be set per-"
-"domain or include fully-qualified names to filter only users from the "
-"particular domain."
+"Exclude certain users or groups from being fetched from the sss NSS "
+"database. This is particularly useful for system accounts. This option can "
+"also be set per-domain or include fully-qualified names to filter only users "
+"from the particular domain."
msgstr ""
"Excluye ciertos usuarios de ser exagerados por la base de datos sss NSS. "
"Esto es particularmente útil para cuentas de sistema. Esta opción puede ser "
@@ -983,17 +1072,26 @@ msgstr ""
"filtrar sólo usuario de un dominio concreto."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:593
+#: sssd.conf.5.xml:652
+msgid ""
+"NOTE: The filter_groups option doesn't affect inheritance of nested group "
+"members, since filtering happens after they are propagated for returning via "
+"NSS. E.g. a group having a member group filtered out will still have the "
+"member users of the latter listed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:660
msgid "Default: root"
msgstr "Predeterminado: root"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:598
+#: sssd.conf.5.xml:665
msgid "filter_users_in_groups (bool)"
msgstr "filter_users_in_groups (bool)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:601
+#: sssd.conf.5.xml:668
msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
@@ -1001,12 +1099,12 @@ msgstr ""
"opción a false."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:612
+#: sssd.conf.5.xml:679
msgid "fallback_homedir (string)"
msgstr "fallback_homedir (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:615
+#: sssd.conf.5.xml:682
msgid ""
"Set a default template for a user's home directory if one is not specified "
"explicitly by the domain's data provider."
@@ -1015,7 +1113,7 @@ msgstr ""
"especificado una explícitamente por el proveedor de datos del dominio."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:620
+#: sssd.conf.5.xml:687
msgid ""
"The available values for this option are the same as for override_homedir."
msgstr ""
@@ -1023,7 +1121,7 @@ msgstr ""
"override_homedir."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:626
+#: sssd.conf.5.xml:693
#, no-wrap
msgid ""
"fallback_homedir = /home/%u\n"
@@ -1033,24 +1131,24 @@ msgstr ""
" "
#. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:624 sssd.conf.5.xml:981 sssd-krb5.5.xml:533
-#: include/override_homedir.xml:55
+#: sssd.conf.5.xml:691 sssd.conf.5.xml:1062 sssd.conf.5.xml:1081
+#: sssd-krb5.5.xml:533 include/override_homedir.xml:55
msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
msgstr "ejemplo: <placeholder type=\"programlisting\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:630
+#: sssd.conf.5.xml:697
msgid "Default: not set (no substitution for unset home directories)"
msgstr ""
"Por defecto: no fijado (sin sustitución para los directorios home no fijados)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:636
+#: sssd.conf.5.xml:703
msgid "override_shell (string)"
msgstr "override_shell (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:639
+#: sssd.conf.5.xml:706
msgid ""
"Override the login shell for all users. This option supersedes any other "
"shell options if it takes effect and can be set either in the [nss] section "
@@ -1058,17 +1156,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:645
+#: sssd.conf.5.xml:712
msgid "Default: not set (SSSD will use the value retrieved from LDAP)"
msgstr "Por defecto: no fijado (SSSD usará el valor recuperado desde LDAP)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:651
+#: sssd.conf.5.xml:718
msgid "allowed_shells (string)"
msgstr "allowed_shells (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:654
+#: sssd.conf.5.xml:721
msgid ""
"Restrict user shell to one of the listed values. The order of evaluation is:"
msgstr ""
@@ -1076,12 +1174,12 @@ msgstr ""
"evaluación es:"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:657
+#: sssd.conf.5.xml:724
msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
msgstr "1. Si el shell está presente en <quote>/etc/shells</quote>, se usa."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:661
+#: sssd.conf.5.xml:728
msgid ""
"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
"quote>, use the value of the shell_fallback parameter."
@@ -1090,7 +1188,7 @@ msgstr ""
"shells</quote>, usa el valor del parámetro shell_fallback."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:666
+#: sssd.conf.5.xml:733
msgid ""
"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
"shells</quote>, a nologin shell is used."
@@ -1099,12 +1197,12 @@ msgstr ""
"shells</quote>, se usará un shell de no acceso."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:671
+#: sssd.conf.5.xml:738
msgid "The wildcard (*) can be used to allow any shell."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:674
+#: sssd.conf.5.xml:741
msgid ""
"The (*) is useful if you want to use shell_fallback in case that user's "
"shell is not in <quote>/etc/shells</quote> and maintaining list of all "
@@ -1112,12 +1210,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:681
+#: sssd.conf.5.xml:748
msgid "An empty string for shell is passed as-is to libc."
msgstr "Una cadena vacía para el shell se pasa como-es a libc."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:684
+#: sssd.conf.5.xml:751
msgid ""
"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
"that a restart of the SSSD is required in case a new shell is installed."
@@ -1127,27 +1225,27 @@ msgstr ""
"una nueva shell."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:688
+#: sssd.conf.5.xml:755
msgid "Default: Not set. The user shell is automatically used."
msgstr "Por defecto: No fijado. La shell del usuario se usa automáticamente."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:693
+#: sssd.conf.5.xml:760
msgid "vetoed_shells (string)"
msgstr "vetoed_shells (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:696
+#: sssd.conf.5.xml:763
msgid "Replace any instance of these shells with the shell_fallback"
msgstr "Reemplaza cualquier instancia de estos shells con shell_fallback"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:701
+#: sssd.conf.5.xml:768
msgid "shell_fallback (string)"
msgstr "shell_fallback (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:704
+#: sssd.conf.5.xml:771
msgid ""
"The default shell to use if an allowed shell is not installed on the machine."
msgstr ""
@@ -1155,24 +1253,24 @@ msgstr ""
"máquina."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:708
+#: sssd.conf.5.xml:775
msgid "Default: /bin/sh"
msgstr "Predeterminado: /bin/sh"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:713
+#: sssd.conf.5.xml:780
msgid "default_shell"
msgstr "default_shell"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:716
+#: sssd.conf.5.xml:783
msgid ""
"The default shell to use if the provider does not return one during lookup. "
"This option can be specified globally in the [nss] section or per-domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:722
+#: sssd.conf.5.xml:789
msgid ""
"Default: not set (Return NULL if no shell is specified and rely on libc to "
"substitute something sensible when necessary, usually /bin/sh)"
@@ -1182,12 +1280,12 @@ msgstr ""
"normalmente /bin/sh)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:729 sssd.conf.5.xml:915
+#: sssd.conf.5.xml:796 sssd.conf.5.xml:988
msgid "get_domains_timeout (int)"
msgstr "get_domains_timeout (entero)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:732 sssd.conf.5.xml:918
+#: sssd.conf.5.xml:799 sssd.conf.5.xml:991
msgid ""
"Specifies time in seconds for which the list of subdomains will be "
"considered valid."
@@ -1196,31 +1294,42 @@ msgstr ""
"considerada válida."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:741
+#: sssd.conf.5.xml:808
msgid "memcache_timeout (int)"
msgstr "memcache_timeout (entero)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:744
+#: sssd.conf.5.xml:811
+#, fuzzy
+#| msgid ""
+#| "Specifies time in seconds for which records in the in-memory cache will "
+#| "be valid"
msgid ""
"Specifies time in seconds for which records in the in-memory cache will be "
-"valid"
+"valid."
msgstr ""
"Especifica el tiempo en segundos durante el cual los archivos en el "
"escondrijo en memoria serán válidos."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:748 sssd-ldap.5.xml:706
+#: sssd.conf.5.xml:815 sssd.conf.5.xml:1299 sssd-ldap.5.xml:706
msgid "Default: 300"
msgstr "Predeterminado: 300"
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:818
+msgid ""
+"NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", "
+"client applications will not use the fast in-memory cache."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:753 sssd-ifp.5.xml:74
+#: sssd.conf.5.xml:826 sssd-ifp.5.xml:74
msgid "user_attributes (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:829
msgid ""
"Some of the additional NSS responder requests can return more attributes "
"than just the POSIX ones defined by the NSS interface. The list of "
@@ -1231,24 +1340,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:769
+#: sssd.conf.5.xml:842
msgid ""
"To make configuration more easy the NSS responder will check the InfoPipe "
"option if it is not set for the NSS responder."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:774
+#: sssd.conf.5.xml:847
msgid "Default: not set, fallback to InfoPipe option"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:781
+#: sssd.conf.5.xml:854
msgid "PAM configuration options"
msgstr "Opciones de configuración PAM"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:856
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
@@ -1257,12 +1366,12 @@ msgstr ""
"Authentication Module (PAM)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:788
+#: sssd.conf.5.xml:861
msgid "offline_credentials_expiration (integer)"
msgstr "offline_credentials_expiration (entero)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:791
+#: sssd.conf.5.xml:864
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
@@ -1271,17 +1380,17 @@ msgstr ""
"los accesos escondidos (en días desde el último login en línea con éxito)."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:796 sssd.conf.5.xml:809
+#: sssd.conf.5.xml:869 sssd.conf.5.xml:882
msgid "Default: 0 (No limit)"
msgstr "Predeterminado: 0 (Sin límite)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:802
+#: sssd.conf.5.xml:875
msgid "offline_failed_login_attempts (integer)"
msgstr "offline_failed_login_attempts (entero)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:805
+#: sssd.conf.5.xml:878
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
@@ -1290,12 +1399,12 @@ msgstr ""
"login fallados están permitidos."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:815
+#: sssd.conf.5.xml:888
msgid "offline_failed_login_delay (integer)"
msgstr "offline_failed_login_delay (entero)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:818
+#: sssd.conf.5.xml:891
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
@@ -1305,7 +1414,7 @@ msgstr ""
"intento de login sea posible."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:823
+#: sssd.conf.5.xml:896
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -1316,17 +1425,17 @@ msgstr ""
"éxito puede habilitar otra vez la autenticación fuera de línea."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:829 sssd.conf.5.xml:882
+#: sssd.conf.5.xml:902 sssd.conf.5.xml:955
msgid "Default: 5"
msgstr "Predeterminado: 5"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:835
+#: sssd.conf.5.xml:908
msgid "pam_verbosity (integer)"
msgstr "pam_verbosity (entero)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:838
+#: sssd.conf.5.xml:911
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
@@ -1335,44 +1444,44 @@ msgstr ""
"autenticación. Cuanto mayor sea el número de mensajes más aparecen."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:843
+#: sssd.conf.5.xml:916
msgid "Currently sssd supports the following values:"
msgstr "Actualmente sssd soporta los siguientes valores:"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:846
+#: sssd.conf.5.xml:919
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr "<emphasis>0</emphasis>: no mostrar ningún mensaje"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:849
+#: sssd.conf.5.xml:922
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr "<emphasis>1</emphasis>: mostrar sólo mensajes importantes"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:853
+#: sssd.conf.5.xml:926
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr "<emphasis>2</emphasis>: mostrar mensajes informativos"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:856
+#: sssd.conf.5.xml:929
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
"<emphasis>3</emphasis>: mostrar todos los mensajes e información de "
"depuración"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:860 sssd.8.xml:63
+#: sssd.conf.5.xml:933 sssd.8.xml:63
msgid "Default: 1"
msgstr "Predeterminado: 1"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:865
+#: sssd.conf.5.xml:938
msgid "pam_id_timeout (integer)"
msgstr "pam_id_timeout (entero)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:941
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -1384,7 +1493,7 @@ msgstr ""
"información más actual."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:874
+#: sssd.conf.5.xml:947
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
@@ -1398,17 +1507,17 @@ msgstr ""
"proveedor de identidad."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:888
+#: sssd.conf.5.xml:961
msgid "pam_pwd_expiration_warning (integer)"
msgstr "pam_pwd_expiration_warning (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:891 sssd.conf.5.xml:1492
+#: sssd.conf.5.xml:964 sssd.conf.5.xml:1631
msgid "Display a warning N days before the password expires."
msgstr "Mostrar una advertencia N días antes que la contraseña caduque."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:894
+#: sssd.conf.5.xml:967
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -1419,7 +1528,7 @@ msgstr ""
"información desaparece, sssd no podrá mostrar un aviso."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:900 sssd.conf.5.xml:1495
+#: sssd.conf.5.xml:973 sssd.conf.5.xml:1634
msgid ""
"If zero is set, then this filter is not applied, i.e. if the expiration "
"warning was received from backend server, it will automatically be displayed."
@@ -1429,7 +1538,7 @@ msgstr ""
"automáticamente."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:905
+#: sssd.conf.5.xml:978
msgid ""
"This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
"emphasis> for a particular domain."
@@ -1437,106 +1546,185 @@ msgstr ""
"Este ajuste puede ser anulado por el ajuste "
"<emphasis>pwd_expiration_warning</emphasis> para un dominio concreto."
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:910 sssd.conf.5.xml:2224 sssd.8.xml:79
-msgid "Default: 0"
-msgstr "Predeterminado: 0"
-
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:927
+#: sssd.conf.5.xml:1000
msgid "pam_trusted_users (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:930
+#: sssd.conf.5.xml:1003
+#, fuzzy
+#| msgid ""
+#| "Specifies the comma-separated list of UID values or user names that are "
+#| "allowed to access the PAC responder. User names are resolved to UIDs at "
+#| "startup."
msgid ""
"Specifies the comma-separated list of UID values or user names that are "
-"allowed to access the PAM responder. User names are resolved to UIDs at "
+"allowed to run PAM conversations against trusted domains. Users not "
+"included in this list can only access domains marked as public with "
+"<quote>pam_public_domains</quote>. User names are resolved to UIDs at "
"startup."
msgstr ""
+"Especifica la lista separada por comas de los valores UID o nombres de "
+"usuario que tiene el acceso permitido al respondedor PAC."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:936
-msgid "Default: all (All users are allowed to access the PAM responder)"
+#: sssd.conf.5.xml:1013
+msgid "Default: All users are considered trusted by default"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940
+#: sssd.conf.5.xml:1017
msgid ""
"Please note that UID 0 is always allowed to access the PAM responder even in "
"case it is not in the pam_trusted_users list."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:947
+#: sssd.conf.5.xml:1024
msgid "pam_public_domains (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:950
+#: sssd.conf.5.xml:1027
msgid ""
"Specifies the comma-separated list of domain names that are accessible even "
"to untrusted users."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:954
+#: sssd.conf.5.xml:1031
msgid "Two special values for pam_public_domains option are defined:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:958
+#: sssd.conf.5.xml:1035
msgid ""
"all (Untrusted users are allowed to access all domains in PAM responder.)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:962
+#: sssd.conf.5.xml:1039
msgid ""
"none (Untrusted users are not allowed to access any domains PAM in "
"responder.)"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1043 sssd.conf.5.xml:1068 sssd.conf.5.xml:1087
+#: sssd.conf.5.xml:1411 sssd.conf.5.xml:2342 sssd-ldap.5.xml:1793
+msgid "Default: none"
+msgstr "Predeterminado: none"
+
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:971
+#: sssd.conf.5.xml:1048
msgid "pam_account_expired_message (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:974
+#: sssd.conf.5.xml:1051
+msgid ""
+"Allows a custom expiration message to be set, replacing the default "
+"'Permission denied' message."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1056
msgid ""
-"If user is authenticating using SSH keys and account is expired then by "
-"default 'Permission denied' is output. This output will be changed to "
-"content of this variable if it is set."
+"Note: Please be aware that message is only printed for the SSH service "
+"unless pam_verbostiy is set to 3 (show all messages and debug information)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:983
+#: sssd.conf.5.xml:1064
#, no-wrap
msgid ""
-"pam_account_expired_message = Account expired, please call help desk.\n"
+"pam_account_expired_message = Account expired, please contact help desk.\n"
" "
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:992
+#: sssd.conf.5.xml:1073
+#, fuzzy
+#| msgid "ldap_ns_account_lock (string)"
+msgid "pam_account_locked_message (string)"
+msgstr "ldap_ns_account_lock (cadena)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1076
+msgid ""
+"Allows a custom lockout message to be set, replacing the default 'Permission "
+"denied' message."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd.conf.5.xml:1083
+#, no-wrap
+msgid ""
+"pam_account_locked_message = Account locked, please contact help desk.\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1092
+#, fuzzy
+#| msgid "enumerate (bool)"
+msgid "pam_cert_auth (bool)"
+msgstr "enumerar (bool)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1095
+msgid ""
+"Enable certificate based Smartcard authentication. Since this requires "
+"additional communication with the Smartcard which will delay the "
+"authentication process this option is disabled by default."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1101 sssd-ldap.5.xml:1021 sssd-ldap.5.xml:1048
+#: sssd-ldap.5.xml:1339 sssd-ldap.5.xml:1360 sssd-ldap.5.xml:1866
+#: include/ldap_id_mapping.xml:244
+msgid "Default: False"
+msgstr "Por defecto: False"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1106
+#, fuzzy
+#| msgid "ipa_hbac_search_base (string)"
+msgid "pam_cert_db_path (string)"
+msgstr "ipa_hbac_search_base (cadena)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1109
+msgid ""
+"The path to the certificate database which contain the PKCS#11 modules to "
+"access the Smartcard."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1113
+msgid "Default: /etc/pki/nssdb (NSS version)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1118
#, fuzzy
#| msgid "pam_id_timeout (integer)"
msgid "p11_child_timeout (integer)"
msgstr "pam_id_timeout (entero)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:995
+#: sssd.conf.5.xml:1121
msgid "How many seconds will pam_sss wait for p11_child to finish."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1008
+#: sssd.conf.5.xml:1134
msgid "SUDO configuration options"
msgstr "SUDO opciones de configuración"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1010
+#: sssd.conf.5.xml:1136
msgid ""
"These options can be used to configure the sudo service. The detailed "
"instructions for configuration of <citerefentry> <refentrytitle>sudo</"
@@ -1547,12 +1735,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1027
+#: sssd.conf.5.xml:1153
msgid "sudo_timed (bool)"
msgstr "sudo_timed (booleano)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1030
+#: sssd.conf.5.xml:1156
msgid ""
"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
"that implement time-dependent sudoers entries."
@@ -1561,22 +1749,22 @@ msgstr ""
"entradas de sudoers dependientes del tiempo."
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1043
+#: sssd.conf.5.xml:1169
msgid "AUTOFS configuration options"
msgstr "Opciones de configuración AUTOFS"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1045
+#: sssd.conf.5.xml:1171
msgid "These options can be used to configure the autofs service."
msgstr "Estas opciones pueden ser usadas para configurar el servicio autofs."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1049
+#: sssd.conf.5.xml:1175
msgid "autofs_negative_timeout (integer)"
msgstr "autofs_negative_timeout (entero)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1052
+#: sssd.conf.5.xml:1178
msgid ""
"Specifies for how many seconds should the autofs responder negative cache "
"hits (that is, queries for invalid map entries, like nonexistent ones) "
@@ -1587,22 +1775,22 @@ msgstr ""
"existentes) antes de preguntar al punto final otra vez."
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1068
+#: sssd.conf.5.xml:1194
msgid "SSH configuration options"
msgstr "Opciones de configuración SSH"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1070
+#: sssd.conf.5.xml:1196
msgid "These options can be used to configure the SSH service."
msgstr "Estas opciones se pueden usar para configurar el servicio SSH."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1074
+#: sssd.conf.5.xml:1200
msgid "ssh_hash_known_hosts (bool)"
msgstr "ssh_hash_known_hosts (booleano)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1077
+#: sssd.conf.5.xml:1203
msgid ""
"Whether or not to hash host names and addresses in the managed known_hosts "
"file."
@@ -1611,12 +1799,12 @@ msgstr ""
"known_host. "
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1086
+#: sssd.conf.5.xml:1212
msgid "ssh_known_hosts_timeout (integer)"
msgstr "ssh_known_hosts_timeout (entero)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1089
+#: sssd.conf.5.xml:1215
msgid ""
"How many seconds to keep a host in the managed known_hosts file after its "
"host keys were requested."
@@ -1625,38 +1813,38 @@ msgstr ""
"después de que se hayan pedido sus claves de host."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1093
+#: sssd.conf.5.xml:1219
msgid "Default: 180"
msgstr "Por defecto: 180"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1098
+#: sssd.conf.5.xml:1224
#, fuzzy
#| msgid "mail_dir (string)"
msgid "ca_db (string)"
msgstr "mail_dir (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1101
+#: sssd.conf.5.xml:1227
msgid ""
"Path to a storage of trusted CA certificates. The option is used to validate "
"user certificates before deriving public ssh keys from them."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1106
+#: sssd.conf.5.xml:1232
#, fuzzy
#| msgid "Default: /etc/krb5.keytab"
msgid "Default: /etc/pki/nssdb"
msgstr "Predeterminado: /etc/krb5.keytab"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1114
+#: sssd.conf.5.xml:1240
msgid "PAC responder configuration options"
msgstr "Opciones de configuración del respondedor PAC"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1116
+#: sssd.conf.5.xml:1242
msgid ""
"The PAC responder works together with the authorization data plugin for MIT "
"Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the "
@@ -1675,7 +1863,7 @@ msgstr ""
"siguientes operaciones:"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1125
+#: sssd.conf.5.xml:1251
msgid ""
"If the remote user does not exist in the cache, it is created. The uid is "
"determined with the help of the SID, trusted domains will have UPGs and the "
@@ -1686,24 +1874,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1133
+#: sssd.conf.5.xml:1259
msgid ""
"If there are SIDs of groups from domains sssd knows about, the user will be "
"added to those groups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1139
+#: sssd.conf.5.xml:1265
msgid "These options can be used to configure the PAC responder."
msgstr "Estas opciones pueden ser usadas para configurar el respondedor PAC."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1143 sssd-ifp.5.xml:50
+#: sssd.conf.5.xml:1269 sssd-ifp.5.xml:50
msgid "allowed_uids (string)"
msgstr "allowed_uids (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1146
+#: sssd.conf.5.xml:1272
msgid ""
"Specifies the comma-separated list of UID values or user names that are "
"allowed to access the PAC responder. User names are resolved to UIDs at "
@@ -1713,14 +1901,14 @@ msgstr ""
"usuario que tiene el acceso permitido al respondedor PAC."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1152
+#: sssd.conf.5.xml:1278
msgid "Default: 0 (only the root user is allowed to access the PAC responder)"
msgstr ""
"Por defecto: 0 (sólo el usuario root tiene permitido el acceso al "
"respondedor PAC)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1156
+#: sssd.conf.5.xml:1282
msgid ""
"Please note that although the UID 0 is used as the default it will be "
"overwritten with this option. If you still want to allow the root user to "
@@ -1732,18 +1920,32 @@ msgstr ""
"respondedor PAC, que sería el caso típico, usted tiene que añadir 0 a la "
"lista de UIDs permitidas también."
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1291
+#, fuzzy
+#| msgid "pam_id_timeout (integer)"
+msgid "pac_lifetime (integer)"
+msgstr "pam_id_timeout (entero)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1294
+msgid ""
+"Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC "
+"data can be used to determine the group memberships of a user."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1170
+#: sssd.conf.5.xml:1309
msgid "DOMAIN SECTIONS"
msgstr "SECCIONES DE DOMINIO"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1177
+#: sssd.conf.5.xml:1316
msgid "min_id,max_id (integer)"
msgstr "min_id, max_id (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1180
+#: sssd.conf.5.xml:1319
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
@@ -1752,7 +1954,7 @@ msgstr ""
"está fuera de estos límites, ésta es ignorada."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1185
+#: sssd.conf.5.xml:1324
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -1765,24 +1967,24 @@ msgstr ""
"reportados como en espera."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1192
+#: sssd.conf.5.xml:1331
msgid ""
"These ID limits affect even saving entries to cache, not only returning them "
"by name or ID."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1196
+#: sssd.conf.5.xml:1335
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr "Predeterminado: 1 para min_id, 0 (sin límite) para max_id"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1202
+#: sssd.conf.5.xml:1341
msgid "enumerate (bool)"
msgstr "enumerar (bool)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1205
+#: sssd.conf.5.xml:1344
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
@@ -1791,22 +1993,22 @@ msgstr ""
"de los siguientes valores:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1209
+#: sssd.conf.5.xml:1348
msgid "TRUE = Users and groups are enumerated"
msgstr "TRUE = Usuarios y grupos son enumerados"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1212
+#: sssd.conf.5.xml:1351
msgid "FALSE = No enumerations for this domain"
msgstr "FALSE = Sin enumeraciones para este dominio"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1215 sssd.conf.5.xml:1447 sssd.conf.5.xml:1614
+#: sssd.conf.5.xml:1354 sssd.conf.5.xml:1586 sssd.conf.5.xml:1753
msgid "Default: FALSE"
msgstr "Predeterminado: FALSE"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1218
+#: sssd.conf.5.xml:1357
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -1826,7 +2028,7 @@ msgstr ""
"las afiliaciones deben ser recalculadas."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1231
+#: sssd.conf.5.xml:1370
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
@@ -1836,7 +2038,7 @@ msgstr ""
"completen."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1236
+#: sssd.conf.5.xml:1375
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -1850,7 +2052,7 @@ msgstr ""
"específico id_provider en uso."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1244
+#: sssd.conf.5.xml:1383
msgid ""
"For the reasons cited above, enabling enumeration is not recommended, "
"especially in large environments."
@@ -1859,32 +2061,32 @@ msgstr ""
"especialmente en entornos grandes."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1252
+#: sssd.conf.5.xml:1391
msgid "subdomain_enumerate (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1259
+#: sssd.conf.5.xml:1398
msgid "all"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1260
+#: sssd.conf.5.xml:1399
msgid "All discovered trusted domains will be enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1263
+#: sssd.conf.5.xml:1402
msgid "none"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1264
+#: sssd.conf.5.xml:1403
msgid "No discovered trusted domains will be enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1255
+#: sssd.conf.5.xml:1394
msgid ""
"Whether any of autodetected trusted domains should be enumerated. The "
"supported values are: <placeholder type=\"variablelist\" id=\"0\"/> "
@@ -1893,12 +2095,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1295
+#: sssd.conf.5.xml:1434
msgid "entry_cache_timeout (integer)"
msgstr "entry_cache_timeout (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1298
+#: sssd.conf.5.xml:1437
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
@@ -1907,7 +2109,7 @@ msgstr ""
"volver a consultar al backend"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1302
+#: sssd.conf.5.xml:1441
msgid ""
"The cache expiration timestamps are stored as attributes of individual "
"objects in the cache. Therefore, changing the cache timeout only has effect "
@@ -1918,17 +2120,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1315
+#: sssd.conf.5.xml:1454
msgid "Default: 5400"
msgstr "Predeterminado: 5400"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1321
+#: sssd.conf.5.xml:1460
msgid "entry_cache_user_timeout (integer)"
msgstr "entry_cache_user_timeout (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1324
+#: sssd.conf.5.xml:1463
msgid ""
"How many seconds should nss_sss consider user entries valid before asking "
"the backend again"
@@ -1937,19 +2139,19 @@ msgstr ""
"antes de preguntar al punto final otra vez."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1328 sssd.conf.5.xml:1341 sssd.conf.5.xml:1354
-#: sssd.conf.5.xml:1367 sssd.conf.5.xml:1380 sssd.conf.5.xml:1394
-#: sssd.conf.5.xml:1408
+#: sssd.conf.5.xml:1467 sssd.conf.5.xml:1480 sssd.conf.5.xml:1493
+#: sssd.conf.5.xml:1506 sssd.conf.5.xml:1519 sssd.conf.5.xml:1533
+#: sssd.conf.5.xml:1547
msgid "Default: entry_cache_timeout"
msgstr "Por defecto: entry_cache_timeout"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1334
+#: sssd.conf.5.xml:1473
msgid "entry_cache_group_timeout (integer)"
msgstr "entry_cache_group_timeout (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1337
+#: sssd.conf.5.xml:1476
msgid ""
"How many seconds should nss_sss consider group entries valid before asking "
"the backend again"
@@ -1958,12 +2160,12 @@ msgstr ""
"antes de preguntar al punto final otra vez."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1347
+#: sssd.conf.5.xml:1486
msgid "entry_cache_netgroup_timeout (integer)"
msgstr "entry_cache_netgroup_timeout (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1350
+#: sssd.conf.5.xml:1489
msgid ""
"How many seconds should nss_sss consider netgroup entries valid before "
"asking the backend again"
@@ -1972,12 +2174,12 @@ msgstr ""
"válidas antes de preguntar al punto final otra vez."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1360
+#: sssd.conf.5.xml:1499
msgid "entry_cache_service_timeout (integer)"
msgstr "entry_cache_service_timeout (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1363
+#: sssd.conf.5.xml:1502
msgid ""
"How many seconds should nss_sss consider service entries valid before asking "
"the backend again"
@@ -1986,12 +2188,12 @@ msgstr ""
"antes de preguntar al punto final otra vez."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1373
+#: sssd.conf.5.xml:1512
msgid "entry_cache_sudo_timeout (integer)"
msgstr "entry_cache_sudo_timeout (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1376
+#: sssd.conf.5.xml:1515
msgid ""
"How many seconds should sudo consider rules valid before asking the backend "
"again"
@@ -2000,12 +2202,12 @@ msgstr ""
"preguntar al backend otra vez."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1386
+#: sssd.conf.5.xml:1525
msgid "entry_cache_autofs_timeout (integer)"
msgstr "entry_cache_autofs_timeout (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1389
+#: sssd.conf.5.xml:1528
msgid ""
"How many seconds should the autofs service consider automounter maps valid "
"before asking the backend again"
@@ -2014,71 +2216,71 @@ msgstr ""
"automontaje válidos antes de preguntar al punto final otra vez."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1400
+#: sssd.conf.5.xml:1539
msgid "entry_cache_ssh_host_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1403
+#: sssd.conf.5.xml:1542
msgid ""
"How many seconds to keep a host ssh key after refresh. IE how long to cache "
"the host key for."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1414
+#: sssd.conf.5.xml:1553
msgid "refresh_expired_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1417
+#: sssd.conf.5.xml:1556
msgid ""
"Specifies how many seconds SSSD has to wait before triggering a background "
"refresh task which will refresh all expired or nearly expired records."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1422
+#: sssd.conf.5.xml:1561
msgid ""
"The background refresh will process users, groups and netgroups in the cache."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1426
+#: sssd.conf.5.xml:1565
msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1430 sssd-ldap.5.xml:730 sssd-ipa.5.xml:227
+#: sssd.conf.5.xml:1569 sssd-ldap.5.xml:730 sssd-ipa.5.xml:227
msgid "Default: 0 (disabled)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1436
+#: sssd.conf.5.xml:1575
msgid "cache_credentials (bool)"
msgstr "cache_credentials (bool)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1439
+#: sssd.conf.5.xml:1578
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
"Determina si las credenciales del usuario están también escondidas en el "
"cache LDB local"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1443
+#: sssd.conf.5.xml:1582
msgid "User credentials are stored in a SHA512 hash, not in plaintext"
msgstr ""
"Las credenciales de usuario son almacenadas en un hash SHA512, no en texto "
"plano"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1453
+#: sssd.conf.5.xml:1592
msgid "cache_credentials_minimal_first_factor_length (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1456
+#: sssd.conf.5.xml:1595
msgid ""
"If 2-Factor-Authentication (2FA) is used and credentials should be saved "
"this value determines the minimal length the first authentication factor "
@@ -2086,24 +2288,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1463
+#: sssd.conf.5.xml:1602
msgid ""
"This should avoid that the short PINs of a PIN based 2FA scheme are saved in "
"the cache which would make them easy targets for brute-force attacks."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1468
+#: sssd.conf.5.xml:1607
msgid "Default: 8"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1474
+#: sssd.conf.5.xml:1613
msgid "account_cache_expiration (integer)"
msgstr "account_cache_expiration (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1477
+#: sssd.conf.5.xml:1616
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -2116,17 +2318,17 @@ msgstr ""
"grande o igual que offline_credentials_expiration."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1484
+#: sssd.conf.5.xml:1623
msgid "Default: 0 (unlimited)"
msgstr "Predeterminado: 0 (ilimitado)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1489
+#: sssd.conf.5.xml:1628
msgid "pwd_expiration_warning (integer)"
msgstr "pwd_expiration_warning (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1500
+#: sssd.conf.5.xml:1639
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -2139,17 +2341,17 @@ msgstr ""
"configurar un proveedor de autorización para el backend."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1507
+#: sssd.conf.5.xml:1646
msgid "Default: 7 (Kerberos), 0 (LDAP)"
msgstr "Por defecto: 7 (Kerberos), 0 (LDAP)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1513
+#: sssd.conf.5.xml:1652
msgid "id_provider (string)"
msgstr "id_provider (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1516
+#: sssd.conf.5.xml:1655
msgid ""
"The identification provider used for the domain. Supported ID providers are:"
msgstr ""
@@ -2157,17 +2359,17 @@ msgstr ""
"soportados son:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1520
+#: sssd.conf.5.xml:1659
msgid "<quote>proxy</quote>: Support a legacy NSS provider"
msgstr "<quote>proxy</quote>: Soporta un proveedor NSS legado"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1523 sssd.conf.5.xml:1660
+#: sssd.conf.5.xml:1662 sssd.conf.5.xml:1799
msgid "<quote>local</quote>: SSSD internal provider for local users"
msgstr "<quote>local</quote>: Proveedor interno SSSD para usuarios locales"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1527
+#: sssd.conf.5.xml:1666
msgid ""
"<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-"
"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
@@ -2178,8 +2380,8 @@ msgstr ""
"información sobre la configuración de LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1535 sssd.conf.5.xml:1640 sssd.conf.5.xml:1695
-#: sssd.conf.5.xml:1748
+#: sssd.conf.5.xml:1674 sssd.conf.5.xml:1779 sssd.conf.5.xml:1834
+#: sssd.conf.5.xml:1897
msgid ""
"<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management "
"provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
@@ -2192,8 +2394,8 @@ msgstr ""
"configuración de FreeIPA."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1544 sssd.conf.5.xml:1649 sssd.conf.5.xml:1704
-#: sssd.conf.5.xml:1757
+#: sssd.conf.5.xml:1683 sssd.conf.5.xml:1788 sssd.conf.5.xml:1843
+#: sssd.conf.5.xml:1906
msgid ""
"<quote>ad</quote>: Active Directory provider. See <citerefentry> "
"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2205,12 +2407,12 @@ msgstr ""
"Directory."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1555
+#: sssd.conf.5.xml:1694
msgid "use_fully_qualified_names (bool)"
msgstr "use_fully_qualified_names (bool)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1558
+#: sssd.conf.5.xml:1697
msgid ""
"Use the full name and domain (as formatted by the domain's full_name_format) "
"as the user's login name reported to NSS."
@@ -2220,7 +2422,7 @@ msgstr ""
"NSS."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1563
+#: sssd.conf.5.xml:1702
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -2234,7 +2436,7 @@ msgstr ""
"command> lo haría."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1571
+#: sssd.conf.5.xml:1710
msgid ""
"NOTE: This option has no effect on netgroup lookups due to their tendency to "
"include nested netgroups without qualified names. For netgroups, all domains "
@@ -2242,22 +2444,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1578
+#: sssd.conf.5.xml:1717
msgid "Default: FALSE (TRUE if default_domain_suffix is used)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1584
+#: sssd.conf.5.xml:1723
msgid "ignore_group_members (bool)"
msgstr "ignore_group_members (bool)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1587
+#: sssd.conf.5.xml:1726
msgid "Do not return group members for group lookups."
msgstr "No devuelve miembros de grupo para búsquedas de grupo."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1590
+#: sssd.conf.5.xml:1729
msgid ""
"If set to TRUE, the group membership attribute is not requested from the "
"ldap server, and group members are not returned when processing group lookup "
@@ -2269,7 +2471,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1608
+#: sssd.conf.5.xml:1747
msgid ""
"Enabling this option can also make access provider checks for group "
"membership significantly faster, especially for groups containing many "
@@ -2277,12 +2479,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1619
+#: sssd.conf.5.xml:1758
msgid "auth_provider (string)"
msgstr "auth_provider (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1622
+#: sssd.conf.5.xml:1761
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
@@ -2291,7 +2493,7 @@ msgstr ""
"autenticación soportados son:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1626 sssd.conf.5.xml:1688
+#: sssd.conf.5.xml:1765 sssd.conf.5.xml:1827
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2302,7 +2504,7 @@ msgstr ""
"citerefentry> para más información sobre la configuración LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1633
+#: sssd.conf.5.xml:1772
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2313,7 +2515,7 @@ msgstr ""
"citerefentry> para más información sobre la configuración de Kerberos."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1657
+#: sssd.conf.5.xml:1796
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
@@ -2321,12 +2523,12 @@ msgstr ""
"objetivo PAM."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1664
+#: sssd.conf.5.xml:1803
msgid "<quote>none</quote> disables authentication explicitly."
msgstr "<quote>none</quote> deshabilita la autenticación explícitamente."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1667
+#: sssd.conf.5.xml:1806
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
@@ -2335,12 +2537,12 @@ msgstr ""
"manejar las peticiones de autenticación."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1673
+#: sssd.conf.5.xml:1812
msgid "access_provider (string)"
msgstr "access_provider (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1676
+#: sssd.conf.5.xml:1815
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -2351,7 +2553,7 @@ msgstr ""
"proveedores especiales internos son:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1682
+#: sssd.conf.5.xml:1821
msgid ""
"<quote>permit</quote> always allow access. It's the only permitted access "
"provider for a local domain."
@@ -2360,12 +2562,12 @@ msgstr ""
"sólo permitido para un dominio local."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1685
+#: sssd.conf.5.xml:1824
msgid "<quote>deny</quote> always deny access."
msgstr "<quote>deny</quote> siempre niega el acceso."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1712
+#: sssd.conf.5.xml:1851
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -2378,17 +2580,44 @@ msgstr ""
"configuración del módulo de acceso sencillo."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1719
+#: sssd.conf.5.xml:1858
+#, fuzzy
+#| msgid ""
+#| "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
+#| "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
+#| "citerefentry> for more information on configuring Kerberos."
+msgid ""
+"<quote>krb5</quote>: .k5login based access control. See <citerefentry> "
+"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></"
+"citerefentry> for more information on configuring Kerberos."
+msgstr ""
+"<quote>krb5</quote> para autenticación Kerberos. Vea <citerefentry> "
+"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> para más información sobre la configuración de Kerberos."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1865
+#, fuzzy
+#| msgid ""
+#| "<quote>proxy</quote> for relaying password changes to some other PAM "
+#| "target."
+msgid "<quote>proxy</quote> for relaying access control to another PAM module."
+msgstr ""
+"<quote>proxy</quote> para la reinstalación de cambios de password en algunos "
+"otros objetivos PAM."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1868
msgid "Default: <quote>permit</quote>"
msgstr "Predeterminado: <quote>permit</quote>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1724
+#: sssd.conf.5.xml:1873
msgid "chpass_provider (string)"
msgstr "chpass_provider (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1727
+#: sssd.conf.5.xml:1876
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
@@ -2397,7 +2626,7 @@ msgstr ""
"el dominio. Los proveedores de cambio de passweord soportados son:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1732
+#: sssd.conf.5.xml:1881
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -2409,7 +2638,7 @@ msgstr ""
"configurar LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1740
+#: sssd.conf.5.xml:1889
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2420,7 +2649,7 @@ msgstr ""
"citerefentry> para más información sobre configurar Kerberos."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1765
+#: sssd.conf.5.xml:1914
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
@@ -2428,13 +2657,13 @@ msgstr ""
"otros objetivos PAM."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1769
+#: sssd.conf.5.xml:1918
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr ""
"<quote>none</quote> deniega explícitamente los cambios en la contraseña."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1772
+#: sssd.conf.5.xml:1921
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
@@ -2443,18 +2672,18 @@ msgstr ""
"puede manejar las peticiones de cambio de password."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1779
+#: sssd.conf.5.xml:1928
msgid "sudo_provider (string)"
msgstr "sudo_provider (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1782
+#: sssd.conf.5.xml:1931
msgid "The SUDO provider used for the domain. Supported SUDO providers are:"
msgstr ""
"El proveedor SUDO usado por el dominio. Los proveedores SUDO soportados son:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1786
+#: sssd.conf.5.xml:1935
msgid ""
"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2465,33 +2694,33 @@ msgstr ""
"citerefentry> para más información sobre la configuración LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1794
+#: sssd.conf.5.xml:1943
msgid ""
"<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default "
"settings."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1798
+#: sssd.conf.5.xml:1947
msgid ""
"<quote>ad</quote> the same as <quote>ldap</quote> but with AD default "
"settings."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1802
+#: sssd.conf.5.xml:1951
msgid "<quote>none</quote> disables SUDO explicitly."
msgstr "<quote>none</quote>deshabilita SUDO explícitamente."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1805 sssd.conf.5.xml:1883 sssd.conf.5.xml:1915
-#: sssd.conf.5.xml:1940
+#: sssd.conf.5.xml:1954 sssd.conf.5.xml:2032 sssd.conf.5.xml:2073
+#: sssd.conf.5.xml:2098
msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
msgstr ""
"Por defecto: el valor de <quote>id_provider</quote> se usa si está fijado."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1809
+#: sssd.conf.5.xml:1958
msgid ""
"The detailed instructions for configuration of sudo_provider are in the "
"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -2502,12 +2731,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1826
+#: sssd.conf.5.xml:1975
msgid "selinux_provider (string)"
msgstr "selinux_provider (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1829
+#: sssd.conf.5.xml:1978
msgid ""
"The provider which should handle loading of selinux settings. Note that this "
"provider will be called right after access provider ends. Supported selinux "
@@ -2518,7 +2747,7 @@ msgstr ""
"finalice. Los proveedores selinux soportados son:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1835
+#: sssd.conf.5.xml:1984
msgid ""
"<quote>ipa</quote> to load selinux settings from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2530,14 +2759,14 @@ msgstr ""
"IPA."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1843
+#: sssd.conf.5.xml:1992
msgid "<quote>none</quote> disallows fetching selinux settings explicitly."
msgstr ""
"<quote>none</quote> deshabilita ir a buscar los ajustes selinux "
"explícitamente."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1846
+#: sssd.conf.5.xml:1995
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"selinux loading requests."
@@ -2546,12 +2775,12 @@ msgstr ""
"manejar las peticiones de carga selinux."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1852
+#: sssd.conf.5.xml:2001
msgid "subdomains_provider (string)"
msgstr "subdomains_provider (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1855
+#: sssd.conf.5.xml:2004
msgid ""
"The provider which should handle fetching of subdomains. This value should "
"be always the same as id_provider. Supported subdomain providers are:"
@@ -2561,7 +2790,7 @@ msgstr ""
"soportados son:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1861
+#: sssd.conf.5.xml:2010
msgid ""
"<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2573,7 +2802,7 @@ msgstr ""
"configuración de IPA."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1870
+#: sssd.conf.5.xml:2019
msgid ""
"<quote>ad</quote> to load a list of subdomains from an Active Directory "
"server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> "
@@ -2582,18 +2811,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1879
+#: sssd.conf.5.xml:2028
msgid "<quote>none</quote> disallows fetching subdomains explicitly."
msgstr ""
"<quote>none</quote> deshabilita el buscador de subdominios explícitamente."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1890
+#: sssd.conf.5.xml:2039
msgid "autofs_provider (string)"
msgstr "autofs_provider (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1893
+#: sssd.conf.5.xml:2042
msgid ""
"The autofs provider used for the domain. Supported autofs providers are:"
msgstr ""
@@ -2601,7 +2830,7 @@ msgstr ""
"son:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1897
+#: sssd.conf.5.xml:2046
msgid ""
"<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2613,7 +2842,7 @@ msgstr ""
"LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1904
+#: sssd.conf.5.xml:2053
msgid ""
"<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2625,17 +2854,34 @@ msgstr ""
"IPA."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1912
+#: sssd.conf.5.xml:2061
+#, fuzzy
+#| msgid ""
+#| "<quote>ipa</quote> to load maps stored in an IPA server. See "
+#| "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
+#| "manvolnum> </citerefentry> for more information on configuring IPA."
+msgid ""
+"<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> "
+"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> for more information on configuring the AD provider."
+msgstr ""
+"<quote>ipa</quote> para cargar mapas almacenados en un servidor IPA. Vea "
+"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> para más información sobre la configuración de "
+"IPA."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2070
msgid "<quote>none</quote> disables autofs explicitly."
msgstr "<quote>none</quote> deshabilita autofs explícitamente."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1922
+#: sssd.conf.5.xml:2080
msgid "hostid_provider (string)"
msgstr "hostid_provider (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1925
+#: sssd.conf.5.xml:2083
msgid ""
"The provider used for retrieving host identity information. Supported "
"hostid providers are:"
@@ -2644,7 +2890,7 @@ msgstr ""
"proveedores de hostid soportados son:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1929
+#: sssd.conf.5.xml:2087
msgid ""
"<quote>ipa</quote> to load host identity stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2656,12 +2902,12 @@ msgstr ""
"configuración de IPA."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1937
+#: sssd.conf.5.xml:2095
msgid "<quote>none</quote> disables hostid explicitly."
msgstr "<quote>none</quote> deshabilita hostid explícitamente."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1950
+#: sssd.conf.5.xml:2108
msgid ""
"Regular expression for this domain that describes how to parse the string "
"containing user name and domain into these components. The \"domain\" can "
@@ -2671,7 +2917,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1959
+#: sssd.conf.5.xml:2117
msgid ""
"Default for the AD and IPA provider: <quote>(((?P&lt;domain&gt;[^\\\\]+)\\"
"\\(?P&lt;name&gt;.+$))|((?P&lt;name&gt;[^@]+)@(?P&lt;domain&gt;.+$))|(^(?"
@@ -2684,22 +2930,22 @@ msgstr ""
"nombres de usuario:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1964
+#: sssd.conf.5.xml:2122
msgid "username"
msgstr "nombre de usuario"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1967
+#: sssd.conf.5.xml:2125
msgid "username@domain.name"
msgstr "username@domain.name"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1970
+#: sssd.conf.5.xml:2128
msgid "domain\\username"
msgstr "dominio/nombre_de_usuario"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1973
+#: sssd.conf.5.xml:2131
msgid ""
"While the first two correspond to the general default the third one is "
"introduced to allow easy integration of users from Windows domains."
@@ -2709,7 +2955,7 @@ msgstr ""
"dominios Windows."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1978
+#: sssd.conf.5.xml:2136
msgid ""
"Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
"which translates to \"the name is everything up to the <quote>@</quote> "
@@ -2720,7 +2966,7 @@ msgstr ""
"el nombre, el dominio es el resto detrás de este signo\""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1984
+#: sssd.conf.5.xml:2142
msgid ""
"PLEASE NOTE: the support for non-unique named subpatterns is not available "
"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
@@ -2732,7 +2978,7 @@ msgstr ""
"subplantillas sin nombre único."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1991
+#: sssd.conf.5.xml:2149
msgid ""
"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
"P&lt;name&gt;) to label subpatterns."
@@ -2741,17 +2987,17 @@ msgstr ""
"soportan la sintaxis Python (?P&lt;name&gt;) para identificar subpatrones."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2038
+#: sssd.conf.5.xml:2196
msgid "Default: <quote>%1$s@%2$s</quote>."
msgstr "Predeterminado: <quote>%1$s@%2$s</quote>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2044
+#: sssd.conf.5.xml:2202
msgid "lookup_family_order (string)"
msgstr "lookup_family_order (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2047
+#: sssd.conf.5.xml:2205
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
@@ -2760,42 +3006,42 @@ msgstr ""
"a usar cuando se lleven a cabo búsquedas DNS."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2051
+#: sssd.conf.5.xml:2209
msgid "Supported values:"
msgstr "Valores soportados:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2054
+#: sssd.conf.5.xml:2212
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr "ipv4_first: Intenta buscar dirección IPv4, si falla, intenta IPv6"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2057
+#: sssd.conf.5.xml:2215
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr "ipv4_only: Sólo intenta resolver nombres de host a direccones IPv4."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2060
+#: sssd.conf.5.xml:2218
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr "ipv6_first: Intenta buscar dirección IPv6, si falla, intenta IPv4"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2063
+#: sssd.conf.5.xml:2221
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr "ipv6_only: Sólo intenta resolver nombres de host a direccones IPv6."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2066
+#: sssd.conf.5.xml:2224
msgid "Default: ipv4_first"
msgstr "Predeterminado: ipv4_first"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2072
+#: sssd.conf.5.xml:2230
msgid "dns_resolver_timeout (integer)"
msgstr "dns_resolver_timeout (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2075
+#: sssd.conf.5.xml:2233
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -2806,18 +3052,18 @@ msgstr ""
"espera, el dominio continuará operativo en modo fuera de línea."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2081 sssd-ldap.5.xml:1203 sssd-ldap.5.xml:1245
-#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:248
+#: sssd.conf.5.xml:2239 sssd-ldap.5.xml:1221 sssd-ldap.5.xml:1263
+#: sssd-ldap.5.xml:1281 sssd-krb5.5.xml:248
msgid "Default: 6"
msgstr "Predeterminado: 6"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2087
+#: sssd.conf.5.xml:2245
msgid "dns_discovery_domain (string)"
msgstr "dns_discovery_domain (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2090
+#: sssd.conf.5.xml:2248
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
@@ -2826,53 +3072,53 @@ msgstr ""
"de dominio de la pregunta al descubridor de servicio DNS."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2094
+#: sssd.conf.5.xml:2252
msgid "Default: Use the domain part of machine's hostname"
msgstr ""
"Predeterminado: Utilizar la parte del dominio del nombre de host del equipo"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2100
+#: sssd.conf.5.xml:2258
msgid "override_gid (integer)"
msgstr "override_gid (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2103
+#: sssd.conf.5.xml:2261
msgid "Override the primary GID value with the one specified."
msgstr "Anula el valor primario GID con el especificado."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2109
+#: sssd.conf.5.xml:2267
msgid "case_sensitive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2117
+#: sssd.conf.5.xml:2275
msgid "True"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2120
+#: sssd.conf.5.xml:2278
msgid "Case sensitive. This value is invalid for AD provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2126
+#: sssd.conf.5.xml:2284
msgid "False"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2128
+#: sssd.conf.5.xml:2286
msgid "Case insensitive."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2132
+#: sssd.conf.5.xml:2290
msgid "Preserving"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2135
+#: sssd.conf.5.xml:2293
msgid ""
"Same as False (case insensitive), but does not lowercase names in the result "
"of NSS operations. Note that name aliases (and in case of services also "
@@ -2880,7 +3126,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2112
+#: sssd.conf.5.xml:2270
msgid ""
"Treat user and group names as case sensitive. At the moment, this option is "
"not supported in the local provider. Possible option values are: "
@@ -2888,46 +3134,87 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2147
+#: sssd.conf.5.xml:2305
msgid "Default: True (False for AD provider)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2153
-msgid "proxy_fast_alias (boolean)"
-msgstr "proxy_fast_alias (booleano)"
+#: sssd.conf.5.xml:2311
+msgid "subdomain_inherit (string)"
+msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2156
+#: sssd.conf.5.xml:2314
msgid ""
-"When a user or group is looked up by name in the proxy provider, a second "
-"lookup by ID is performed to \"canonicalize\" the name in case the requested "
-"name was an alias. Setting this option to true would cause the SSSD to "
-"perform the ID lookup from cache for performance reasons."
+"Specifies a list of configuration parameters that should be inherited by a "
+"subdomain. Please note that only selected parameters can be inherited. "
+"Currently the following options can be inherited:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2320
+msgid "ignore_group_members"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2323
+msgid "ldap_purge_cache_timeout"
msgstr ""
-"Cuando un usuario o grupo es buscado por nombre en el proveedor proxy, una "
-"segunda búsqueda por ID es llevada a cabo para “estandarizar” el nombre en "
-"el caso de que el nombre pedido fuera un alias. Fijando esta opción a true "
-"se causaría que SSSD lleve a cabo una búsqueda de ID desde el escondrijo por "
-"razones de rendimiento."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2170
+#: sssd.conf.5.xml:2326 sssd-ldap.5.xml:1054
+msgid "ldap_use_tokengroups"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2329
+msgid "ldap_user_principal"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2332
+msgid ""
+"ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab "
+"is not set explicitly)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd.conf.5.xml:2338
+#, no-wrap
+msgid ""
+"subdomain_inherit = ldap_purge_cache_timeout\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2336
+msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2345
+#, fuzzy
+#| msgid "This option is not available in IPA provider."
+msgid "Note: This option only works with the IPA and AD provider."
+msgstr "Esta opción no está disponible en el proveedor IPA."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2352
msgid "subdomain_homedir (string)"
msgstr "subdomain_homedir (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2181
+#: sssd.conf.5.xml:2363
msgid "%F"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2182
+#: sssd.conf.5.xml:2364
msgid "flat (NetBIOS) name of a subdomain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2173
+#: sssd.conf.5.xml:2355
msgid ""
"Use this homedir as default value for all subdomains within this domain in "
"IPA AD trust. See <emphasis>override_homedir</emphasis> for info about "
@@ -2937,7 +3224,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2187
+#: sssd.conf.5.xml:2369
msgid ""
"The value can be overridden by <emphasis>override_homedir</emphasis> option."
msgstr ""
@@ -2945,30 +3232,30 @@ msgstr ""
"emphasis>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2191
+#: sssd.conf.5.xml:2373
msgid "Default: <filename>/home/%d/%u</filename>"
msgstr "Por defecto: <filename>/home/%d/%u</filename>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2196
+#: sssd.conf.5.xml:2378
msgid "realmd_tags (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2199
+#: sssd.conf.5.xml:2381
msgid ""
"Various tags stored by the realmd configuration service for this domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2205
+#: sssd.conf.5.xml:2387
#, fuzzy
#| msgid "memcache_timeout (int)"
msgid "cached_auth_timeout (int)"
msgstr "memcache_timeout (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2208
+#: sssd.conf.5.xml:2390
msgid ""
"Specifies time in seconds since last successful online authentication for "
"which user will be authenticated using cached credentials while SSSD is in "
@@ -2976,12 +3263,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2214
+#: sssd.conf.5.xml:2396
msgid "Special value 0 implies that this feature is disabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2218
+#: sssd.conf.5.xml:2400
msgid ""
"Please note that if <quote>cached_auth_timeout</quote> is longer than "
"<quote>pam_id_timeout</quote> then the back end could be called to handle "
@@ -2989,7 +3276,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1172
+#: sssd.conf.5.xml:1311
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -3001,17 +3288,17 @@ msgstr ""
"id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2236
+#: sssd.conf.5.xml:2418
msgid "proxy_pam_target (string)"
msgstr "proxy_pam_target (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2239
+#: sssd.conf.5.xml:2421
msgid "The proxy target PAM proxies to."
msgstr "El proxy de destino PAM próximo a."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2242
+#: sssd.conf.5.xml:2424
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
@@ -3020,12 +3307,12 @@ msgstr ""
"pam existente o crear una nueva y añadir el nombre de servicio aquí."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2250
+#: sssd.conf.5.xml:2432
msgid "proxy_lib_name (string)"
msgstr "proxy_lib_name (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2253
+#: sssd.conf.5.xml:2435
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -3035,8 +3322,27 @@ msgstr ""
"NSS buscadas dentro de la librería están el formato de _nss_$(libName)_"
"$(function), por ejemplo _nss_files_getpwent."
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2445
+msgid "proxy_fast_alias (boolean)"
+msgstr "proxy_fast_alias (booleano)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2448
+msgid ""
+"When a user or group is looked up by name in the proxy provider, a second "
+"lookup by ID is performed to \"canonicalize\" the name in case the requested "
+"name was an alias. Setting this option to true would cause the SSSD to "
+"perform the ID lookup from cache for performance reasons."
+msgstr ""
+"Cuando un usuario o grupo es buscado por nombre en el proveedor proxy, una "
+"segunda búsqueda por ID es llevada a cabo para “estandarizar” el nombre en "
+"el caso de que el nombre pedido fuera un alias. Fijando esta opción a true "
+"se causaría que SSSD lleve a cabo una búsqueda de ID desde el escondrijo por "
+"razones de rendimiento."
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2232
+#: sssd.conf.5.xml:2414
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
@@ -3045,12 +3351,12 @@ msgstr ""
"\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2265
+#: sssd.conf.5.xml:2465
msgid "The local domain section"
msgstr "La sección de dominio local"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2267
+#: sssd.conf.5.xml:2467
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -3061,29 +3367,29 @@ msgstr ""
"utiliza <replaceable>id_provider=local</replaceable>."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2274
+#: sssd.conf.5.xml:2474
msgid "default_shell (string)"
msgstr "default_shell (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2277
+#: sssd.conf.5.xml:2477
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
"El shell predeterminado para los usuarios creados con herramientas de "
"espacio de usuario SSSD."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2281
+#: sssd.conf.5.xml:2481
msgid "Default: <filename>/bin/bash</filename>"
msgstr "Predeterminado: <filename>/bin/bash</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2286
+#: sssd.conf.5.xml:2486
msgid "base_directory (string)"
msgstr "base_directory (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2289
+#: sssd.conf.5.xml:2489
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
@@ -3093,17 +3399,17 @@ msgstr ""
"de inicio."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2294
+#: sssd.conf.5.xml:2494
msgid "Default: <filename>/home</filename>"
msgstr "Predeterminado: <filename>/home</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2299
+#: sssd.conf.5.xml:2499
msgid "create_homedir (bool)"
msgstr "create_homedir (bool)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2302
+#: sssd.conf.5.xml:2502
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
@@ -3112,17 +3418,17 @@ msgstr ""
"Puede ser anulado desde la línea de comando."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2306 sssd.conf.5.xml:2318
+#: sssd.conf.5.xml:2506 sssd.conf.5.xml:2518
msgid "Default: TRUE"
msgstr "Predeterminado: TRUE"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2311
+#: sssd.conf.5.xml:2511
msgid "remove_homedir (bool)"
msgstr "remove_homedir (bool)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2314
+#: sssd.conf.5.xml:2514
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
@@ -3131,12 +3437,12 @@ msgstr ""
"borrados. Puede ser anulado desde la línea de comando."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2323
+#: sssd.conf.5.xml:2523
msgid "homedir_umask (integer)"
msgstr "homedir_umask (entero)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2326
+#: sssd.conf.5.xml:2526
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -3147,17 +3453,17 @@ msgstr ""
"predeterminados en un directorio de inicio recién creado."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2334
+#: sssd.conf.5.xml:2534
msgid "Default: 077"
msgstr "Predeterminado: 077"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2339
+#: sssd.conf.5.xml:2539
msgid "skel_dir (string)"
msgstr "skel_dir (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2342
+#: sssd.conf.5.xml:2542
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -3170,17 +3476,17 @@ msgstr ""
"<manvolnum>8</manvolnum></citerefentry>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2352
+#: sssd.conf.5.xml:2552
msgid "Default: <filename>/etc/skel</filename>"
msgstr "Predeterminado: <filename>/etc/skel</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2357
+#: sssd.conf.5.xml:2557
msgid "mail_dir (string)"
msgstr "mail_dir (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2360
+#: sssd.conf.5.xml:2560
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -3191,17 +3497,17 @@ msgstr ""
"Si no se especifica, se utiliza un valor por defecto."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2367
+#: sssd.conf.5.xml:2567
msgid "Default: <filename>/var/mail</filename>"
msgstr "Predeterminado: <filename>/var/mail</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2372
+#: sssd.conf.5.xml:2572
msgid "userdel_cmd (string)"
msgstr "userdel_cmd (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2375
+#: sssd.conf.5.xml:2575
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -3212,19 +3518,19 @@ msgstr ""
"único parámetro. El código de retorno del comando no es tenido en cuenta."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2381
+#: sssd.conf.5.xml:2581
msgid "Default: None, no command is run"
msgstr "Predeterminado: None, no se ejecuta comando"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:2391 sssd-ldap.5.xml:2611 sssd-simple.5.xml:131
-#: sssd-ipa.5.xml:717 sssd-ad.5.xml:889 sssd-krb5.5.xml:564
+#: sssd.conf.5.xml:2591 sssd-ldap.5.xml:2629 sssd-simple.5.xml:131
+#: sssd-ipa.5.xml:717 sssd-ad.5.xml:965 sssd-krb5.5.xml:564
#: sss_rpcidmapd.5.xml:98
msgid "EXAMPLE"
msgstr "EJEMPLO"
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:2397
+#: sssd.conf.5.xml:2597
#, no-wrap
msgid ""
"[sssd]\n"
@@ -3278,7 +3584,7 @@ msgstr ""
"enumerate = False\n"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2393
+#: sssd.conf.5.xml:2593
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -3340,7 +3646,7 @@ msgstr ""
"información sobre la utilización de LDAP como proveedor de acceso."
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:88
+#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:89
#: sssd-krb5.5.xml:63 sssd-ifp.5.xml:44
msgid "CONFIGURATION OPTIONS"
msgstr "OPCIONES DE CONFIGURACIÓN"
@@ -3460,8 +3766,8 @@ msgstr ""
"http://www.ietf.org/rfc/rfc2254.txt"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:646 sssd-ad.5.xml:212
-#: sss_override.8.xml:99 sss_override.8.xml:167
+#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:646 sssd-ad.5.xml:220
+#: sss_override.8.xml:137 sss_override.8.xml:234
msgid "Examples:"
msgstr "Ejemplos:"
@@ -3784,7 +4090,7 @@ msgid "ldap_user_modify_timestamp (string)"
msgstr "ldap_user_modify_timestamp (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:373 sssd-ldap.5.xml:914 sssd-ldap.5.xml:1119
+#: sssd-ldap.5.xml:373 sssd-ldap.5.xml:914 sssd-ldap.5.xml:1137
msgid ""
"The LDAP attribute that contains timestamp of the last modification of the "
"parent object."
@@ -3793,7 +4099,7 @@ msgstr ""
"objeto primario."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:377 sssd-ldap.5.xml:918 sssd-ldap.5.xml:1126
+#: sssd-ldap.5.xml:377 sssd-ldap.5.xml:918 sssd-ldap.5.xml:1144
msgid "Default: modifyTimestamp"
msgstr "Predeterminado: modifyTimestamp"
@@ -4243,8 +4549,8 @@ msgid "The LDAP attribute that corresponds to the user's full name."
msgstr "El atributo LDAP que corresponde al nombre completo del usuario."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:743 sssd-ldap.5.xml:850 sssd-ldap.5.xml:1077
-#: sssd-ldap.5.xml:1151 sssd-ldap.5.xml:2192 sssd-ipa.5.xml:590
+#: sssd-ldap.5.xml:743 sssd-ldap.5.xml:850 sssd-ldap.5.xml:1095
+#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:2210 sssd-ipa.5.xml:590
msgid "Default: cn"
msgstr "Predeterminado: cn"
@@ -4460,11 +4766,30 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:945
+#, fuzzy
+#| msgid "ldap_group_member (string)"
+msgid "ldap_group_external_member (string)"
+msgstr "ldap_group_member (cadena)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:948
+msgid ""
+"The LDAP attribute that references group members that are defined in an "
+"external domain. At the moment, only IPA's external members are supported."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:954
+msgid "Default: ipaExternalMember in the IPA provider, otherwise unset."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:961
msgid "ldap_group_nesting_level (integer)"
msgstr "ldap_group_nesting_level (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:948
+#: sssd-ldap.5.xml:964
msgid ""
"If ldap_schema is set to a schema format that supports nested groups (e.g. "
"RFC2307bis), then this option controls how many levels of nesting SSSD will "
@@ -4476,7 +4801,7 @@ msgstr ""
"esquema RFC2307."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:955
+#: sssd-ldap.5.xml:971
msgid ""
"Note: This option specifies the guaranteed level of nested groups to be "
"processed for any lookup. However, nested groups beyond this limit "
@@ -4486,26 +4811,27 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:964
+#: sssd-ldap.5.xml:980
msgid ""
"If ldap_group_nesting_level is set to 0 then no nested groups are processed "
-"at all. However, when connected to Active-Directory Server 2008 and later it "
-"is furthermore required to disable usage of Token-Groups by setting "
-"ldap_use_tokengroups to false."
+"at all. However, when connected to Active-Directory Server 2008 and later "
+"using <quote>id_provider=ad</quote> it is furthermore required to disable "
+"usage of Token-Groups by setting ldap_use_tokengroups to false in order to "
+"restrict group nesting."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:971
+#: sssd-ldap.5.xml:989
msgid "Default: 2"
msgstr "Predeterminado: 2"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:977
+#: sssd-ldap.5.xml:995
msgid "ldap_groups_use_matching_rule_in_chain"
msgstr "ldap_groups_use_matching_rule_in_chain"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:980
+#: sssd-ldap.5.xml:998
msgid ""
"This option tells SSSD to take advantage of an Active Directory-specific "
"feature which may speed up group lookup operations on deployments with "
@@ -4516,7 +4842,7 @@ msgstr ""
"despliegues con grupos complejos o profundamente anidados."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:986
+#: sssd-ldap.5.xml:1004
msgid ""
"In most common cases, it is best to leave this option disabled. It generally "
"only provides a performance increase on very complex nestings."
@@ -4526,7 +4852,7 @@ msgstr ""
"muy complejos."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:991 sssd-ldap.5.xml:1018
+#: sssd-ldap.5.xml:1009 sssd-ldap.5.xml:1036
msgid ""
"If this option is enabled, SSSD will use it if it detects that the server "
"supports it during initial connection. So \"True\" here essentially means "
@@ -4537,7 +4863,7 @@ msgstr ""
"esencialmente “auto-detect”."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:997 sssd-ldap.5.xml:1024
+#: sssd-ldap.5.xml:1015 sssd-ldap.5.xml:1042
msgid ""
"Note: This feature is currently known to work only with Active Directory "
"2008 R1 and later. See <ulink url=\"http://msdn.microsoft.com/en-us/library/"
@@ -4549,19 +4875,13 @@ msgstr ""
"library/windows/desktop/aa746475%28v=vs.85%29.aspx\"> MSDN(TM) "
"documentation</ulink> para más detalles."
-#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1003 sssd-ldap.5.xml:1030 sssd-ldap.5.xml:1321
-#: sssd-ldap.5.xml:1342 sssd-ldap.5.xml:1848 include/ldap_id_mapping.xml:242
-msgid "Default: False"
-msgstr "Por defecto: False"
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1009
+#: sssd-ldap.5.xml:1027
msgid "ldap_initgroups_use_matching_rule_in_chain"
msgstr "ldap_initgroups_use_matching_rule_in_chain"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1012
+#: sssd-ldap.5.xml:1030
msgid ""
"This option tells SSSD to take advantage of an Active Directory-specific "
"feature which might speed up initgroups operations (most notably when "
@@ -4572,80 +4892,80 @@ msgstr ""
"notable cuando se trata con grupos complejos o profundamente anidados)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1039
+#: sssd-ldap.5.xml:1057
msgid ""
"This options enables or disables use of Token-Groups attribute when "
"performing initgroup for users from Active Directory Server 2008 and later."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1044
+#: sssd-ldap.5.xml:1062
msgid "Default: True for AD and IPA otherwise False."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1050
+#: sssd-ldap.5.xml:1068
msgid "ldap_netgroup_object_class (string)"
msgstr "ldap_netgroup_object_class (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1053
+#: sssd-ldap.5.xml:1071
msgid "The object class of a netgroup entry in LDAP."
msgstr "La clase de objeto de una entrada netgroup en LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1056
+#: sssd-ldap.5.xml:1074
msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
msgstr "En proveedor IPA, ipa_netgroup_object_class, se usaría en su lugar."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1060
+#: sssd-ldap.5.xml:1078
msgid "Default: nisNetgroup"
msgstr "Predeterminado: nisNetgroup"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1066
+#: sssd-ldap.5.xml:1084
msgid "ldap_netgroup_name (string)"
msgstr "ldap_netgroup_name (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1069
+#: sssd-ldap.5.xml:1087
msgid "The LDAP attribute that corresponds to the netgroup name."
msgstr "El atributo LDAP que corresponde al nombre del netgroup."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1073
+#: sssd-ldap.5.xml:1091
msgid "In IPA provider, ipa_netgroup_name should be used instead."
msgstr "Un proveedor IPA, ipa_netgroup_name sería usado en su lugar."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1083
+#: sssd-ldap.5.xml:1101
msgid "ldap_netgroup_member (string)"
msgstr "ldap_netgroup_member (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1086
+#: sssd-ldap.5.xml:1104
msgid "The LDAP attribute that contains the names of the netgroup's members."
msgstr ""
"El atributo LDAP que contiene los nombres de los miembros de grupo de red."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1090
+#: sssd-ldap.5.xml:1108
msgid "In IPA provider, ipa_netgroup_member should be used instead."
msgstr "Un proveedor IPA, ipa_netgroup_member sería usado en su lugar."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1094
+#: sssd-ldap.5.xml:1112
msgid "Default: memberNisNetgroup"
msgstr "Predeterminado: memberNisNetgroup"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1100
+#: sssd-ldap.5.xml:1118
msgid "ldap_netgroup_triple (string)"
msgstr "ldap_netgroup_triple (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1103
+#: sssd-ldap.5.xml:1121
msgid ""
"The LDAP attribute that contains the (host, user, domain) netgroup triples."
msgstr ""
@@ -4653,42 +4973,42 @@ msgstr ""
"de red."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1107 sssd-ldap.5.xml:1123
+#: sssd-ldap.5.xml:1125 sssd-ldap.5.xml:1141
msgid "This option is not available in IPA provider."
msgstr "Esta opción no está disponible en el proveedor IPA."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1110
+#: sssd-ldap.5.xml:1128
msgid "Default: nisNetgroupTriple"
msgstr "Predeterminado: nisNetgroupTriple"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1116
+#: sssd-ldap.5.xml:1134
msgid "ldap_netgroup_modify_timestamp (string)"
msgstr "ldap_netgroup_modify_timestamp (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1132
+#: sssd-ldap.5.xml:1150
msgid "ldap_service_object_class (string)"
msgstr "ldap_service_object_class (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1135
+#: sssd-ldap.5.xml:1153
msgid "The object class of a service entry in LDAP."
msgstr "La clase objeto de una entrada de servicio en LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1138
+#: sssd-ldap.5.xml:1156
msgid "Default: ipService"
msgstr "Por defecto: ipService"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1144
+#: sssd-ldap.5.xml:1162
msgid "ldap_service_name (string)"
msgstr "ldap_service_name (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1147
+#: sssd-ldap.5.xml:1165
msgid ""
"The LDAP attribute that contains the name of service attributes and their "
"aliases."
@@ -4696,49 +5016,49 @@ msgstr ""
"El atributo LDAP que contiene el nombre de servicio de atributos y sus alias."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1157
+#: sssd-ldap.5.xml:1175
msgid "ldap_service_port (string)"
msgstr "ldap_service_port (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1160
+#: sssd-ldap.5.xml:1178
msgid "The LDAP attribute that contains the port managed by this service."
msgstr "El atributo LDAP que contiene el puerto manejado por este servicio."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1164
+#: sssd-ldap.5.xml:1182
msgid "Default: ipServicePort"
msgstr "Por defecto: ipServicePort"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1170
+#: sssd-ldap.5.xml:1188
msgid "ldap_service_proto (string)"
msgstr "ldap_service_proto (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1173
+#: sssd-ldap.5.xml:1191
msgid ""
"The LDAP attribute that contains the protocols understood by this service."
msgstr ""
"El atributo LDAP que contiene los protocolos entendidos por este servicio."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1177
+#: sssd-ldap.5.xml:1195
msgid "Default: ipServiceProtocol"
msgstr "Por defecto: ipServiceProtocol"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1183
+#: sssd-ldap.5.xml:1201
msgid "ldap_service_search_base (string)"
msgstr "ldap_service_search_base (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1188
+#: sssd-ldap.5.xml:1206
msgid "ldap_search_timeout (integer)"
msgstr "ldap_search_timeout (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1191
+#: sssd-ldap.5.xml:1209
msgid ""
"Specifies the timeout (in seconds) that ldap searches are allowed to run "
"before they are cancelled and cached results are returned (and offline mode "
@@ -4749,7 +5069,7 @@ msgstr ""
"escondidos devueltos (y se entra en modo fuera de línea)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1197
+#: sssd-ldap.5.xml:1215
msgid ""
"Note: this option is subject to change in future versions of the SSSD. It "
"will likely be replaced at some point by a series of timeouts for specific "
@@ -4760,12 +5080,12 @@ msgstr ""
"espera para tipos específicos de búsqueda."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1209
+#: sssd-ldap.5.xml:1227
msgid "ldap_enumeration_search_timeout (integer)"
msgstr "ldap_enumeration_search_timeout (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1212
+#: sssd-ldap.5.xml:1230
msgid ""
"Specifies the timeout (in seconds) that ldap searches for user and group "
"enumerations are allowed to run before they are cancelled and cached results "
@@ -4777,12 +5097,12 @@ msgstr ""
"fuera de línea)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1225
+#: sssd-ldap.5.xml:1243
msgid "ldap_network_timeout (integer)"
msgstr "ldap_network_timeout (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1228
+#: sssd-ldap.5.xml:1246
msgid ""
"Specifies the timeout (in seconds) after which the <citerefentry> "
"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
@@ -4799,12 +5119,12 @@ msgstr ""
"citerefentry> vuelve en caso de no actividad."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1251
+#: sssd-ldap.5.xml:1269
msgid "ldap_opt_timeout (integer)"
msgstr "ldap_opt_timeout (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1254
+#: sssd-ldap.5.xml:1272
msgid ""
"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
"will abort if no response is received. Also controls the timeout when "
@@ -4813,12 +5133,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1269
+#: sssd-ldap.5.xml:1287
msgid "ldap_connection_expire_timeout (integer)"
msgstr "ldap_connection_expire_timeout (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1272
+#: sssd-ldap.5.xml:1290
msgid ""
"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
"maintained. After this time, the connection will be re-established. If used "
@@ -4831,17 +5151,17 @@ msgstr ""
"temprano (este valor contra el tiempo de vida TGT)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1280 sssd-ldap.5.xml:2349
+#: sssd-ldap.5.xml:1298 sssd-ldap.5.xml:2367
msgid "Default: 900 (15 minutes)"
msgstr "Predeterminado: 900 (15 minutos)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1286
+#: sssd-ldap.5.xml:1304
msgid "ldap_page_size (integer)"
msgstr "ldap_page_size (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1289
+#: sssd-ldap.5.xml:1307
msgid ""
"Specify the number of records to retrieve from LDAP in a single request. "
"Some LDAP servers enforce a maximum limit per-request."
@@ -4850,17 +5170,17 @@ msgstr ""
"Algunos servidores LDAP hacen cumplir un límite máximo por petición."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1294
+#: sssd-ldap.5.xml:1312
msgid "Default: 1000"
msgstr "Predeterminado: 1000"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1300
+#: sssd-ldap.5.xml:1318
msgid "ldap_disable_paging (boolean)"
msgstr "ldap_disable_paging (booleano)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1303
+#: sssd-ldap.5.xml:1321
msgid ""
"Disable the LDAP paging control. This option should be used if the LDAP "
"server reports that it supports the LDAP paging control in its RootDSE but "
@@ -4871,7 +5191,7 @@ msgstr ""
"RootDSE pero no está habilitado o no se comporta apropiadamente."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1309
+#: sssd-ldap.5.xml:1327
msgid ""
"Example: OpenLDAP servers with the paging control module installed on the "
"server but not enabled will report it in the RootDSE but be unable to use it."
@@ -4881,7 +5201,7 @@ msgstr ""
"pero es incapaz de usarlo."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1315
+#: sssd-ldap.5.xml:1333
msgid ""
"Example: 389 DS has a bug where it can only support a one paging control at "
"a time on a single connection. On busy clients, this can result in some "
@@ -4892,17 +5212,17 @@ msgstr ""
"puede ocasionar que algunas peticiones sean denegadas."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1327
+#: sssd-ldap.5.xml:1345
msgid "ldap_disable_range_retrieval (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1330
+#: sssd-ldap.5.xml:1348
msgid "Disable Active Directory range retrieval."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1333
+#: sssd-ldap.5.xml:1351
msgid ""
"Active Directory limits the number of members to be retrieved in a single "
"lookup using the MaxValRange policy (which defaults to 1500 members). If a "
@@ -4912,12 +5232,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1348
+#: sssd-ldap.5.xml:1366
msgid "ldap_sasl_minssf (integer)"
msgstr "ldap_sasl_minssf (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1351
+#: sssd-ldap.5.xml:1369
msgid ""
"When communicating with an LDAP server using SASL, specify the minimum "
"security level necessary to establish the connection. The values of this "
@@ -4928,19 +5248,19 @@ msgstr ""
"de esta opción son definidos por OpenLDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1357
+#: sssd-ldap.5.xml:1375
msgid "Default: Use the system default (usually specified by ldap.conf)"
msgstr ""
"Por defecto: Usa el sistema por defecto (normalmente especificado por ldap."
"conf)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1364
+#: sssd-ldap.5.xml:1382
msgid "ldap_deref_threshold (integer)"
msgstr "ldap_deref_threshold (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1367
+#: sssd-ldap.5.xml:1385
msgid ""
"Specify the number of group members that must be missing from the internal "
"cache in order to trigger a dereference lookup. If less members are missing, "
@@ -4951,7 +5271,7 @@ msgstr ""
"deference. Si hay menos miembros desaparecidos, se buscarán individualmente."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1373
+#: sssd-ldap.5.xml:1391
msgid ""
"You can turn off dereference lookups completely by setting the value to 0."
msgstr ""
@@ -4959,7 +5279,7 @@ msgstr ""
"a 0."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1377
+#: sssd-ldap.5.xml:1395
msgid ""
"A dereference lookup is a means of fetching all group members in a single "
"LDAP call. Different LDAP servers may implement different dereference "
@@ -4972,7 +5292,7 @@ msgstr ""
"soportados son 389/RHDS, OpenLDAP y Active Directory."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1385
+#: sssd-ldap.5.xml:1403
msgid ""
"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
"filter, then the dereference lookup performance enhancement will be disabled "
@@ -4983,12 +5303,12 @@ msgstr ""
"será deshabilitado sin tener en cuenta este ajuste."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1398
+#: sssd-ldap.5.xml:1416
msgid "ldap_tls_reqcert (string)"
msgstr "ldap_tls_reqcert (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1401
+#: sssd-ldap.5.xml:1419
msgid ""
"Specifies what checks to perform on server certificates in a TLS session, if "
"any. It can be specified as one of the following values:"
@@ -4998,7 +5318,7 @@ msgstr ""
"los siguientes valores:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1407
+#: sssd-ldap.5.xml:1425
msgid ""
"<emphasis>never</emphasis> = The client will not request or check any server "
"certificate."
@@ -5007,7 +5327,7 @@ msgstr ""
"certificado de servidor."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1411
+#: sssd-ldap.5.xml:1429
msgid ""
"<emphasis>allow</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -5018,7 +5338,7 @@ msgstr ""
"certificado malo, será ignorado y la sesión continua normalmente."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1418
+#: sssd-ldap.5.xml:1436
msgid ""
"<emphasis>try</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -5029,7 +5349,7 @@ msgstr ""
"certificado malo, la sesión se termina inmediatamente."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1424
+#: sssd-ldap.5.xml:1442
msgid ""
"<emphasis>demand</emphasis> = The server certificate is requested. If no "
"certificate is provided, or a bad certificate is provided, the session is "
@@ -5040,22 +5360,22 @@ msgstr ""
"termina inmediatamente."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1430
+#: sssd-ldap.5.xml:1448
msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
msgstr "<emphasis>hard</emphasis> = Igual que <quote>demand</quote>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1434
+#: sssd-ldap.5.xml:1452
msgid "Default: hard"
msgstr "Predeterminado: hard"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1440
+#: sssd-ldap.5.xml:1458
msgid "ldap_tls_cacert (string)"
msgstr "ldap_tls_cacert (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1443
+#: sssd-ldap.5.xml:1461
msgid ""
"Specifies the file that contains certificates for all of the Certificate "
"Authorities that <command>sssd</command> will recognize."
@@ -5064,7 +5384,7 @@ msgstr ""
"de Certificación que <command>sssd</command> reconocerá."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1448 sssd-ldap.5.xml:1466 sssd-ldap.5.xml:1507
+#: sssd-ldap.5.xml:1466 sssd-ldap.5.xml:1484 sssd-ldap.5.xml:1525
msgid ""
"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
"conf</filename>"
@@ -5073,12 +5393,12 @@ msgstr ""
"etc/openldap/ldap.conf</filename>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1455
+#: sssd-ldap.5.xml:1473
msgid "ldap_tls_cacertdir (string)"
msgstr "ldap_tls_cacertdir (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1458
+#: sssd-ldap.5.xml:1476
msgid ""
"Specifies the path of a directory that contains Certificate Authority "
"certificates in separate individual files. Typically the file names need to "
@@ -5092,33 +5412,33 @@ msgstr ""
"para crear los nombres correctos."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1473
+#: sssd-ldap.5.xml:1491
msgid "ldap_tls_cert (string)"
msgstr "ldap_tls_cert (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1476
+#: sssd-ldap.5.xml:1494
msgid "Specifies the file that contains the certificate for the client's key."
msgstr ""
"Especifica el fichero que contiene el certificado para la clave del cliente."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1486
+#: sssd-ldap.5.xml:1504
msgid "ldap_tls_key (string)"
msgstr "ldap_tls_key (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1489
+#: sssd-ldap.5.xml:1507
msgid "Specifies the file that contains the client's key."
msgstr "Especifica el archivo que contiene la clave del cliente."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1498
+#: sssd-ldap.5.xml:1516
msgid "ldap_tls_cipher_suite (string)"
msgstr "ldap_tls_cipher_suite (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1501
+#: sssd-ldap.5.xml:1519
msgid ""
"Specifies acceptable cipher suites. Typically this is a colon separated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -5126,12 +5446,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1514
+#: sssd-ldap.5.xml:1532
msgid "ldap_id_use_start_tls (boolean)"
msgstr "ldap_id_use_start_tls (booleano)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1517
+#: sssd-ldap.5.xml:1535
msgid ""
"Specifies that the id_provider connection must also use <systemitem class="
"\"protocol\">tls</systemitem> to protect the channel."
@@ -5140,12 +5460,12 @@ msgstr ""
"<systemitem class=\"protocol\">tls</systemitem> para proteger el canal."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1527
+#: sssd-ldap.5.xml:1545
msgid "ldap_id_mapping (boolean)"
msgstr "ldap_id_mapping (booleano)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1530
+#: sssd-ldap.5.xml:1548
msgid ""
"Specifies that SSSD should attempt to map user and group IDs from the "
"ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
@@ -5156,18 +5476,18 @@ msgstr ""
"ldap_user_uid_number y ldap_group_gid_number."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1536
+#: sssd-ldap.5.xml:1554
msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
msgstr ""
"Actualmente está función soporta sólo mapeos de objectSID de ActiveDirectory."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1546
+#: sssd-ldap.5.xml:1564
msgid "ldap_min_id, ldap_max_id (interger)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1549
+#: sssd-ldap.5.xml:1567
msgid ""
"In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
"set to true the allowed ID range for ldap_user_uid_number and "
@@ -5178,17 +5498,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1561
+#: sssd-ldap.5.xml:1579
msgid "Default: not set (both options are set to 0)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1567
+#: sssd-ldap.5.xml:1585
msgid "ldap_sasl_mech (string)"
msgstr "ldap_sasl_mech (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1570
+#: sssd-ldap.5.xml:1588
msgid ""
"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
"supported."
@@ -5197,12 +5517,12 @@ msgstr ""
"probado y soportado."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1580
+#: sssd-ldap.5.xml:1598
msgid "ldap_sasl_authid (string)"
msgstr "ldap_sasl_authid (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1583
+#: sssd-ldap.5.xml:1601
msgid ""
"Specify the SASL authorization id to use. When GSSAPI is used, this "
"represents the Kerberos principal used for authentication to the directory. "
@@ -5215,17 +5535,17 @@ msgstr ""
"myhost@EXAMPLE.COM) o sólo en nombre principal (por ejemplo host/myhost)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1591
+#: sssd-ldap.5.xml:1609
msgid "Default: host/hostname@REALM"
msgstr "Por defecto: host/nombre_de_host@REALM"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1597
+#: sssd-ldap.5.xml:1615
msgid "ldap_sasl_realm (string)"
msgstr "ldap_sasl_realm (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1600
+#: sssd-ldap.5.xml:1618
msgid ""
"Specify the SASL realm to use. When not specified, this option defaults to "
"the value of krb5_realm. If the ldap_sasl_authid contains the realm as "
@@ -5236,17 +5556,17 @@ msgstr ""
"reino también, esta opción se ignora."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1606
+#: sssd-ldap.5.xml:1624
msgid "Default: the value of krb5_realm."
msgstr "Por defecto: el valor de krb5_realm."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1612
+#: sssd-ldap.5.xml:1630
msgid "ldap_sasl_canonicalize (boolean)"
msgstr "ldap_sasl_canonicalize (boolean)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1615
+#: sssd-ldap.5.xml:1633
msgid ""
"If set to true, the LDAP library would perform a reverse lookup to "
"canonicalize the host name during a SASL bind."
@@ -5255,34 +5575,34 @@ msgstr ""
"para para canocalizar el nombre de host durante una unión SASL."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1620
+#: sssd-ldap.5.xml:1638
msgid "Default: false;"
msgstr "Predeterminado: false;"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1626
+#: sssd-ldap.5.xml:1644
msgid "ldap_krb5_keytab (string)"
msgstr "ldap_krb5_keytab (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1629
+#: sssd-ldap.5.xml:1647
msgid "Specify the keytab to use when using SASL/GSSAPI."
msgstr "Especifica la keytab a usar cuando se utilice SASL/GSSAPI."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1632
+#: sssd-ldap.5.xml:1650
msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
msgstr ""
"Por defecto: Keytab del sistema, normalmente <filename>/etc/krb5.keytab</"
"filename>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1638
+#: sssd-ldap.5.xml:1656
msgid "ldap_krb5_init_creds (boolean)"
msgstr "ldap_krb5_init_creds (booleano)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1641
+#: sssd-ldap.5.xml:1659
msgid ""
"Specifies that the id_provider should init Kerberos credentials (TGT). This "
"action is performed only if SASL is used and the mechanism selected is "
@@ -5293,27 +5613,27 @@ msgstr ""
"es GSSAPI."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1653
+#: sssd-ldap.5.xml:1671
msgid "ldap_krb5_ticket_lifetime (integer)"
msgstr "ldap_krb5_ticket_lifetime (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1656
+#: sssd-ldap.5.xml:1674
msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr "Especifica el tiempo de vida en segundos del TGT si se usa GSSAPI."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1660 sssd-ad.5.xml:783
+#: sssd-ldap.5.xml:1678 sssd-ad.5.xml:859
msgid "Default: 86400 (24 hours)"
msgstr "Predeterminado: 86400 (24 horas)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1666 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1684 sssd-krb5.5.xml:74
msgid "krb5_server, krb5_backup_server (string)"
msgstr "krb5_server, krb5_backup_server (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1669
+#: sssd-ldap.5.xml:1687
msgid ""
"Specifies the comma-separated list of IP addresses or hostnames of the "
"Kerberos servers to which SSSD should connect in the order of preference. "
@@ -5332,7 +5652,7 @@ msgstr ""
"información, vea la sección <quote>SERVICE DISCOVERY</quote>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1681 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1699 sssd-krb5.5.xml:89
msgid ""
"When using service discovery for KDC or kpasswd servers, SSSD first searches "
"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -5343,7 +5663,7 @@ msgstr ""
"regresa a _tcp si no se encuentra nada."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1686 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1704 sssd-krb5.5.xml:94
msgid ""
"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
"While the legacy name is recognized for the time being, users are advised to "
@@ -5355,29 +5675,29 @@ msgstr ""
"configuración para usar <quote>krb5_server</quote> en su lugar."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1695 sssd-ipa.5.xml:415 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1713 sssd-ipa.5.xml:415 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr "krb5_realm (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1698
+#: sssd-ldap.5.xml:1716
msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
msgstr "Especifica el REALM Kerberos (para autorización SASL/GSSAPI)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1701
+#: sssd-ldap.5.xml:1719
msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
msgstr ""
"Predeterminado: Predeterminados del sistema, vea <filename>/etc/krb5.conf</"
"filename>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1707 sssd-ipa.5.xml:430 sssd-krb5.5.xml:462
+#: sssd-ldap.5.xml:1725 sssd-ipa.5.xml:430 sssd-krb5.5.xml:462
msgid "krb5_canonicalize (boolean)"
msgstr "krb5_canonicalize (boolean)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1710
+#: sssd-ldap.5.xml:1728
msgid ""
"Specifies if the host principal should be canonicalized when connecting to "
"LDAP server. This feature is available with MIT Kerberos >= 1.7"
@@ -5386,12 +5706,12 @@ msgstr ""
"servidor LDAP. Esta función está disponible con MIT Kerberos >= 1.7"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1722 sssd-krb5.5.xml:477
+#: sssd-ldap.5.xml:1740 sssd-krb5.5.xml:477
msgid "krb5_use_kdcinfo (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1725 sssd-krb5.5.xml:480
+#: sssd-ldap.5.xml:1743 sssd-krb5.5.xml:480
msgid ""
"Specifies if the SSSD should instruct the Kerberos libraries what realm and "
"which KDCs to use. This option is on by default, if you disable it, you need "
@@ -5401,7 +5721,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1736 sssd-krb5.5.xml:491
+#: sssd-ldap.5.xml:1754 sssd-krb5.5.xml:491
msgid ""
"See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
@@ -5409,12 +5729,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1750
+#: sssd-ldap.5.xml:1768
msgid "ldap_pwd_policy (string)"
msgstr "ldap_pwd_policy (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1753
+#: sssd-ldap.5.xml:1771
msgid ""
"Select the policy to evaluate the password expiration on the client side. "
"The following values are allowed:"
@@ -5423,7 +5743,7 @@ msgstr ""
"del cliente. Los siguientes valores son permitidos:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1758
+#: sssd-ldap.5.xml:1776
msgid ""
"<emphasis>none</emphasis> - No evaluation on the client side. This option "
"cannot disable server-side password policies."
@@ -5432,7 +5752,7 @@ msgstr ""
"no puede deshabilitar las políticas de password en el lado servidor."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1763
+#: sssd-ldap.5.xml:1781
msgid ""
"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -5443,7 +5763,7 @@ msgstr ""
"manvolnum></citerefentry> para evaluar si la contraseña ha expirado."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1769
+#: sssd-ldap.5.xml:1787
msgid ""
"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
"to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -5455,26 +5775,26 @@ msgstr ""
"password."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1778
+#: sssd-ldap.5.xml:1796
msgid ""
"<emphasis>Note</emphasis>: if a password policy is configured on server "
"side, it always takes precedence over policy set with this option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1786
+#: sssd-ldap.5.xml:1804
msgid "ldap_referrals (boolean)"
msgstr "ldap_referrals (boolean)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1789
+#: sssd-ldap.5.xml:1807
msgid "Specifies whether automatic referral chasing should be enabled."
msgstr ""
"Especifica si el seguimiento de referencias automático debería ser "
"habilitado."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1793
+#: sssd-ldap.5.xml:1811
msgid ""
"Please note that sssd only supports referral chasing when it is compiled "
"with OpenLDAP version 2.4.13 or higher."
@@ -5483,7 +5803,7 @@ msgstr ""
"está compilado con OpenLDAP versión 2.4.13 o más alta."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1798
+#: sssd-ldap.5.xml:1816
msgid ""
"Chasing referrals may incur a performance penalty in environments that use "
"them heavily, a notable example is Microsoft Active Directory. If your setup "
@@ -5496,29 +5816,29 @@ msgstr ""
"esta opción a false le llevará a una notable mejora de rendimiento."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1812
+#: sssd-ldap.5.xml:1830
msgid "ldap_dns_service_name (string)"
msgstr "ldap_dns_service_name (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1815
+#: sssd-ldap.5.xml:1833
msgid "Specifies the service name to use when service discovery is enabled."
msgstr ""
"Especifica el nombre del servicio para utilizar cuando está habilitado el "
"servicio de descubrimiento."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1819
+#: sssd-ldap.5.xml:1837
msgid "Default: ldap"
msgstr "Predeterminado: ldap"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1825
+#: sssd-ldap.5.xml:1843
msgid "ldap_chpass_dns_service_name (string)"
msgstr "ldap_chpass_dns_service_name (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1828
+#: sssd-ldap.5.xml:1846
msgid ""
"Specifies the service name to use to find an LDAP server which allows "
"password changes when service discovery is enabled."
@@ -5528,17 +5848,17 @@ msgstr ""
"descubrimiento."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1833
+#: sssd-ldap.5.xml:1851
msgid "Default: not set, i.e. service discovery is disabled"
msgstr "Por defecto: no fijado, esto es servicio descubridor deshabilitado."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1839
+#: sssd-ldap.5.xml:1857
msgid "ldap_chpass_update_last_change (bool)"
msgstr "ldap_chpass_update_last_change (booleano)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1842
+#: sssd-ldap.5.xml:1860
msgid ""
"Specifies whether to update the ldap_user_shadow_last_change attribute with "
"days since the Epoch after a password change operation."
@@ -5547,12 +5867,12 @@ msgstr ""
"desde el Epoch después de una operación de cambio de contraseña."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1854
+#: sssd-ldap.5.xml:1872
msgid "ldap_access_filter (string)"
msgstr "ldap_access_filter (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1857
+#: sssd-ldap.5.xml:1875
msgid ""
"If using access_provider = ldap and ldap_access_order = filter (default), "
"this option is mandatory. It specifies an LDAP search filter criteria that "
@@ -5568,12 +5888,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1877
+#: sssd-ldap.5.xml:1895
msgid "Example:"
msgstr "Ejemplo:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1880
+#: sssd-ldap.5.xml:1898
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -5582,14 +5902,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1884
+#: sssd-ldap.5.xml:1902
msgid ""
"This example means that access to this host is restricted to users whose "
"employeeType attribute is set to \"admin\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1889
+#: sssd-ldap.5.xml:1907
msgid ""
"Offline caching for this feature is limited to determining whether the "
"user's last online login was granted access permission. If they were granted "
@@ -5602,17 +5922,17 @@ msgstr ""
"obteniendo acceso mientras esté fuera de línea y viceversa."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1897 sssd-ldap.5.xml:1954
+#: sssd-ldap.5.xml:1915 sssd-ldap.5.xml:1972
msgid "Default: Empty"
msgstr "Predeterminado: vacío"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1903
+#: sssd-ldap.5.xml:1921
msgid "ldap_account_expire_policy (string)"
msgstr "ldap_account_expire_policy (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1906
+#: sssd-ldap.5.xml:1924
msgid ""
"With this option a client side evaluation of access control attributes can "
"be enabled."
@@ -5621,7 +5941,7 @@ msgstr ""
"control de acceso del lado cliente."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1910
+#: sssd-ldap.5.xml:1928
msgid ""
"Please note that it is always recommended to use server side access control, "
"i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -5632,12 +5952,12 @@ msgstr ""
"una código de error definible aunque el password sea correcto."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1917
+#: sssd-ldap.5.xml:1935
msgid "The following values are allowed:"
msgstr "Los siguientes valores están permitidos:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1920
+#: sssd-ldap.5.xml:1938
msgid ""
"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
"determine if the account is expired."
@@ -5646,7 +5966,7 @@ msgstr ""
"determinar si la cuenta ha expirado."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1925
+#: sssd-ldap.5.xml:1943
msgid ""
"<emphasis>ad</emphasis>: use the value of the 32bit field "
"ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -5659,7 +5979,7 @@ msgstr ""
"se comprueba el tiempo de expiración de la cuenta."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1932
+#: sssd-ldap.5.xml:1950
msgid ""
"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
"emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -5670,7 +5990,7 @@ msgstr ""
"el acceso o no."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1938
+#: sssd-ldap.5.xml:1956
msgid ""
"<emphasis>nds</emphasis>: the values of "
"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -5683,7 +6003,7 @@ msgstr ""
"permitido. Si ambos atributos están desaparecidos se concede el acceso."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1947
+#: sssd-ldap.5.xml:1965
msgid ""
"Please note that the ldap_access_order configuration option <emphasis>must</"
"emphasis> include <quote>expire</quote> in order for the "
@@ -5691,24 +6011,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1960
+#: sssd-ldap.5.xml:1978
msgid "ldap_access_order (string)"
msgstr "ldap_access_order (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1963
+#: sssd-ldap.5.xml:1981
msgid "Comma separated list of access control options. Allowed values are:"
msgstr ""
"Lista separada por coma de opciones de control de acceso. Los valores "
"permitidos son:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1967
+#: sssd-ldap.5.xml:1985
msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
msgstr "<emphasis>filtro</emphasis>: utilizar ldap_access_filter"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1970
+#: sssd-ldap.5.xml:1988
msgid ""
"<emphasis>lockout</emphasis>: use account locking. If set, this option "
"denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -5718,14 +6038,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1980
+#: sssd-ldap.5.xml:1998
msgid ""
"<emphasis> Please note that this option is superseded by the <quote>ppolicy</"
"quote> option and might be removed in a future release. </emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1987
+#: sssd-ldap.5.xml:2005
msgid ""
"<emphasis>ppolicy</emphasis>: use account locking. If set, this option "
"denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -5738,12 +6058,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2004
+#: sssd-ldap.5.xml:2022
msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
msgstr "<emphasis>caducar</emphasis>: utilizar ldap_account_expire_policy"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2008
+#: sssd-ldap.5.xml:2026
msgid ""
"<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, "
"pwd_expire_policy_renew: </emphasis> These options are useful if users are "
@@ -5753,7 +6073,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2018
+#: sssd-ldap.5.xml:2036
msgid ""
"The difference between these options is the action taken if user password is "
"expired: pwd_expire_policy_reject - user is denied to log in, "
@@ -5763,20 +6083,20 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2026
+#: sssd-ldap.5.xml:2044
msgid ""
"Note If user password is expired no explicit message is prompted by SSSD."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2030
+#: sssd-ldap.5.xml:2048
msgid ""
"Please note that 'access_provider = ldap' must be set for this feature to "
"work. Also 'ldap_pwd_policy' must be set to an appropriate password policy."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2035
+#: sssd-ldap.5.xml:2053
msgid ""
"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
"to determine access"
@@ -5785,18 +6105,18 @@ msgstr ""
"autorizedService para determinar el acceso"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2040
+#: sssd-ldap.5.xml:2058
msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
msgstr ""
"<emphasis>host</emphasis>: usa el atributo host para determinar el acceso"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2044
+#: sssd-ldap.5.xml:2062
msgid "Default: filter"
msgstr "Predeterminado: filter"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2047
+#: sssd-ldap.5.xml:2065
msgid ""
"Please note that it is a configuration error if a value is used more than "
"once."
@@ -5805,12 +6125,12 @@ msgstr ""
"una vez."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2054
+#: sssd-ldap.5.xml:2072
msgid "ldap_pwdlockout_dn (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2057
+#: sssd-ldap.5.xml:2075
msgid ""
"This option specifies the DN of password policy entry on LDAP server. Please "
"note that absence of this option in sssd.conf in case of enabled account "
@@ -5819,22 +6139,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2065
+#: sssd-ldap.5.xml:2083
msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2068
+#: sssd-ldap.5.xml:2086
msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2074
+#: sssd-ldap.5.xml:2092
msgid "ldap_deref (string)"
msgstr "ldap_deref (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2077
+#: sssd-ldap.5.xml:2095
msgid ""
"Specifies how alias dereferencing is done when performing a search. The "
"following options are allowed:"
@@ -5843,13 +6163,13 @@ msgstr ""
"lleva a cabo una búsqueda. Están permitidas las siguientes opciones:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2082
+#: sssd-ldap.5.xml:2100
msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
msgstr ""
"<emphasis>never</emphasis>: Nunca serán eliminadas las referencias al alias."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2086
+#: sssd-ldap.5.xml:2104
msgid ""
"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
"the base object, but not in locating the base object of the search."
@@ -5859,7 +6179,7 @@ msgstr ""
"búsqueda."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2091
+#: sssd-ldap.5.xml:2109
msgid ""
"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
"the base object of the search."
@@ -5868,7 +6188,7 @@ msgstr ""
"cuando se localice el objeto base de la búsqueda."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2096
+#: sssd-ldap.5.xml:2114
msgid ""
"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
"in locating the base object of the search."
@@ -5877,7 +6197,7 @@ msgstr ""
"para la búsqueda como en la localización del objeto base de la búsqueda."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2101
+#: sssd-ldap.5.xml:2119
msgid ""
"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
"client libraries)"
@@ -5886,12 +6206,12 @@ msgstr ""
"librerías cliente LDAP)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2109
+#: sssd-ldap.5.xml:2127
msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
msgstr "ldap_rfc2307_fallback_to_local_users (boolean)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2112
+#: sssd-ldap.5.xml:2130
msgid ""
"Allows to retain local users as members of an LDAP group for servers that "
"use the RFC2307 schema."
@@ -5900,7 +6220,7 @@ msgstr ""
"servidores que usan el esquema RFC2307."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2116
+#: sssd-ldap.5.xml:2134
msgid ""
"In some environments where the RFC2307 schema is used, local users are made "
"members of LDAP groups by adding their names to the memberUid attribute. "
@@ -5918,7 +6238,7 @@ msgstr ""
"llamadas getpw*() o initgroups()."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2127
+#: sssd-ldap.5.xml:2145
msgid ""
"This option falls back to checking if local users are referenced, and caches "
"them so that later initgroups() calls will augment the local users with the "
@@ -5929,26 +6249,26 @@ msgstr ""
"initgroups() aumentará los usuarios locales con los grupos LDAP adicionales."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2139 sssd-ifp.5.xml:136
+#: sssd-ldap.5.xml:2157 sssd-ifp.5.xml:136
#, fuzzy
#| msgid "ldap_opt_timeout (integer)"
msgid "wildcart_limit (integer)"
msgstr "ldap_opt_timeout (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2142
+#: sssd-ldap.5.xml:2160
msgid ""
"Specifies an upper limit on the number of entries that are downloaded during "
"a wildcard lookup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2146
+#: sssd-ldap.5.xml:2164
msgid "At the moment, only the InfoPipe responder supports wildcard lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2150
+#: sssd-ldap.5.xml:2168
msgid "Default: 1000 (often the size of one page)"
msgstr ""
@@ -5968,12 +6288,12 @@ msgstr ""
"completos. <placeholder type=\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2160
+#: sssd-ldap.5.xml:2178
msgid "SUDO OPTIONS"
msgstr "OPCIONES SUDO"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2162
+#: sssd-ldap.5.xml:2180
msgid ""
"The detailed instructions for configuration of sudo_provider are in the "
"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -5981,52 +6301,52 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2173
+#: sssd-ldap.5.xml:2191
msgid "ldap_sudorule_object_class (string)"
msgstr "ldap_sudorule_object_class (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2176
+#: sssd-ldap.5.xml:2194
msgid "The object class of a sudo rule entry in LDAP."
msgstr "El objeto clase de una regla de entrada sudo en LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2179
+#: sssd-ldap.5.xml:2197
msgid "Default: sudoRole"
msgstr "Por defecto: sudoRole"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2185
+#: sssd-ldap.5.xml:2203
msgid "ldap_sudorule_name (string)"
msgstr "ldap_sudorule_name (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2188
+#: sssd-ldap.5.xml:2206
msgid "The LDAP attribute that corresponds to the sudo rule name."
msgstr "El atributo LDAP que corresponde a la regla nombre de sudo."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2198
+#: sssd-ldap.5.xml:2216
msgid "ldap_sudorule_command (string)"
msgstr "ldap_sudorule_command (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2201
+#: sssd-ldap.5.xml:2219
msgid "The LDAP attribute that corresponds to the command name."
msgstr "El atributo LDAP que corresponde al nombre de comando."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2205
+#: sssd-ldap.5.xml:2223
msgid "Default: sudoCommand"
msgstr "Por defecto: sudoCommand"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2211
+#: sssd-ldap.5.xml:2229
msgid "ldap_sudorule_host (string)"
msgstr "ldap_sudorule_host (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2214
+#: sssd-ldap.5.xml:2232
msgid ""
"The LDAP attribute that corresponds to the host name (or host IP address, "
"host IP network, or host netgroup)"
@@ -6035,17 +6355,17 @@ msgstr ""
"red IP del host o grupo de red del host)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2219
+#: sssd-ldap.5.xml:2237
msgid "Default: sudoHost"
msgstr "Por defecto: sudoHost"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2225
+#: sssd-ldap.5.xml:2243
msgid "ldap_sudorule_user (string)"
msgstr "ldap_sudorule_user (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2228
+#: sssd-ldap.5.xml:2246
msgid ""
"The LDAP attribute that corresponds to the user name (or UID, group name or "
"user's netgroup)"
@@ -6054,32 +6374,32 @@ msgstr ""
"grupo o grupo de red del usuario)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2232
+#: sssd-ldap.5.xml:2250
msgid "Default: sudoUser"
msgstr "Por defecto: sudoUser"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2238
+#: sssd-ldap.5.xml:2256
msgid "ldap_sudorule_option (string)"
msgstr "ldap_sudorule_option (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2241
+#: sssd-ldap.5.xml:2259
msgid "The LDAP attribute that corresponds to the sudo options."
msgstr "El atributo LDAP que corresponde a las opciones sudo."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2245
+#: sssd-ldap.5.xml:2263
msgid "Default: sudoOption"
msgstr "Por defecto: sudoOption"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2251
+#: sssd-ldap.5.xml:2269
msgid "ldap_sudorule_runasuser (string)"
msgstr "ldap_sudorule_runasuser (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2254
+#: sssd-ldap.5.xml:2272
msgid ""
"The LDAP attribute that corresponds to the user name that commands may be "
"run as."
@@ -6088,17 +6408,17 @@ msgstr ""
"pueden ejecutar como."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2258
+#: sssd-ldap.5.xml:2276
msgid "Default: sudoRunAsUser"
msgstr "Por defectot: sudoRunAsUser"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2264
+#: sssd-ldap.5.xml:2282
msgid "ldap_sudorule_runasgroup (string)"
msgstr "ldap_sudorule_runasgroup (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2267
+#: sssd-ldap.5.xml:2285
msgid ""
"The LDAP attribute that corresponds to the group name or group GID that "
"commands may be run as."
@@ -6107,17 +6427,17 @@ msgstr ""
"ejecutar comandos como."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2271
+#: sssd-ldap.5.xml:2289
msgid "Default: sudoRunAsGroup"
msgstr "Por defecto: sudoRunAsGroup"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2277
+#: sssd-ldap.5.xml:2295
msgid "ldap_sudorule_notbefore (string)"
msgstr "ldap_sudorule_notbefore (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2280
+#: sssd-ldap.5.xml:2298
msgid ""
"The LDAP attribute that corresponds to the start date/time for when the sudo "
"rule is valid."
@@ -6126,17 +6446,17 @@ msgstr ""
"regla sudo es válida."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2284
+#: sssd-ldap.5.xml:2302
msgid "Default: sudoNotBefore"
msgstr "Por defecto: sudoNotBefore"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2290
+#: sssd-ldap.5.xml:2308
msgid "ldap_sudorule_notafter (string)"
msgstr "ldap_sudorule_notafter (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2293
+#: sssd-ldap.5.xml:2311
msgid ""
"The LDAP attribute that corresponds to the expiration date/time, after which "
"the sudo rule will no longer be valid."
@@ -6145,32 +6465,32 @@ msgstr ""
"la regla sudo dejará de ser válida."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2298
+#: sssd-ldap.5.xml:2316
msgid "Default: sudoNotAfter"
msgstr "Por defecto: sudoNotAfter"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2304
+#: sssd-ldap.5.xml:2322
msgid "ldap_sudorule_order (string)"
msgstr "ldap_sudorule_order (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2307
+#: sssd-ldap.5.xml:2325
msgid "The LDAP attribute that corresponds to the ordering index of the rule."
msgstr "El atributo LDAP que corresponde al índice de ordenación de la regla."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2311
+#: sssd-ldap.5.xml:2329
msgid "Default: sudoOrder"
msgstr "Por defecto: sudoOrder"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2317
+#: sssd-ldap.5.xml:2335
msgid "ldap_sudo_full_refresh_interval (integer)"
msgstr "ldap_sudo_full_refresh_interval (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2320
+#: sssd-ldap.5.xml:2338
msgid ""
"How many seconds SSSD will wait between executing a full refresh of sudo "
"rules (which downloads all rules that are stored on the server)."
@@ -6180,7 +6500,7 @@ msgstr ""
"servidor)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2325
+#: sssd-ldap.5.xml:2343
msgid ""
"The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
"emphasis>"
@@ -6189,17 +6509,17 @@ msgstr ""
"emphasis>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2330
+#: sssd-ldap.5.xml:2348
msgid "Default: 21600 (6 hours)"
msgstr "Por defecto: 21600 (6 horas)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2336
+#: sssd-ldap.5.xml:2354
msgid "ldap_sudo_smart_refresh_interval (integer)"
msgstr "ldap_sudo_smart_refresh_interval (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2339
+#: sssd-ldap.5.xml:2357
msgid ""
"How many seconds SSSD has to wait before executing a smart refresh of sudo "
"rules (which downloads all rules that have USN higher than the highest USN "
@@ -6210,7 +6530,7 @@ msgstr ""
"USBN más alto que el USN más alto de las reglas escondidas)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2345
+#: sssd-ldap.5.xml:2363
msgid ""
"If USN attributes are not supported by the server, the modifyTimestamp "
"attribute is used instead."
@@ -6219,12 +6539,12 @@ msgstr ""
"atributo modifyTimestamp."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2355
+#: sssd-ldap.5.xml:2373
msgid "ldap_sudo_use_host_filter (boolean)"
msgstr "ldap_sudo_use_host_filter (booleano)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2358
+#: sssd-ldap.5.xml:2376
msgid ""
"If true, SSSD will download only rules that are applicable to this machine "
"(using the IPv4 or IPv6 host/network addresses and hostnames)."
@@ -6233,12 +6553,12 @@ msgstr ""
"máquina (usando las direcciones de host/red y nombres de host IPv4 o IPv6)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2369
+#: sssd-ldap.5.xml:2387
msgid "ldap_sudo_hostnames (string)"
msgstr "ldap_sudo_hostnames (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2372
+#: sssd-ldap.5.xml:2390
msgid ""
"Space separated list of hostnames or fully qualified domain names that "
"should be used to filter the rules."
@@ -6247,7 +6567,7 @@ msgstr ""
"totalmente cualificados que sería usada para filtrar las reglas."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2377
+#: sssd-ldap.5.xml:2395
msgid ""
"If this option is empty, SSSD will try to discover the hostname and the "
"fully qualified domain name automatically."
@@ -6256,8 +6576,8 @@ msgstr ""
"nombre de dominio totalmente cualificado automáticamente."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2382 sssd-ldap.5.xml:2405 sssd-ldap.5.xml:2423
-#: sssd-ldap.5.xml:2441
+#: sssd-ldap.5.xml:2400 sssd-ldap.5.xml:2423 sssd-ldap.5.xml:2441
+#: sssd-ldap.5.xml:2459
msgid ""
"If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
"emphasis> then this option has no effect."
@@ -6266,17 +6586,17 @@ msgstr ""
"emphasis> esta opción no tiene efecto."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2387 sssd-ldap.5.xml:2410
+#: sssd-ldap.5.xml:2405 sssd-ldap.5.xml:2428
msgid "Default: not specified"
msgstr "Por defecto: no especificado"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2393
+#: sssd-ldap.5.xml:2411
msgid "ldap_sudo_ip (string)"
msgstr "ldap_sudo_ip (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2396
+#: sssd-ldap.5.xml:2414
msgid ""
"Space separated list of IPv4 or IPv6 host/network addresses that should be "
"used to filter the rules."
@@ -6285,7 +6605,7 @@ msgstr ""
"usada para filtrar las reglas."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2401
+#: sssd-ldap.5.xml:2419
msgid ""
"If this option is empty, SSSD will try to discover the addresses "
"automatically."
@@ -6294,12 +6614,12 @@ msgstr ""
"automáticamente."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2416
+#: sssd-ldap.5.xml:2434
msgid "ldap_sudo_include_netgroups (boolean)"
msgstr "sudo_include_netgroups (booleano)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2419
+#: sssd-ldap.5.xml:2437
msgid ""
"If true then SSSD will download every rule that contains a netgroup in "
"sudoHost attribute."
@@ -6308,12 +6628,12 @@ msgstr ""
"atributo sudoHost."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2434
+#: sssd-ldap.5.xml:2452
msgid "ldap_sudo_include_regexp (boolean)"
msgstr "ldap_sudo_include_regexp (booleano)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2437
+#: sssd-ldap.5.xml:2455
msgid ""
"If true then SSSD will download every rule that contains a wildcard in "
"sudoHost attribute."
@@ -6322,7 +6642,7 @@ msgstr ""
"atributo sudoHost."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2453
+#: sssd-ldap.5.xml:2471
msgid ""
"This manual page only describes attribute name mapping. For detailed "
"explanation of sudo related attribute semantics, see <citerefentry> "
@@ -6335,71 +6655,71 @@ msgstr ""
"manvolnum> </citerefentry>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2463
+#: sssd-ldap.5.xml:2481
msgid "AUTOFS OPTIONS"
msgstr "OPCIONES AUTOFS"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2465
+#: sssd-ldap.5.xml:2483
msgid ""
"Some of the defaults for the parameters below are dependent on the LDAP "
"schema."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2471
+#: sssd-ldap.5.xml:2489
msgid "ldap_autofs_map_master_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2474
+#: sssd-ldap.5.xml:2492
msgid "The name of the automount master map in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2477
+#: sssd-ldap.5.xml:2495
msgid "Default: auto.master"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2484
+#: sssd-ldap.5.xml:2502
msgid "ldap_autofs_map_object_class (string)"
msgstr "ldap_autofs_map_object_class (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2487
+#: sssd-ldap.5.xml:2505
msgid "The object class of an automount map entry in LDAP."
msgstr "El objeto clase de una entrada de mapa de automontaje en LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2490
+#: sssd-ldap.5.xml:2508
msgid "Default: automountMap"
msgstr "Por defecto: automountMap"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2497
+#: sssd-ldap.5.xml:2515
msgid "ldap_autofs_map_name (string)"
msgstr "ldap_autofs_map_name (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2500
+#: sssd-ldap.5.xml:2518
msgid "The name of an automount map entry in LDAP."
msgstr "El nombre de una entrada de mapa de automontaje en LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2503
+#: sssd-ldap.5.xml:2521
#, fuzzy
#| msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
msgid "Default: ou (rfc2307), automountMapName (rfc2307bis, ipa, ad)"
msgstr "Valor predeterminado: memberuid (rfc2307) / member (rfc2307bis)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2511
+#: sssd-ldap.5.xml:2529
msgid "ldap_autofs_entry_object_class (string)"
msgstr "ldap_autofs_entry_object_class (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2514
+#: sssd-ldap.5.xml:2532
#, fuzzy
#| msgid ""
#| "The key of an automount entry in LDAP. The entry usually corresponds to a "
@@ -6412,19 +6732,19 @@ msgstr ""
"normalmente a un punto de montaje."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2519
+#: sssd-ldap.5.xml:2537
#, fuzzy
#| msgid "Default: automountMap"
msgid "Default: automount"
msgstr "Por defecto: automountMap"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2526
+#: sssd-ldap.5.xml:2544
msgid "ldap_autofs_entry_key (string)"
msgstr "ldap_autofs_entry_key (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2529 sssd-ldap.5.xml:2544
+#: sssd-ldap.5.xml:2547 sssd-ldap.5.xml:2562
msgid ""
"The key of an automount entry in LDAP. The entry usually corresponds to a "
"mount point."
@@ -6433,24 +6753,24 @@ msgstr ""
"normalmente a un punto de montaje."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2533
+#: sssd-ldap.5.xml:2551
#, fuzzy
#| msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
msgid "Default: cn (rfc2307), automountKey (rfc2307bis, ipa, ad)"
msgstr "Valor predeterminado: memberuid (rfc2307) / member (rfc2307bis)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2541
+#: sssd-ldap.5.xml:2559
msgid "ldap_autofs_entry_value (string)"
msgstr "ldap_autofs_entry_value (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2548
+#: sssd-ldap.5.xml:2566
msgid "Default: automountInformation"
msgstr "Por defecto: automountInformation"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2469
+#: sssd-ldap.5.xml:2487
msgid ""
"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
@@ -6459,32 +6779,32 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2558
+#: sssd-ldap.5.xml:2576
msgid "ADVANCED OPTIONS"
msgstr "OPCIONES AVANZADAS"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2565
+#: sssd-ldap.5.xml:2583
msgid "ldap_netgroup_search_base (string)"
msgstr "ldap_netgroup_search_base (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2570
+#: sssd-ldap.5.xml:2588
msgid "ldap_user_search_base (string)"
msgstr "ldap_user_search_base (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2575
+#: sssd-ldap.5.xml:2593
msgid "ldap_group_search_base (string)"
msgstr "ldap_group_search_base (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><note>
-#: sssd-ldap.5.xml:2580
+#: sssd-ldap.5.xml:2598
msgid "<note>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para>
-#: sssd-ldap.5.xml:2582
+#: sssd-ldap.5.xml:2600
msgid ""
"If the option <quote>ldap_use_tokengroups</quote> is enabled. The searches "
"against Active Directory will not be restricted and return all groups "
@@ -6493,22 +6813,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist>
-#: sssd-ldap.5.xml:2589
+#: sssd-ldap.5.xml:2607
msgid "</note>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2591
+#: sssd-ldap.5.xml:2609
msgid "ldap_sudo_search_base (string)"
msgstr "ldap_sudo_search_base (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2596
+#: sssd-ldap.5.xml:2614
msgid "ldap_autofs_search_base (string)"
msgstr "ldap_autofs_search_base (cadena)"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2560
+#: sssd-ldap.5.xml:2578
msgid ""
"These options are supported by LDAP domains, but they should be used with "
"caution. Please include them in your configuration only if you know what you "
@@ -6517,7 +6837,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2613
+#: sssd-ldap.5.xml:2631
msgid ""
"The following example assumes that SSSD is correctly configured and LDAP is "
"set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -6528,7 +6848,7 @@ msgstr ""
"replaceable>."
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2619
+#: sssd-ldap.5.xml:2637
#, no-wrap
msgid ""
"[domain/LDAP]\n"
@@ -6541,26 +6861,26 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: sssd-ldap.5.xml:2618 sssd-ldap.5.xml:2636 sssd-simple.5.xml:139
-#: sssd-ipa.5.xml:725 sssd-ad.5.xml:897 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98
+#: sssd-ldap.5.xml:2636 sssd-ldap.5.xml:2654 sssd-simple.5.xml:139
+#: sssd-ipa.5.xml:725 sssd-ad.5.xml:973 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98
#: sssd-krb5.5.xml:573 include/ldap_id_mapping.xml:105
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr "<placeholder type=\"programlisting\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2630
+#: sssd-ldap.5.xml:2648
msgid "LDAP ACCESS FILTER EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2632
+#: sssd-ldap.5.xml:2650
msgid ""
"The following example assumes that SSSD is correctly configured and to use "
"the ldap_access_order=lockout."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2637
+#: sssd-ldap.5.xml:2655
#, no-wrap
msgid ""
"[domain/LDAP]\n"
@@ -6576,13 +6896,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2652 sssd_krb5_locator_plugin.8.xml:61
-#: sssd-simple.5.xml:148 sssd-ad.5.xml:912 sssd.8.xml:195 sss_seed.8.xml:163
+#: sssd-ldap.5.xml:2670 sssd_krb5_locator_plugin.8.xml:61
+#: sssd-simple.5.xml:148 sssd-ad.5.xml:988 sssd.8.xml:195 sss_seed.8.xml:163
msgid "NOTES"
msgstr "NOTAS"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2654
+#: sssd-ldap.5.xml:2672
msgid ""
"The descriptions of some of the configuration options in this manual page "
"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -6623,11 +6943,12 @@ msgid ""
"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </"
"arg> <arg choice='opt'> <replaceable>ignore_unknown_user</replaceable> </"
"arg> <arg choice='opt'> <replaceable>ignore_authinfo_unavail</replaceable> </"
-"arg> <arg choice='opt'> <replaceable>domains=X</replaceable> </arg>"
+"arg> <arg choice='opt'> <replaceable>domains=X</replaceable> </arg> <arg "
+"choice='opt'> <replaceable>allow_missing_name</replaceable> </arg>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:54
+#: pam_sss.8.xml:57
msgid ""
"<command>pam_sss.so</command> is the PAM interface to the System Security "
"Services daemon (SSSD). Errors and results are logged through "
@@ -6638,22 +6959,22 @@ msgstr ""
"través de <command>syslog(3)</command> con la facilidad LOG_AUTHPRIV."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:64
+#: pam_sss.8.xml:67
msgid "<option>quiet</option>"
msgstr "<option>quiet</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:67
+#: pam_sss.8.xml:70
msgid "Suppress log messages for unknown users."
msgstr "Suprime el registro de mensajes de usuarios desconocidos."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:72
+#: pam_sss.8.xml:75
msgid "<option>forward_pass</option>"
msgstr "<option>forward_pass</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:75
+#: pam_sss.8.xml:78
msgid ""
"If <option>forward_pass</option> is set the entered password is put on the "
"stack for other PAM modules to use."
@@ -6662,12 +6983,12 @@ msgstr ""
"en la pila para que lo usen otros módulos PAM."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:82
+#: pam_sss.8.xml:85
msgid "<option>use_first_pass</option>"
msgstr "<option>use_first_pass</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:85
+#: pam_sss.8.xml:88
msgid ""
"The argument use_first_pass forces the module to use a previous stacked "
"modules password and will never prompt the user - if no password is "
@@ -6678,12 +6999,12 @@ msgstr ""
"disponible o el password no es apropiado, se denegará el acceso al usuario."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:93
+#: pam_sss.8.xml:96
msgid "<option>use_authtok</option>"
msgstr "<option>use_authtok</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:96
+#: pam_sss.8.xml:99
msgid ""
"When password changing enforce the module to set the new password to the one "
"provided by a previously stacked password module."
@@ -6692,12 +7013,12 @@ msgstr ""
"suministrado por un módulo de password previamente apilado."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:103
+#: pam_sss.8.xml:106
msgid "<option>retry=N</option>"
msgstr "<option>retry=N</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:106
+#: pam_sss.8.xml:109
msgid ""
"If specified the user is asked another N times for a password if "
"authentication fails. Default is 0."
@@ -6706,7 +7027,7 @@ msgstr ""
"autenticación falla. Por defecto es 0."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:108
+#: pam_sss.8.xml:111
msgid ""
"Please note that this option might not work as expected if the application "
"calling PAM handles the user dialog on its own. A typical example is "
@@ -6717,36 +7038,36 @@ msgstr ""
"<command>sshd</command> con <option>PasswordAuthentication</option>."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:117
+#: pam_sss.8.xml:120
msgid "<option>ignore_unknown_user</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:120
+#: pam_sss.8.xml:123
msgid ""
"If this option is specified and the user does not exist, the PAM module will "
"return PAM_IGNORE. This causes the PAM framework to ignore this module."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:127
+#: pam_sss.8.xml:130
msgid "<option>ignore_authinfo_unavail</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:131
+#: pam_sss.8.xml:134
msgid ""
"Specifies that the PAM module should return PAM_IGNORE if it cannot contact "
"the SSSD daemon. This causes the PAM framework to ignore this module."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:138
+#: pam_sss.8.xml:141
msgid "<option>domains</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:142
+#: pam_sss.8.xml:145
msgid ""
"Allows the administrator to restrict the domains a particular PAM service is "
"allowed to authenticate against. The format is a comma-separated list of "
@@ -6754,7 +7075,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:148
+#: pam_sss.8.xml:151
msgid ""
"NOTE: Must be used in conjunction with the <quote>pam_trusted_users</quote> "
"and <quote>pam_public_domains</quote> options. Please see the "
@@ -6763,13 +7084,46 @@ msgid ""
"responder options."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:165
+#, fuzzy
+#| msgid "<option>forward_pass</option>"
+msgid "<option>allow_missing_name</option>"
+msgstr "<option>forward_pass</option>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:169
+msgid ""
+"The main purpose of this option is to let SSSD determine the user name based "
+"on additional information, e.g. the certificate from a Smartcard."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
+#: pam_sss.8.xml:179
+#, no-wrap
+msgid ""
+" auth sufficient pam_sss.so allow_missing_name\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:174
+msgid ""
+"The current use case are login managers which can monitor a Smartcard reader "
+"for card events. In case a Smartcard is inserted the login manager will call "
+"a PAM stack which includes a line like <placeholder type=\"programlisting\" "
+"id=\"0\"/> In this case SSSD will try to determine the user name based on "
+"the content of the Smartcard, returns it to pam_sss which will finally put "
+"it on the PAM stack."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:164
+#: pam_sss.8.xml:191
msgid "MODULE TYPES PROVIDED"
msgstr "TIPOS DE MÓDULOS SUMINISTRADOS"
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:165
+#: pam_sss.8.xml:192
msgid ""
"All module types (<option>account</option>, <option>auth</option>, "
"<option>password</option> and <option>session</option>) are provided."
@@ -6778,12 +7132,12 @@ msgstr ""
"<option>password</option> y <option>session</option>) son suministrados."
#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:171
+#: pam_sss.8.xml:198
msgid "FILES"
msgstr "ARCHIVOS"
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:172
+#: pam_sss.8.xml:199
msgid ""
"If a password reset by root fails, because the corresponding SSSD provider "
"does not support password resets, an individual message can be displayed. "
@@ -6795,7 +7149,7 @@ msgstr ""
"sobre como resetear un password."
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:177
+#: pam_sss.8.xml:204
msgid ""
"The message is read from the file <filename>pam_sss_pw_reset_message.LOC</"
"filename> where LOC stands for a locale string returned by <citerefentry> "
@@ -6815,7 +7169,7 @@ msgstr ""
"lectura."
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:187
+#: pam_sss.8.xml:214
msgid ""
"These files are searched in the directory <filename>/etc/sssd/customize/"
"DOMAIN_NAME/</filename>. If no matching file is present a generic message is "
@@ -7013,7 +7367,7 @@ msgstr ""
"grupos locales no serán evaluados."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:89
+#: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:90
msgid ""
"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -7211,7 +7565,7 @@ msgstr ""
"host."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:116 sssd-ad.5.xml:714
+#: sssd-ipa.5.xml:116 sssd-ad.5.xml:790
msgid "dyndns_update (boolean)"
msgstr ""
@@ -7219,14 +7573,14 @@ msgstr ""
#: sssd-ipa.5.xml:119
msgid ""
"Optional. This option tells SSSD to automatically update the DNS server "
-"built into FreeIPA v2 with the IP address of this client. The update is "
-"secured using GSS-TSIG. The IP address of the IPA LDAP connection is used "
-"for the updates, if it is not otherwise specified by using the "
-"<quote>dyndns_iface</quote> option."
+"built into FreeIPA with the IP address of this client. The update is secured "
+"using GSS-TSIG. The IP address of the IPA LDAP connection is used for the "
+"updates, if it is not otherwise specified by using the <quote>dyndns_iface</"
+"quote> option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:128 sssd-ad.5.xml:728
+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:804
msgid ""
"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
"the default Kerberos realm must be set properly in /etc/krb5.conf"
@@ -7244,12 +7598,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:145 sssd-ad.5.xml:739
+#: sssd-ipa.5.xml:145 sssd-ad.5.xml:815
msgid "dyndns_ttl (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:148 sssd-ad.5.xml:742
+#: sssd-ipa.5.xml:148 sssd-ad.5.xml:818
msgid ""
"The TTL to apply to the client DNS record when updating it. If "
"dyndns_update is false this has no effect. This will override the TTL "
@@ -7270,12 +7624,12 @@ msgid "Default: 1200 (seconds)"
msgstr "Por defecto: 1200 (segundos)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:165 sssd-ad.5.xml:753
+#: sssd-ipa.5.xml:165 sssd-ad.5.xml:829
msgid "dyndns_iface (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168 sssd-ad.5.xml:756
+#: sssd-ipa.5.xml:168 sssd-ad.5.xml:832
msgid ""
"Optional. Applicable only when dyndns_update is true. Choose the interface "
"or a list of interfaces whose IP addresses should be used for dynamic DNS "
@@ -7301,7 +7655,7 @@ msgid ""
msgstr "Predeterminado: Utilizar la dirección IP de la conexión IPA LDAP"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:185 sssd-ad.5.xml:767
+#: sssd-ipa.5.xml:185 sssd-ad.5.xml:843
msgid "Example: dyndns_iface = em1, vnet1, vnet2"
msgstr ""
@@ -7311,7 +7665,7 @@ msgid "ipa_enable_dns_sites (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:194 sssd-ad.5.xml:152
+#: sssd-ipa.5.xml:194 sssd-ad.5.xml:160
msgid "Enables DNS sites - location based service discovery."
msgstr ""
@@ -7328,12 +7682,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:217 sssd-ad.5.xml:773
+#: sssd-ipa.5.xml:217 sssd-ad.5.xml:849
msgid "dyndns_refresh_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:220 sssd-ad.5.xml:776
+#: sssd-ipa.5.xml:220 sssd-ad.5.xml:852
msgid ""
"How often should the back end perform periodic DNS update in addition to the "
"automatic update performed when the back end goes online. This option is "
@@ -7341,12 +7695,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:233 sssd-ad.5.xml:789
+#: sssd-ipa.5.xml:233 sssd-ad.5.xml:865
msgid "dyndns_update_ptr (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:236 sssd-ad.5.xml:792
+#: sssd-ipa.5.xml:236 sssd-ad.5.xml:868
msgid ""
"Whether the PTR record should also be explicitly updated when updating the "
"client's DNS records. Applicable only when dyndns_update is true."
@@ -7365,52 +7719,52 @@ msgid "Default: False (disabled)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:253 sssd-ad.5.xml:803
+#: sssd-ipa.5.xml:253 sssd-ad.5.xml:879
msgid "dyndns_force_tcp (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:256 sssd-ad.5.xml:806
+#: sssd-ipa.5.xml:256 sssd-ad.5.xml:882
msgid ""
"Whether the nsupdate utility should default to using TCP for communicating "
"with the DNS server."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:260 sssd-ad.5.xml:810
+#: sssd-ipa.5.xml:260 sssd-ad.5.xml:886
msgid "Default: False (let nsupdate choose the protocol)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:266 sssd-ad.5.xml:816
+#: sssd-ipa.5.xml:266 sssd-ad.5.xml:892
#, fuzzy
#| msgid "ldap_dns_service_name (string)"
msgid "dyndns_server (string)"
msgstr "ldap_dns_service_name (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:269 sssd-ad.5.xml:819
+#: sssd-ipa.5.xml:269 sssd-ad.5.xml:895
msgid ""
"The DNS server to use when performing a DNS update. In most setups, it's "
"recommended to leave this option unset."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:274 sssd-ad.5.xml:824
+#: sssd-ipa.5.xml:274 sssd-ad.5.xml:900
msgid ""
"Setting this option makes sense for environments where the DNS server is "
"different from the identity server."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:279 sssd-ad.5.xml:829
+#: sssd-ipa.5.xml:279 sssd-ad.5.xml:905
msgid ""
"Please note that this option will be only used in fallback attempt when "
"previous attempt using autodetected settings failed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:284 sssd-ad.5.xml:834
+#: sssd-ipa.5.xml:284 sssd-ad.5.xml:910
msgid "Default: None (let nsupdate choose the server)"
msgstr ""
@@ -7530,7 +7884,7 @@ msgstr ""
"Verifica con la ayuda de krb5_keytab que el TGT obtenido no ha sido burlado."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:408 sssd-ad.5.xml:855
+#: sssd-ipa.5.xml:408 sssd-ad.5.xml:931
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
@@ -7615,26 +7969,26 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:480 sssd-ad.5.xml:862
+#: sssd-ipa.5.xml:480 sssd-ad.5.xml:938
msgid "krb5_confd_path (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:483 sssd-ad.5.xml:865
+#: sssd-ipa.5.xml:483 sssd-ad.5.xml:941
msgid ""
"Absolute path of a directory where SSSD should place Kerberos configuration "
"snippets."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:487 sssd-ad.5.xml:869
+#: sssd-ipa.5.xml:487 sssd-ad.5.xml:945
msgid ""
"To disable the creation of the configuration snippets set the parameter to "
"'none'."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:491 sssd-ad.5.xml:873
+#: sssd-ipa.5.xml:491 sssd-ad.5.xml:949
msgid ""
"Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
msgstr ""
@@ -7656,7 +8010,7 @@ msgstr ""
"muchas peticiones de control de acceso hechas en un corto período."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:508 sssd-ipa.5.xml:524 sssd-ad.5.xml:347
+#: sssd-ipa.5.xml:508 sssd-ipa.5.xml:524 sssd-ad.5.xml:355
msgid "Default: 5 (seconds)"
msgstr "Predeterminado: 5 (segundos)"
@@ -7978,13 +8332,14 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ad.5.xml:45
msgid ""
-"The AD provider is able to provide identity information and authentication "
-"for entities from trusted domains as well. Currently only trusted domains in "
-"the same forest are recognized."
+"The AD provider can be used to get user information and authenticate users "
+"from trusted domains. Currently only trusted domains in the same forest are "
+"recognized. In addition servers from trusted domains are always auto-"
+"discovered."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:50
+#: sssd-ad.5.xml:51
msgid ""
"The AD provider accepts the same options used by the <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -7999,15 +8354,28 @@ msgstr ""
"manvolnum> </citerefentry> con algunas excepciones descritas abajo."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:62
+#: sssd-ad.5.xml:63
+#, fuzzy
+#| msgid ""
+#| "However, it is neither necessary nor recommended to set these options. "
+#| "IPA provider can also be used as an access and chpass provider. As an "
+#| "access provider it uses HBAC (host-based access control) rules. Please "
+#| "refer to freeipa.org for more information about HBAC. No configuration of "
+#| "access provider is required on the client side."
msgid ""
"However, it is neither necessary nor recommended to set these options. The "
-"AD provider can also be used as an access, chpass and sudo provider. No "
-"configuration of the access provider is required on the client side."
+"AD provider can also be used as an access, chpass, sudo and autofs provider. "
+"No configuration of the access provider is required on the client side."
msgstr ""
+"Sin embargo, ni es necesario ni está recomendado fijar estas opciones. El "
+"proveedor IPA también puede ser usado como proveedor de acceso y cambio de "
+"contraseña. Como proveedor de acceso usa reglas HBAC (control de acceso "
+"basado en el host). Por favor vea freeipa.org para más información sobre "
+"HBAC. No se requiere configuración del proveedor de acceso en el lado "
+"cliente."
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:74
+#: sssd-ad.5.xml:75
#, no-wrap
msgid ""
"ldap_id_mapping = False\n"
@@ -8017,7 +8385,7 @@ msgstr ""
" "
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:68
+#: sssd-ad.5.xml:69
msgid ""
"By default, the AD provider will map UID and GID values from the objectSID "
"parameter in Active Directory. For details on this, see the <quote>ID "
@@ -8030,7 +8398,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:81
+#: sssd-ad.5.xml:82
msgid ""
"Users, groups and other entities served by SSSD are always treated as case-"
"insensitive in the AD provider for compatibility with Active Directory's "
@@ -8038,12 +8406,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:96
+#: sssd-ad.5.xml:97
msgid "ad_domain (string)"
msgstr "ad_domain (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:99
+#: sssd-ad.5.xml:100
msgid ""
"Specifies the name of the Active Directory domain. This is optional. If not "
"provided, the configuration domain name is used."
@@ -8052,7 +8420,7 @@ msgstr ""
"se suministra, se usa la configuración del nombre de dominio."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:104
+#: sssd-ad.5.xml:105
msgid ""
"For proper operation, this option should be specified as the lower-case "
"version of the long version of the Active Directory domain."
@@ -8061,34 +8429,60 @@ msgstr ""
"minúscula de la versión larga del dominio Active Directory."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:109
+#: sssd-ad.5.xml:110
msgid ""
"The short domain name (also known as the NetBIOS or the flat name) is "
"autodetected by the SSSD."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:116
+#: sssd-ad.5.xml:117
msgid "ad_server, ad_backup_server (string)"
msgstr "ad_server, ad_backup_server (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:119
+#: sssd-ad.5.xml:120
+#, fuzzy
+#| msgid ""
+#| "The comma-separated list of IP addresses or hostnames of the IPA servers "
+#| "to which SSSD should connect in the order of preference. For more "
+#| "information on failover and server redundancy, see the <quote>FAILOVER</"
+#| "quote> section. This is optional if autodiscovery is enabled. For more "
+#| "information on service discovery, refer to the <quote>SERVICE DISCOVERY</"
+#| "quote> section."
msgid ""
"The comma-separated list of hostnames of the AD servers to which SSSD should "
"connect in order of preference. For more information on failover and server "
-"redundancy, see the <quote>FAILOVER</quote> section. This is optional if "
-"autodiscovery is enabled. For more information on service discovery, refer "
-"to the <quote>SERVICE DISCOVERY</quote> section."
+"redundancy, see the <quote>FAILOVER</quote> section."
msgstr ""
+"La lista separada por comas de direcciones IP o nombres de host de los "
+"servidores IPA a los que SSSD se conectaría en orden de preferencia. Para "
+"más información sobre conmutación en error y redundancia de servidores, vea "
+"la sección <quote>FAILOVER</quote>. Esto es opcional si autodiscovery está "
+"habilitado. Para más información sobre el servicio descubridor, vea la "
+"sección <quote>SERVICE DISCOVERY</quote>."
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:127
+msgid ""
+"This is optional if autodiscovery is enabled. For more information on "
+"service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ad.5.xml:132
+msgid ""
+"Note: Trusted domains will always auto-discover servers even if the primary "
+"server is explicitly defined in the ad_server option."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:140
msgid "ad_hostname (string)"
msgstr "ad_hostname (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:135
+#: sssd-ad.5.xml:143
msgid ""
"Optional. May be set on machines where the hostname(5) does not reflect the "
"fully qualified name used in the Active Directory domain to identify this "
@@ -8099,7 +8493,7 @@ msgstr ""
"identificar este host."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:141
+#: sssd-ad.5.xml:149
msgid ""
"This field is used to determine the host principal in use in the keytab. It "
"must match the hostname for which the keytab was issued."
@@ -8108,12 +8502,12 @@ msgstr ""
"Debe coincidir con el nombre del host desde que se envío la keytab."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:149
+#: sssd-ad.5.xml:157
msgid "ad_enable_dns_sites (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:156
+#: sssd-ad.5.xml:164
msgid ""
"If true and service discovery (see Service Discovery paragraph at the bottom "
"of the man page) is enabled, the SSSD will first attempt to discover the "
@@ -8124,12 +8518,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:172
+#: sssd-ad.5.xml:180
msgid "ad_access_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:175
+#: sssd-ad.5.xml:183
msgid ""
"This option specifies LDAP access control filter that the user must match in "
"order to be allowed access. Please note that the <quote>access_provider</"
@@ -8138,7 +8532,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:183
+#: sssd-ad.5.xml:191
msgid ""
"The option also supports specifying different filters per domain or forest. "
"This extended filter would consist of: <quote>KEYWORD:NAME:FILTER</quote>. "
@@ -8147,7 +8541,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:191
+#: sssd-ad.5.xml:199
msgid ""
"If the keyword equals to <quote>DOM</quote> or is missing, then <quote>NAME</"
"quote> specifies the domain or subdomain the filter applies to. If the "
@@ -8156,14 +8550,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:199
+#: sssd-ad.5.xml:207
msgid ""
"Multiple filters can be separated with the <quote>?</quote> character, "
"similarly to how search bases work."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:204
+#: sssd-ad.5.xml:212
msgid ""
"The most specific match is always used. For example, if the option specified "
"filter for a domain the user is a member of and a global filter, the per-"
@@ -8172,7 +8566,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ad.5.xml:215
+#: sssd-ad.5.xml:223
#, no-wrap
msgid ""
"# apply filter on domain called dom1 only:\n"
@@ -8187,29 +8581,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:225 sssd-ad.5.xml:239
+#: sssd-ad.5.xml:233 sssd-ad.5.xml:247
msgid "Default: Not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:231
+#: sssd-ad.5.xml:239
msgid "ad_site (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:234
+#: sssd-ad.5.xml:242
msgid ""
"Specify AD site to which client should try to connect. If this option is "
"not provided, the AD site will be auto-discovered."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:245
+#: sssd-ad.5.xml:253
msgid "ad_enable_gc (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:248
+#: sssd-ad.5.xml:256
msgid ""
"By default, the SSSD connects to the Global Catalog first to retrieve users "
"from trusted domains and uses the LDAP port to retrieve group memberships or "
@@ -8218,7 +8612,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:256
+#: sssd-ad.5.xml:264
msgid ""
"Please note that disabling Global Catalog support does not disable "
"retrieving users from trusted domains. The SSSD would connect to the LDAP "
@@ -8227,12 +8621,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:270
+#: sssd-ad.5.xml:278
msgid "ad_gpo_access_control (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:273
+#: sssd-ad.5.xml:281
msgid ""
"This option specifies the operation mode for GPO-based access control "
"functionality: whether it operates in disabled mode, enforcing mode, or "
@@ -8242,14 +8636,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:282
+#: sssd-ad.5.xml:290
msgid ""
"GPO-based access control functionality uses GPO policy settings to determine "
"whether or not a particular user is allowed to logon to a particular host."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:288
+#: sssd-ad.5.xml:296
msgid ""
"NOTE: If the operation mode is set to enforcing, it is possible that users "
"that were previously allowed logon access will now be denied logon access "
@@ -8262,23 +8656,23 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:301
+#: sssd-ad.5.xml:309
msgid "There are three supported values for this option:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:305
+#: sssd-ad.5.xml:313
msgid ""
"disabled: GPO-based access control rules are neither evaluated nor enforced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:311
+#: sssd-ad.5.xml:319
msgid "enforcing: GPO-based access control rules are evaluated and enforced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:317
+#: sssd-ad.5.xml:325
msgid ""
"permissive: GPO-based access control rules are evaluated, but not enforced. "
"Instead, a syslog message will be emitted indicating that the user would "
@@ -8286,22 +8680,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:328
+#: sssd-ad.5.xml:336
msgid "Default: permissive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:331
+#: sssd-ad.5.xml:339
msgid "Default: enforcing"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:337
+#: sssd-ad.5.xml:345
msgid "ad_gpo_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:340
+#: sssd-ad.5.xml:348
msgid ""
"The amount of time between lookups of GPO policy files against the AD "
"server. This will reduce the latency and load on the AD server if there are "
@@ -8309,12 +8703,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:353
+#: sssd-ad.5.xml:361
msgid "ad_gpo_map_interactive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:356
+#: sssd-ad.5.xml:364
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the InteractiveLogonRight and "
@@ -8322,14 +8716,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:362
+#: sssd-ad.5.xml:370
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on locally\" and \"Deny log on locally\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:376
+#: sssd-ad.5.xml:384
#, no-wrap
msgid ""
"ad_gpo_map_interactive = +my_pam_service, -login\n"
@@ -8337,7 +8731,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:367
+#: sssd-ad.5.xml:375
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -8349,53 +8743,78 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:380 sssd-ad.5.xml:451 sssd-ad.5.xml:492 sssd-ad.5.xml:537
-#: sssd-ad.5.xml:603
+#: sssd-ad.5.xml:388 sssd-ad.5.xml:484 sssd-ad.5.xml:530 sssd-ad.5.xml:575
+#: sssd-ad.5.xml:641
msgid "Default: the default set of PAM service names includes:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:384
+#: sssd-ad.5.xml:392
msgid "login"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:389
+#: sssd-ad.5.xml:397
msgid "su"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:394
+#: sssd-ad.5.xml:402
msgid "su-l"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:399
+#: sssd-ad.5.xml:407
msgid "gdm-fingerprint"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:404
+#: sssd-ad.5.xml:412
msgid "gdm-password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:409
+#: sssd-ad.5.xml:417
msgid "gdm-smartcard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:414
+#: sssd-ad.5.xml:422
msgid "kdm"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:427
+msgid "lightdm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:432
+msgid "lxdm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:437
+msgid "sddm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:442
+msgid "unity"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:447
+msgid "xdm"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:423
+#: sssd-ad.5.xml:456
msgid "ad_gpo_map_remote_interactive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:426
+#: sssd-ad.5.xml:459
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the RemoteInteractiveLogonRight and "
@@ -8403,7 +8822,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:432
+#: sssd-ad.5.xml:465
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on through Remote Desktop Services\" and \"Deny log on through Remote "
@@ -8411,7 +8830,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:447
+#: sssd-ad.5.xml:480
#, no-wrap
msgid ""
"ad_gpo_map_remote_interactive = +my_pam_service, -sshd\n"
@@ -8419,7 +8838,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:438
+#: sssd-ad.5.xml:471
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -8431,17 +8850,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:455
+#: sssd-ad.5.xml:488
msgid "sshd"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:493
+msgid "cockpit"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:464
+#: sssd-ad.5.xml:502
msgid "ad_gpo_map_network (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:467
+#: sssd-ad.5.xml:505
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the NetworkLogonRight and "
@@ -8449,7 +8873,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:473
+#: sssd-ad.5.xml:511
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Access "
"this computer from the network\" and \"Deny access to this computer from the "
@@ -8457,7 +8881,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:488
+#: sssd-ad.5.xml:526
#, no-wrap
msgid ""
"ad_gpo_map_network = +my_pam_service, -ftp\n"
@@ -8465,7 +8889,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:479
+#: sssd-ad.5.xml:517
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -8477,22 +8901,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:496
+#: sssd-ad.5.xml:534
msgid "ftp"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:501
+#: sssd-ad.5.xml:539
msgid "samba"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:510
+#: sssd-ad.5.xml:548
msgid "ad_gpo_map_batch (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:513
+#: sssd-ad.5.xml:551
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the BatchLogonRight and DenyBatchLogonRight "
@@ -8500,14 +8924,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:519
+#: sssd-ad.5.xml:557
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on as a batch job\" and \"Deny log on as a batch job\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:533
+#: sssd-ad.5.xml:571
#, no-wrap
msgid ""
"ad_gpo_map_batch = +my_pam_service, -crond\n"
@@ -8515,7 +8939,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:524
+#: sssd-ad.5.xml:562
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -8527,17 +8951,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:541
+#: sssd-ad.5.xml:579
msgid "crond"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:550
+#: sssd-ad.5.xml:588
msgid "ad_gpo_map_service (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:553
+#: sssd-ad.5.xml:591
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the ServiceLogonRight and "
@@ -8545,14 +8969,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:559
+#: sssd-ad.5.xml:597
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on as a service\" and \"Deny log on as a service\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:572
+#: sssd-ad.5.xml:610
#, no-wrap
msgid ""
"ad_gpo_map_service = +my_pam_service\n"
@@ -8560,7 +8984,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:564 sssd-ad.5.xml:634
+#: sssd-ad.5.xml:602 sssd-ad.5.xml:677
msgid ""
"It is possible to add a PAM service name to the default set by using <quote>"
"+service_name</quote>. Since the default set is empty, it is not possible "
@@ -8571,19 +8995,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:582
+#: sssd-ad.5.xml:620
msgid "ad_gpo_map_permit (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:585
+#: sssd-ad.5.xml:623
msgid ""
"A comma-separated list of PAM service names for which GPO-based access is "
"always granted, regardless of any GPO Logon Rights."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:599
+#: sssd-ad.5.xml:637
#, no-wrap
msgid ""
"ad_gpo_map_permit = +my_pam_service, -sudo\n"
@@ -8591,7 +9015,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:590
+#: sssd-ad.5.xml:628
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -8603,34 +9027,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:607
+#: sssd-ad.5.xml:645
+msgid "polkit-1"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:650
msgid "sudo"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:612
+#: sssd-ad.5.xml:655
msgid "sudo-i"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:617
+#: sssd-ad.5.xml:660
msgid "systemd-user"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:626
+#: sssd-ad.5.xml:669
msgid "ad_gpo_map_deny (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:629
+#: sssd-ad.5.xml:672
msgid ""
"A comma-separated list of PAM service names for which GPO-based access is "
"always denied, regardless of any GPO Logon Rights."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:642
+#: sssd-ad.5.xml:685
#, no-wrap
msgid ""
"ad_gpo_map_deny = +my_pam_service\n"
@@ -8638,12 +9067,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:652
+#: sssd-ad.5.xml:695
msgid "ad_gpo_default_right (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:655
+#: sssd-ad.5.xml:698
msgid ""
"This option defines how access control is evaluated for PAM service names "
"that are not explicitly listed in one of the ad_gpo_map_* options. This "
@@ -8656,52 +9085,94 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:668
+#: sssd-ad.5.xml:711
msgid "Supported values for this option include:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:672
+#: sssd-ad.5.xml:715
msgid "interactive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:677
+#: sssd-ad.5.xml:720
msgid "remote_interactive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:682
+#: sssd-ad.5.xml:725
msgid "network"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:687
+#: sssd-ad.5.xml:730
msgid "batch"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:692
+#: sssd-ad.5.xml:735
msgid "service"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:697
+#: sssd-ad.5.xml:740
msgid "permit"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:702
+#: sssd-ad.5.xml:745
msgid "deny"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:708
+#: sssd-ad.5.xml:751
msgid "Default: deny"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:757
+msgid "ad_maximum_machine_account_password_age (integer)"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:717
+#: sssd-ad.5.xml:760
+msgid ""
+"SSSD will check once a day if the machine account password is older than the "
+"given age in days and try to renew it. A value of 0 will disable the renewal "
+"attempt."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:766
+#, fuzzy
+#| msgid "Default: 300"
+msgid "Default: 30 days"
+msgstr "Predeterminado: 300"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:772
+msgid "ad_machine_account_password_renewal_opts (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:775
+msgid ""
+"This option should only be used to test the machine account renewal task. "
+"The option expect 2 integers seperated by a colon (':'). The first integer "
+"defines the interval in seconds how often the task is run. The second "
+"specifies the inital timeout in seconds before the task is run for the first "
+"time after startup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:784
+#, fuzzy
+#| msgid "Default: 86400 (24 hours)"
+msgid "Default: 86400:750 (24h and 15m)"
+msgstr "Predeterminado: 86400 (24 horas)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:793
msgid ""
"Optional. This option tells SSSD to automatically update the Active "
"Directory DNS server with the IP address of this client. The update is "
@@ -8712,12 +9183,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:747
+#: sssd-ad.5.xml:823
msgid "Default: 3600 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:763
+#: sssd-ad.5.xml:839
#, fuzzy
#| msgid "Default: Use the IP address of the IPA LDAP connection"
msgid ""
@@ -8726,24 +9197,24 @@ msgid ""
msgstr "Predeterminado: Utilizar la dirección IP de la conexión IPA LDAP"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:797 sss_rpcidmapd.5.xml:76
+#: sssd-ad.5.xml:873 sss_rpcidmapd.5.xml:76
msgid "Default: True"
msgstr "Predeterminado: True"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:843 sssd-krb5.5.xml:505
+#: sssd-ad.5.xml:919 sssd-krb5.5.xml:505
msgid "krb5_use_enterprise_principal (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:846 sssd-krb5.5.xml:508
+#: sssd-ad.5.xml:922 sssd-krb5.5.xml:508
msgid ""
"Specifies if the user principal should be treated as enterprise principal. "
"See section 5 of RFC 6806 for more details about enterprise principals."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:891
+#: sssd-ad.5.xml:967
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -8754,7 +9225,7 @@ msgstr ""
"Este ejemplo muestra sólo las opciones específicas del proveedor AD."
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:898
+#: sssd-ad.5.xml:974
#, no-wrap
msgid ""
"[domain/EXAMPLE]\n"
@@ -8778,7 +9249,7 @@ msgstr ""
"ad_domain = example.com\n"
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:918
+#: sssd-ad.5.xml:994
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -8790,7 +9261,7 @@ msgstr ""
"ldap_account_expire_policy = ad\n"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:914
+#: sssd-ad.5.xml:990
msgid ""
"The AD access control provider checks if the account is expired. It has the "
"same effect as the following configuration of the LDAP provider: "
@@ -8801,7 +9272,7 @@ msgstr ""
"<placeholder type=\"programlisting\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:924
+#: sssd-ad.5.xml:1000
msgid ""
"However, unless the <quote>ad</quote> access control provider is explicitly "
"configured, the default access provider is <quote>permit</quote>. Please "
@@ -8810,6 +9281,14 @@ msgid ""
"encryption details) manually."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ad.5.xml:1008
+msgid ""
+"When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema "
+"attribute mapping (nisMap, nisObject, ...) is used, because these attributes "
+"are included in the default Active Directory schema."
+msgstr ""
+
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16
msgid "sssd-sudo"
@@ -9380,7 +9859,7 @@ msgid "The password to obfuscate will be read from standard input."
msgstr "La contraseña a oscurecer será leída desde la entrada estándar."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:80
+#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:70
#: sss_ssh_knownhostsproxy.1.xml:78
msgid ""
"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
@@ -9456,17 +9935,22 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_override.8.xml:37
msgid ""
-"Overrides data are stored in SSSD cache. If the cache is deleted all local "
-"overrides are lost."
+"Overrides data are stored in the SSSD cache. If the cache is deleted, all "
+"local overrides are lost. Please note that after the first override is "
+"created using any of the following <emphasis>user-add</emphasis>, "
+"<emphasis>group-add</emphasis>, <emphasis>user-import</emphasis> or "
+"<emphasis>group-import</emphasis> command. SSSD needs to be restarted to "
+"take effect. <emphasis>sss_override</emphasis> prints message when a "
+"restart is required."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_override.8.xml:43
+#: sss_override.8.xml:50
msgid "AVAILABLE COMMANDS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_override.8.xml:45
+#: sss_override.8.xml:52
msgid ""
"Argument <emphasis>NAME</emphasis> is the name of original object in all "
"commands. It is not possible to override <emphasis>uid</emphasis> or "
@@ -9474,50 +9958,86 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:52
+#: sss_override.8.xml:59
msgid ""
"<option>user-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--"
"name</option> NAME</optional> <optional><option>-u,--uid</option> UID</"
"optional> <optional><option>-g,--gid</option> GID</optional> "
"<optional><option>-h,--home</option> HOME</optional> <optional><option>-s,--"
"shell</option> SHELL</optional> <optional><option>-c,--gecos</option> GECOS</"
-"optional>"
+"optional> <optional><option>-x,--certificate</option> BASE64 ENCODED "
+"CERTIFICATE</optional>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:63
-msgid "Override attributes of an user."
+#: sss_override.8.xml:72
+msgid ""
+"Override attributes of an user. Please be aware that calling this command "
+"will replace any previous override for the (NAMEd) user."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:69
+#: sss_override.8.xml:80
msgid "<option>user-del</option> <emphasis>NAME</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:74
-msgid "Remove user overrides."
+#: sss_override.8.xml:85
+msgid ""
+"Remove user overrides. However be aware that overridden attributes might be "
+"returned from memory cache. Please see SSSD option "
+"<emphasis>memcache_timeout</emphasis> for more details."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:80
+#: sss_override.8.xml:94
+#, fuzzy
+#| msgid ""
+#| "<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
+#| "replaceable>"
+msgid ""
+"<option>user-find</option> <optional><option>-d,--domain</option> DOMAIN</"
+"optional>"
+msgstr ""
+"<option>-d</option>,<option>--domain</option> <replaceable>DOMINIO</"
+"replaceable>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:99
+msgid ""
+"List all users with set overrides. If <emphasis>DOMAIN</emphasis> parameter "
+"is set, only users from the domain are listed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:107
+msgid "<option>user-show</option> <emphasis>NAME</emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:112
+msgid "Show user overrides."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:118
msgid "<option>user-import</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:85
+#: sss_override.8.xml:123
msgid ""
"Import user overrides from <emphasis>FILE</emphasis>. Data format is "
"similar to standard passwd file. The format is:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:90
-msgid "original_name:name:uid:gid:gecos:home:shell"
+#: sss_override.8.xml:128
+msgid "original_name:name:uid:gid:gecos:home:shell:base64_encoded_certificate"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:93
+#: sss_override.8.xml:131
msgid ""
"where original_name is original name of the user whose attributes should be "
"overridden. The rest of fields correspond to new values. You can omit a "
@@ -9525,29 +10045,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:102
+#: sss_override.8.xml:140
msgid "ckent:superman::::::"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:105
-msgid "ckent@krypton.com::501:501:Superman:/home/earth:/bin/bash"
+#: sss_override.8.xml:143
+msgid "ckent@krypton.com::501:501:Superman:/home/earth:/bin/bash:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:111
+#: sss_override.8.xml:149
msgid "<option>user-export</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:116
+#: sss_override.8.xml:154
msgid ""
"Export all overridden attributes and store them in <emphasis>FILE</"
"emphasis>. See <emphasis>user-import</emphasis> for data format."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:124
+#: sss_override.8.xml:162
msgid ""
"<option>group-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--"
"name</option> NAME</optional> <optional><option>-g,--gid</option> GID</"
@@ -9555,41 +10075,74 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:131
-#, fuzzy
-#| msgid "print properties of a group"
-msgid "Override attributes of a group."
-msgstr "imprime las propiedades de un grupo"
+#: sss_override.8.xml:169
+msgid ""
+"Override attributes of a group. Please be aware that calling this command "
+"will replace any previous override for the (NAMEd) group."
+msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:137
+#: sss_override.8.xml:177
msgid "<option>group-del</option> <emphasis>NAME</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:142
-msgid "Remove group overrides."
+#: sss_override.8.xml:182
+msgid ""
+"Remove group overrides. However be aware that overridden attributes might be "
+"returned from memory cache. Please see SSSD option "
+"<emphasis>memcache_timeout</emphasis> for more details."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:191
+#, fuzzy
+#| msgid ""
+#| "<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
+#| "replaceable>"
+msgid ""
+"<option>group-find</option> <optional><option>-d,--domain</option> DOMAIN</"
+"optional>"
+msgstr ""
+"<option>-d</option>,<option>--domain</option> <replaceable>DOMINIO</"
+"replaceable>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:196
+msgid ""
+"List all groups with set overrides. If <emphasis>DOMAIN</emphasis> "
+"parameter is set, only groups from the domain are listed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:204
+msgid "<option>group-show</option> <emphasis>NAME</emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:209
+msgid "Show group overrides."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:148
+#: sss_override.8.xml:215
msgid "<option>group-import</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:153
+#: sss_override.8.xml:220
msgid ""
"Import group overrides from <emphasis>FILE</emphasis>. Data format is "
"similar to standard group file. The format is:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:158
+#: sss_override.8.xml:225
msgid "original_name:name:gid"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:161
+#: sss_override.8.xml:228
msgid ""
"where original_name is original name of the group whose attributes should be "
"overridden. The rest of fields correspond to new values. You can omit a "
@@ -9597,43 +10150,43 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:170
+#: sss_override.8.xml:237
msgid "admins:administrators:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:173
+#: sss_override.8.xml:240
msgid "Domain Users:Users:501"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:179
+#: sss_override.8.xml:246
msgid "<option>group-export</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:184
+#: sss_override.8.xml:251
msgid ""
"Export all overridden attributes and store them in <emphasis>FILE</"
"emphasis>. See <emphasis>group-import</emphasis> for data format."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_override.8.xml:194
+#: sss_override.8.xml:261
#, fuzzy
#| msgid "SUDO OPTIONS"
msgid "COMMON OPTIONS"
msgstr "OPCIONES SUDO"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_override.8.xml:196
+#: sss_override.8.xml:263
#, fuzzy
#| msgid "This option is not available in IPA provider."
msgid "Those options are available with all commands."
msgstr "Esta opción no está disponible en el proveedor IPA."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:201
+#: sss_override.8.xml:268
#, fuzzy
#| msgid "<option>--debug-timestamps=</option><replaceable>mode</replaceable>"
msgid "<option>--debug</option> <replaceable>LEVEL</replaceable>"
@@ -10937,6 +11490,45 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_cache.8.xml:185
+#, fuzzy
+#| msgid ""
+#| "<option>-g</option>,<option>--group</option> <replaceable>group</"
+#| "replaceable>"
+msgid ""
+"<option>-r</option>,<option>--sudo-rule</option> <replaceable>rule</"
+"replaceable>"
+msgstr ""
+"<option>-g</option>,<option>--group</option> <replaceable>group</replaceable>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:190
+#, fuzzy
+#| msgid "Invalidate specific service."
+msgid "Invalidate particular sudo rule."
+msgstr "Invalida servicio específico"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:196
+#, fuzzy
+#| msgid "<option>-R</option>,<option>--no-remove</option>"
+msgid "<option>-R</option>,<option>--sudo-rules</option>"
+msgstr "<option>-R</option>,<option>--no-remove</option>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:200
+#, fuzzy
+#| msgid ""
+#| "Invalidate all user records. This option overrides invalidation of "
+#| "specific user if it was also set."
+msgid ""
+"Invalidate all cached sudo rules. This option overrides invalidation of "
+"specific sudo rule if it was also set."
+msgstr ""
+"Invalida todos los registros de usuario. Esta opción anula la invalidación "
+"de usuario específico si también está fijada."
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:208
msgid ""
"<option>-d</option>,<option>--domain</option> <replaceable>domain</"
"replaceable>"
@@ -10945,7 +11537,7 @@ msgstr ""
"replaceable>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_cache.8.xml:190
+#: sss_cache.8.xml:213
msgid "Restrict invalidation process only to a particular domain."
msgstr "Restringe el proceso de invalidación sólo a un dominio concreto."
@@ -11465,13 +12057,22 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_ssh_authorizedkeys.1.xml:41
+#, fuzzy
+#| msgid ""
+#| "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</"
+#| "manvolnum></citerefentry> can be configured to use "
+#| "<command>sss_ssh_authorizedkeys</command> for public key user "
+#| "authentication if it is compiled with support for either "
+#| "<quote>AuthorizedKeysCommand</quote> or <quote>PubkeyAgent</quote> "
+#| "<citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</"
+#| "manvolnum></citerefentry> options."
msgid ""
"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
"citerefentry> can be configured to use <command>sss_ssh_authorizedkeys</"
"command> for public key user authentication if it is compiled with support "
-"for either <quote>AuthorizedKeysCommand</quote> or <quote>PubkeyAgent</"
-"quote> <citerefentry> <refentrytitle>sshd_config</refentrytitle> "
-"<manvolnum>5</manvolnum></citerefentry> options."
+"for <quote>AuthorizedKeysCommand</quote> option. Please refer to the "
+"<citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</"
+"manvolnum></citerefentry> man page for more details about this option."
msgstr ""
"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
"citerefentry> puede ser configurado para usar "
@@ -11482,7 +12083,7 @@ msgstr ""
"manvolnum></citerefentry> options."
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sss_ssh_authorizedkeys.1.xml:58
+#: sss_ssh_authorizedkeys.1.xml:59
#, no-wrap
msgid ""
" AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n"
@@ -11490,7 +12091,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:51
+#: sss_ssh_authorizedkeys.1.xml:52
msgid ""
"If <quote>AuthorizedKeysCommand</quote> is supported, "
"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
@@ -11500,30 +12101,8 @@ msgid ""
"\" id=\"0\"/>"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sss_ssh_authorizedkeys.1.xml:70
-#, no-wrap
-msgid "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n"
-msgstr "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n"
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:63
-msgid ""
-"If <quote>PubkeyAgent</quote> is supported, "
-"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
-"citerefentry> can be configured to use it by using the following directive "
-"for <citerefentry> <refentrytitle>sshd</refentrytitle> <manvolnum>8</"
-"manvolnum></citerefentry> configuration: <placeholder type=\"programlisting"
-"\" id=\"0\"/>"
-msgstr ""
-"Si se soporta <quote>PubkeyAgent</quote>, <citerefentry><refentrytitle>sshd</"
-"refentrytitle> <manvolnum>8</manvolnum></citerefentry> puede ser configurado "
-"para usarlo utilizando la siguiente directiva para <citerefentry> "
-"<refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></citerefentry> "
-"configuration: <placeholder type=\"programlisting\" id=\"0\"/>"
-
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_ssh_authorizedkeys.1.xml:85
+#: sss_ssh_authorizedkeys.1.xml:75
msgid ""
"Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>."
msgstr ""
@@ -11531,12 +12110,12 @@ msgstr ""
"<replaceable>DOMAIN</replaceable>."
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_ssh_authorizedkeys.1.xml:94 sss_ssh_knownhostsproxy.1.xml:92
+#: sss_ssh_authorizedkeys.1.xml:84 sss_ssh_knownhostsproxy.1.xml:92
msgid "EXIT STATUS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:96 sss_ssh_knownhostsproxy.1.xml:94
+#: sss_ssh_authorizedkeys.1.xml:86 sss_ssh_knownhostsproxy.1.xml:94
msgid ""
"In case of success, an exit value of 0 is returned. Otherwise, 1 is returned."
msgstr ""
@@ -12046,7 +12625,7 @@ msgstr ""
"quote>"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:137 include/ldap_id_mapping.xml:189
+#: include/ldap_id_mapping.xml:137 include/ldap_id_mapping.xml:191
msgid "Default: 200000"
msgstr "Por defecto: 200000"
@@ -12114,11 +12693,12 @@ msgstr ""
msgid ""
"For example, if your most recently-added Active Directory user has "
"objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, "
-"<quote>ldap_idmap_range_size</quote> must be at least 1107."
+"<quote>ldap_idmap_range_size</quote> must be at least 1108 as range size is "
+"equal to maximal SID minus minimal SID plus one (e.g. 1108 = 1107 - 0 + 1)."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:184
+#: include/ldap_id_mapping.xml:186
msgid ""
"It is important to plan ahead for future expansion, as changing this value "
"will result in changing all of the ID mappings on the system, leading to "
@@ -12126,12 +12706,12 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:194
+#: include/ldap_id_mapping.xml:196
msgid "ldap_idmap_default_domain_sid (string)"
msgstr "ldap_idmap_default_domain_sid (cadena)"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:197
+#: include/ldap_id_mapping.xml:199
msgid ""
"Specify the domain SID of the default domain. This will guarantee that this "
"domain will always be assigned to slice zero in the ID map, bypassing the "
@@ -12142,22 +12722,22 @@ msgstr ""
"sobrepasando el algoritmo murmurhash descrito arriba."
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:208
+#: include/ldap_id_mapping.xml:210
msgid "ldap_idmap_default_domain (string)"
msgstr "ldap_idmap_default_domain (cadena)"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:211
+#: include/ldap_id_mapping.xml:213
msgid "Specify the name of the default domain."
msgstr "Especifica el nombre del dominio por defecto."
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:219
+#: include/ldap_id_mapping.xml:221
msgid "ldap_idmap_autorid_compat (boolean)"
msgstr "ldap_idmap_autorid_compat (booleano)"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:222
+#: include/ldap_id_mapping.xml:224
msgid ""
"Changes the behavior of the ID-mapping algorithm to behave more similarly to "
"winbind's <quote>idmap_autorid</quote> algorithm."
@@ -12167,7 +12747,7 @@ msgstr ""
"winbind."
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:227
+#: include/ldap_id_mapping.xml:229
msgid ""
"When this option is configured, domains will be allocated starting with "
"slice zero and increasing monatomically with each additional domain."
@@ -12177,7 +12757,7 @@ msgstr ""
"adicional."
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:232
+#: include/ldap_id_mapping.xml:234
msgid ""
"NOTE: This algorithm is non-deterministic (it depends on the order that "
"users and groups are requested). If this mode is required for compatibility "
@@ -12191,13 +12771,36 @@ msgstr ""
"<quote>ldap_idmap_default_domain_sid</quote> para garantizar que al menos un "
"dominio está asignado consistentemente a la rebanada cero."
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:249
+#, fuzzy
+#| msgid "ldap_idmap_range_size (integer)"
+msgid "ldap_idmap_helper_table_size (integer)"
+msgstr "ldap_idmap_range_size (entero)"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:252
+msgid ""
+"Maximal number of secondary slices that is tried when performing mapping "
+"from UNIX id to SID."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:256
+msgid ""
+"Note: Additional secondary slices might be generated when SID is being "
+"mapped to UNIX id and RID part of SID is out of range for secondary slices "
+"generated so far. If value of ldap_idmap_helper_table_size is equal to 0 "
+"then no additional secondary slices are generated."
+msgstr ""
+
#. type: Content of: <refsect1><refsect2><title>
-#: include/ldap_id_mapping.xml:251
+#: include/ldap_id_mapping.xml:273
msgid "Well-Known SIDs"
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:253
+#: include/ldap_id_mapping.xml:275
msgid ""
"SSSD supports to look up the names of Well-Known SIDs, i.e. SIDs with a "
"special hardcoded meaning. Since the generic users and groups related to "
@@ -12206,51 +12809,51 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:259
+#: include/ldap_id_mapping.xml:281
msgid ""
"The SID name space is organized in authorities which can be seen as "
"different domains. The authorities for the Well-Known SIDs are"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:262
+#: include/ldap_id_mapping.xml:284
msgid "Null Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:263
+#: include/ldap_id_mapping.xml:285
msgid "World Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:264
+#: include/ldap_id_mapping.xml:286
msgid "Local Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:265
+#: include/ldap_id_mapping.xml:287
msgid "Creator Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:266
+#: include/ldap_id_mapping.xml:288
msgid "NT Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:267
+#: include/ldap_id_mapping.xml:289
msgid "Built-in"
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:269
+#: include/ldap_id_mapping.xml:291
msgid ""
"The capitalized version of these names are used as domain names when "
"returning the fully qualified name of a Well-Known SID."
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:273
+#: include/ldap_id_mapping.xml:295
msgid ""
"Since some utilities allow to modify SID based access control information "
"with the help of a name instead of using the SID directly SSSD supports to "
@@ -12679,3 +13282,21 @@ msgstr ""
#~ msgid "Default: ou"
#~ msgstr "Por defecto: ou"
+
+#~ msgid "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n"
+#~ msgstr "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n"
+
+#~ msgid ""
+#~ "If <quote>PubkeyAgent</quote> is supported, "
+#~ "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</"
+#~ "manvolnum></citerefentry> can be configured to use it by using the "
+#~ "following directive for <citerefentry> <refentrytitle>sshd</"
+#~ "refentrytitle> <manvolnum>8</manvolnum></citerefentry> configuration: "
+#~ "<placeholder type=\"programlisting\" id=\"0\"/>"
+#~ msgstr ""
+#~ "Si se soporta <quote>PubkeyAgent</quote>, "
+#~ "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</"
+#~ "manvolnum></citerefentry> puede ser configurado para usarlo utilizando la "
+#~ "siguiente directiva para <citerefentry> <refentrytitle>sshd</"
+#~ "refentrytitle> <manvolnum>8</manvolnum></citerefentry> configuration: "
+#~ "<placeholder type=\"programlisting\" id=\"0\"/>"
diff --git a/src/man/po/eu.po b/src/man/po/eu.po
index 333f10a71..4392b5dd8 100644
--- a/src/man/po/eu.po
+++ b/src/man/po/eu.po
@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: sssd-docs 1.12.90\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2015-09-30 11:58+0200\n"
+"POT-Creation-Date: 2016-06-20 21:22+0200\n"
"PO-Revision-Date: 2014-06-04 02:04-0400\n"
"Last-Translator: jhrozek <jhrozek@redhat.com>\n"
"Language-Team: Basque (http://www.transifex.com/projects/p/sssd/language/"
@@ -17,7 +17,7 @@ msgstr ""
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=2; plural=(n != 1);\n"
-"X-Generator: Zanata 3.7.2\n"
+"X-Generator: Zanata 3.8.4\n"
#. type: Content of: <reference><title>
#: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5
@@ -60,7 +60,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:53
+#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:56
#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21
#: sssd-ad.5.xml:21 sssd-sudo.5.xml:21 sssd.8.xml:29 sss_obfuscate.8.xml:30
#: sss_override.8.xml:30 sss_useradd.8.xml:30 sssd-krb5.5.xml:21
@@ -79,11 +79,11 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:39 pam_sss.8.xml:60 sssd.8.xml:42 sss_obfuscate.8.xml:58
+#: sss_groupmod.8.xml:39 pam_sss.8.xml:63 sssd.8.xml:42 sss_obfuscate.8.xml:58
#: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
#: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
#: sss_cache.8.xml:38 sss_debuglevel.8.xml:38 sss_seed.8.xml:42
-#: sss_ssh_authorizedkeys.1.xml:76 sss_ssh_knownhostsproxy.1.xml:62
+#: sss_ssh_authorizedkeys.1.xml:66 sss_ssh_knownhostsproxy.1.xml:62
msgid "OPTIONS"
msgstr ""
@@ -214,113 +214,128 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:73
-msgid "debug_timestamps (bool)"
+msgid "debug (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:76
msgid ""
+"SSSD 1.14 and later also includes the <replaceable>debug</replaceable> alias "
+"for <replaceable>debug_level</replaceable> as a convenience feature. If both "
+"are specified, the value of <replaceable>debug_level</replaceable> will be "
+"used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:86
+msgid "debug_timestamps (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:89
+msgid ""
"Add a timestamp to the debug messages. If journald is enabled for SSSD "
"debug logging this option is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:81 sssd.conf.5.xml:605 sssd.conf.5.xml:1081
-#: sssd-ldap.5.xml:1647 sssd-ldap.5.xml:1744 sssd-ldap.5.xml:1806
-#: sssd-ldap.5.xml:2363 sssd-ldap.5.xml:2428 sssd-ldap.5.xml:2446
-#: sssd-ipa.5.xml:405 sssd-ipa.5.xml:440 sssd-ad.5.xml:166 sssd-ad.5.xml:264
-#: sssd-ad.5.xml:733 sssd-ad.5.xml:852 sssd-krb5.5.xml:499
+#: sssd.conf.5.xml:94 sssd.conf.5.xml:672 sssd.conf.5.xml:1207
+#: sssd-ldap.5.xml:1665 sssd-ldap.5.xml:1762 sssd-ldap.5.xml:1824
+#: sssd-ldap.5.xml:2381 sssd-ldap.5.xml:2446 sssd-ldap.5.xml:2464
+#: sssd-ipa.5.xml:405 sssd-ipa.5.xml:440 sssd-ad.5.xml:174 sssd-ad.5.xml:272
+#: sssd-ad.5.xml:809 sssd-ad.5.xml:928 sssd-krb5.5.xml:499
msgid "Default: true"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:86
+#: sssd.conf.5.xml:99
msgid "debug_microseconds (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:89
+#: sssd.conf.5.xml:102
msgid ""
"Add microseconds to the timestamp in debug messages. If journald is enabled "
"for SSSD debug logging this option is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:94 sssd.conf.5.xml:1035 sssd.conf.5.xml:2164
-#: sssd-ldap.5.xml:692 sssd-ldap.5.xml:1521 sssd-ldap.5.xml:1540
-#: sssd-ldap.5.xml:1716 sssd-ldap.5.xml:2133 sssd-ipa.5.xml:139
+#: sssd.conf.5.xml:107 sssd.conf.5.xml:1161 sssd.conf.5.xml:2456
+#: sssd-ldap.5.xml:692 sssd-ldap.5.xml:1539 sssd-ldap.5.xml:1558
+#: sssd-ldap.5.xml:1734 sssd-ldap.5.xml:2151 sssd-ipa.5.xml:139
#: sssd-ipa.5.xml:211 sssd-ipa.5.xml:542 sssd-krb5.5.xml:266
#: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471
msgid "Default: false"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:67 sssd.conf.5.xml:105 sssd-ldap.5.xml:2171
+#: sssd.conf.5.xml:67 sssd.conf.5.xml:118 sssd-ldap.5.xml:2189
msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:103
+#: sssd.conf.5.xml:116
msgid "Options usable in SERVICE and DOMAIN sections"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:107
+#: sssd.conf.5.xml:120
msgid "timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:110
+#: sssd.conf.5.xml:123
msgid ""
"Timeout in seconds between heartbeats for this service. This is used to "
"ensure that the process is alive and capable of answering requests."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:115 sssd.conf.5.xml:999 sssd-ldap.5.xml:1392
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:128 sssd.conf.5.xml:1125 sssd-ldap.5.xml:1410
+#: include/ldap_id_mapping.xml:264
msgid "Default: 10"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:125
+#: sssd.conf.5.xml:138
msgid "SPECIAL SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:128
+#: sssd.conf.5.xml:141
msgid "The [sssd] section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:137 sssd.conf.5.xml:2272
+#: sssd.conf.5.xml:150 sssd.conf.5.xml:2472
msgid "Section parameters"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:139
+#: sssd.conf.5.xml:152
msgid "config_file_version (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:142
+#: sssd.conf.5.xml:155
msgid ""
"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use "
"version 2."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:148
+#: sssd.conf.5.xml:161
msgid "services"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:151
+#: sssd.conf.5.xml:164
msgid ""
"Comma separated list of services that are started when sssd itself starts."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:155
+#: sssd.conf.5.xml:168
msgid ""
"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> "
"<phrase condition=\"with_autofs\">, autofs</phrase> <phrase condition="
@@ -329,29 +344,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:165 sssd.conf.5.xml:390
+#: sssd.conf.5.xml:178 sssd.conf.5.xml:468
msgid "reconnection_retries (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:168 sssd.conf.5.xml:393
+#: sssd.conf.5.xml:181 sssd.conf.5.xml:471
msgid ""
"Number of times services should attempt to reconnect in the event of a Data "
"Provider crash or restart before they give up"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:173 sssd.conf.5.xml:398
+#: sssd.conf.5.xml:186 sssd.conf.5.xml:476
msgid "Default: 3"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:178
+#: sssd.conf.5.xml:191
msgid "domains"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:181
+#: sssd.conf.5.xml:194
msgid ""
"A domain is a database containing user information. SSSD can use more "
"domains at the same time, but at least one must be configured or SSSD won't "
@@ -361,19 +376,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:193 sssd.conf.5.xml:1947
+#: sssd.conf.5.xml:206 sssd.conf.5.xml:2105
msgid "re_expression (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:196
+#: sssd.conf.5.xml:209
msgid ""
"Default regular expression that describes how to parse the string containing "
"user name and domain into these components."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:201
+#: sssd.conf.5.xml:214
msgid ""
"Each domain can have an individual regular expression configured. For some "
"ID providers there are also default regular expressions. See DOMAIN "
@@ -381,12 +396,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:210 sssd.conf.5.xml:1998
+#: sssd.conf.5.xml:223 sssd.conf.5.xml:2156
msgid "full_name_format (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:213 sssd.conf.5.xml:2001
+#: sssd.conf.5.xml:226 sssd.conf.5.xml:2159
msgid ""
"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
"manvolnum> </citerefentry>-compatible format that describes how to compose a "
@@ -394,58 +409,58 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:224 sssd.conf.5.xml:2012
+#: sssd.conf.5.xml:237 sssd.conf.5.xml:2170
msgid "%1$s"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:225 sssd.conf.5.xml:2013
+#: sssd.conf.5.xml:238 sssd.conf.5.xml:2171
msgid "user name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:228 sssd.conf.5.xml:2016
+#: sssd.conf.5.xml:241 sssd.conf.5.xml:2174
msgid "%2$s"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:231 sssd.conf.5.xml:2019
+#: sssd.conf.5.xml:244 sssd.conf.5.xml:2177
msgid "domain name as specified in the SSSD config file."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:237 sssd.conf.5.xml:2025
+#: sssd.conf.5.xml:250 sssd.conf.5.xml:2183
msgid "%3$s"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:240 sssd.conf.5.xml:2028
+#: sssd.conf.5.xml:253 sssd.conf.5.xml:2186
msgid ""
"domain flat name. Mostly usable for Active Directory domains, both directly "
"configured or discovered via IPA trusts."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:221 sssd.conf.5.xml:2009
+#: sssd.conf.5.xml:234 sssd.conf.5.xml:2167
msgid ""
"The following expansions are supported: <placeholder type=\"variablelist\" "
"id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:250
+#: sssd.conf.5.xml:263
msgid ""
"Each domain can have an individual format string configured. see DOMAIN "
"SECTIONS for more info on this option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:256
+#: sssd.conf.5.xml:269
msgid "try_inotify (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:259
+#: sssd.conf.5.xml:272
msgid ""
"SSSD monitors the state of resolv.conf to identify when it needs to update "
"its internal DNS resolver. By default, we will attempt to use inotify for "
@@ -454,7 +469,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:267
+#: sssd.conf.5.xml:280
msgid ""
"There are some limited situations where it is preferred that we should skip "
"even trying to use inotify. In these rare cases, this option should be set "
@@ -462,69 +477,69 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:273
+#: sssd.conf.5.xml:286
msgid ""
"Default: true on platforms where inotify is supported. False on other "
"platforms."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:277
+#: sssd.conf.5.xml:290
msgid ""
"Note: this option will have no effect on platforms where inotify is "
"unavailable. On these platforms, polling will always be used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:284
+#: sssd.conf.5.xml:297
msgid "krb5_rcache_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:287
+#: sssd.conf.5.xml:300
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:291
+#: sssd.conf.5.xml:304
msgid ""
"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct "
"SSSD to let libkrb5 decide the appropriate location for the replay cache."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:297
+#: sssd.conf.5.xml:310
msgid ""
"Default: Distribution-specific and specified at build-time. "
"(__LIBKRB5_DEFAULTS__ if not configured)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:304
+#: sssd.conf.5.xml:317
msgid "user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:307
+#: sssd.conf.5.xml:320
msgid ""
"The user to drop the privileges to where appropriate to avoid running as the "
"root user."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:312
+#: sssd.conf.5.xml:325
msgid "Default: not set, process will run as root"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:317
+#: sssd.conf.5.xml:330
msgid "default_domain_suffix (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:320
+#: sssd.conf.5.xml:333
msgid ""
"This string will be used as a default domain name for all names without a "
"domain name component. The main use case is environments where the primary "
@@ -534,7 +549,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:330
+#: sssd.conf.5.xml:343
msgid ""
"Please note that if this option is set all users from the primary domain "
"have to use their fully qualified name, e.g. user@domain.name, to log in. "
@@ -544,20 +559,20 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:339 sssd-ldap.5.xml:663 sssd-ldap.5.xml:1480
-#: sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1574 sssd-ad.5.xml:576
-#: sssd-ad.5.xml:646 sssd-krb5.5.xml:410 sssd-krb5.5.xml:550
-#: include/ldap_id_mapping.xml:203 include/ldap_id_mapping.xml:214
+#: sssd.conf.5.xml:352 sssd-ldap.5.xml:663 sssd-ldap.5.xml:1498
+#: sssd-ldap.5.xml:1510 sssd-ldap.5.xml:1592 sssd-ad.5.xml:614
+#: sssd-ad.5.xml:689 sssd-krb5.5.xml:410 sssd-krb5.5.xml:550
+#: include/ldap_id_mapping.xml:205 include/ldap_id_mapping.xml:216
msgid "Default: not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:344
+#: sssd.conf.5.xml:357
msgid "override_space (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:347
+#: sssd.conf.5.xml:360
msgid ""
"This parameter will replace spaces (space bar) with the given character for "
"user and group names. e.g. (_). User name &quot;john doe&quot; will be "
@@ -567,7 +582,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:356
+#: sssd.conf.5.xml:369
msgid ""
"Please note it is a configuration error to use a replacement character that "
"might be used in user or group names. If a name contains the replacement "
@@ -576,12 +591,97 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:364
+#: sssd.conf.5.xml:377
msgid "Default: not set (spaces will not be replaced)"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:382
+msgid "certificate_verification (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:390
+msgid "no_ocsp"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:392
+msgid ""
+"Disables Online Certificate Status Protocol (OCSP) checks. This might be "
+"needed if the OCSP servers defined in the certificate are not reachable from "
+"the client."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:400
+msgid "no_verification"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:402
+msgid ""
+"Disables verification completely. This option should only be used for "
+"testing."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:408
+msgid "ocsp_default_responder=URL"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:410
+msgid ""
+"Sets the OCSP default responder which should be used instead of the one "
+"mentioned in the certificate. URL must be replaced with the URL of the OCSP "
+"default responder e.g. http://example.com:80/ocsp."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:416
+msgid ""
+"This option must be used together with ocsp_default_responder_signing_cert."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:424
+msgid "ocsp_default_responder_signing_cert=NAME"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:426
+msgid ""
+"The nickname of the cert to trust (expected) to sign the OCSP responses. "
+"The certificate with the given nickname must be availble in the systems NSS "
+"database."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:431
+msgid "This option must be used together with ocsp_default_responder."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:385
+msgid ""
+"With this parameter the certificate verification can be tuned with a comma "
+"separated list of options. Supported options are: <placeholder type="
+"\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:438
+msgid "Unknown options are reported but ignored."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:441
+msgid "Default: not set, i.e. do not restrict certificate vertification"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:130
+#: sssd.conf.5.xml:143
msgid ""
"Individual pieces of SSSD functionality are provided by special SSSD "
"services that are started and stopped together with SSSD. The services are "
@@ -592,12 +692,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:375
+#: sssd.conf.5.xml:453
msgid "SERVICES SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:377
+#: sssd.conf.5.xml:455
msgid ""
"Settings that can be used to configure different services are described in "
"this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -606,22 +706,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:384
+#: sssd.conf.5.xml:462
msgid "General service configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:386
+#: sssd.conf.5.xml:464
msgid "These options can be used to configure any service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:403
+#: sssd.conf.5.xml:481
msgid "fd_limit"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:406
+#: sssd.conf.5.xml:484
msgid ""
"This option specifies the maximum number of file descriptors that may be "
"opened at one time by this SSSD process. On systems where SSSD is granted "
@@ -631,17 +731,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:415
+#: sssd.conf.5.xml:493
msgid "Default: 8192 (or limits.conf \"hard\" limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:420
+#: sssd.conf.5.xml:498
msgid "client_idle_timeout"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:423
+#: sssd.conf.5.xml:501
msgid ""
"This option specifies the number of seconds that a client of an SSSD process "
"can hold onto a file descriptor without communicating on it. This value is "
@@ -649,19 +749,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:430 sssd.conf.5.xml:446 sssd.conf.5.xml:478
-#: sssd.conf.5.xml:736 sssd.conf.5.xml:922 sssd.conf.5.xml:1289
-#: sssd-ldap.5.xml:1219
+#: sssd.conf.5.xml:508 sssd.conf.5.xml:524 sssd.conf.5.xml:556
+#: sssd.conf.5.xml:803 sssd.conf.5.xml:995 sssd.conf.5.xml:1428
+#: sssd-ldap.5.xml:1237
msgid "Default: 60"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:435 sssd.conf.5.xml:1278
+#: sssd.conf.5.xml:513 sssd.conf.5.xml:1417
msgid "force_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:438 sssd.conf.5.xml:1281
+#: sssd.conf.5.xml:516 sssd.conf.5.xml:1420
msgid ""
"If a service is not responding to ping checks (see the <quote>timeout</"
"quote> option), it is first sent the SIGTERM signal that instructs it to "
@@ -671,12 +771,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:451
+#: sssd.conf.5.xml:529
msgid "offline_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:454
+#: sssd.conf.5.xml:532
msgid ""
"When SSSD switches to offline mode the amount of time before it tries to go "
"back online will increase based upon the time spent disconnected. This "
@@ -684,117 +784,65 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:461
+#: sssd.conf.5.xml:539
msgid "offline_timeout + random_offset"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:464
+#: sssd.conf.5.xml:542
msgid ""
"The random offset can increment up to 30 seconds. After each unsuccessful "
"attempt to go online, the new interval is recalculated by the following:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:469
+#: sssd.conf.5.xml:547
msgid "new_interval = old_interval*2 + random_offset"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:472
+#: sssd.conf.5.xml:550
msgid ""
"Note that the maximum length of each interval is currently limited to one "
"hour. If the calculated length of new_interval is greater than an hour, it "
"will be forced to one hour."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:483
-msgid "subdomain_inherit (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:486
-msgid ""
-"Specifies a list of configuration parameters that should be inherited by a "
-"subdomain. Please note that only selected parameters can be inherited. "
-"Currently the following options can be inherited:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:492
-msgid "ignore_group_members"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:495
-msgid "ldap_purge_cache_timeout"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:498 sssd-ldap.5.xml:1036
-msgid "ldap_use_tokengroups"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:501
-msgid "ldap_user_principal"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:506
-#, no-wrap
-msgid ""
-"subdomain_inherit = ldap_purge_cache_timeout\n"
-" "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:504
-msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:510 sssd.conf.5.xml:966 sssd.conf.5.xml:987
-#: sssd.conf.5.xml:1272 sssd-ldap.5.xml:1775
-msgid "Default: none"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:518
+#: sssd.conf.5.xml:564
msgid "NSS configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:520
+#: sssd.conf.5.xml:566
msgid ""
"These options can be used to configure the Name Service Switch (NSS) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:525
+#: sssd.conf.5.xml:571
msgid "enum_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:528
+#: sssd.conf.5.xml:574
msgid ""
"How many seconds should nss_sss cache enumerations (requests for info about "
"all users)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:532
+#: sssd.conf.5.xml:578
msgid "Default: 120"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:537
+#: sssd.conf.5.xml:583
msgid "entry_cache_nowait_percentage (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
+#: sssd.conf.5.xml:586
msgid ""
"The entry cache can be set to automatically update entries in the background "
"if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -802,7 +850,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:546
+#: sssd.conf.5.xml:592
msgid ""
"For example, if the domain's entry_cache_timeout is set to 30s and "
"entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -812,7 +860,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:556
+#: sssd.conf.5.xml:602
msgid ""
"Valid values for this option are 0-99 and represent a percentage of the "
"entry_cache_timeout for each domain. For performance reasons, this "
@@ -821,17 +869,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:564
+#: sssd.conf.5.xml:610
msgid "Default: 50"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:569
+#: sssd.conf.5.xml:615
msgid "entry_negative_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:572
+#: sssd.conf.5.xml:618
msgid ""
"Specifies for how many seconds nss_sss should cache negative cache hits "
"(that is, queries for invalid database entries, like nonexistent ones) "
@@ -839,60 +887,86 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:578 sssd.conf.5.xml:1059
+#: sssd.conf.5.xml:624 sssd.conf.5.xml:1185
msgid "Default: 15"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:583
+#: sssd.conf.5.xml:629
+msgid "local_negative_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:632
+msgid ""
+"Specifies for how many seconds nss_sss should keep local users and groups in "
+"negative cache before trying to look it up in the back end again."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:637 sssd.conf.5.xml:983 sssd.conf.5.xml:2406 sssd.8.xml:79
+msgid "Default: 0"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:642
msgid "filter_users, filter_groups (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:586
+#: sssd.conf.5.xml:645
msgid ""
-"Exclude certain users from being fetched from the sss NSS database. This is "
-"particularly useful for system accounts. This option can also be set per-"
-"domain or include fully-qualified names to filter only users from the "
-"particular domain."
+"Exclude certain users or groups from being fetched from the sss NSS "
+"database. This is particularly useful for system accounts. This option can "
+"also be set per-domain or include fully-qualified names to filter only users "
+"from the particular domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:593
+#: sssd.conf.5.xml:652
+msgid ""
+"NOTE: The filter_groups option doesn't affect inheritance of nested group "
+"members, since filtering happens after they are propagated for returning via "
+"NSS. E.g. a group having a member group filtered out will still have the "
+"member users of the latter listed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:660
msgid "Default: root"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:598
+#: sssd.conf.5.xml:665
msgid "filter_users_in_groups (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:601
+#: sssd.conf.5.xml:668
msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:612
+#: sssd.conf.5.xml:679
msgid "fallback_homedir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:615
+#: sssd.conf.5.xml:682
msgid ""
"Set a default template for a user's home directory if one is not specified "
"explicitly by the domain's data provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:620
+#: sssd.conf.5.xml:687
msgid ""
"The available values for this option are the same as for override_homedir."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:626
+#: sssd.conf.5.xml:693
#, no-wrap
msgid ""
"fallback_homedir = /home/%u\n"
@@ -900,23 +974,23 @@ msgid ""
msgstr ""
#. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:624 sssd.conf.5.xml:981 sssd-krb5.5.xml:533
-#: include/override_homedir.xml:55
+#: sssd.conf.5.xml:691 sssd.conf.5.xml:1062 sssd.conf.5.xml:1081
+#: sssd-krb5.5.xml:533 include/override_homedir.xml:55
msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:630
+#: sssd.conf.5.xml:697
msgid "Default: not set (no substitution for unset home directories)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:636
+#: sssd.conf.5.xml:703
msgid "override_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:639
+#: sssd.conf.5.xml:706
msgid ""
"Override the login shell for all users. This option supersedes any other "
"shell options if it takes effect and can be set either in the [nss] section "
@@ -924,47 +998,47 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:645
+#: sssd.conf.5.xml:712
msgid "Default: not set (SSSD will use the value retrieved from LDAP)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:651
+#: sssd.conf.5.xml:718
msgid "allowed_shells (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:654
+#: sssd.conf.5.xml:721
msgid ""
"Restrict user shell to one of the listed values. The order of evaluation is:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:657
+#: sssd.conf.5.xml:724
msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:661
+#: sssd.conf.5.xml:728
msgid ""
"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
"quote>, use the value of the shell_fallback parameter."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:666
+#: sssd.conf.5.xml:733
msgid ""
"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
"shells</quote>, a nologin shell is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:671
+#: sssd.conf.5.xml:738
msgid "The wildcard (*) can be used to allow any shell."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:674
+#: sssd.conf.5.xml:741
msgid ""
"The (*) is useful if you want to use shell_fallback in case that user's "
"shell is not in <quote>/etc/shells</quote> and maintaining list of all "
@@ -972,103 +1046,110 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:681
+#: sssd.conf.5.xml:748
msgid "An empty string for shell is passed as-is to libc."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:684
+#: sssd.conf.5.xml:751
msgid ""
"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
"that a restart of the SSSD is required in case a new shell is installed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:688
+#: sssd.conf.5.xml:755
msgid "Default: Not set. The user shell is automatically used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:693
+#: sssd.conf.5.xml:760
msgid "vetoed_shells (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:696
+#: sssd.conf.5.xml:763
msgid "Replace any instance of these shells with the shell_fallback"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:701
+#: sssd.conf.5.xml:768
msgid "shell_fallback (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:704
+#: sssd.conf.5.xml:771
msgid ""
"The default shell to use if an allowed shell is not installed on the machine."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:708
+#: sssd.conf.5.xml:775
msgid "Default: /bin/sh"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:713
+#: sssd.conf.5.xml:780
msgid "default_shell"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:716
+#: sssd.conf.5.xml:783
msgid ""
"The default shell to use if the provider does not return one during lookup. "
"This option can be specified globally in the [nss] section or per-domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:722
+#: sssd.conf.5.xml:789
msgid ""
"Default: not set (Return NULL if no shell is specified and rely on libc to "
"substitute something sensible when necessary, usually /bin/sh)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:729 sssd.conf.5.xml:915
+#: sssd.conf.5.xml:796 sssd.conf.5.xml:988
msgid "get_domains_timeout (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:732 sssd.conf.5.xml:918
+#: sssd.conf.5.xml:799 sssd.conf.5.xml:991
msgid ""
"Specifies time in seconds for which the list of subdomains will be "
"considered valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:741
+#: sssd.conf.5.xml:808
msgid "memcache_timeout (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:744
+#: sssd.conf.5.xml:811
msgid ""
"Specifies time in seconds for which records in the in-memory cache will be "
-"valid"
+"valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:748 sssd-ldap.5.xml:706
+#: sssd.conf.5.xml:815 sssd.conf.5.xml:1299 sssd-ldap.5.xml:706
msgid "Default: 300"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:818
+msgid ""
+"NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", "
+"client applications will not use the fast in-memory cache."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:753 sssd-ifp.5.xml:74
+#: sssd.conf.5.xml:826 sssd-ifp.5.xml:74
msgid "user_attributes (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:829
msgid ""
"Some of the additional NSS responder requests can return more attributes "
"than just the POSIX ones defined by the NSS interface. The list of "
@@ -1079,72 +1160,72 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:769
+#: sssd.conf.5.xml:842
msgid ""
"To make configuration more easy the NSS responder will check the InfoPipe "
"option if it is not set for the NSS responder."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:774
+#: sssd.conf.5.xml:847
msgid "Default: not set, fallback to InfoPipe option"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:781
+#: sssd.conf.5.xml:854
msgid "PAM configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:856
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:788
+#: sssd.conf.5.xml:861
msgid "offline_credentials_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:791
+#: sssd.conf.5.xml:864
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:796 sssd.conf.5.xml:809
+#: sssd.conf.5.xml:869 sssd.conf.5.xml:882
msgid "Default: 0 (No limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:802
+#: sssd.conf.5.xml:875
msgid "offline_failed_login_attempts (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:805
+#: sssd.conf.5.xml:878
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:815
+#: sssd.conf.5.xml:888
msgid "offline_failed_login_delay (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:818
+#: sssd.conf.5.xml:891
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:823
+#: sssd.conf.5.xml:896
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -1152,59 +1233,59 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:829 sssd.conf.5.xml:882
+#: sssd.conf.5.xml:902 sssd.conf.5.xml:955
msgid "Default: 5"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:835
+#: sssd.conf.5.xml:908
msgid "pam_verbosity (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:838
+#: sssd.conf.5.xml:911
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:843
+#: sssd.conf.5.xml:916
msgid "Currently sssd supports the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:846
+#: sssd.conf.5.xml:919
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:849
+#: sssd.conf.5.xml:922
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:853
+#: sssd.conf.5.xml:926
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:856
+#: sssd.conf.5.xml:929
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:860 sssd.8.xml:63
+#: sssd.conf.5.xml:933 sssd.8.xml:63
msgid "Default: 1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:865
+#: sssd.conf.5.xml:938
msgid "pam_id_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:941
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -1212,7 +1293,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:874
+#: sssd.conf.5.xml:947
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
@@ -1221,17 +1302,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:888
+#: sssd.conf.5.xml:961
msgid "pam_pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:891 sssd.conf.5.xml:1492
+#: sssd.conf.5.xml:964 sssd.conf.5.xml:1631
msgid "Display a warning N days before the password expires."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:894
+#: sssd.conf.5.xml:967
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -1239,117 +1320,183 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:900 sssd.conf.5.xml:1495
+#: sssd.conf.5.xml:973 sssd.conf.5.xml:1634
msgid ""
"If zero is set, then this filter is not applied, i.e. if the expiration "
"warning was received from backend server, it will automatically be displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:905
+#: sssd.conf.5.xml:978
msgid ""
"This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
"emphasis> for a particular domain."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:910 sssd.conf.5.xml:2224 sssd.8.xml:79
-msgid "Default: 0"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:927
+#: sssd.conf.5.xml:1000
msgid "pam_trusted_users (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:930
+#: sssd.conf.5.xml:1003
msgid ""
"Specifies the comma-separated list of UID values or user names that are "
-"allowed to access the PAM responder. User names are resolved to UIDs at "
+"allowed to run PAM conversations against trusted domains. Users not "
+"included in this list can only access domains marked as public with "
+"<quote>pam_public_domains</quote>. User names are resolved to UIDs at "
"startup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:936
-msgid "Default: all (All users are allowed to access the PAM responder)"
+#: sssd.conf.5.xml:1013
+msgid "Default: All users are considered trusted by default"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940
+#: sssd.conf.5.xml:1017
msgid ""
"Please note that UID 0 is always allowed to access the PAM responder even in "
"case it is not in the pam_trusted_users list."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:947
+#: sssd.conf.5.xml:1024
msgid "pam_public_domains (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:950
+#: sssd.conf.5.xml:1027
msgid ""
"Specifies the comma-separated list of domain names that are accessible even "
"to untrusted users."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:954
+#: sssd.conf.5.xml:1031
msgid "Two special values for pam_public_domains option are defined:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:958
+#: sssd.conf.5.xml:1035
msgid ""
"all (Untrusted users are allowed to access all domains in PAM responder.)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:962
+#: sssd.conf.5.xml:1039
msgid ""
"none (Untrusted users are not allowed to access any domains PAM in "
"responder.)"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1043 sssd.conf.5.xml:1068 sssd.conf.5.xml:1087
+#: sssd.conf.5.xml:1411 sssd.conf.5.xml:2342 sssd-ldap.5.xml:1793
+msgid "Default: none"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:971
+#: sssd.conf.5.xml:1048
msgid "pam_account_expired_message (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:974
+#: sssd.conf.5.xml:1051
+msgid ""
+"Allows a custom expiration message to be set, replacing the default "
+"'Permission denied' message."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1056
+msgid ""
+"Note: Please be aware that message is only printed for the SSH service "
+"unless pam_verbostiy is set to 3 (show all messages and debug information)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd.conf.5.xml:1064
+#, no-wrap
+msgid ""
+"pam_account_expired_message = Account expired, please contact help desk.\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1073
+msgid "pam_account_locked_message (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1076
msgid ""
-"If user is authenticating using SSH keys and account is expired then by "
-"default 'Permission denied' is output. This output will be changed to "
-"content of this variable if it is set."
+"Allows a custom lockout message to be set, replacing the default 'Permission "
+"denied' message."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:983
+#: sssd.conf.5.xml:1083
#, no-wrap
msgid ""
-"pam_account_expired_message = Account expired, please call help desk.\n"
+"pam_account_locked_message = Account locked, please contact help desk.\n"
" "
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:992
+#: sssd.conf.5.xml:1092
+msgid "pam_cert_auth (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1095
+msgid ""
+"Enable certificate based Smartcard authentication. Since this requires "
+"additional communication with the Smartcard which will delay the "
+"authentication process this option is disabled by default."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1101 sssd-ldap.5.xml:1021 sssd-ldap.5.xml:1048
+#: sssd-ldap.5.xml:1339 sssd-ldap.5.xml:1360 sssd-ldap.5.xml:1866
+#: include/ldap_id_mapping.xml:244
+msgid "Default: False"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1106
+msgid "pam_cert_db_path (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1109
+msgid ""
+"The path to the certificate database which contain the PKCS#11 modules to "
+"access the Smartcard."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1113
+msgid "Default: /etc/pki/nssdb (NSS version)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1118
msgid "p11_child_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:995
+#: sssd.conf.5.xml:1121
msgid "How many seconds will pam_sss wait for p11_child to finish."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1008
+#: sssd.conf.5.xml:1134
msgid "SUDO configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1010
+#: sssd.conf.5.xml:1136
msgid ""
"These options can be used to configure the sudo service. The detailed "
"instructions for configuration of <citerefentry> <refentrytitle>sudo</"
@@ -1360,34 +1507,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1027
+#: sssd.conf.5.xml:1153
msgid "sudo_timed (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1030
+#: sssd.conf.5.xml:1156
msgid ""
"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
"that implement time-dependent sudoers entries."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1043
+#: sssd.conf.5.xml:1169
msgid "AUTOFS configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1045
+#: sssd.conf.5.xml:1171
msgid "These options can be used to configure the autofs service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1049
+#: sssd.conf.5.xml:1175
msgid "autofs_negative_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1052
+#: sssd.conf.5.xml:1178
msgid ""
"Specifies for how many seconds should the autofs responder negative cache "
"hits (that is, queries for invalid map entries, like nonexistent ones) "
@@ -1395,68 +1542,68 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1068
+#: sssd.conf.5.xml:1194
msgid "SSH configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1070
+#: sssd.conf.5.xml:1196
msgid "These options can be used to configure the SSH service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1074
+#: sssd.conf.5.xml:1200
msgid "ssh_hash_known_hosts (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1077
+#: sssd.conf.5.xml:1203
msgid ""
"Whether or not to hash host names and addresses in the managed known_hosts "
"file."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1086
+#: sssd.conf.5.xml:1212
msgid "ssh_known_hosts_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1089
+#: sssd.conf.5.xml:1215
msgid ""
"How many seconds to keep a host in the managed known_hosts file after its "
"host keys were requested."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1093
+#: sssd.conf.5.xml:1219
msgid "Default: 180"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1098
+#: sssd.conf.5.xml:1224
msgid "ca_db (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1101
+#: sssd.conf.5.xml:1227
msgid ""
"Path to a storage of trusted CA certificates. The option is used to validate "
"user certificates before deriving public ssh keys from them."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1106
+#: sssd.conf.5.xml:1232
msgid "Default: /etc/pki/nssdb"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1114
+#: sssd.conf.5.xml:1240
msgid "PAC responder configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1116
+#: sssd.conf.5.xml:1242
msgid ""
"The PAC responder works together with the authorization data plugin for MIT "
"Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the "
@@ -1468,7 +1615,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1125
+#: sssd.conf.5.xml:1251
msgid ""
"If the remote user does not exist in the cache, it is created. The uid is "
"determined with the help of the SID, trusted domains will have UPGs and the "
@@ -1479,24 +1626,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1133
+#: sssd.conf.5.xml:1259
msgid ""
"If there are SIDs of groups from domains sssd knows about, the user will be "
"added to those groups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1139
+#: sssd.conf.5.xml:1265
msgid "These options can be used to configure the PAC responder."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1143 sssd-ifp.5.xml:50
+#: sssd.conf.5.xml:1269 sssd-ifp.5.xml:50
msgid "allowed_uids (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1146
+#: sssd.conf.5.xml:1272
msgid ""
"Specifies the comma-separated list of UID values or user names that are "
"allowed to access the PAC responder. User names are resolved to UIDs at "
@@ -1504,12 +1651,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1152
+#: sssd.conf.5.xml:1278
msgid "Default: 0 (only the root user is allowed to access the PAC responder)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1156
+#: sssd.conf.5.xml:1282
msgid ""
"Please note that although the UID 0 is used as the default it will be "
"overwritten with this option. If you still want to allow the root user to "
@@ -1517,25 +1664,37 @@ msgid ""
"to the list of allowed UIDs as well."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1291
+msgid "pac_lifetime (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1294
+msgid ""
+"Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC "
+"data can be used to determine the group memberships of a user."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1170
+#: sssd.conf.5.xml:1309
msgid "DOMAIN SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1177
+#: sssd.conf.5.xml:1316
msgid "min_id,max_id (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1180
+#: sssd.conf.5.xml:1319
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1185
+#: sssd.conf.5.xml:1324
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -1544,46 +1703,46 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1192
+#: sssd.conf.5.xml:1331
msgid ""
"These ID limits affect even saving entries to cache, not only returning them "
"by name or ID."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1196
+#: sssd.conf.5.xml:1335
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1202
+#: sssd.conf.5.xml:1341
msgid "enumerate (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1205
+#: sssd.conf.5.xml:1344
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1209
+#: sssd.conf.5.xml:1348
msgid "TRUE = Users and groups are enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1212
+#: sssd.conf.5.xml:1351
msgid "FALSE = No enumerations for this domain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1215 sssd.conf.5.xml:1447 sssd.conf.5.xml:1614
+#: sssd.conf.5.xml:1354 sssd.conf.5.xml:1586 sssd.conf.5.xml:1753
msgid "Default: FALSE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1218
+#: sssd.conf.5.xml:1357
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -1595,14 +1754,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1231
+#: sssd.conf.5.xml:1370
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1236
+#: sssd.conf.5.xml:1375
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -1611,39 +1770,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1244
+#: sssd.conf.5.xml:1383
msgid ""
"For the reasons cited above, enabling enumeration is not recommended, "
"especially in large environments."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1252
+#: sssd.conf.5.xml:1391
msgid "subdomain_enumerate (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1259
+#: sssd.conf.5.xml:1398
msgid "all"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1260
+#: sssd.conf.5.xml:1399
msgid "All discovered trusted domains will be enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1263
+#: sssd.conf.5.xml:1402
msgid "none"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1264
+#: sssd.conf.5.xml:1403
msgid "No discovered trusted domains will be enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1255
+#: sssd.conf.5.xml:1394
msgid ""
"Whether any of autodetected trusted domains should be enumerated. The "
"supported values are: <placeholder type=\"variablelist\" id=\"0\"/> "
@@ -1652,19 +1811,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1295
+#: sssd.conf.5.xml:1434
msgid "entry_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1298
+#: sssd.conf.5.xml:1437
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1302
+#: sssd.conf.5.xml:1441
msgid ""
"The cache expiration timestamps are stored as attributes of individual "
"objects in the cache. Therefore, changing the cache timeout only has effect "
@@ -1675,151 +1834,151 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1315
+#: sssd.conf.5.xml:1454
msgid "Default: 5400"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1321
+#: sssd.conf.5.xml:1460
msgid "entry_cache_user_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1324
+#: sssd.conf.5.xml:1463
msgid ""
"How many seconds should nss_sss consider user entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1328 sssd.conf.5.xml:1341 sssd.conf.5.xml:1354
-#: sssd.conf.5.xml:1367 sssd.conf.5.xml:1380 sssd.conf.5.xml:1394
-#: sssd.conf.5.xml:1408
+#: sssd.conf.5.xml:1467 sssd.conf.5.xml:1480 sssd.conf.5.xml:1493
+#: sssd.conf.5.xml:1506 sssd.conf.5.xml:1519 sssd.conf.5.xml:1533
+#: sssd.conf.5.xml:1547
msgid "Default: entry_cache_timeout"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1334
+#: sssd.conf.5.xml:1473
msgid "entry_cache_group_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1337
+#: sssd.conf.5.xml:1476
msgid ""
"How many seconds should nss_sss consider group entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1347
+#: sssd.conf.5.xml:1486
msgid "entry_cache_netgroup_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1350
+#: sssd.conf.5.xml:1489
msgid ""
"How many seconds should nss_sss consider netgroup entries valid before "
"asking the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1360
+#: sssd.conf.5.xml:1499
msgid "entry_cache_service_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1363
+#: sssd.conf.5.xml:1502
msgid ""
"How many seconds should nss_sss consider service entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1373
+#: sssd.conf.5.xml:1512
msgid "entry_cache_sudo_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1376
+#: sssd.conf.5.xml:1515
msgid ""
"How many seconds should sudo consider rules valid before asking the backend "
"again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1386
+#: sssd.conf.5.xml:1525
msgid "entry_cache_autofs_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1389
+#: sssd.conf.5.xml:1528
msgid ""
"How many seconds should the autofs service consider automounter maps valid "
"before asking the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1400
+#: sssd.conf.5.xml:1539
msgid "entry_cache_ssh_host_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1403
+#: sssd.conf.5.xml:1542
msgid ""
"How many seconds to keep a host ssh key after refresh. IE how long to cache "
"the host key for."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1414
+#: sssd.conf.5.xml:1553
msgid "refresh_expired_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1417
+#: sssd.conf.5.xml:1556
msgid ""
"Specifies how many seconds SSSD has to wait before triggering a background "
"refresh task which will refresh all expired or nearly expired records."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1422
+#: sssd.conf.5.xml:1561
msgid ""
"The background refresh will process users, groups and netgroups in the cache."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1426
+#: sssd.conf.5.xml:1565
msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1430 sssd-ldap.5.xml:730 sssd-ipa.5.xml:227
+#: sssd.conf.5.xml:1569 sssd-ldap.5.xml:730 sssd-ipa.5.xml:227
msgid "Default: 0 (disabled)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1436
+#: sssd.conf.5.xml:1575
msgid "cache_credentials (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1439
+#: sssd.conf.5.xml:1578
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1443
+#: sssd.conf.5.xml:1582
msgid "User credentials are stored in a SHA512 hash, not in plaintext"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1453
+#: sssd.conf.5.xml:1592
msgid "cache_credentials_minimal_first_factor_length (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1456
+#: sssd.conf.5.xml:1595
msgid ""
"If 2-Factor-Authentication (2FA) is used and credentials should be saved "
"this value determines the minimal length the first authentication factor "
@@ -1827,24 +1986,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1463
+#: sssd.conf.5.xml:1602
msgid ""
"This should avoid that the short PINs of a PIN based 2FA scheme are saved in "
"the cache which would make them easy targets for brute-force attacks."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1468
+#: sssd.conf.5.xml:1607
msgid "Default: 8"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1474
+#: sssd.conf.5.xml:1613
msgid "account_cache_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1477
+#: sssd.conf.5.xml:1616
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -1853,17 +2012,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1484
+#: sssd.conf.5.xml:1623
msgid "Default: 0 (unlimited)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1489
+#: sssd.conf.5.xml:1628
msgid "pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1500
+#: sssd.conf.5.xml:1639
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -1872,33 +2031,33 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1507
+#: sssd.conf.5.xml:1646
msgid "Default: 7 (Kerberos), 0 (LDAP)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1513
+#: sssd.conf.5.xml:1652
msgid "id_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1516
+#: sssd.conf.5.xml:1655
msgid ""
"The identification provider used for the domain. Supported ID providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1520
+#: sssd.conf.5.xml:1659
msgid "<quote>proxy</quote>: Support a legacy NSS provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1523 sssd.conf.5.xml:1660
+#: sssd.conf.5.xml:1662 sssd.conf.5.xml:1799
msgid "<quote>local</quote>: SSSD internal provider for local users"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1527
+#: sssd.conf.5.xml:1666
msgid ""
"<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-"
"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
@@ -1906,8 +2065,8 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1535 sssd.conf.5.xml:1640 sssd.conf.5.xml:1695
-#: sssd.conf.5.xml:1748
+#: sssd.conf.5.xml:1674 sssd.conf.5.xml:1779 sssd.conf.5.xml:1834
+#: sssd.conf.5.xml:1897
msgid ""
"<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management "
"provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
@@ -1916,8 +2075,8 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1544 sssd.conf.5.xml:1649 sssd.conf.5.xml:1704
-#: sssd.conf.5.xml:1757
+#: sssd.conf.5.xml:1683 sssd.conf.5.xml:1788 sssd.conf.5.xml:1843
+#: sssd.conf.5.xml:1906
msgid ""
"<quote>ad</quote>: Active Directory provider. See <citerefentry> "
"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1925,19 +2084,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1555
+#: sssd.conf.5.xml:1694
msgid "use_fully_qualified_names (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1558
+#: sssd.conf.5.xml:1697
msgid ""
"Use the full name and domain (as formatted by the domain's full_name_format) "
"as the user's login name reported to NSS."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1563
+#: sssd.conf.5.xml:1702
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -1946,7 +2105,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1571
+#: sssd.conf.5.xml:1710
msgid ""
"NOTE: This option has no effect on netgroup lookups due to their tendency to "
"include nested netgroups without qualified names. For netgroups, all domains "
@@ -1954,22 +2113,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1578
+#: sssd.conf.5.xml:1717
msgid "Default: FALSE (TRUE if default_domain_suffix is used)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1584
+#: sssd.conf.5.xml:1723
msgid "ignore_group_members (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1587
+#: sssd.conf.5.xml:1726
msgid "Do not return group members for group lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1590
+#: sssd.conf.5.xml:1729
msgid ""
"If set to TRUE, the group membership attribute is not requested from the "
"ldap server, and group members are not returned when processing group lookup "
@@ -1981,7 +2140,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1608
+#: sssd.conf.5.xml:1747
msgid ""
"Enabling this option can also make access provider checks for group "
"membership significantly faster, especially for groups containing many "
@@ -1989,19 +2148,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1619
+#: sssd.conf.5.xml:1758
msgid "auth_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1622
+#: sssd.conf.5.xml:1761
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1626 sssd.conf.5.xml:1688
+#: sssd.conf.5.xml:1765 sssd.conf.5.xml:1827
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2009,7 +2168,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1633
+#: sssd.conf.5.xml:1772
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2017,30 +2176,30 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1657
+#: sssd.conf.5.xml:1796
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1664
+#: sssd.conf.5.xml:1803
msgid "<quote>none</quote> disables authentication explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1667
+#: sssd.conf.5.xml:1806
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1673
+#: sssd.conf.5.xml:1812
msgid "access_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1676
+#: sssd.conf.5.xml:1815
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -2048,19 +2207,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1682
+#: sssd.conf.5.xml:1821
msgid ""
"<quote>permit</quote> always allow access. It's the only permitted access "
"provider for a local domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1685
+#: sssd.conf.5.xml:1824
msgid "<quote>deny</quote> always deny access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1712
+#: sssd.conf.5.xml:1851
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -2069,24 +2228,37 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1719
+#: sssd.conf.5.xml:1858
+msgid ""
+"<quote>krb5</quote>: .k5login based access control. See <citerefentry> "
+"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></"
+"citerefentry> for more information on configuring Kerberos."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1865
+msgid "<quote>proxy</quote> for relaying access control to another PAM module."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1868
msgid "Default: <quote>permit</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1724
+#: sssd.conf.5.xml:1873
msgid "chpass_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1727
+#: sssd.conf.5.xml:1876
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1732
+#: sssd.conf.5.xml:1881
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -2094,7 +2266,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1740
+#: sssd.conf.5.xml:1889
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2102,35 +2274,35 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1765
+#: sssd.conf.5.xml:1914
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1769
+#: sssd.conf.5.xml:1918
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1772
+#: sssd.conf.5.xml:1921
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1779
+#: sssd.conf.5.xml:1928
msgid "sudo_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1782
+#: sssd.conf.5.xml:1931
msgid "The SUDO provider used for the domain. Supported SUDO providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1786
+#: sssd.conf.5.xml:1935
msgid ""
"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2138,32 +2310,32 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1794
+#: sssd.conf.5.xml:1943
msgid ""
"<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default "
"settings."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1798
+#: sssd.conf.5.xml:1947
msgid ""
"<quote>ad</quote> the same as <quote>ldap</quote> but with AD default "
"settings."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1802
+#: sssd.conf.5.xml:1951
msgid "<quote>none</quote> disables SUDO explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1805 sssd.conf.5.xml:1883 sssd.conf.5.xml:1915
-#: sssd.conf.5.xml:1940
+#: sssd.conf.5.xml:1954 sssd.conf.5.xml:2032 sssd.conf.5.xml:2073
+#: sssd.conf.5.xml:2098
msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1809
+#: sssd.conf.5.xml:1958
msgid ""
"The detailed instructions for configuration of sudo_provider are in the "
"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -2174,12 +2346,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1826
+#: sssd.conf.5.xml:1975
msgid "selinux_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1829
+#: sssd.conf.5.xml:1978
msgid ""
"The provider which should handle loading of selinux settings. Note that this "
"provider will be called right after access provider ends. Supported selinux "
@@ -2187,7 +2359,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1835
+#: sssd.conf.5.xml:1984
msgid ""
"<quote>ipa</quote> to load selinux settings from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2195,31 +2367,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1843
+#: sssd.conf.5.xml:1992
msgid "<quote>none</quote> disallows fetching selinux settings explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1846
+#: sssd.conf.5.xml:1995
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"selinux loading requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1852
+#: sssd.conf.5.xml:2001
msgid "subdomains_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1855
+#: sssd.conf.5.xml:2004
msgid ""
"The provider which should handle fetching of subdomains. This value should "
"be always the same as id_provider. Supported subdomain providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1861
+#: sssd.conf.5.xml:2010
msgid ""
"<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2227,7 +2399,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1870
+#: sssd.conf.5.xml:2019
msgid ""
"<quote>ad</quote> to load a list of subdomains from an Active Directory "
"server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> "
@@ -2236,23 +2408,23 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1879
+#: sssd.conf.5.xml:2028
msgid "<quote>none</quote> disallows fetching subdomains explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1890
+#: sssd.conf.5.xml:2039
msgid "autofs_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1893
+#: sssd.conf.5.xml:2042
msgid ""
"The autofs provider used for the domain. Supported autofs providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1897
+#: sssd.conf.5.xml:2046
msgid ""
"<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2260,7 +2432,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1904
+#: sssd.conf.5.xml:2053
msgid ""
"<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2268,24 +2440,32 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1912
+#: sssd.conf.5.xml:2061
+msgid ""
+"<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> "
+"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> for more information on configuring the AD provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2070
msgid "<quote>none</quote> disables autofs explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1922
+#: sssd.conf.5.xml:2080
msgid "hostid_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1925
+#: sssd.conf.5.xml:2083
msgid ""
"The provider used for retrieving host identity information. Supported "
"hostid providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1929
+#: sssd.conf.5.xml:2087
msgid ""
"<quote>ipa</quote> to load host identity stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2293,12 +2473,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1937
+#: sssd.conf.5.xml:2095
msgid "<quote>none</quote> disables hostid explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1950
+#: sssd.conf.5.xml:2108
msgid ""
"Regular expression for this domain that describes how to parse the string "
"containing user name and domain into these components. The \"domain\" can "
@@ -2308,7 +2488,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1959
+#: sssd.conf.5.xml:2117
msgid ""
"Default for the AD and IPA provider: <quote>(((?P&lt;domain&gt;[^\\\\]+)\\"
"\\(?P&lt;name&gt;.+$))|((?P&lt;name&gt;[^@]+)@(?P&lt;domain&gt;.+$))|(^(?"
@@ -2317,29 +2497,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1964
+#: sssd.conf.5.xml:2122
msgid "username"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1967
+#: sssd.conf.5.xml:2125
msgid "username@domain.name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1970
+#: sssd.conf.5.xml:2128
msgid "domain\\username"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1973
+#: sssd.conf.5.xml:2131
msgid ""
"While the first two correspond to the general default the third one is "
"introduced to allow easy integration of users from Windows domains."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1978
+#: sssd.conf.5.xml:2136
msgid ""
"Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
"which translates to \"the name is everything up to the <quote>@</quote> "
@@ -2347,7 +2527,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1984
+#: sssd.conf.5.xml:2142
msgid ""
"PLEASE NOTE: the support for non-unique named subpatterns is not available "
"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
@@ -2355,66 +2535,66 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1991
+#: sssd.conf.5.xml:2149
msgid ""
"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
"P&lt;name&gt;) to label subpatterns."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2038
+#: sssd.conf.5.xml:2196
msgid "Default: <quote>%1$s@%2$s</quote>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2044
+#: sssd.conf.5.xml:2202
msgid "lookup_family_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2047
+#: sssd.conf.5.xml:2205
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2051
+#: sssd.conf.5.xml:2209
msgid "Supported values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2054
+#: sssd.conf.5.xml:2212
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2057
+#: sssd.conf.5.xml:2215
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2060
+#: sssd.conf.5.xml:2218
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2063
+#: sssd.conf.5.xml:2221
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2066
+#: sssd.conf.5.xml:2224
msgid "Default: ipv4_first"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2072
+#: sssd.conf.5.xml:2230
msgid "dns_resolver_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2075
+#: sssd.conf.5.xml:2233
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -2422,70 +2602,70 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2081 sssd-ldap.5.xml:1203 sssd-ldap.5.xml:1245
-#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:248
+#: sssd.conf.5.xml:2239 sssd-ldap.5.xml:1221 sssd-ldap.5.xml:1263
+#: sssd-ldap.5.xml:1281 sssd-krb5.5.xml:248
msgid "Default: 6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2087
+#: sssd.conf.5.xml:2245
msgid "dns_discovery_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2090
+#: sssd.conf.5.xml:2248
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2094
+#: sssd.conf.5.xml:2252
msgid "Default: Use the domain part of machine's hostname"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2100
+#: sssd.conf.5.xml:2258
msgid "override_gid (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2103
+#: sssd.conf.5.xml:2261
msgid "Override the primary GID value with the one specified."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2109
+#: sssd.conf.5.xml:2267
msgid "case_sensitive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2117
+#: sssd.conf.5.xml:2275
msgid "True"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2120
+#: sssd.conf.5.xml:2278
msgid "Case sensitive. This value is invalid for AD provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2126
+#: sssd.conf.5.xml:2284
msgid "False"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2128
+#: sssd.conf.5.xml:2286
msgid "Case insensitive."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2132
+#: sssd.conf.5.xml:2290
msgid "Preserving"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2135
+#: sssd.conf.5.xml:2293
msgid ""
"Same as False (case insensitive), but does not lowercase names in the result "
"of NSS operations. Note that name aliases (and in case of services also "
@@ -2493,7 +2673,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2112
+#: sssd.conf.5.xml:2270
msgid ""
"Treat user and group names as case sensitive. At the moment, this option is "
"not supported in the local provider. Possible option values are: "
@@ -2501,41 +2681,85 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2147
+#: sssd.conf.5.xml:2305
msgid "Default: True (False for AD provider)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2153
-msgid "proxy_fast_alias (boolean)"
+#: sssd.conf.5.xml:2311
+msgid "subdomain_inherit (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2156
+#: sssd.conf.5.xml:2314
msgid ""
-"When a user or group is looked up by name in the proxy provider, a second "
-"lookup by ID is performed to \"canonicalize\" the name in case the requested "
-"name was an alias. Setting this option to true would cause the SSSD to "
-"perform the ID lookup from cache for performance reasons."
+"Specifies a list of configuration parameters that should be inherited by a "
+"subdomain. Please note that only selected parameters can be inherited. "
+"Currently the following options can be inherited:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2320
+msgid "ignore_group_members"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2323
+msgid "ldap_purge_cache_timeout"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2170
+#: sssd.conf.5.xml:2326 sssd-ldap.5.xml:1054
+msgid "ldap_use_tokengroups"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2329
+msgid "ldap_user_principal"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2332
+msgid ""
+"ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab "
+"is not set explicitly)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd.conf.5.xml:2338
+#, no-wrap
+msgid ""
+"subdomain_inherit = ldap_purge_cache_timeout\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2336
+msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2345
+msgid "Note: This option only works with the IPA and AD provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2352
msgid "subdomain_homedir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2181
+#: sssd.conf.5.xml:2363
msgid "%F"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2182
+#: sssd.conf.5.xml:2364
msgid "flat (NetBIOS) name of a subdomain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2173
+#: sssd.conf.5.xml:2355
msgid ""
"Use this homedir as default value for all subdomains within this domain in "
"IPA AD trust. See <emphasis>override_homedir</emphasis> for info about "
@@ -2545,34 +2769,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2187
+#: sssd.conf.5.xml:2369
msgid ""
"The value can be overridden by <emphasis>override_homedir</emphasis> option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2191
+#: sssd.conf.5.xml:2373
msgid "Default: <filename>/home/%d/%u</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2196
+#: sssd.conf.5.xml:2378
msgid "realmd_tags (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2199
+#: sssd.conf.5.xml:2381
msgid ""
"Various tags stored by the realmd configuration service for this domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2205
+#: sssd.conf.5.xml:2387
msgid "cached_auth_timeout (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2208
+#: sssd.conf.5.xml:2390
msgid ""
"Specifies time in seconds since last successful online authentication for "
"which user will be authenticated using cached credentials while SSSD is in "
@@ -2580,12 +2804,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2214
+#: sssd.conf.5.xml:2396
msgid "Special value 0 implies that this feature is disabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2218
+#: sssd.conf.5.xml:2400
msgid ""
"Please note that if <quote>cached_auth_timeout</quote> is longer than "
"<quote>pam_id_timeout</quote> then the back end could be called to handle "
@@ -2593,7 +2817,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1172
+#: sssd.conf.5.xml:1311
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -2601,49 +2825,63 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2236
+#: sssd.conf.5.xml:2418
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2239
+#: sssd.conf.5.xml:2421
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2242
+#: sssd.conf.5.xml:2424
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2250
+#: sssd.conf.5.xml:2432
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2253
+#: sssd.conf.5.xml:2435
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
"for example _nss_files_getpwent."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2445
+msgid "proxy_fast_alias (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2448
+msgid ""
+"When a user or group is looked up by name in the proxy provider, a second "
+"lookup by ID is performed to \"canonicalize\" the name in case the requested "
+"name was an alias. Setting this option to true would cause the SSSD to "
+"perform the ID lookup from cache for performance reasons."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2232
+#: sssd.conf.5.xml:2414
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2265
+#: sssd.conf.5.xml:2465
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2267
+#: sssd.conf.5.xml:2467
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -2651,73 +2889,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2274
+#: sssd.conf.5.xml:2474
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2277
+#: sssd.conf.5.xml:2477
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2281
+#: sssd.conf.5.xml:2481
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2286
+#: sssd.conf.5.xml:2486
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2289
+#: sssd.conf.5.xml:2489
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2294
+#: sssd.conf.5.xml:2494
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2299
+#: sssd.conf.5.xml:2499
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2302
+#: sssd.conf.5.xml:2502
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2306 sssd.conf.5.xml:2318
+#: sssd.conf.5.xml:2506 sssd.conf.5.xml:2518
msgid "Default: TRUE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2311
+#: sssd.conf.5.xml:2511
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2314
+#: sssd.conf.5.xml:2514
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2323
+#: sssd.conf.5.xml:2523
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2326
+#: sssd.conf.5.xml:2526
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -2725,17 +2963,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2334
+#: sssd.conf.5.xml:2534
msgid "Default: 077"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2339
+#: sssd.conf.5.xml:2539
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2342
+#: sssd.conf.5.xml:2542
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -2744,17 +2982,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2352
+#: sssd.conf.5.xml:2552
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2357
+#: sssd.conf.5.xml:2557
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2360
+#: sssd.conf.5.xml:2560
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -2762,17 +3000,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2367
+#: sssd.conf.5.xml:2567
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2372
+#: sssd.conf.5.xml:2572
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2375
+#: sssd.conf.5.xml:2575
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -2780,19 +3018,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2381
+#: sssd.conf.5.xml:2581
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:2391 sssd-ldap.5.xml:2611 sssd-simple.5.xml:131
-#: sssd-ipa.5.xml:717 sssd-ad.5.xml:889 sssd-krb5.5.xml:564
+#: sssd.conf.5.xml:2591 sssd-ldap.5.xml:2629 sssd-simple.5.xml:131
+#: sssd-ipa.5.xml:717 sssd-ad.5.xml:965 sssd-krb5.5.xml:564
#: sss_rpcidmapd.5.xml:98
msgid "EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:2397
+#: sssd.conf.5.xml:2597
#, no-wrap
msgid ""
"[sssd]\n"
@@ -2822,7 +3060,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2393
+#: sssd.conf.5.xml:2593
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -2868,7 +3106,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:88
+#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:89
#: sssd-krb5.5.xml:63 sssd-ifp.5.xml:44
msgid "CONFIGURATION OPTIONS"
msgstr ""
@@ -2968,8 +3206,8 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:646 sssd-ad.5.xml:212
-#: sss_override.8.xml:99 sss_override.8.xml:167
+#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:646 sssd-ad.5.xml:220
+#: sss_override.8.xml:137 sss_override.8.xml:234
msgid "Examples:"
msgstr ""
@@ -3258,14 +3496,14 @@ msgid "ldap_user_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:373 sssd-ldap.5.xml:914 sssd-ldap.5.xml:1119
+#: sssd-ldap.5.xml:373 sssd-ldap.5.xml:914 sssd-ldap.5.xml:1137
msgid ""
"The LDAP attribute that contains timestamp of the last modification of the "
"parent object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:377 sssd-ldap.5.xml:918 sssd-ldap.5.xml:1126
+#: sssd-ldap.5.xml:377 sssd-ldap.5.xml:918 sssd-ldap.5.xml:1144
msgid "Default: modifyTimestamp"
msgstr ""
@@ -3660,8 +3898,8 @@ msgid "The LDAP attribute that corresponds to the user's full name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:743 sssd-ldap.5.xml:850 sssd-ldap.5.xml:1077
-#: sssd-ldap.5.xml:1151 sssd-ldap.5.xml:2192 sssd-ipa.5.xml:590
+#: sssd-ldap.5.xml:743 sssd-ldap.5.xml:850 sssd-ldap.5.xml:1095
+#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:2210 sssd-ipa.5.xml:590
msgid "Default: cn"
msgstr ""
@@ -3865,19 +4103,36 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:945
-msgid "ldap_group_nesting_level (integer)"
+msgid "ldap_group_external_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:948
msgid ""
+"The LDAP attribute that references group members that are defined in an "
+"external domain. At the moment, only IPA's external members are supported."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:954
+msgid "Default: ipaExternalMember in the IPA provider, otherwise unset."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:961
+msgid "ldap_group_nesting_level (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:964
+msgid ""
"If ldap_schema is set to a schema format that supports nested groups (e.g. "
"RFC2307bis), then this option controls how many levels of nesting SSSD will "
"follow. This option has no effect on the RFC2307 schema."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:955
+#: sssd-ldap.5.xml:971
msgid ""
"Note: This option specifies the guaranteed level of nested groups to be "
"processed for any lookup. However, nested groups beyond this limit "
@@ -3887,26 +4142,27 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:964
+#: sssd-ldap.5.xml:980
msgid ""
"If ldap_group_nesting_level is set to 0 then no nested groups are processed "
-"at all. However, when connected to Active-Directory Server 2008 and later it "
-"is furthermore required to disable usage of Token-Groups by setting "
-"ldap_use_tokengroups to false."
+"at all. However, when connected to Active-Directory Server 2008 and later "
+"using <quote>id_provider=ad</quote> it is furthermore required to disable "
+"usage of Token-Groups by setting ldap_use_tokengroups to false in order to "
+"restrict group nesting."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:971
+#: sssd-ldap.5.xml:989
msgid "Default: 2"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:977
+#: sssd-ldap.5.xml:995
msgid "ldap_groups_use_matching_rule_in_chain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:980
+#: sssd-ldap.5.xml:998
msgid ""
"This option tells SSSD to take advantage of an Active Directory-specific "
"feature which may speed up group lookup operations on deployments with "
@@ -3914,14 +4170,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:986
+#: sssd-ldap.5.xml:1004
msgid ""
"In most common cases, it is best to leave this option disabled. It generally "
"only provides a performance increase on very complex nestings."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:991 sssd-ldap.5.xml:1018
+#: sssd-ldap.5.xml:1009 sssd-ldap.5.xml:1036
msgid ""
"If this option is enabled, SSSD will use it if it detects that the server "
"supports it during initial connection. So \"True\" here essentially means "
@@ -3929,7 +4185,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:997 sssd-ldap.5.xml:1024
+#: sssd-ldap.5.xml:1015 sssd-ldap.5.xml:1042
msgid ""
"Note: This feature is currently known to work only with Active Directory "
"2008 R1 and later. See <ulink url=\"http://msdn.microsoft.com/en-us/library/"
@@ -3937,19 +4193,13 @@ msgid ""
"for more details."
msgstr ""
-#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1003 sssd-ldap.5.xml:1030 sssd-ldap.5.xml:1321
-#: sssd-ldap.5.xml:1342 sssd-ldap.5.xml:1848 include/ldap_id_mapping.xml:242
-msgid "Default: False"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1009
+#: sssd-ldap.5.xml:1027
msgid "ldap_initgroups_use_matching_rule_in_chain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1012
+#: sssd-ldap.5.xml:1030
msgid ""
"This option tells SSSD to take advantage of an Active Directory-specific "
"feature which might speed up initgroups operations (most notably when "
@@ -3957,168 +4207,168 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1039
+#: sssd-ldap.5.xml:1057
msgid ""
"This options enables or disables use of Token-Groups attribute when "
"performing initgroup for users from Active Directory Server 2008 and later."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1044
+#: sssd-ldap.5.xml:1062
msgid "Default: True for AD and IPA otherwise False."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1050
+#: sssd-ldap.5.xml:1068
msgid "ldap_netgroup_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1053
+#: sssd-ldap.5.xml:1071
msgid "The object class of a netgroup entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1056
+#: sssd-ldap.5.xml:1074
msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1060
+#: sssd-ldap.5.xml:1078
msgid "Default: nisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1066
+#: sssd-ldap.5.xml:1084
msgid "ldap_netgroup_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1069
+#: sssd-ldap.5.xml:1087
msgid "The LDAP attribute that corresponds to the netgroup name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1073
+#: sssd-ldap.5.xml:1091
msgid "In IPA provider, ipa_netgroup_name should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1083
+#: sssd-ldap.5.xml:1101
msgid "ldap_netgroup_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1086
+#: sssd-ldap.5.xml:1104
msgid "The LDAP attribute that contains the names of the netgroup's members."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1090
+#: sssd-ldap.5.xml:1108
msgid "In IPA provider, ipa_netgroup_member should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1094
+#: sssd-ldap.5.xml:1112
msgid "Default: memberNisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1100
+#: sssd-ldap.5.xml:1118
msgid "ldap_netgroup_triple (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1103
+#: sssd-ldap.5.xml:1121
msgid ""
"The LDAP attribute that contains the (host, user, domain) netgroup triples."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1107 sssd-ldap.5.xml:1123
+#: sssd-ldap.5.xml:1125 sssd-ldap.5.xml:1141
msgid "This option is not available in IPA provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1110
+#: sssd-ldap.5.xml:1128
msgid "Default: nisNetgroupTriple"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1116
+#: sssd-ldap.5.xml:1134
msgid "ldap_netgroup_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1132
+#: sssd-ldap.5.xml:1150
msgid "ldap_service_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1135
+#: sssd-ldap.5.xml:1153
msgid "The object class of a service entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1138
+#: sssd-ldap.5.xml:1156
msgid "Default: ipService"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1144
+#: sssd-ldap.5.xml:1162
msgid "ldap_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1147
+#: sssd-ldap.5.xml:1165
msgid ""
"The LDAP attribute that contains the name of service attributes and their "
"aliases."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1157
+#: sssd-ldap.5.xml:1175
msgid "ldap_service_port (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1160
+#: sssd-ldap.5.xml:1178
msgid "The LDAP attribute that contains the port managed by this service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1164
+#: sssd-ldap.5.xml:1182
msgid "Default: ipServicePort"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1170
+#: sssd-ldap.5.xml:1188
msgid "ldap_service_proto (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1173
+#: sssd-ldap.5.xml:1191
msgid ""
"The LDAP attribute that contains the protocols understood by this service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1177
+#: sssd-ldap.5.xml:1195
msgid "Default: ipServiceProtocol"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1183
+#: sssd-ldap.5.xml:1201
msgid "ldap_service_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1188
+#: sssd-ldap.5.xml:1206
msgid "ldap_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1191
+#: sssd-ldap.5.xml:1209
msgid ""
"Specifies the timeout (in seconds) that ldap searches are allowed to run "
"before they are cancelled and cached results are returned (and offline mode "
@@ -4126,7 +4376,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1197
+#: sssd-ldap.5.xml:1215
msgid ""
"Note: this option is subject to change in future versions of the SSSD. It "
"will likely be replaced at some point by a series of timeouts for specific "
@@ -4134,12 +4384,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1209
+#: sssd-ldap.5.xml:1227
msgid "ldap_enumeration_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1212
+#: sssd-ldap.5.xml:1230
msgid ""
"Specifies the timeout (in seconds) that ldap searches for user and group "
"enumerations are allowed to run before they are cancelled and cached results "
@@ -4147,12 +4397,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1225
+#: sssd-ldap.5.xml:1243
msgid "ldap_network_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1228
+#: sssd-ldap.5.xml:1246
msgid ""
"Specifies the timeout (in seconds) after which the <citerefentry> "
"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
@@ -4163,12 +4413,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1251
+#: sssd-ldap.5.xml:1269
msgid "ldap_opt_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1254
+#: sssd-ldap.5.xml:1272
msgid ""
"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
"will abort if no response is received. Also controls the timeout when "
@@ -4177,12 +4427,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1269
+#: sssd-ldap.5.xml:1287
msgid "ldap_connection_expire_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1272
+#: sssd-ldap.5.xml:1290
msgid ""
"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
"maintained. After this time, the connection will be re-established. If used "
@@ -4191,34 +4441,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1280 sssd-ldap.5.xml:2349
+#: sssd-ldap.5.xml:1298 sssd-ldap.5.xml:2367
msgid "Default: 900 (15 minutes)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1286
+#: sssd-ldap.5.xml:1304
msgid "ldap_page_size (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1289
+#: sssd-ldap.5.xml:1307
msgid ""
"Specify the number of records to retrieve from LDAP in a single request. "
"Some LDAP servers enforce a maximum limit per-request."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1294
+#: sssd-ldap.5.xml:1312
msgid "Default: 1000"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1300
+#: sssd-ldap.5.xml:1318
msgid "ldap_disable_paging (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1303
+#: sssd-ldap.5.xml:1321
msgid ""
"Disable the LDAP paging control. This option should be used if the LDAP "
"server reports that it supports the LDAP paging control in its RootDSE but "
@@ -4226,14 +4476,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1309
+#: sssd-ldap.5.xml:1327
msgid ""
"Example: OpenLDAP servers with the paging control module installed on the "
"server but not enabled will report it in the RootDSE but be unable to use it."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1315
+#: sssd-ldap.5.xml:1333
msgid ""
"Example: 389 DS has a bug where it can only support a one paging control at "
"a time on a single connection. On busy clients, this can result in some "
@@ -4241,17 +4491,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1327
+#: sssd-ldap.5.xml:1345
msgid "ldap_disable_range_retrieval (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1330
+#: sssd-ldap.5.xml:1348
msgid "Disable Active Directory range retrieval."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1333
+#: sssd-ldap.5.xml:1351
msgid ""
"Active Directory limits the number of members to be retrieved in a single "
"lookup using the MaxValRange policy (which defaults to 1500 members). If a "
@@ -4261,12 +4511,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1348
+#: sssd-ldap.5.xml:1366
msgid "ldap_sasl_minssf (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1351
+#: sssd-ldap.5.xml:1369
msgid ""
"When communicating with an LDAP server using SASL, specify the minimum "
"security level necessary to establish the connection. The values of this "
@@ -4274,17 +4524,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1357
+#: sssd-ldap.5.xml:1375
msgid "Default: Use the system default (usually specified by ldap.conf)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1364
+#: sssd-ldap.5.xml:1382
msgid "ldap_deref_threshold (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1367
+#: sssd-ldap.5.xml:1385
msgid ""
"Specify the number of group members that must be missing from the internal "
"cache in order to trigger a dereference lookup. If less members are missing, "
@@ -4292,13 +4542,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1373
+#: sssd-ldap.5.xml:1391
msgid ""
"You can turn off dereference lookups completely by setting the value to 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1377
+#: sssd-ldap.5.xml:1395
msgid ""
"A dereference lookup is a means of fetching all group members in a single "
"LDAP call. Different LDAP servers may implement different dereference "
@@ -4307,7 +4557,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1385
+#: sssd-ldap.5.xml:1403
msgid ""
"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
"filter, then the dereference lookup performance enhancement will be disabled "
@@ -4315,26 +4565,26 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1398
+#: sssd-ldap.5.xml:1416
msgid "ldap_tls_reqcert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1401
+#: sssd-ldap.5.xml:1419
msgid ""
"Specifies what checks to perform on server certificates in a TLS session, if "
"any. It can be specified as one of the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1407
+#: sssd-ldap.5.xml:1425
msgid ""
"<emphasis>never</emphasis> = The client will not request or check any server "
"certificate."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1411
+#: sssd-ldap.5.xml:1429
msgid ""
"<emphasis>allow</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -4342,7 +4592,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1418
+#: sssd-ldap.5.xml:1436
msgid ""
"<emphasis>try</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -4350,7 +4600,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1424
+#: sssd-ldap.5.xml:1442
msgid ""
"<emphasis>demand</emphasis> = The server certificate is requested. If no "
"certificate is provided, or a bad certificate is provided, the session is "
@@ -4358,41 +4608,41 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1430
+#: sssd-ldap.5.xml:1448
msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1434
+#: sssd-ldap.5.xml:1452
msgid "Default: hard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1440
+#: sssd-ldap.5.xml:1458
msgid "ldap_tls_cacert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1443
+#: sssd-ldap.5.xml:1461
msgid ""
"Specifies the file that contains certificates for all of the Certificate "
"Authorities that <command>sssd</command> will recognize."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1448 sssd-ldap.5.xml:1466 sssd-ldap.5.xml:1507
+#: sssd-ldap.5.xml:1466 sssd-ldap.5.xml:1484 sssd-ldap.5.xml:1525
msgid ""
"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
"conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1455
+#: sssd-ldap.5.xml:1473
msgid "ldap_tls_cacertdir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1458
+#: sssd-ldap.5.xml:1476
msgid ""
"Specifies the path of a directory that contains Certificate Authority "
"certificates in separate individual files. Typically the file names need to "
@@ -4401,32 +4651,32 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1473
+#: sssd-ldap.5.xml:1491
msgid "ldap_tls_cert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1476
+#: sssd-ldap.5.xml:1494
msgid "Specifies the file that contains the certificate for the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1486
+#: sssd-ldap.5.xml:1504
msgid "ldap_tls_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1489
+#: sssd-ldap.5.xml:1507
msgid "Specifies the file that contains the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1498
+#: sssd-ldap.5.xml:1516
msgid "ldap_tls_cipher_suite (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1501
+#: sssd-ldap.5.xml:1519
msgid ""
"Specifies acceptable cipher suites. Typically this is a colon separated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -4434,24 +4684,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1514
+#: sssd-ldap.5.xml:1532
msgid "ldap_id_use_start_tls (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1517
+#: sssd-ldap.5.xml:1535
msgid ""
"Specifies that the id_provider connection must also use <systemitem class="
"\"protocol\">tls</systemitem> to protect the channel."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1527
+#: sssd-ldap.5.xml:1545
msgid "ldap_id_mapping (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1530
+#: sssd-ldap.5.xml:1548
msgid ""
"Specifies that SSSD should attempt to map user and group IDs from the "
"ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
@@ -4459,17 +4709,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1536
+#: sssd-ldap.5.xml:1554
msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1546
+#: sssd-ldap.5.xml:1564
msgid "ldap_min_id, ldap_max_id (interger)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1549
+#: sssd-ldap.5.xml:1567
msgid ""
"In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
"set to true the allowed ID range for ldap_user_uid_number and "
@@ -4480,29 +4730,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1561
+#: sssd-ldap.5.xml:1579
msgid "Default: not set (both options are set to 0)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1567
+#: sssd-ldap.5.xml:1585
msgid "ldap_sasl_mech (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1570
+#: sssd-ldap.5.xml:1588
msgid ""
"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
"supported."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1580
+#: sssd-ldap.5.xml:1598
msgid "ldap_sasl_authid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1583
+#: sssd-ldap.5.xml:1601
msgid ""
"Specify the SASL authorization id to use. When GSSAPI is used, this "
"represents the Kerberos principal used for authentication to the directory. "
@@ -4511,17 +4761,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1591
+#: sssd-ldap.5.xml:1609
msgid "Default: host/hostname@REALM"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1597
+#: sssd-ldap.5.xml:1615
msgid "ldap_sasl_realm (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1600
+#: sssd-ldap.5.xml:1618
msgid ""
"Specify the SASL realm to use. When not specified, this option defaults to "
"the value of krb5_realm. If the ldap_sasl_authid contains the realm as "
@@ -4529,49 +4779,49 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1606
+#: sssd-ldap.5.xml:1624
msgid "Default: the value of krb5_realm."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1612
+#: sssd-ldap.5.xml:1630
msgid "ldap_sasl_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1615
+#: sssd-ldap.5.xml:1633
msgid ""
"If set to true, the LDAP library would perform a reverse lookup to "
"canonicalize the host name during a SASL bind."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1620
+#: sssd-ldap.5.xml:1638
msgid "Default: false;"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1626
+#: sssd-ldap.5.xml:1644
msgid "ldap_krb5_keytab (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1629
+#: sssd-ldap.5.xml:1647
msgid "Specify the keytab to use when using SASL/GSSAPI."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1632
+#: sssd-ldap.5.xml:1650
msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1638
+#: sssd-ldap.5.xml:1656
msgid "ldap_krb5_init_creds (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1641
+#: sssd-ldap.5.xml:1659
msgid ""
"Specifies that the id_provider should init Kerberos credentials (TGT). This "
"action is performed only if SASL is used and the mechanism selected is "
@@ -4579,27 +4829,27 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1653
+#: sssd-ldap.5.xml:1671
msgid "ldap_krb5_ticket_lifetime (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1656
+#: sssd-ldap.5.xml:1674
msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1660 sssd-ad.5.xml:783
+#: sssd-ldap.5.xml:1678 sssd-ad.5.xml:859
msgid "Default: 86400 (24 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1666 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1684 sssd-krb5.5.xml:74
msgid "krb5_server, krb5_backup_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1669
+#: sssd-ldap.5.xml:1687
msgid ""
"Specifies the comma-separated list of IP addresses or hostnames of the "
"Kerberos servers to which SSSD should connect in the order of preference. "
@@ -4611,7 +4861,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1681 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1699 sssd-krb5.5.xml:89
msgid ""
"When using service discovery for KDC or kpasswd servers, SSSD first searches "
"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -4619,7 +4869,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1686 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1704 sssd-krb5.5.xml:94
msgid ""
"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
"While the legacy name is recognized for the time being, users are advised to "
@@ -4627,39 +4877,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1695 sssd-ipa.5.xml:415 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1713 sssd-ipa.5.xml:415 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1698
+#: sssd-ldap.5.xml:1716
msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1701
+#: sssd-ldap.5.xml:1719
msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1707 sssd-ipa.5.xml:430 sssd-krb5.5.xml:462
+#: sssd-ldap.5.xml:1725 sssd-ipa.5.xml:430 sssd-krb5.5.xml:462
msgid "krb5_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1710
+#: sssd-ldap.5.xml:1728
msgid ""
"Specifies if the host principal should be canonicalized when connecting to "
"LDAP server. This feature is available with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1722 sssd-krb5.5.xml:477
+#: sssd-ldap.5.xml:1740 sssd-krb5.5.xml:477
msgid "krb5_use_kdcinfo (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1725 sssd-krb5.5.xml:480
+#: sssd-ldap.5.xml:1743 sssd-krb5.5.xml:480
msgid ""
"Specifies if the SSSD should instruct the Kerberos libraries what realm and "
"which KDCs to use. This option is on by default, if you disable it, you need "
@@ -4669,7 +4919,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1736 sssd-krb5.5.xml:491
+#: sssd-ldap.5.xml:1754 sssd-krb5.5.xml:491
msgid ""
"See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
@@ -4677,26 +4927,26 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1750
+#: sssd-ldap.5.xml:1768
msgid "ldap_pwd_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1753
+#: sssd-ldap.5.xml:1771
msgid ""
"Select the policy to evaluate the password expiration on the client side. "
"The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1758
+#: sssd-ldap.5.xml:1776
msgid ""
"<emphasis>none</emphasis> - No evaluation on the client side. This option "
"cannot disable server-side password policies."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1763
+#: sssd-ldap.5.xml:1781
msgid ""
"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -4704,7 +4954,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1769
+#: sssd-ldap.5.xml:1787
msgid ""
"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
"to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -4712,31 +4962,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1778
+#: sssd-ldap.5.xml:1796
msgid ""
"<emphasis>Note</emphasis>: if a password policy is configured on server "
"side, it always takes precedence over policy set with this option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1786
+#: sssd-ldap.5.xml:1804
msgid "ldap_referrals (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1789
+#: sssd-ldap.5.xml:1807
msgid "Specifies whether automatic referral chasing should be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1793
+#: sssd-ldap.5.xml:1811
msgid ""
"Please note that sssd only supports referral chasing when it is compiled "
"with OpenLDAP version 2.4.13 or higher."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1798
+#: sssd-ldap.5.xml:1816
msgid ""
"Chasing referrals may incur a performance penalty in environments that use "
"them heavily, a notable example is Microsoft Active Directory. If your setup "
@@ -4745,56 +4995,56 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1812
+#: sssd-ldap.5.xml:1830
msgid "ldap_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1815
+#: sssd-ldap.5.xml:1833
msgid "Specifies the service name to use when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1819
+#: sssd-ldap.5.xml:1837
msgid "Default: ldap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1825
+#: sssd-ldap.5.xml:1843
msgid "ldap_chpass_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1828
+#: sssd-ldap.5.xml:1846
msgid ""
"Specifies the service name to use to find an LDAP server which allows "
"password changes when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1833
+#: sssd-ldap.5.xml:1851
msgid "Default: not set, i.e. service discovery is disabled"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1839
+#: sssd-ldap.5.xml:1857
msgid "ldap_chpass_update_last_change (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1842
+#: sssd-ldap.5.xml:1860
msgid ""
"Specifies whether to update the ldap_user_shadow_last_change attribute with "
"days since the Epoch after a password change operation."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1854
+#: sssd-ldap.5.xml:1872
msgid "ldap_access_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1857
+#: sssd-ldap.5.xml:1875
msgid ""
"If using access_provider = ldap and ldap_access_order = filter (default), "
"this option is mandatory. It specifies an LDAP search filter criteria that "
@@ -4810,12 +5060,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1877
+#: sssd-ldap.5.xml:1895
msgid "Example:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1880
+#: sssd-ldap.5.xml:1898
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -4824,14 +5074,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1884
+#: sssd-ldap.5.xml:1902
msgid ""
"This example means that access to this host is restricted to users whose "
"employeeType attribute is set to \"admin\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1889
+#: sssd-ldap.5.xml:1907
msgid ""
"Offline caching for this feature is limited to determining whether the "
"user's last online login was granted access permission. If they were granted "
@@ -4840,24 +5090,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1897 sssd-ldap.5.xml:1954
+#: sssd-ldap.5.xml:1915 sssd-ldap.5.xml:1972
msgid "Default: Empty"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1903
+#: sssd-ldap.5.xml:1921
msgid "ldap_account_expire_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1906
+#: sssd-ldap.5.xml:1924
msgid ""
"With this option a client side evaluation of access control attributes can "
"be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1910
+#: sssd-ldap.5.xml:1928
msgid ""
"Please note that it is always recommended to use server side access control, "
"i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -4865,19 +5115,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1917
+#: sssd-ldap.5.xml:1935
msgid "The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1920
+#: sssd-ldap.5.xml:1938
msgid ""
"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
"determine if the account is expired."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1925
+#: sssd-ldap.5.xml:1943
msgid ""
"<emphasis>ad</emphasis>: use the value of the 32bit field "
"ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -4886,7 +5136,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1932
+#: sssd-ldap.5.xml:1950
msgid ""
"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
"emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -4894,7 +5144,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1938
+#: sssd-ldap.5.xml:1956
msgid ""
"<emphasis>nds</emphasis>: the values of "
"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -4903,7 +5153,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1947
+#: sssd-ldap.5.xml:1965
msgid ""
"Please note that the ldap_access_order configuration option <emphasis>must</"
"emphasis> include <quote>expire</quote> in order for the "
@@ -4911,22 +5161,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1960
+#: sssd-ldap.5.xml:1978
msgid "ldap_access_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1963
+#: sssd-ldap.5.xml:1981
msgid "Comma separated list of access control options. Allowed values are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1967
+#: sssd-ldap.5.xml:1985
msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1970
+#: sssd-ldap.5.xml:1988
msgid ""
"<emphasis>lockout</emphasis>: use account locking. If set, this option "
"denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -4936,14 +5186,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1980
+#: sssd-ldap.5.xml:1998
msgid ""
"<emphasis> Please note that this option is superseded by the <quote>ppolicy</"
"quote> option and might be removed in a future release. </emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1987
+#: sssd-ldap.5.xml:2005
msgid ""
"<emphasis>ppolicy</emphasis>: use account locking. If set, this option "
"denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -4956,12 +5206,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2004
+#: sssd-ldap.5.xml:2022
msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2008
+#: sssd-ldap.5.xml:2026
msgid ""
"<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, "
"pwd_expire_policy_renew: </emphasis> These options are useful if users are "
@@ -4971,7 +5221,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2018
+#: sssd-ldap.5.xml:2036
msgid ""
"The difference between these options is the action taken if user password is "
"expired: pwd_expire_policy_reject - user is denied to log in, "
@@ -4981,49 +5231,49 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2026
+#: sssd-ldap.5.xml:2044
msgid ""
"Note If user password is expired no explicit message is prompted by SSSD."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2030
+#: sssd-ldap.5.xml:2048
msgid ""
"Please note that 'access_provider = ldap' must be set for this feature to "
"work. Also 'ldap_pwd_policy' must be set to an appropriate password policy."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2035
+#: sssd-ldap.5.xml:2053
msgid ""
"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
"to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2040
+#: sssd-ldap.5.xml:2058
msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2044
+#: sssd-ldap.5.xml:2062
msgid "Default: filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2047
+#: sssd-ldap.5.xml:2065
msgid ""
"Please note that it is a configuration error if a value is used more than "
"once."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2054
+#: sssd-ldap.5.xml:2072
msgid "ldap_pwdlockout_dn (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2057
+#: sssd-ldap.5.xml:2075
msgid ""
"This option specifies the DN of password policy entry on LDAP server. Please "
"note that absence of this option in sssd.conf in case of enabled account "
@@ -5032,74 +5282,74 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2065
+#: sssd-ldap.5.xml:2083
msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2068
+#: sssd-ldap.5.xml:2086
msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2074
+#: sssd-ldap.5.xml:2092
msgid "ldap_deref (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2077
+#: sssd-ldap.5.xml:2095
msgid ""
"Specifies how alias dereferencing is done when performing a search. The "
"following options are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2082
+#: sssd-ldap.5.xml:2100
msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2086
+#: sssd-ldap.5.xml:2104
msgid ""
"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
"the base object, but not in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2091
+#: sssd-ldap.5.xml:2109
msgid ""
"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
"the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2096
+#: sssd-ldap.5.xml:2114
msgid ""
"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
"in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2101
+#: sssd-ldap.5.xml:2119
msgid ""
"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
"client libraries)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2109
+#: sssd-ldap.5.xml:2127
msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2112
+#: sssd-ldap.5.xml:2130
msgid ""
"Allows to retain local users as members of an LDAP group for servers that "
"use the RFC2307 schema."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2116
+#: sssd-ldap.5.xml:2134
msgid ""
"In some environments where the RFC2307 schema is used, local users are made "
"members of LDAP groups by adding their names to the memberUid attribute. "
@@ -5110,7 +5360,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2127
+#: sssd-ldap.5.xml:2145
msgid ""
"This option falls back to checking if local users are referenced, and caches "
"them so that later initgroups() calls will augment the local users with the "
@@ -5118,24 +5368,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2139 sssd-ifp.5.xml:136
+#: sssd-ldap.5.xml:2157 sssd-ifp.5.xml:136
msgid "wildcart_limit (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2142
+#: sssd-ldap.5.xml:2160
msgid ""
"Specifies an upper limit on the number of entries that are downloaded during "
"a wildcard lookup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2146
+#: sssd-ldap.5.xml:2164
msgid "At the moment, only the InfoPipe responder supports wildcard lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2150
+#: sssd-ldap.5.xml:2168
msgid "Default: 1000 (often the size of one page)"
msgstr ""
@@ -5150,12 +5400,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2160
+#: sssd-ldap.5.xml:2178
msgid "SUDO OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2162
+#: sssd-ldap.5.xml:2180
msgid ""
"The detailed instructions for configuration of sudo_provider are in the "
"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -5163,208 +5413,208 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2173
+#: sssd-ldap.5.xml:2191
msgid "ldap_sudorule_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2176
+#: sssd-ldap.5.xml:2194
msgid "The object class of a sudo rule entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2179
+#: sssd-ldap.5.xml:2197
msgid "Default: sudoRole"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2185
+#: sssd-ldap.5.xml:2203
msgid "ldap_sudorule_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2188
+#: sssd-ldap.5.xml:2206
msgid "The LDAP attribute that corresponds to the sudo rule name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2198
+#: sssd-ldap.5.xml:2216
msgid "ldap_sudorule_command (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2201
+#: sssd-ldap.5.xml:2219
msgid "The LDAP attribute that corresponds to the command name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2205
+#: sssd-ldap.5.xml:2223
msgid "Default: sudoCommand"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2211
+#: sssd-ldap.5.xml:2229
msgid "ldap_sudorule_host (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2214
+#: sssd-ldap.5.xml:2232
msgid ""
"The LDAP attribute that corresponds to the host name (or host IP address, "
"host IP network, or host netgroup)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2219
+#: sssd-ldap.5.xml:2237
msgid "Default: sudoHost"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2225
+#: sssd-ldap.5.xml:2243
msgid "ldap_sudorule_user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2228
+#: sssd-ldap.5.xml:2246
msgid ""
"The LDAP attribute that corresponds to the user name (or UID, group name or "
"user's netgroup)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2232
+#: sssd-ldap.5.xml:2250
msgid "Default: sudoUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2238
+#: sssd-ldap.5.xml:2256
msgid "ldap_sudorule_option (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2241
+#: sssd-ldap.5.xml:2259
msgid "The LDAP attribute that corresponds to the sudo options."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2245
+#: sssd-ldap.5.xml:2263
msgid "Default: sudoOption"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2251
+#: sssd-ldap.5.xml:2269
msgid "ldap_sudorule_runasuser (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2254
+#: sssd-ldap.5.xml:2272
msgid ""
"The LDAP attribute that corresponds to the user name that commands may be "
"run as."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2258
+#: sssd-ldap.5.xml:2276
msgid "Default: sudoRunAsUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2264
+#: sssd-ldap.5.xml:2282
msgid "ldap_sudorule_runasgroup (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2267
+#: sssd-ldap.5.xml:2285
msgid ""
"The LDAP attribute that corresponds to the group name or group GID that "
"commands may be run as."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2271
+#: sssd-ldap.5.xml:2289
msgid "Default: sudoRunAsGroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2277
+#: sssd-ldap.5.xml:2295
msgid "ldap_sudorule_notbefore (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2280
+#: sssd-ldap.5.xml:2298
msgid ""
"The LDAP attribute that corresponds to the start date/time for when the sudo "
"rule is valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2284
+#: sssd-ldap.5.xml:2302
msgid "Default: sudoNotBefore"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2290
+#: sssd-ldap.5.xml:2308
msgid "ldap_sudorule_notafter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2293
+#: sssd-ldap.5.xml:2311
msgid ""
"The LDAP attribute that corresponds to the expiration date/time, after which "
"the sudo rule will no longer be valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2298
+#: sssd-ldap.5.xml:2316
msgid "Default: sudoNotAfter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2304
+#: sssd-ldap.5.xml:2322
msgid "ldap_sudorule_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2307
+#: sssd-ldap.5.xml:2325
msgid "The LDAP attribute that corresponds to the ordering index of the rule."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2311
+#: sssd-ldap.5.xml:2329
msgid "Default: sudoOrder"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2317
+#: sssd-ldap.5.xml:2335
msgid "ldap_sudo_full_refresh_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2320
+#: sssd-ldap.5.xml:2338
msgid ""
"How many seconds SSSD will wait between executing a full refresh of sudo "
"rules (which downloads all rules that are stored on the server)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2325
+#: sssd-ldap.5.xml:2343
msgid ""
"The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
"emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2330
+#: sssd-ldap.5.xml:2348
msgid "Default: 21600 (6 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2336
+#: sssd-ldap.5.xml:2354
msgid "ldap_sudo_smart_refresh_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2339
+#: sssd-ldap.5.xml:2357
msgid ""
"How many seconds SSSD has to wait before executing a smart refresh of sudo "
"rules (which downloads all rules that have USN higher than the highest USN "
@@ -5372,101 +5622,101 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2345
+#: sssd-ldap.5.xml:2363
msgid ""
"If USN attributes are not supported by the server, the modifyTimestamp "
"attribute is used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2355
+#: sssd-ldap.5.xml:2373
msgid "ldap_sudo_use_host_filter (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2358
+#: sssd-ldap.5.xml:2376
msgid ""
"If true, SSSD will download only rules that are applicable to this machine "
"(using the IPv4 or IPv6 host/network addresses and hostnames)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2369
+#: sssd-ldap.5.xml:2387
msgid "ldap_sudo_hostnames (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2372
+#: sssd-ldap.5.xml:2390
msgid ""
"Space separated list of hostnames or fully qualified domain names that "
"should be used to filter the rules."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2377
+#: sssd-ldap.5.xml:2395
msgid ""
"If this option is empty, SSSD will try to discover the hostname and the "
"fully qualified domain name automatically."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2382 sssd-ldap.5.xml:2405 sssd-ldap.5.xml:2423
-#: sssd-ldap.5.xml:2441
+#: sssd-ldap.5.xml:2400 sssd-ldap.5.xml:2423 sssd-ldap.5.xml:2441
+#: sssd-ldap.5.xml:2459
msgid ""
"If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
"emphasis> then this option has no effect."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2387 sssd-ldap.5.xml:2410
+#: sssd-ldap.5.xml:2405 sssd-ldap.5.xml:2428
msgid "Default: not specified"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2393
+#: sssd-ldap.5.xml:2411
msgid "ldap_sudo_ip (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2396
+#: sssd-ldap.5.xml:2414
msgid ""
"Space separated list of IPv4 or IPv6 host/network addresses that should be "
"used to filter the rules."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2401
+#: sssd-ldap.5.xml:2419
msgid ""
"If this option is empty, SSSD will try to discover the addresses "
"automatically."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2416
+#: sssd-ldap.5.xml:2434
msgid "ldap_sudo_include_netgroups (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2419
+#: sssd-ldap.5.xml:2437
msgid ""
"If true then SSSD will download every rule that contains a netgroup in "
"sudoHost attribute."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2434
+#: sssd-ldap.5.xml:2452
msgid "ldap_sudo_include_regexp (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2437
+#: sssd-ldap.5.xml:2455
msgid ""
"If true then SSSD will download every rule that contains a wildcard in "
"sudoHost attribute."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2453
+#: sssd-ldap.5.xml:2471
msgid ""
"This manual page only describes attribute name mapping. For detailed "
"explanation of sudo related attribute semantics, see <citerefentry> "
@@ -5475,108 +5725,108 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2463
+#: sssd-ldap.5.xml:2481
msgid "AUTOFS OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2465
+#: sssd-ldap.5.xml:2483
msgid ""
"Some of the defaults for the parameters below are dependent on the LDAP "
"schema."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2471
+#: sssd-ldap.5.xml:2489
msgid "ldap_autofs_map_master_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2474
+#: sssd-ldap.5.xml:2492
msgid "The name of the automount master map in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2477
+#: sssd-ldap.5.xml:2495
msgid "Default: auto.master"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2484
+#: sssd-ldap.5.xml:2502
msgid "ldap_autofs_map_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2487
+#: sssd-ldap.5.xml:2505
msgid "The object class of an automount map entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2490
+#: sssd-ldap.5.xml:2508
msgid "Default: automountMap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2497
+#: sssd-ldap.5.xml:2515
msgid "ldap_autofs_map_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2500
+#: sssd-ldap.5.xml:2518
msgid "The name of an automount map entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2503
+#: sssd-ldap.5.xml:2521
msgid "Default: ou (rfc2307), automountMapName (rfc2307bis, ipa, ad)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2511
+#: sssd-ldap.5.xml:2529
msgid "ldap_autofs_entry_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2514
+#: sssd-ldap.5.xml:2532
msgid ""
"The object class of an automount entry in LDAP. The entry usually "
"corresponds to a mount point."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2519
+#: sssd-ldap.5.xml:2537
msgid "Default: automount"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2526
+#: sssd-ldap.5.xml:2544
msgid "ldap_autofs_entry_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2529 sssd-ldap.5.xml:2544
+#: sssd-ldap.5.xml:2547 sssd-ldap.5.xml:2562
msgid ""
"The key of an automount entry in LDAP. The entry usually corresponds to a "
"mount point."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2533
+#: sssd-ldap.5.xml:2551
msgid "Default: cn (rfc2307), automountKey (rfc2307bis, ipa, ad)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2541
+#: sssd-ldap.5.xml:2559
msgid "ldap_autofs_entry_value (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2548
+#: sssd-ldap.5.xml:2566
msgid "Default: automountInformation"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2469
+#: sssd-ldap.5.xml:2487
msgid ""
"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
@@ -5585,32 +5835,32 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2558
+#: sssd-ldap.5.xml:2576
msgid "ADVANCED OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2565
+#: sssd-ldap.5.xml:2583
msgid "ldap_netgroup_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2570
+#: sssd-ldap.5.xml:2588
msgid "ldap_user_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2575
+#: sssd-ldap.5.xml:2593
msgid "ldap_group_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><note>
-#: sssd-ldap.5.xml:2580
+#: sssd-ldap.5.xml:2598
msgid "<note>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para>
-#: sssd-ldap.5.xml:2582
+#: sssd-ldap.5.xml:2600
msgid ""
"If the option <quote>ldap_use_tokengroups</quote> is enabled. The searches "
"against Active Directory will not be restricted and return all groups "
@@ -5619,22 +5869,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist>
-#: sssd-ldap.5.xml:2589
+#: sssd-ldap.5.xml:2607
msgid "</note>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2591
+#: sssd-ldap.5.xml:2609
msgid "ldap_sudo_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2596
+#: sssd-ldap.5.xml:2614
msgid "ldap_autofs_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2560
+#: sssd-ldap.5.xml:2578
msgid ""
"These options are supported by LDAP domains, but they should be used with "
"caution. Please include them in your configuration only if you know what you "
@@ -5643,7 +5893,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2613
+#: sssd-ldap.5.xml:2631
msgid ""
"The following example assumes that SSSD is correctly configured and LDAP is "
"set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -5651,7 +5901,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2619
+#: sssd-ldap.5.xml:2637
#, no-wrap
msgid ""
"[domain/LDAP]\n"
@@ -5664,26 +5914,26 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: sssd-ldap.5.xml:2618 sssd-ldap.5.xml:2636 sssd-simple.5.xml:139
-#: sssd-ipa.5.xml:725 sssd-ad.5.xml:897 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98
+#: sssd-ldap.5.xml:2636 sssd-ldap.5.xml:2654 sssd-simple.5.xml:139
+#: sssd-ipa.5.xml:725 sssd-ad.5.xml:973 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98
#: sssd-krb5.5.xml:573 include/ldap_id_mapping.xml:105
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2630
+#: sssd-ldap.5.xml:2648
msgid "LDAP ACCESS FILTER EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2632
+#: sssd-ldap.5.xml:2650
msgid ""
"The following example assumes that SSSD is correctly configured and to use "
"the ldap_access_order=lockout."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2637
+#: sssd-ldap.5.xml:2655
#, no-wrap
msgid ""
"[domain/LDAP]\n"
@@ -5699,13 +5949,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2652 sssd_krb5_locator_plugin.8.xml:61
-#: sssd-simple.5.xml:148 sssd-ad.5.xml:912 sssd.8.xml:195 sss_seed.8.xml:163
+#: sssd-ldap.5.xml:2670 sssd_krb5_locator_plugin.8.xml:61
+#: sssd-simple.5.xml:148 sssd-ad.5.xml:988 sssd.8.xml:195 sss_seed.8.xml:163
msgid "NOTES"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2654
+#: sssd-ldap.5.xml:2672
msgid ""
"The descriptions of some of the configuration options in this manual page "
"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -5740,11 +5990,12 @@ msgid ""
"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </"
"arg> <arg choice='opt'> <replaceable>ignore_unknown_user</replaceable> </"
"arg> <arg choice='opt'> <replaceable>ignore_authinfo_unavail</replaceable> </"
-"arg> <arg choice='opt'> <replaceable>domains=X</replaceable> </arg>"
+"arg> <arg choice='opt'> <replaceable>domains=X</replaceable> </arg> <arg "
+"choice='opt'> <replaceable>allow_missing_name</replaceable> </arg>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:54
+#: pam_sss.8.xml:57
msgid ""
"<command>pam_sss.so</command> is the PAM interface to the System Security "
"Services daemon (SSSD). Errors and results are logged through "
@@ -5752,34 +6003,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:64
+#: pam_sss.8.xml:67
msgid "<option>quiet</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:67
+#: pam_sss.8.xml:70
msgid "Suppress log messages for unknown users."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:72
+#: pam_sss.8.xml:75
msgid "<option>forward_pass</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:75
+#: pam_sss.8.xml:78
msgid ""
"If <option>forward_pass</option> is set the entered password is put on the "
"stack for other PAM modules to use."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:82
+#: pam_sss.8.xml:85
msgid "<option>use_first_pass</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:85
+#: pam_sss.8.xml:88
msgid ""
"The argument use_first_pass forces the module to use a previous stacked "
"modules password and will never prompt the user - if no password is "
@@ -5787,31 +6038,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:93
+#: pam_sss.8.xml:96
msgid "<option>use_authtok</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:96
+#: pam_sss.8.xml:99
msgid ""
"When password changing enforce the module to set the new password to the one "
"provided by a previously stacked password module."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:103
+#: pam_sss.8.xml:106
msgid "<option>retry=N</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:106
+#: pam_sss.8.xml:109
msgid ""
"If specified the user is asked another N times for a password if "
"authentication fails. Default is 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:108
+#: pam_sss.8.xml:111
msgid ""
"Please note that this option might not work as expected if the application "
"calling PAM handles the user dialog on its own. A typical example is "
@@ -5819,36 +6070,36 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:117
+#: pam_sss.8.xml:120
msgid "<option>ignore_unknown_user</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:120
+#: pam_sss.8.xml:123
msgid ""
"If this option is specified and the user does not exist, the PAM module will "
"return PAM_IGNORE. This causes the PAM framework to ignore this module."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:127
+#: pam_sss.8.xml:130
msgid "<option>ignore_authinfo_unavail</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:131
+#: pam_sss.8.xml:134
msgid ""
"Specifies that the PAM module should return PAM_IGNORE if it cannot contact "
"the SSSD daemon. This causes the PAM framework to ignore this module."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:138
+#: pam_sss.8.xml:141
msgid "<option>domains</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:142
+#: pam_sss.8.xml:145
msgid ""
"Allows the administrator to restrict the domains a particular PAM service is "
"allowed to authenticate against. The format is a comma-separated list of "
@@ -5856,7 +6107,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:148
+#: pam_sss.8.xml:151
msgid ""
"NOTE: Must be used in conjunction with the <quote>pam_trusted_users</quote> "
"and <quote>pam_public_domains</quote> options. Please see the "
@@ -5865,25 +6116,56 @@ msgid ""
"responder options."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:165
+msgid "<option>allow_missing_name</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:169
+msgid ""
+"The main purpose of this option is to let SSSD determine the user name based "
+"on additional information, e.g. the certificate from a Smartcard."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
+#: pam_sss.8.xml:179
+#, no-wrap
+msgid ""
+" auth sufficient pam_sss.so allow_missing_name\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:174
+msgid ""
+"The current use case are login managers which can monitor a Smartcard reader "
+"for card events. In case a Smartcard is inserted the login manager will call "
+"a PAM stack which includes a line like <placeholder type=\"programlisting\" "
+"id=\"0\"/> In this case SSSD will try to determine the user name based on "
+"the content of the Smartcard, returns it to pam_sss which will finally put "
+"it on the PAM stack."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:164
+#: pam_sss.8.xml:191
msgid "MODULE TYPES PROVIDED"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:165
+#: pam_sss.8.xml:192
msgid ""
"All module types (<option>account</option>, <option>auth</option>, "
"<option>password</option> and <option>session</option>) are provided."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:171
+#: pam_sss.8.xml:198
msgid "FILES"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:172
+#: pam_sss.8.xml:199
msgid ""
"If a password reset by root fails, because the corresponding SSSD provider "
"does not support password resets, an individual message can be displayed. "
@@ -5891,7 +6173,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:177
+#: pam_sss.8.xml:204
msgid ""
"The message is read from the file <filename>pam_sss_pw_reset_message.LOC</"
"filename> where LOC stands for a locale string returned by <citerefentry> "
@@ -5903,7 +6185,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:187
+#: pam_sss.8.xml:214
msgid ""
"These files are searched in the directory <filename>/etc/sssd/customize/"
"DOMAIN_NAME/</filename>. If no matching file is present a generic message is "
@@ -6062,7 +6344,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:89
+#: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:90
msgid ""
"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -6210,7 +6492,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:116 sssd-ad.5.xml:714
+#: sssd-ipa.5.xml:116 sssd-ad.5.xml:790
msgid "dyndns_update (boolean)"
msgstr ""
@@ -6218,14 +6500,14 @@ msgstr ""
#: sssd-ipa.5.xml:119
msgid ""
"Optional. This option tells SSSD to automatically update the DNS server "
-"built into FreeIPA v2 with the IP address of this client. The update is "
-"secured using GSS-TSIG. The IP address of the IPA LDAP connection is used "
-"for the updates, if it is not otherwise specified by using the "
-"<quote>dyndns_iface</quote> option."
+"built into FreeIPA with the IP address of this client. The update is secured "
+"using GSS-TSIG. The IP address of the IPA LDAP connection is used for the "
+"updates, if it is not otherwise specified by using the <quote>dyndns_iface</"
+"quote> option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:128 sssd-ad.5.xml:728
+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:804
msgid ""
"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
"the default Kerberos realm must be set properly in /etc/krb5.conf"
@@ -6240,12 +6522,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:145 sssd-ad.5.xml:739
+#: sssd-ipa.5.xml:145 sssd-ad.5.xml:815
msgid "dyndns_ttl (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:148 sssd-ad.5.xml:742
+#: sssd-ipa.5.xml:148 sssd-ad.5.xml:818
msgid ""
"The TTL to apply to the client DNS record when updating it. If "
"dyndns_update is false this has no effect. This will override the TTL "
@@ -6266,12 +6548,12 @@ msgid "Default: 1200 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:165 sssd-ad.5.xml:753
+#: sssd-ipa.5.xml:165 sssd-ad.5.xml:829
msgid "dyndns_iface (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168 sssd-ad.5.xml:756
+#: sssd-ipa.5.xml:168 sssd-ad.5.xml:832
msgid ""
"Optional. Applicable only when dyndns_update is true. Choose the interface "
"or a list of interfaces whose IP addresses should be used for dynamic DNS "
@@ -6295,7 +6577,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:185 sssd-ad.5.xml:767
+#: sssd-ipa.5.xml:185 sssd-ad.5.xml:843
msgid "Example: dyndns_iface = em1, vnet1, vnet2"
msgstr ""
@@ -6305,7 +6587,7 @@ msgid "ipa_enable_dns_sites (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:194 sssd-ad.5.xml:152
+#: sssd-ipa.5.xml:194 sssd-ad.5.xml:160
msgid "Enables DNS sites - location based service discovery."
msgstr ""
@@ -6322,12 +6604,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:217 sssd-ad.5.xml:773
+#: sssd-ipa.5.xml:217 sssd-ad.5.xml:849
msgid "dyndns_refresh_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:220 sssd-ad.5.xml:776
+#: sssd-ipa.5.xml:220 sssd-ad.5.xml:852
msgid ""
"How often should the back end perform periodic DNS update in addition to the "
"automatic update performed when the back end goes online. This option is "
@@ -6335,12 +6617,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:233 sssd-ad.5.xml:789
+#: sssd-ipa.5.xml:233 sssd-ad.5.xml:865
msgid "dyndns_update_ptr (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:236 sssd-ad.5.xml:792
+#: sssd-ipa.5.xml:236 sssd-ad.5.xml:868
msgid ""
"Whether the PTR record should also be explicitly updated when updating the "
"client's DNS records. Applicable only when dyndns_update is true."
@@ -6359,50 +6641,50 @@ msgid "Default: False (disabled)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:253 sssd-ad.5.xml:803
+#: sssd-ipa.5.xml:253 sssd-ad.5.xml:879
msgid "dyndns_force_tcp (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:256 sssd-ad.5.xml:806
+#: sssd-ipa.5.xml:256 sssd-ad.5.xml:882
msgid ""
"Whether the nsupdate utility should default to using TCP for communicating "
"with the DNS server."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:260 sssd-ad.5.xml:810
+#: sssd-ipa.5.xml:260 sssd-ad.5.xml:886
msgid "Default: False (let nsupdate choose the protocol)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:266 sssd-ad.5.xml:816
+#: sssd-ipa.5.xml:266 sssd-ad.5.xml:892
msgid "dyndns_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:269 sssd-ad.5.xml:819
+#: sssd-ipa.5.xml:269 sssd-ad.5.xml:895
msgid ""
"The DNS server to use when performing a DNS update. In most setups, it's "
"recommended to leave this option unset."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:274 sssd-ad.5.xml:824
+#: sssd-ipa.5.xml:274 sssd-ad.5.xml:900
msgid ""
"Setting this option makes sense for environments where the DNS server is "
"different from the identity server."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:279 sssd-ad.5.xml:829
+#: sssd-ipa.5.xml:279 sssd-ad.5.xml:905
msgid ""
"Please note that this option will be only used in fallback attempt when "
"previous attempt using autodetected settings failed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:284 sssd-ad.5.xml:834
+#: sssd-ipa.5.xml:284 sssd-ad.5.xml:910
msgid "Default: None (let nsupdate choose the server)"
msgstr ""
@@ -6512,7 +6794,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:408 sssd-ad.5.xml:855
+#: sssd-ipa.5.xml:408 sssd-ad.5.xml:931
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
@@ -6586,26 +6868,26 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:480 sssd-ad.5.xml:862
+#: sssd-ipa.5.xml:480 sssd-ad.5.xml:938
msgid "krb5_confd_path (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:483 sssd-ad.5.xml:865
+#: sssd-ipa.5.xml:483 sssd-ad.5.xml:941
msgid ""
"Absolute path of a directory where SSSD should place Kerberos configuration "
"snippets."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:487 sssd-ad.5.xml:869
+#: sssd-ipa.5.xml:487 sssd-ad.5.xml:945
msgid ""
"To disable the creation of the configuration snippets set the parameter to "
"'none'."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:491 sssd-ad.5.xml:873
+#: sssd-ipa.5.xml:491 sssd-ad.5.xml:949
msgid ""
"Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
msgstr ""
@@ -6624,7 +6906,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:508 sssd-ipa.5.xml:524 sssd-ad.5.xml:347
+#: sssd-ipa.5.xml:508 sssd-ipa.5.xml:524 sssd-ad.5.xml:355
msgid "Default: 5 (seconds)"
msgstr ""
@@ -6922,13 +7204,14 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ad.5.xml:45
msgid ""
-"The AD provider is able to provide identity information and authentication "
-"for entities from trusted domains as well. Currently only trusted domains in "
-"the same forest are recognized."
+"The AD provider can be used to get user information and authenticate users "
+"from trusted domains. Currently only trusted domains in the same forest are "
+"recognized. In addition servers from trusted domains are always auto-"
+"discovered."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:50
+#: sssd-ad.5.xml:51
msgid ""
"The AD provider accepts the same options used by the <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -6938,15 +7221,15 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:62
+#: sssd-ad.5.xml:63
msgid ""
"However, it is neither necessary nor recommended to set these options. The "
-"AD provider can also be used as an access, chpass and sudo provider. No "
-"configuration of the access provider is required on the client side."
+"AD provider can also be used as an access, chpass, sudo and autofs provider. "
+"No configuration of the access provider is required on the client side."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:74
+#: sssd-ad.5.xml:75
#, no-wrap
msgid ""
"ldap_id_mapping = False\n"
@@ -6954,7 +7237,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:68
+#: sssd-ad.5.xml:69
msgid ""
"By default, the AD provider will map UID and GID values from the objectSID "
"parameter in Active Directory. For details on this, see the <quote>ID "
@@ -6967,7 +7250,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:81
+#: sssd-ad.5.xml:82
msgid ""
"Users, groups and other entities served by SSSD are always treated as case-"
"insensitive in the AD provider for compatibility with Active Directory's "
@@ -6975,53 +7258,65 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:96
+#: sssd-ad.5.xml:97
msgid "ad_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:99
+#: sssd-ad.5.xml:100
msgid ""
"Specifies the name of the Active Directory domain. This is optional. If not "
"provided, the configuration domain name is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:104
+#: sssd-ad.5.xml:105
msgid ""
"For proper operation, this option should be specified as the lower-case "
"version of the long version of the Active Directory domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:109
+#: sssd-ad.5.xml:110
msgid ""
"The short domain name (also known as the NetBIOS or the flat name) is "
"autodetected by the SSSD."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:116
+#: sssd-ad.5.xml:117
msgid "ad_server, ad_backup_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:119
+#: sssd-ad.5.xml:120
msgid ""
"The comma-separated list of hostnames of the AD servers to which SSSD should "
"connect in order of preference. For more information on failover and server "
-"redundancy, see the <quote>FAILOVER</quote> section. This is optional if "
-"autodiscovery is enabled. For more information on service discovery, refer "
-"to the <quote>SERVICE DISCOVERY</quote> section."
+"redundancy, see the <quote>FAILOVER</quote> section."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:127
+msgid ""
+"This is optional if autodiscovery is enabled. For more information on "
+"service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ad.5.xml:132
+msgid ""
+"Note: Trusted domains will always auto-discover servers even if the primary "
+"server is explicitly defined in the ad_server option."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:140
msgid "ad_hostname (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:135
+#: sssd-ad.5.xml:143
msgid ""
"Optional. May be set on machines where the hostname(5) does not reflect the "
"fully qualified name used in the Active Directory domain to identify this "
@@ -7029,19 +7324,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:141
+#: sssd-ad.5.xml:149
msgid ""
"This field is used to determine the host principal in use in the keytab. It "
"must match the hostname for which the keytab was issued."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:149
+#: sssd-ad.5.xml:157
msgid "ad_enable_dns_sites (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:156
+#: sssd-ad.5.xml:164
msgid ""
"If true and service discovery (see Service Discovery paragraph at the bottom "
"of the man page) is enabled, the SSSD will first attempt to discover the "
@@ -7052,12 +7347,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:172
+#: sssd-ad.5.xml:180
msgid "ad_access_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:175
+#: sssd-ad.5.xml:183
msgid ""
"This option specifies LDAP access control filter that the user must match in "
"order to be allowed access. Please note that the <quote>access_provider</"
@@ -7066,7 +7361,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:183
+#: sssd-ad.5.xml:191
msgid ""
"The option also supports specifying different filters per domain or forest. "
"This extended filter would consist of: <quote>KEYWORD:NAME:FILTER</quote>. "
@@ -7075,7 +7370,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:191
+#: sssd-ad.5.xml:199
msgid ""
"If the keyword equals to <quote>DOM</quote> or is missing, then <quote>NAME</"
"quote> specifies the domain or subdomain the filter applies to. If the "
@@ -7084,14 +7379,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:199
+#: sssd-ad.5.xml:207
msgid ""
"Multiple filters can be separated with the <quote>?</quote> character, "
"similarly to how search bases work."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:204
+#: sssd-ad.5.xml:212
msgid ""
"The most specific match is always used. For example, if the option specified "
"filter for a domain the user is a member of and a global filter, the per-"
@@ -7100,7 +7395,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ad.5.xml:215
+#: sssd-ad.5.xml:223
#, no-wrap
msgid ""
"# apply filter on domain called dom1 only:\n"
@@ -7115,29 +7410,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:225 sssd-ad.5.xml:239
+#: sssd-ad.5.xml:233 sssd-ad.5.xml:247
msgid "Default: Not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:231
+#: sssd-ad.5.xml:239
msgid "ad_site (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:234
+#: sssd-ad.5.xml:242
msgid ""
"Specify AD site to which client should try to connect. If this option is "
"not provided, the AD site will be auto-discovered."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:245
+#: sssd-ad.5.xml:253
msgid "ad_enable_gc (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:248
+#: sssd-ad.5.xml:256
msgid ""
"By default, the SSSD connects to the Global Catalog first to retrieve users "
"from trusted domains and uses the LDAP port to retrieve group memberships or "
@@ -7146,7 +7441,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:256
+#: sssd-ad.5.xml:264
msgid ""
"Please note that disabling Global Catalog support does not disable "
"retrieving users from trusted domains. The SSSD would connect to the LDAP "
@@ -7155,12 +7450,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:270
+#: sssd-ad.5.xml:278
msgid "ad_gpo_access_control (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:273
+#: sssd-ad.5.xml:281
msgid ""
"This option specifies the operation mode for GPO-based access control "
"functionality: whether it operates in disabled mode, enforcing mode, or "
@@ -7170,14 +7465,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:282
+#: sssd-ad.5.xml:290
msgid ""
"GPO-based access control functionality uses GPO policy settings to determine "
"whether or not a particular user is allowed to logon to a particular host."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:288
+#: sssd-ad.5.xml:296
msgid ""
"NOTE: If the operation mode is set to enforcing, it is possible that users "
"that were previously allowed logon access will now be denied logon access "
@@ -7190,23 +7485,23 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:301
+#: sssd-ad.5.xml:309
msgid "There are three supported values for this option:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:305
+#: sssd-ad.5.xml:313
msgid ""
"disabled: GPO-based access control rules are neither evaluated nor enforced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:311
+#: sssd-ad.5.xml:319
msgid "enforcing: GPO-based access control rules are evaluated and enforced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:317
+#: sssd-ad.5.xml:325
msgid ""
"permissive: GPO-based access control rules are evaluated, but not enforced. "
"Instead, a syslog message will be emitted indicating that the user would "
@@ -7214,22 +7509,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:328
+#: sssd-ad.5.xml:336
msgid "Default: permissive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:331
+#: sssd-ad.5.xml:339
msgid "Default: enforcing"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:337
+#: sssd-ad.5.xml:345
msgid "ad_gpo_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:340
+#: sssd-ad.5.xml:348
msgid ""
"The amount of time between lookups of GPO policy files against the AD "
"server. This will reduce the latency and load on the AD server if there are "
@@ -7237,12 +7532,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:353
+#: sssd-ad.5.xml:361
msgid "ad_gpo_map_interactive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:356
+#: sssd-ad.5.xml:364
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the InteractiveLogonRight and "
@@ -7250,14 +7545,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:362
+#: sssd-ad.5.xml:370
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on locally\" and \"Deny log on locally\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:376
+#: sssd-ad.5.xml:384
#, no-wrap
msgid ""
"ad_gpo_map_interactive = +my_pam_service, -login\n"
@@ -7265,7 +7560,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:367
+#: sssd-ad.5.xml:375
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7277,53 +7572,78 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:380 sssd-ad.5.xml:451 sssd-ad.5.xml:492 sssd-ad.5.xml:537
-#: sssd-ad.5.xml:603
+#: sssd-ad.5.xml:388 sssd-ad.5.xml:484 sssd-ad.5.xml:530 sssd-ad.5.xml:575
+#: sssd-ad.5.xml:641
msgid "Default: the default set of PAM service names includes:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:384
+#: sssd-ad.5.xml:392
msgid "login"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:389
+#: sssd-ad.5.xml:397
msgid "su"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:394
+#: sssd-ad.5.xml:402
msgid "su-l"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:399
+#: sssd-ad.5.xml:407
msgid "gdm-fingerprint"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:404
+#: sssd-ad.5.xml:412
msgid "gdm-password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:409
+#: sssd-ad.5.xml:417
msgid "gdm-smartcard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:414
+#: sssd-ad.5.xml:422
msgid "kdm"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:427
+msgid "lightdm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:432
+msgid "lxdm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:437
+msgid "sddm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:442
+msgid "unity"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:447
+msgid "xdm"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:423
+#: sssd-ad.5.xml:456
msgid "ad_gpo_map_remote_interactive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:426
+#: sssd-ad.5.xml:459
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the RemoteInteractiveLogonRight and "
@@ -7331,7 +7651,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:432
+#: sssd-ad.5.xml:465
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on through Remote Desktop Services\" and \"Deny log on through Remote "
@@ -7339,7 +7659,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:447
+#: sssd-ad.5.xml:480
#, no-wrap
msgid ""
"ad_gpo_map_remote_interactive = +my_pam_service, -sshd\n"
@@ -7347,7 +7667,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:438
+#: sssd-ad.5.xml:471
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7359,17 +7679,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:455
+#: sssd-ad.5.xml:488
msgid "sshd"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:493
+msgid "cockpit"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:464
+#: sssd-ad.5.xml:502
msgid "ad_gpo_map_network (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:467
+#: sssd-ad.5.xml:505
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the NetworkLogonRight and "
@@ -7377,7 +7702,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:473
+#: sssd-ad.5.xml:511
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Access "
"this computer from the network\" and \"Deny access to this computer from the "
@@ -7385,7 +7710,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:488
+#: sssd-ad.5.xml:526
#, no-wrap
msgid ""
"ad_gpo_map_network = +my_pam_service, -ftp\n"
@@ -7393,7 +7718,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:479
+#: sssd-ad.5.xml:517
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7405,22 +7730,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:496
+#: sssd-ad.5.xml:534
msgid "ftp"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:501
+#: sssd-ad.5.xml:539
msgid "samba"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:510
+#: sssd-ad.5.xml:548
msgid "ad_gpo_map_batch (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:513
+#: sssd-ad.5.xml:551
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the BatchLogonRight and DenyBatchLogonRight "
@@ -7428,14 +7753,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:519
+#: sssd-ad.5.xml:557
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on as a batch job\" and \"Deny log on as a batch job\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:533
+#: sssd-ad.5.xml:571
#, no-wrap
msgid ""
"ad_gpo_map_batch = +my_pam_service, -crond\n"
@@ -7443,7 +7768,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:524
+#: sssd-ad.5.xml:562
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7455,17 +7780,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:541
+#: sssd-ad.5.xml:579
msgid "crond"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:550
+#: sssd-ad.5.xml:588
msgid "ad_gpo_map_service (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:553
+#: sssd-ad.5.xml:591
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the ServiceLogonRight and "
@@ -7473,14 +7798,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:559
+#: sssd-ad.5.xml:597
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on as a service\" and \"Deny log on as a service\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:572
+#: sssd-ad.5.xml:610
#, no-wrap
msgid ""
"ad_gpo_map_service = +my_pam_service\n"
@@ -7488,7 +7813,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:564 sssd-ad.5.xml:634
+#: sssd-ad.5.xml:602 sssd-ad.5.xml:677
msgid ""
"It is possible to add a PAM service name to the default set by using <quote>"
"+service_name</quote>. Since the default set is empty, it is not possible "
@@ -7499,19 +7824,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:582
+#: sssd-ad.5.xml:620
msgid "ad_gpo_map_permit (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:585
+#: sssd-ad.5.xml:623
msgid ""
"A comma-separated list of PAM service names for which GPO-based access is "
"always granted, regardless of any GPO Logon Rights."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:599
+#: sssd-ad.5.xml:637
#, no-wrap
msgid ""
"ad_gpo_map_permit = +my_pam_service, -sudo\n"
@@ -7519,7 +7844,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:590
+#: sssd-ad.5.xml:628
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7531,34 +7856,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:607
+#: sssd-ad.5.xml:645
+msgid "polkit-1"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:650
msgid "sudo"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:612
+#: sssd-ad.5.xml:655
msgid "sudo-i"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:617
+#: sssd-ad.5.xml:660
msgid "systemd-user"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:626
+#: sssd-ad.5.xml:669
msgid "ad_gpo_map_deny (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:629
+#: sssd-ad.5.xml:672
msgid ""
"A comma-separated list of PAM service names for which GPO-based access is "
"always denied, regardless of any GPO Logon Rights."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:642
+#: sssd-ad.5.xml:685
#, no-wrap
msgid ""
"ad_gpo_map_deny = +my_pam_service\n"
@@ -7566,12 +7896,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:652
+#: sssd-ad.5.xml:695
msgid "ad_gpo_default_right (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:655
+#: sssd-ad.5.xml:698
msgid ""
"This option defines how access control is evaluated for PAM service names "
"that are not explicitly listed in one of the ad_gpo_map_* options. This "
@@ -7584,52 +7914,90 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:668
+#: sssd-ad.5.xml:711
msgid "Supported values for this option include:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:672
+#: sssd-ad.5.xml:715
msgid "interactive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:677
+#: sssd-ad.5.xml:720
msgid "remote_interactive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:682
+#: sssd-ad.5.xml:725
msgid "network"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:687
+#: sssd-ad.5.xml:730
msgid "batch"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:692
+#: sssd-ad.5.xml:735
msgid "service"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:697
+#: sssd-ad.5.xml:740
msgid "permit"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:702
+#: sssd-ad.5.xml:745
msgid "deny"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:708
+#: sssd-ad.5.xml:751
msgid "Default: deny"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:757
+msgid "ad_maximum_machine_account_password_age (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:760
+msgid ""
+"SSSD will check once a day if the machine account password is older than the "
+"given age in days and try to renew it. A value of 0 will disable the renewal "
+"attempt."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:766
+msgid "Default: 30 days"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:772
+msgid "ad_machine_account_password_renewal_opts (string)"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:717
+#: sssd-ad.5.xml:775
+msgid ""
+"This option should only be used to test the machine account renewal task. "
+"The option expect 2 integers seperated by a colon (':'). The first integer "
+"defines the interval in seconds how often the task is run. The second "
+"specifies the inital timeout in seconds before the task is run for the first "
+"time after startup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:784
+msgid "Default: 86400:750 (24h and 15m)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:793
msgid ""
"Optional. This option tells SSSD to automatically update the Active "
"Directory DNS server with the IP address of this client. The update is "
@@ -7640,36 +8008,36 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:747
+#: sssd-ad.5.xml:823
msgid "Default: 3600 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:763
+#: sssd-ad.5.xml:839
msgid ""
"Default: Use the IP addresses of the interface which is used for AD LDAP "
"connection"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:797 sss_rpcidmapd.5.xml:76
+#: sssd-ad.5.xml:873 sss_rpcidmapd.5.xml:76
msgid "Default: True"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:843 sssd-krb5.5.xml:505
+#: sssd-ad.5.xml:919 sssd-krb5.5.xml:505
msgid "krb5_use_enterprise_principal (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:846 sssd-krb5.5.xml:508
+#: sssd-ad.5.xml:922 sssd-krb5.5.xml:508
msgid ""
"Specifies if the user principal should be treated as enterprise principal. "
"See section 5 of RFC 6806 for more details about enterprise principals."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:891
+#: sssd-ad.5.xml:967
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -7677,7 +8045,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:898
+#: sssd-ad.5.xml:974
#, no-wrap
msgid ""
"[domain/EXAMPLE]\n"
@@ -7692,7 +8060,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:918
+#: sssd-ad.5.xml:994
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -7701,7 +8069,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:914
+#: sssd-ad.5.xml:990
msgid ""
"The AD access control provider checks if the account is expired. It has the "
"same effect as the following configuration of the LDAP provider: "
@@ -7709,7 +8077,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:924
+#: sssd-ad.5.xml:1000
msgid ""
"However, unless the <quote>ad</quote> access control provider is explicitly "
"configured, the default access provider is <quote>permit</quote>. Please "
@@ -7718,6 +8086,14 @@ msgid ""
"encryption details) manually."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ad.5.xml:1008
+msgid ""
+"When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema "
+"attribute mapping (nisMap, nisObject, ...) is used, because these attributes "
+"are included in the default Active Directory schema."
+msgstr ""
+
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16
msgid "sssd-sudo"
@@ -8176,7 +8552,7 @@ msgid "The password to obfuscate will be read from standard input."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:80
+#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:70
#: sss_ssh_knownhostsproxy.1.xml:78
msgid ""
"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
@@ -8235,17 +8611,22 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_override.8.xml:37
msgid ""
-"Overrides data are stored in SSSD cache. If the cache is deleted all local "
-"overrides are lost."
+"Overrides data are stored in the SSSD cache. If the cache is deleted, all "
+"local overrides are lost. Please note that after the first override is "
+"created using any of the following <emphasis>user-add</emphasis>, "
+"<emphasis>group-add</emphasis>, <emphasis>user-import</emphasis> or "
+"<emphasis>group-import</emphasis> command. SSSD needs to be restarted to "
+"take effect. <emphasis>sss_override</emphasis> prints message when a "
+"restart is required."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_override.8.xml:43
+#: sss_override.8.xml:50
msgid "AVAILABLE COMMANDS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_override.8.xml:45
+#: sss_override.8.xml:52
msgid ""
"Argument <emphasis>NAME</emphasis> is the name of original object in all "
"commands. It is not possible to override <emphasis>uid</emphasis> or "
@@ -8253,50 +8634,80 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:52
+#: sss_override.8.xml:59
msgid ""
"<option>user-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--"
"name</option> NAME</optional> <optional><option>-u,--uid</option> UID</"
"optional> <optional><option>-g,--gid</option> GID</optional> "
"<optional><option>-h,--home</option> HOME</optional> <optional><option>-s,--"
"shell</option> SHELL</optional> <optional><option>-c,--gecos</option> GECOS</"
-"optional>"
+"optional> <optional><option>-x,--certificate</option> BASE64 ENCODED "
+"CERTIFICATE</optional>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:63
-msgid "Override attributes of an user."
+#: sss_override.8.xml:72
+msgid ""
+"Override attributes of an user. Please be aware that calling this command "
+"will replace any previous override for the (NAMEd) user."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:69
+#: sss_override.8.xml:80
msgid "<option>user-del</option> <emphasis>NAME</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:74
-msgid "Remove user overrides."
+#: sss_override.8.xml:85
+msgid ""
+"Remove user overrides. However be aware that overridden attributes might be "
+"returned from memory cache. Please see SSSD option "
+"<emphasis>memcache_timeout</emphasis> for more details."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:80
+#: sss_override.8.xml:94
+msgid ""
+"<option>user-find</option> <optional><option>-d,--domain</option> DOMAIN</"
+"optional>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:99
+msgid ""
+"List all users with set overrides. If <emphasis>DOMAIN</emphasis> parameter "
+"is set, only users from the domain are listed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:107
+msgid "<option>user-show</option> <emphasis>NAME</emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:112
+msgid "Show user overrides."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:118
msgid "<option>user-import</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:85
+#: sss_override.8.xml:123
msgid ""
"Import user overrides from <emphasis>FILE</emphasis>. Data format is "
"similar to standard passwd file. The format is:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:90
-msgid "original_name:name:uid:gid:gecos:home:shell"
+#: sss_override.8.xml:128
+msgid "original_name:name:uid:gid:gecos:home:shell:base64_encoded_certificate"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:93
+#: sss_override.8.xml:131
msgid ""
"where original_name is original name of the user whose attributes should be "
"overridden. The rest of fields correspond to new values. You can omit a "
@@ -8304,29 +8715,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:102
+#: sss_override.8.xml:140
msgid "ckent:superman::::::"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:105
-msgid "ckent@krypton.com::501:501:Superman:/home/earth:/bin/bash"
+#: sss_override.8.xml:143
+msgid "ckent@krypton.com::501:501:Superman:/home/earth:/bin/bash:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:111
+#: sss_override.8.xml:149
msgid "<option>user-export</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:116
+#: sss_override.8.xml:154
msgid ""
"Export all overridden attributes and store them in <emphasis>FILE</"
"emphasis>. See <emphasis>user-import</emphasis> for data format."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:124
+#: sss_override.8.xml:162
msgid ""
"<option>group-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--"
"name</option> NAME</optional> <optional><option>-g,--gid</option> GID</"
@@ -8334,39 +8745,68 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:131
-msgid "Override attributes of a group."
+#: sss_override.8.xml:169
+msgid ""
+"Override attributes of a group. Please be aware that calling this command "
+"will replace any previous override for the (NAMEd) group."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:137
+#: sss_override.8.xml:177
msgid "<option>group-del</option> <emphasis>NAME</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:142
-msgid "Remove group overrides."
+#: sss_override.8.xml:182
+msgid ""
+"Remove group overrides. However be aware that overridden attributes might be "
+"returned from memory cache. Please see SSSD option "
+"<emphasis>memcache_timeout</emphasis> for more details."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:148
+#: sss_override.8.xml:191
+msgid ""
+"<option>group-find</option> <optional><option>-d,--domain</option> DOMAIN</"
+"optional>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:196
+msgid ""
+"List all groups with set overrides. If <emphasis>DOMAIN</emphasis> "
+"parameter is set, only groups from the domain are listed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:204
+msgid "<option>group-show</option> <emphasis>NAME</emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:209
+msgid "Show group overrides."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:215
msgid "<option>group-import</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:153
+#: sss_override.8.xml:220
msgid ""
"Import group overrides from <emphasis>FILE</emphasis>. Data format is "
"similar to standard group file. The format is:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:158
+#: sss_override.8.xml:225
msgid "original_name:name:gid"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:161
+#: sss_override.8.xml:228
msgid ""
"where original_name is original name of the group whose attributes should be "
"overridden. The rest of fields correspond to new values. You can omit a "
@@ -8374,39 +8814,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:170
+#: sss_override.8.xml:237
msgid "admins:administrators:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:173
+#: sss_override.8.xml:240
msgid "Domain Users:Users:501"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:179
+#: sss_override.8.xml:246
msgid "<option>group-export</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:184
+#: sss_override.8.xml:251
msgid ""
"Export all overridden attributes and store them in <emphasis>FILE</"
"emphasis>. See <emphasis>group-import</emphasis> for data format."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_override.8.xml:194
+#: sss_override.8.xml:261
msgid "COMMON OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_override.8.xml:196
+#: sss_override.8.xml:263
msgid "Those options are available with all commands."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:201
+#: sss_override.8.xml:268
msgid "<option>--debug</option> <replaceable>LEVEL</replaceable>"
msgstr ""
@@ -9548,12 +9988,36 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_cache.8.xml:185
msgid ""
-"<option>-d</option>,<option>--domain</option> <replaceable>domain</"
+"<option>-r</option>,<option>--sudo-rule</option> <replaceable>rule</"
"replaceable>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_cache.8.xml:190
+msgid "Invalidate particular sudo rule."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:196
+msgid "<option>-R</option>,<option>--sudo-rules</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:200
+msgid ""
+"Invalidate all cached sudo rules. This option overrides invalidation of "
+"specific sudo rule if it was also set."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:208
+msgid ""
+"<option>-d</option>,<option>--domain</option> <replaceable>domain</"
+"replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:213
msgid "Restrict invalidation process only to a particular domain."
msgstr ""
@@ -10033,13 +10497,13 @@ msgid ""
"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
"citerefentry> can be configured to use <command>sss_ssh_authorizedkeys</"
"command> for public key user authentication if it is compiled with support "
-"for either <quote>AuthorizedKeysCommand</quote> or <quote>PubkeyAgent</"
-"quote> <citerefentry> <refentrytitle>sshd_config</refentrytitle> "
-"<manvolnum>5</manvolnum></citerefentry> options."
+"for <quote>AuthorizedKeysCommand</quote> option. Please refer to the "
+"<citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</"
+"manvolnum></citerefentry> man page for more details about this option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sss_ssh_authorizedkeys.1.xml:58
+#: sss_ssh_authorizedkeys.1.xml:59
#, no-wrap
msgid ""
" AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n"
@@ -10047,7 +10511,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:51
+#: sss_ssh_authorizedkeys.1.xml:52
msgid ""
"If <quote>AuthorizedKeysCommand</quote> is supported, "
"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
@@ -10057,36 +10521,19 @@ msgid ""
"\" id=\"0\"/>"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sss_ssh_authorizedkeys.1.xml:70
-#, no-wrap
-msgid "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:63
-msgid ""
-"If <quote>PubkeyAgent</quote> is supported, "
-"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
-"citerefentry> can be configured to use it by using the following directive "
-"for <citerefentry> <refentrytitle>sshd</refentrytitle> <manvolnum>8</"
-"manvolnum></citerefentry> configuration: <placeholder type=\"programlisting"
-"\" id=\"0\"/>"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_ssh_authorizedkeys.1.xml:85
+#: sss_ssh_authorizedkeys.1.xml:75
msgid ""
"Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_ssh_authorizedkeys.1.xml:94 sss_ssh_knownhostsproxy.1.xml:92
+#: sss_ssh_authorizedkeys.1.xml:84 sss_ssh_knownhostsproxy.1.xml:92
msgid "EXIT STATUS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:96 sss_ssh_knownhostsproxy.1.xml:94
+#: sss_ssh_authorizedkeys.1.xml:86 sss_ssh_knownhostsproxy.1.xml:94
msgid ""
"In case of success, an exit value of 0 is returned. Otherwise, 1 is returned."
msgstr ""
@@ -10473,7 +10920,7 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:137 include/ldap_id_mapping.xml:189
+#: include/ldap_id_mapping.xml:137 include/ldap_id_mapping.xml:191
msgid "Default: 200000"
msgstr ""
@@ -10530,11 +10977,12 @@ msgstr ""
msgid ""
"For example, if your most recently-added Active Directory user has "
"objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, "
-"<quote>ldap_idmap_range_size</quote> must be at least 1107."
+"<quote>ldap_idmap_range_size</quote> must be at least 1108 as range size is "
+"equal to maximal SID minus minimal SID plus one (e.g. 1108 = 1107 - 0 + 1)."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:184
+#: include/ldap_id_mapping.xml:186
msgid ""
"It is important to plan ahead for future expansion, as changing this value "
"will result in changing all of the ID mappings on the system, leading to "
@@ -10542,12 +10990,12 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:194
+#: include/ldap_id_mapping.xml:196
msgid "ldap_idmap_default_domain_sid (string)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:197
+#: include/ldap_id_mapping.xml:199
msgid ""
"Specify the domain SID of the default domain. This will guarantee that this "
"domain will always be assigned to slice zero in the ID map, bypassing the "
@@ -10555,36 +11003,36 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:208
+#: include/ldap_id_mapping.xml:210
msgid "ldap_idmap_default_domain (string)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:211
+#: include/ldap_id_mapping.xml:213
msgid "Specify the name of the default domain."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:219
+#: include/ldap_id_mapping.xml:221
msgid "ldap_idmap_autorid_compat (boolean)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:222
+#: include/ldap_id_mapping.xml:224
msgid ""
"Changes the behavior of the ID-mapping algorithm to behave more similarly to "
"winbind's <quote>idmap_autorid</quote> algorithm."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:227
+#: include/ldap_id_mapping.xml:229
msgid ""
"When this option is configured, domains will be allocated starting with "
"slice zero and increasing monatomically with each additional domain."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:232
+#: include/ldap_id_mapping.xml:234
msgid ""
"NOTE: This algorithm is non-deterministic (it depends on the order that "
"users and groups are requested). If this mode is required for compatibility "
@@ -10593,13 +11041,34 @@ msgid ""
"least one domain is consistently allocated to slice zero."
msgstr ""
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:249
+msgid "ldap_idmap_helper_table_size (integer)"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:252
+msgid ""
+"Maximal number of secondary slices that is tried when performing mapping "
+"from UNIX id to SID."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:256
+msgid ""
+"Note: Additional secondary slices might be generated when SID is being "
+"mapped to UNIX id and RID part of SID is out of range for secondary slices "
+"generated so far. If value of ldap_idmap_helper_table_size is equal to 0 "
+"then no additional secondary slices are generated."
+msgstr ""
+
#. type: Content of: <refsect1><refsect2><title>
-#: include/ldap_id_mapping.xml:251
+#: include/ldap_id_mapping.xml:273
msgid "Well-Known SIDs"
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:253
+#: include/ldap_id_mapping.xml:275
msgid ""
"SSSD supports to look up the names of Well-Known SIDs, i.e. SIDs with a "
"special hardcoded meaning. Since the generic users and groups related to "
@@ -10608,51 +11077,51 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:259
+#: include/ldap_id_mapping.xml:281
msgid ""
"The SID name space is organized in authorities which can be seen as "
"different domains. The authorities for the Well-Known SIDs are"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:262
+#: include/ldap_id_mapping.xml:284
msgid "Null Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:263
+#: include/ldap_id_mapping.xml:285
msgid "World Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:264
+#: include/ldap_id_mapping.xml:286
msgid "Local Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:265
+#: include/ldap_id_mapping.xml:287
msgid "Creator Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:266
+#: include/ldap_id_mapping.xml:288
msgid "NT Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:267
+#: include/ldap_id_mapping.xml:289
msgid "Built-in"
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:269
+#: include/ldap_id_mapping.xml:291
msgid ""
"The capitalized version of these names are used as domain names when "
"returning the fully qualified name of a Well-Known SID."
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:273
+#: include/ldap_id_mapping.xml:295
msgid ""
"Since some utilities allow to modify SID based access control information "
"with the help of a name instead of using the SID directly SSSD supports to "
diff --git a/src/man/po/fr.po b/src/man/po/fr.po
index c0b60afe7..f5e8f2768 100644
--- a/src/man/po/fr.po
+++ b/src/man/po/fr.po
@@ -10,13 +10,15 @@
# sgallagh <sgallagh@redhat.com>, 2012
# sgallagh <sgallagh@redhat.com>, 2012
# Jérôme Fenal <jfenal@gmail.com>, 2015. #zanata
+# Jibec <jean-baptiste@holcroft.fr>, 2016. #zanata
+# Jérôme Fenal <jfenal@gmail.com>, 2016. #zanata
msgid ""
msgstr ""
"Project-Id-Version: sssd-docs 1.12.90\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2015-09-30 11:58+0200\n"
-"PO-Revision-Date: 2015-09-21 08:33-0400\n"
-"Last-Translator: Jérôme Fenal <jfenal@gmail.com>\n"
+"POT-Creation-Date: 2016-06-20 21:22+0200\n"
+"PO-Revision-Date: 2016-03-19 03:04-0400\n"
+"Last-Translator: Jibec <jean-baptiste@holcroft.fr>\n"
"Language-Team: French (http://www.transifex.com/projects/p/sssd/language/"
"fr/)\n"
"Language: fr\n"
@@ -24,7 +26,7 @@ msgstr ""
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=2; plural=(n > 1);\n"
-"X-Generator: Zanata 3.7.2\n"
+"X-Generator: Zanata 3.8.4\n"
#. type: Content of: <reference><title>
#: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5
@@ -70,7 +72,7 @@ msgstr ""
"arg>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:53
+#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:56
#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21
#: sssd-ad.5.xml:21 sssd-sudo.5.xml:21 sssd.8.xml:29 sss_obfuscate.8.xml:30
#: sss_override.8.xml:30 sss_useradd.8.xml:30 sssd-krb5.5.xml:21
@@ -91,11 +93,11 @@ msgstr ""
"changements spécifiés sur la ligne de commande."
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:39 pam_sss.8.xml:60 sssd.8.xml:42 sss_obfuscate.8.xml:58
+#: sss_groupmod.8.xml:39 pam_sss.8.xml:63 sssd.8.xml:42 sss_obfuscate.8.xml:58
#: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
#: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
#: sss_cache.8.xml:38 sss_debuglevel.8.xml:38 sss_seed.8.xml:42
-#: sss_ssh_authorizedkeys.1.xml:76 sss_ssh_knownhostsproxy.1.xml:62
+#: sss_ssh_authorizedkeys.1.xml:66 sss_ssh_knownhostsproxy.1.xml:62
msgid "OPTIONS"
msgstr "OPTIONS"
@@ -257,63 +259,84 @@ msgstr "debug_level (entier)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:73
+#, fuzzy
+#| msgid "debug_level (integer)"
+msgid "debug (integer)"
+msgstr "debug_level (entier)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:76
+msgid ""
+"SSSD 1.14 and later also includes the <replaceable>debug</replaceable> alias "
+"for <replaceable>debug_level</replaceable> as a convenience feature. If both "
+"are specified, the value of <replaceable>debug_level</replaceable> will be "
+"used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:86
msgid "debug_timestamps (bool)"
msgstr "debug_timestamps (booléen)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:76
+#: sssd.conf.5.xml:89
msgid ""
"Add a timestamp to the debug messages. If journald is enabled for SSSD "
"debug logging this option is ignored."
msgstr ""
+"Ajoute un horodatage aux messages de débogage. Si journald est activé pour "
+"la journalisation de débogage de SSSD, cette option sera ignorée."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:81 sssd.conf.5.xml:605 sssd.conf.5.xml:1081
-#: sssd-ldap.5.xml:1647 sssd-ldap.5.xml:1744 sssd-ldap.5.xml:1806
-#: sssd-ldap.5.xml:2363 sssd-ldap.5.xml:2428 sssd-ldap.5.xml:2446
-#: sssd-ipa.5.xml:405 sssd-ipa.5.xml:440 sssd-ad.5.xml:166 sssd-ad.5.xml:264
-#: sssd-ad.5.xml:733 sssd-ad.5.xml:852 sssd-krb5.5.xml:499
+#: sssd.conf.5.xml:94 sssd.conf.5.xml:672 sssd.conf.5.xml:1207
+#: sssd-ldap.5.xml:1665 sssd-ldap.5.xml:1762 sssd-ldap.5.xml:1824
+#: sssd-ldap.5.xml:2381 sssd-ldap.5.xml:2446 sssd-ldap.5.xml:2464
+#: sssd-ipa.5.xml:405 sssd-ipa.5.xml:440 sssd-ad.5.xml:174 sssd-ad.5.xml:272
+#: sssd-ad.5.xml:809 sssd-ad.5.xml:928 sssd-krb5.5.xml:499
msgid "Default: true"
msgstr "Par défaut : true"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:86
+#: sssd.conf.5.xml:99
msgid "debug_microseconds (bool)"
msgstr "debug_microseconds (booléen)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:89
+#: sssd.conf.5.xml:102
msgid ""
"Add microseconds to the timestamp in debug messages. If journald is enabled "
"for SSSD debug logging this option is ignored."
msgstr ""
+"Ajouter les microsecondes à l'horodatage dans les messages de débogage. Si "
+"journald est activé pour la journalisation de débogage de SSSD, cette option "
+"sera ignorée."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:94 sssd.conf.5.xml:1035 sssd.conf.5.xml:2164
-#: sssd-ldap.5.xml:692 sssd-ldap.5.xml:1521 sssd-ldap.5.xml:1540
-#: sssd-ldap.5.xml:1716 sssd-ldap.5.xml:2133 sssd-ipa.5.xml:139
+#: sssd.conf.5.xml:107 sssd.conf.5.xml:1161 sssd.conf.5.xml:2456
+#: sssd-ldap.5.xml:692 sssd-ldap.5.xml:1539 sssd-ldap.5.xml:1558
+#: sssd-ldap.5.xml:1734 sssd-ldap.5.xml:2151 sssd-ipa.5.xml:139
#: sssd-ipa.5.xml:211 sssd-ipa.5.xml:542 sssd-krb5.5.xml:266
#: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471
msgid "Default: false"
msgstr "Par défaut : false"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:67 sssd.conf.5.xml:105 sssd-ldap.5.xml:2171
+#: sssd.conf.5.xml:67 sssd.conf.5.xml:118 sssd-ldap.5.xml:2189
msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
msgstr "<placeholder type=\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:103
+#: sssd.conf.5.xml:116
msgid "Options usable in SERVICE and DOMAIN sections"
msgstr "Options utilisables dans les sections SERVICE et DOMAIN"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:107
+#: sssd.conf.5.xml:120
msgid "timeout (integer)"
msgstr "timeout (entier)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:110
+#: sssd.conf.5.xml:123
msgid ""
"Timeout in seconds between heartbeats for this service. This is used to "
"ensure that the process is alive and capable of answering requests."
@@ -321,33 +344,34 @@ msgstr ""
"Délai d'attente entre deux requêtes pour ce domaine. Ceci est utilisé pour "
"s'assurer que le processus est toujours actif et capable de répondre."
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:115 sssd.conf.5.xml:999 sssd-ldap.5.xml:1392
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:128 sssd.conf.5.xml:1125 sssd-ldap.5.xml:1410
+#: include/ldap_id_mapping.xml:264
msgid "Default: 10"
msgstr "Par défaut : 10"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:125
+#: sssd.conf.5.xml:138
msgid "SPECIAL SECTIONS"
msgstr "SECTIONS SPÉCIALES"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:128
+#: sssd.conf.5.xml:141
msgid "The [sssd] section"
msgstr "La section [sssd]"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:137 sssd.conf.5.xml:2272
+#: sssd.conf.5.xml:150 sssd.conf.5.xml:2472
msgid "Section parameters"
msgstr "Paramètres de sections"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:139
+#: sssd.conf.5.xml:152
msgid "config_file_version (integer)"
msgstr "config_file_version (entier)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:142
+#: sssd.conf.5.xml:155
msgid ""
"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use "
"version 2."
@@ -356,12 +380,12 @@ msgstr ""
"supérieure utiliser la version 2."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:148
+#: sssd.conf.5.xml:161
msgid "services"
msgstr "services"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:151
+#: sssd.conf.5.xml:164
msgid ""
"Comma separated list of services that are started when sssd itself starts."
msgstr ""
@@ -369,7 +393,7 @@ msgstr ""
"lance."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:155
+#: sssd.conf.5.xml:168
msgid ""
"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> "
"<phrase condition=\"with_autofs\">, autofs</phrase> <phrase condition="
@@ -382,12 +406,12 @@ msgstr ""
"\">, pac</phrase> <phrase condition=\"with_ifp\">, ifp</phrase>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:165 sssd.conf.5.xml:390
+#: sssd.conf.5.xml:178 sssd.conf.5.xml:468
msgid "reconnection_retries (integer)"
msgstr "reconnection_retries (entier)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:168 sssd.conf.5.xml:393
+#: sssd.conf.5.xml:181 sssd.conf.5.xml:471
msgid ""
"Number of times services should attempt to reconnect in the event of a Data "
"Provider crash or restart before they give up"
@@ -397,17 +421,17 @@ msgstr ""
"d'abandonner"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:173 sssd.conf.5.xml:398
+#: sssd.conf.5.xml:186 sssd.conf.5.xml:476
msgid "Default: 3"
msgstr "Par défaut : 3"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:178
+#: sssd.conf.5.xml:191
msgid "domains"
msgstr "domaines"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:181
+#: sssd.conf.5.xml:194
msgid ""
"A domain is a database containing user information. SSSD can use more "
"domains at the same time, but at least one must be configured or SSSD won't "
@@ -415,14 +439,20 @@ msgid ""
"them to be queried. A domain name should only consist of alphanumeric ASCII "
"characters, dashes, dots and underscores."
msgstr ""
+"Un domaine est une base de données contenant les informations utilisateurs. "
+"SSSD peut utiliser plusieurs domaines en même temps, au moins un doit être "
+"configuré ou SSSD ne démarrera pas. Ce paramètre décrit la liste des "
+"domaines dans l'ordre où ils doivent être requêtés. Un nom de domaine ne "
+"doit comprendre que des caractères ASCII alphanumériques, des tirets, des "
+"points et caractères soulignés."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:193 sssd.conf.5.xml:1947
+#: sssd.conf.5.xml:206 sssd.conf.5.xml:2105
msgid "re_expression (string)"
msgstr "re_expression (chaîne)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:196
+#: sssd.conf.5.xml:209
msgid ""
"Default regular expression that describes how to parse the string containing "
"user name and domain into these components."
@@ -431,7 +461,7 @@ msgstr ""
"contenant le nom d'utilisateur et de domaine dans ces composants."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:201
+#: sssd.conf.5.xml:214
msgid ""
"Each domain can have an individual regular expression configured. For some "
"ID providers there are also default regular expressions. See DOMAIN "
@@ -443,12 +473,12 @@ msgstr ""
"expressions régulières."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:210 sssd.conf.5.xml:1998
+#: sssd.conf.5.xml:223 sssd.conf.5.xml:2156
msgid "full_name_format (string)"
msgstr "full_name_format (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:213 sssd.conf.5.xml:2001
+#: sssd.conf.5.xml:226 sssd.conf.5.xml:2159
msgid ""
"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
"manvolnum> </citerefentry>-compatible format that describes how to compose a "
@@ -460,33 +490,33 @@ msgstr ""
"domaine."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:224 sssd.conf.5.xml:2012
+#: sssd.conf.5.xml:237 sssd.conf.5.xml:2170
msgid "%1$s"
msgstr "%1$s"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:225 sssd.conf.5.xml:2013
+#: sssd.conf.5.xml:238 sssd.conf.5.xml:2171
msgid "user name"
msgstr "nom d'utilisateur"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:228 sssd.conf.5.xml:2016
+#: sssd.conf.5.xml:241 sssd.conf.5.xml:2174
msgid "%2$s"
msgstr "%2$s"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:231 sssd.conf.5.xml:2019
+#: sssd.conf.5.xml:244 sssd.conf.5.xml:2177
msgid "domain name as specified in the SSSD config file."
msgstr ""
"nom de domaine tel qu'indiqué dans le fichier de configuration de SSSD."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:237 sssd.conf.5.xml:2025
+#: sssd.conf.5.xml:250 sssd.conf.5.xml:2183
msgid "%3$s"
msgstr "%3$s"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:240 sssd.conf.5.xml:2028
+#: sssd.conf.5.xml:253 sssd.conf.5.xml:2186
msgid ""
"domain flat name. Mostly usable for Active Directory domains, both directly "
"configured or discovered via IPA trusts."
@@ -496,7 +526,7 @@ msgstr ""
"d'approbation IPA."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:221 sssd.conf.5.xml:2009
+#: sssd.conf.5.xml:234 sssd.conf.5.xml:2167
msgid ""
"The following expansions are supported: <placeholder type=\"variablelist\" "
"id=\"0\"/>"
@@ -505,7 +535,7 @@ msgstr ""
"\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:250
+#: sssd.conf.5.xml:263
msgid ""
"Each domain can have an individual format string configured. see DOMAIN "
"SECTIONS for more info on this option."
@@ -514,12 +544,12 @@ msgstr ""
"Voir les SECTIONS DOMAINE pour plus d'informations sur cette option."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:256
+#: sssd.conf.5.xml:269
msgid "try_inotify (boolean)"
msgstr "try_inotify (booléen)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:259
+#: sssd.conf.5.xml:272
msgid ""
"SSSD monitors the state of resolv.conf to identify when it needs to update "
"its internal DNS resolver. By default, we will attempt to use inotify for "
@@ -532,7 +562,7 @@ msgstr ""
"secondes si inotify échoue."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:267
+#: sssd.conf.5.xml:280
msgid ""
"There are some limited situations where it is preferred that we should skip "
"even trying to use inotify. In these rare cases, this option should be set "
@@ -542,7 +572,7 @@ msgstr ""
"conseillée. Dans ces rares cas, cette option devrait être définie à « false »"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:273
+#: sssd.conf.5.xml:286
msgid ""
"Default: true on platforms where inotify is supported. False on other "
"platforms."
@@ -551,7 +581,7 @@ msgstr ""
"sur les autres plates-formes."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:277
+#: sssd.conf.5.xml:290
msgid ""
"Note: this option will have no effect on platforms where inotify is "
"unavailable. On these platforms, polling will always be used."
@@ -561,12 +591,12 @@ msgstr ""
"utilisée."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:284
+#: sssd.conf.5.xml:297
msgid "krb5_rcache_dir (string)"
msgstr "krb5_rcache_dir (chaîne)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:287
+#: sssd.conf.5.xml:300
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
@@ -575,7 +605,7 @@ msgstr ""
"de rejeu Kerberos."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:291
+#: sssd.conf.5.xml:304
msgid ""
"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct "
"SSSD to let libkrb5 decide the appropriate location for the replay cache."
@@ -585,7 +615,7 @@ msgstr ""
"relecture."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:297
+#: sssd.conf.5.xml:310
msgid ""
"Default: Distribution-specific and specified at build-time. "
"(__LIBKRB5_DEFAULTS__ if not configured)"
@@ -594,29 +624,31 @@ msgstr ""
"la construction du logiciel. (__LIBKRB5_DEFAULTS__ si non configuré)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:304
+#: sssd.conf.5.xml:317
msgid "user (string)"
msgstr "user (chaîne)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:307
+#: sssd.conf.5.xml:320
msgid ""
"The user to drop the privileges to where appropriate to avoid running as the "
"root user."
msgstr ""
+"L'utilisation vers lequel abandonner les privilèges pour éviter de "
+"fonctionner en tant que l'utilisateur root."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:312
+#: sssd.conf.5.xml:325
msgid "Default: not set, process will run as root"
msgstr "Par défaut : non défini, le processus tourne en tant que root"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:317
+#: sssd.conf.5.xml:330
msgid "default_domain_suffix (string)"
msgstr "default_domain_suffix (string)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:320
+#: sssd.conf.5.xml:333
msgid ""
"This string will be used as a default domain name for all names without a "
"domain name component. The main use case is environments where the primary "
@@ -632,7 +664,7 @@ msgstr ""
"domaine."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:330
+#: sssd.conf.5.xml:343
msgid ""
"Please note that if this option is set all users from the primary domain "
"have to use their fully qualified name, e.g. user@domain.name, to log in. "
@@ -640,22 +672,28 @@ msgid ""
"is not allowed to use this option together with use_fully_qualified_names "
"set to False."
msgstr ""
+"Noter que, si cette option est définie, tous les utilisateurs du domaine "
+"principal doivent utiliser leur nom pleinement qualifié, par exemple "
+"user@domain.name, pour se connecter. L'utilisation de cette option modifie "
+"la valeur par défaut de use_fully_qualified_names à True. Il n'est pas "
+"possible ni autorisé d'utiliser cette option avec l'option "
+"use_fully_qualified_names à False."
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:339 sssd-ldap.5.xml:663 sssd-ldap.5.xml:1480
-#: sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1574 sssd-ad.5.xml:576
-#: sssd-ad.5.xml:646 sssd-krb5.5.xml:410 sssd-krb5.5.xml:550
-#: include/ldap_id_mapping.xml:203 include/ldap_id_mapping.xml:214
+#: sssd.conf.5.xml:352 sssd-ldap.5.xml:663 sssd-ldap.5.xml:1498
+#: sssd-ldap.5.xml:1510 sssd-ldap.5.xml:1592 sssd-ad.5.xml:614
+#: sssd-ad.5.xml:689 sssd-krb5.5.xml:410 sssd-krb5.5.xml:550
+#: include/ldap_id_mapping.xml:205 include/ldap_id_mapping.xml:216
msgid "Default: not set"
msgstr "Par défaut : non défini"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:344
+#: sssd.conf.5.xml:357
msgid "override_space (string)"
msgstr "override_space (chaîne)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:347
+#: sssd.conf.5.xml:360
msgid ""
"This parameter will replace spaces (space bar) with the given character for "
"user and group names. e.g. (_). User name &quot;john doe&quot; will be "
@@ -663,9 +701,15 @@ msgid ""
"scripts that have difficulty handling spaces, due to the default field "
"separator in the shell."
msgstr ""
+"Ce paramètre remplace les espaces avec le caractère indiqués pour les noms "
+"d'utilisateurs et de groupes, par ex. (_). Ainsi, le nom &quot;john "
+"doe&quot; deviendra &quot;john_doe&quot;. Cette fonctionnalité a été ajoutée "
+"pour aider à la compatibilité avec les scripts shells qui ont des "
+"difficultés à gérer les espaces, du fait que l'espace est le séparateur par "
+"défaut de l'interpréteur de commande."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:356
+#: sssd.conf.5.xml:369
msgid ""
"Please note it is a configuration error to use a replacement character that "
"might be used in user or group names. If a name contains the replacement "
@@ -674,12 +718,107 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:364
+#: sssd.conf.5.xml:377
msgid "Default: not set (spaces will not be replaced)"
msgstr "Par défaut : non défini (les espaces ne seront pas remplacées)"
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:382
+#, fuzzy
+#| msgid "ldap_user_certificate (string)"
+msgid "certificate_verification (string)"
+msgstr "ldap_user_certificate (chaîne)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:390
+msgid "no_ocsp"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:392
+msgid ""
+"Disables Online Certificate Status Protocol (OCSP) checks. This might be "
+"needed if the OCSP servers defined in the certificate are not reachable from "
+"the client."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:400
+msgid "no_verification"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:402
+msgid ""
+"Disables verification completely. This option should only be used for "
+"testing."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:408
+msgid "ocsp_default_responder=URL"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:410
+msgid ""
+"Sets the OCSP default responder which should be used instead of the one "
+"mentioned in the certificate. URL must be replaced with the URL of the OCSP "
+"default responder e.g. http://example.com:80/ocsp."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:416
+msgid ""
+"This option must be used together with ocsp_default_responder_signing_cert."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:424
+msgid "ocsp_default_responder_signing_cert=NAME"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:426
+msgid ""
+"The nickname of the cert to trust (expected) to sign the OCSP responses. "
+"The certificate with the given nickname must be availble in the systems NSS "
+"database."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:431
+#, fuzzy
+#| msgid "These options can be used to configure the PAC responder."
+msgid "This option must be used together with ocsp_default_responder."
+msgstr ""
+"Les options suivantes peuvent être utilisées pour configurer le répondeur "
+"PAC."
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:385
+msgid ""
+"With this parameter the certificate verification can be tuned with a comma "
+"separated list of options. Supported options are: <placeholder type="
+"\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:438
+msgid "Unknown options are reported but ignored."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:441
+#, fuzzy
+#| msgid "Default: not set, i.e. service discovery is disabled"
+msgid "Default: not set, i.e. do not restrict certificate vertification"
+msgstr ""
+"Par défaut : non défini, c'est-à-dire que le service de découverte est "
+"désactivé."
+
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:130
+#: sssd.conf.5.xml:143
msgid ""
"Individual pieces of SSSD functionality are provided by special SSSD "
"services that are started and stopped together with SSSD. The services are "
@@ -696,12 +835,12 @@ msgstr ""
"l'identité des domaines. <placeholder type=\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:375
+#: sssd.conf.5.xml:453
msgid "SERVICES SECTIONS"
msgstr "SECTIONS DE SERVICES"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:377
+#: sssd.conf.5.xml:455
msgid ""
"Settings that can be used to configure different services are described in "
"this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -714,22 +853,22 @@ msgstr ""
"section doit être <quote>[nss]</quote>"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:384
+#: sssd.conf.5.xml:462
msgid "General service configuration options"
msgstr "Options générales de configuration de service"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:386
+#: sssd.conf.5.xml:464
msgid "These options can be used to configure any service."
msgstr "Ces options peuvent être utilisées pour configurer les services."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:403
+#: sssd.conf.5.xml:481
msgid "fd_limit"
msgstr "fd_limit"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:406
+#: sssd.conf.5.xml:484
msgid ""
"This option specifies the maximum number of file descriptors that may be "
"opened at one time by this SSSD process. On systems where SSSD is granted "
@@ -744,17 +883,17 @@ msgstr ""
"valeur inférieure ou la limite « hard » de limits.conf."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:415
+#: sssd.conf.5.xml:493
msgid "Default: 8192 (or limits.conf \"hard\" limit)"
msgstr "Par défault : 8192 (ou la limite « hard » de limits.conf)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:420
+#: sssd.conf.5.xml:498
msgid "client_idle_timeout"
msgstr "client_idle_timeout"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:423
+#: sssd.conf.5.xml:501
msgid ""
"This option specifies the number of seconds that a client of an SSSD process "
"can hold onto a file descriptor without communicating on it. This value is "
@@ -766,19 +905,19 @@ msgstr ""
"ressources sur le système."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:430 sssd.conf.5.xml:446 sssd.conf.5.xml:478
-#: sssd.conf.5.xml:736 sssd.conf.5.xml:922 sssd.conf.5.xml:1289
-#: sssd-ldap.5.xml:1219
+#: sssd.conf.5.xml:508 sssd.conf.5.xml:524 sssd.conf.5.xml:556
+#: sssd.conf.5.xml:803 sssd.conf.5.xml:995 sssd.conf.5.xml:1428
+#: sssd-ldap.5.xml:1237
msgid "Default: 60"
msgstr "Par défaut : 60"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:435 sssd.conf.5.xml:1278
+#: sssd.conf.5.xml:513 sssd.conf.5.xml:1417
msgid "force_timeout (integer)"
msgstr "force_timeout (integer)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:438 sssd.conf.5.xml:1281
+#: sssd.conf.5.xml:516 sssd.conf.5.xml:1420
msgid ""
"If a service is not responding to ping checks (see the <quote>timeout</"
"quote> option), it is first sent the SIGTERM signal that instructs it to "
@@ -793,12 +932,12 @@ msgstr ""
"l'aide d'un signal SIGKILL."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:451
+#: sssd.conf.5.xml:529
msgid "offline_timeout (integer)"
msgstr "offline_timeout (entier)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:454
+#: sssd.conf.5.xml:532
msgid ""
"When SSSD switches to offline mode the amount of time before it tries to go "
"back online will increase based upon the time spent disconnected. This "
@@ -806,91 +945,37 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:461
+#: sssd.conf.5.xml:539
msgid "offline_timeout + random_offset"
-msgstr ""
+msgstr "offline_timeout + random_offset"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:464
+#: sssd.conf.5.xml:542
msgid ""
"The random offset can increment up to 30 seconds. After each unsuccessful "
"attempt to go online, the new interval is recalculated by the following:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:469
+#: sssd.conf.5.xml:547
msgid "new_interval = old_interval*2 + random_offset"
msgstr "new_interval = old_interval*2 + random_offset"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:472
+#: sssd.conf.5.xml:550
msgid ""
"Note that the maximum length of each interval is currently limited to one "
"hour. If the calculated length of new_interval is greater than an hour, it "
"will be forced to one hour."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:483
-msgid "subdomain_inherit (string)"
-msgstr "subdomain_inherit (chaîne)"
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:486
-msgid ""
-"Specifies a list of configuration parameters that should be inherited by a "
-"subdomain. Please note that only selected parameters can be inherited. "
-"Currently the following options can be inherited:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:492
-msgid "ignore_group_members"
-msgstr "ignore_group_members"
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:495
-msgid "ldap_purge_cache_timeout"
-msgstr "ldap_purge_cache_timeout"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:498 sssd-ldap.5.xml:1036
-msgid "ldap_use_tokengroups"
-msgstr "ldap_use_tokengroups"
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:501
-msgid "ldap_user_principal"
-msgstr "ldap_user_principal"
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:506
-#, no-wrap
-msgid ""
-"subdomain_inherit = ldap_purge_cache_timeout\n"
-" "
-msgstr ""
-"subdomain_inherit = ldap_purge_cache_timeout\n"
-" "
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:504
-msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
-msgstr "Exemple : <placeholder type=\"programlisting\" id=\"0\"/>"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:510 sssd.conf.5.xml:966 sssd.conf.5.xml:987
-#: sssd.conf.5.xml:1272 sssd-ldap.5.xml:1775
-msgid "Default: none"
-msgstr "Par défaut : aucun"
-
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:518
+#: sssd.conf.5.xml:564
msgid "NSS configuration options"
msgstr "Options de configuration NSS"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:520
+#: sssd.conf.5.xml:566
msgid ""
"These options can be used to configure the Name Service Switch (NSS) service."
msgstr ""
@@ -898,12 +983,12 @@ msgstr ""
"Switch (NSS)."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:525
+#: sssd.conf.5.xml:571
msgid "enum_cache_timeout (integer)"
msgstr "enum_cache_timeout (entier)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:528
+#: sssd.conf.5.xml:574
msgid ""
"How many seconds should nss_sss cache enumerations (requests for info about "
"all users)"
@@ -912,17 +997,17 @@ msgstr ""
"énumérations (requêtes sur les informations de tous les utilisateurs)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:532
+#: sssd.conf.5.xml:578
msgid "Default: 120"
msgstr "Par défaut : 120"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:537
+#: sssd.conf.5.xml:583
msgid "entry_cache_nowait_percentage (integer)"
msgstr "entry_cache_nowait_percentage (entier)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
+#: sssd.conf.5.xml:586
msgid ""
"The entry cache can be set to automatically update entries in the background "
"if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -933,7 +1018,7 @@ msgstr ""
"valeur de entry_cache_timeout pour le domaine."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:546
+#: sssd.conf.5.xml:592
msgid ""
"For example, if the domain's entry_cache_timeout is set to 30s and "
"entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -949,7 +1034,7 @@ msgstr ""
"cache."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:556
+#: sssd.conf.5.xml:602
msgid ""
"Valid values for this option are 0-99 and represent a percentage of the "
"entry_cache_timeout for each domain. For performance reasons, this "
@@ -962,17 +1047,17 @@ msgstr ""
"de non réponse à moins de 10 secondes (0 pour désactiver l'option)."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:564
+#: sssd.conf.5.xml:610
msgid "Default: 50"
msgstr "Par défaut : 50"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:569
+#: sssd.conf.5.xml:615
msgid "entry_negative_timeout (integer)"
msgstr "entry_negative_timeout (entier)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:572
+#: sssd.conf.5.xml:618
msgid ""
"Specifies for how many seconds nss_sss should cache negative cache hits "
"(that is, queries for invalid database entries, like nonexistent ones) "
@@ -984,22 +1069,56 @@ msgstr ""
"appel au moteur."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:578 sssd.conf.5.xml:1059
+#: sssd.conf.5.xml:624 sssd.conf.5.xml:1185
msgid "Default: 15"
msgstr "Par défaut : 15"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:583
+#: sssd.conf.5.xml:629
+#, fuzzy
+#| msgid "autofs_negative_timeout (integer)"
+msgid "local_negative_timeout (integer)"
+msgstr "autofs_negative_timeout (entier)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:632
+#, fuzzy
+#| msgid ""
+#| "Specifies for how many seconds nss_sss should cache negative cache hits "
+#| "(that is, queries for invalid database entries, like nonexistent ones) "
+#| "before asking the back end again."
+msgid ""
+"Specifies for how many seconds nss_sss should keep local users and groups in "
+"negative cache before trying to look it up in the back end again."
+msgstr ""
+"Spécifie le temps, en secondes, pendant lequel nss_sss doit mettre en cache "
+"les résultats négatifs du cache (c'est-à-dire les requêtes pour les bases de "
+"données invalides, comme celles qui n'existent pas) avant de faire à nouveau "
+"appel au moteur."
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:637 sssd.conf.5.xml:983 sssd.conf.5.xml:2406 sssd.8.xml:79
+msgid "Default: 0"
+msgstr "Par défaut : 0"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:642
msgid "filter_users, filter_groups (string)"
msgstr "filter_users, filter_groups (chaîne)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:586
+#: sssd.conf.5.xml:645
+#, fuzzy
+#| msgid ""
+#| "Exclude certain users from being fetched from the sss NSS database. This "
+#| "is particularly useful for system accounts. This option can also be set "
+#| "per-domain or include fully-qualified names to filter only users from the "
+#| "particular domain."
msgid ""
-"Exclude certain users from being fetched from the sss NSS database. This is "
-"particularly useful for system accounts. This option can also be set per-"
-"domain or include fully-qualified names to filter only users from the "
-"particular domain."
+"Exclude certain users or groups from being fetched from the sss NSS "
+"database. This is particularly useful for system accounts. This option can "
+"also be set per-domain or include fully-qualified names to filter only users "
+"from the particular domain."
msgstr ""
"Exclue certains utilisateurs de la recherche à partir de la base de données "
"sss NSS. Ceci est particulièrement utile pour les comptes système. Cette "
@@ -1008,17 +1127,26 @@ msgstr ""
"certain domaine."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:593
+#: sssd.conf.5.xml:652
+msgid ""
+"NOTE: The filter_groups option doesn't affect inheritance of nested group "
+"members, since filtering happens after they are propagated for returning via "
+"NSS. E.g. a group having a member group filtered out will still have the "
+"member users of the latter listed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:660
msgid "Default: root"
msgstr "Par défaut : root"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:598
+#: sssd.conf.5.xml:665
msgid "filter_users_in_groups (bool)"
msgstr "filter_users_in_groups (booléen)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:601
+#: sssd.conf.5.xml:668
msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
@@ -1026,12 +1154,12 @@ msgstr ""
"membres de groupes."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:612
+#: sssd.conf.5.xml:679
msgid "fallback_homedir (string)"
msgstr "fallback_homedir (string)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:615
+#: sssd.conf.5.xml:682
msgid ""
"Set a default template for a user's home directory if one is not specified "
"explicitly by the domain's data provider."
@@ -1040,7 +1168,7 @@ msgstr ""
"explicitement spécifié par le fournisseur de données du domaine."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:620
+#: sssd.conf.5.xml:687
msgid ""
"The available values for this option are the same as for override_homedir."
msgstr ""
@@ -1048,7 +1176,7 @@ msgstr ""
"override_homedir."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:626
+#: sssd.conf.5.xml:693
#, no-wrap
msgid ""
"fallback_homedir = /home/%u\n"
@@ -1058,25 +1186,25 @@ msgstr ""
" "
#. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:624 sssd.conf.5.xml:981 sssd-krb5.5.xml:533
-#: include/override_homedir.xml:55
+#: sssd.conf.5.xml:691 sssd.conf.5.xml:1062 sssd.conf.5.xml:1081
+#: sssd-krb5.5.xml:533 include/override_homedir.xml:55
msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
msgstr "exemple : <placeholder type=\"programlisting\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:630
+#: sssd.conf.5.xml:697
msgid "Default: not set (no substitution for unset home directories)"
msgstr ""
"Par défaut : non défini (aucune substitution pour les répertoires d'accueil "
"non définis)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:636
+#: sssd.conf.5.xml:703
msgid "override_shell (string)"
msgstr "override_shell (string)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:639
+#: sssd.conf.5.xml:706
msgid ""
"Override the login shell for all users. This option supersedes any other "
"shell options if it takes effect and can be set either in the [nss] section "
@@ -1088,17 +1216,17 @@ msgstr ""
"section [nss], soit par domaine."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:645
+#: sssd.conf.5.xml:712
msgid "Default: not set (SSSD will use the value retrieved from LDAP)"
msgstr "Par défaut : indéfini (SSSD utilisera la valeur récupérée de LDAP)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:651
+#: sssd.conf.5.xml:718
msgid "allowed_shells (string)"
msgstr "allowed_shells (chaîne)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:654
+#: sssd.conf.5.xml:721
msgid ""
"Restrict user shell to one of the listed values. The order of evaluation is:"
msgstr ""
@@ -1106,14 +1234,14 @@ msgstr ""
"indiquées. L'ordre d'évaluation est :"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:657
+#: sssd.conf.5.xml:724
msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
msgstr ""
"1. Si l'interpréteur de commandes est présent dans <quote>/etc/shells</"
"quote>, il est utilisé."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:661
+#: sssd.conf.5.xml:728
msgid ""
"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
"quote>, use the value of the shell_fallback parameter."
@@ -1123,7 +1251,7 @@ msgstr ""
"shell_fallback » sera utilisée."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:666
+#: sssd.conf.5.xml:733
msgid ""
"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
"shells</quote>, a nologin shell is used."
@@ -1132,12 +1260,12 @@ msgstr ""
"ni dans <quote>/etc/shells</quote>, une connexion sans shell est utilisée."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:671
+#: sssd.conf.5.xml:738
msgid "The wildcard (*) can be used to allow any shell."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:674
+#: sssd.conf.5.xml:741
msgid ""
"The (*) is useful if you want to use shell_fallback in case that user's "
"shell is not in <quote>/etc/shells</quote> and maintaining list of all "
@@ -1145,14 +1273,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:681
+#: sssd.conf.5.xml:748
msgid "An empty string for shell is passed as-is to libc."
msgstr ""
"Une chaîne vide pour l'interpréteur de commandes est passée telle quelle est "
"à la libc."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:684
+#: sssd.conf.5.xml:751
msgid ""
"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
"that a restart of the SSSD is required in case a new shell is installed."
@@ -1162,31 +1290,31 @@ msgstr ""
"est installé."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:688
+#: sssd.conf.5.xml:755
msgid "Default: Not set. The user shell is automatically used."
msgstr ""
"Par défaut : non défini. L'interpréteur de commandes de l'utilisateur est "
"utilisé automatiquement."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:693
+#: sssd.conf.5.xml:760
msgid "vetoed_shells (string)"
msgstr "vetoed_shells (chaîne)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:696
+#: sssd.conf.5.xml:763
msgid "Replace any instance of these shells with the shell_fallback"
msgstr ""
"Remplace toutes les occurences de ces interpréteurs de commandes par "
"l'interpréteur de commandes par défaut"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:701
+#: sssd.conf.5.xml:768
msgid "shell_fallback (string)"
msgstr "shell_fallback (chaîne)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:704
+#: sssd.conf.5.xml:771
msgid ""
"The default shell to use if an allowed shell is not installed on the machine."
msgstr ""
@@ -1194,17 +1322,17 @@ msgstr ""
"commandes autorisé n'est pas installé sur la machine."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:708
+#: sssd.conf.5.xml:775
msgid "Default: /bin/sh"
msgstr "Par défaut : /bin/sh"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:713
+#: sssd.conf.5.xml:780
msgid "default_shell"
msgstr "default_shell"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:716
+#: sssd.conf.5.xml:783
msgid ""
"The default shell to use if the provider does not return one during lookup. "
"This option can be specified globally in the [nss] section or per-domain."
@@ -1214,7 +1342,7 @@ msgstr ""
"choix soit dans la section [nss], soit par domaine."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:722
+#: sssd.conf.5.xml:789
msgid ""
"Default: not set (Return NULL if no shell is specified and rely on libc to "
"substitute something sensible when necessary, usually /bin/sh)"
@@ -1224,12 +1352,12 @@ msgstr ""
"nécessaire, habituellement /bin/sh)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:729 sssd.conf.5.xml:915
+#: sssd.conf.5.xml:796 sssd.conf.5.xml:988
msgid "get_domains_timeout (int)"
msgstr "get_domains_timeout (int)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:732 sssd.conf.5.xml:918
+#: sssd.conf.5.xml:799 sssd.conf.5.xml:991
msgid ""
"Specifies time in seconds for which the list of subdomains will be "
"considered valid."
@@ -1238,31 +1366,42 @@ msgstr ""
"jugée valide."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:741
+#: sssd.conf.5.xml:808
msgid "memcache_timeout (int)"
msgstr "memcache_timeout (int)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:744
+#: sssd.conf.5.xml:811
+#, fuzzy
+#| msgid ""
+#| "Specifies time in seconds for which records in the in-memory cache will "
+#| "be valid"
msgid ""
"Specifies time in seconds for which records in the in-memory cache will be "
-"valid"
+"valid."
msgstr ""
"Spécifie la durée en secondes, pour laquelle les enregistrements du cache en "
"mémoire seront valides"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:748 sssd-ldap.5.xml:706
+#: sssd.conf.5.xml:815 sssd.conf.5.xml:1299 sssd-ldap.5.xml:706
msgid "Default: 300"
msgstr "Par défaut : 300"
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:818
+msgid ""
+"NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", "
+"client applications will not use the fast in-memory cache."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:753 sssd-ifp.5.xml:74
+#: sssd.conf.5.xml:826 sssd-ifp.5.xml:74
msgid "user_attributes (string)"
msgstr "user_attributes (chaîne)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:829
msgid ""
"Some of the additional NSS responder requests can return more attributes "
"than just the POSIX ones defined by the NSS interface. The list of "
@@ -1273,24 +1412,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:769
+#: sssd.conf.5.xml:842
msgid ""
"To make configuration more easy the NSS responder will check the InfoPipe "
"option if it is not set for the NSS responder."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:774
+#: sssd.conf.5.xml:847
msgid "Default: not set, fallback to InfoPipe option"
msgstr "Par défaut : non défini, repli sur l'option InfoPipe"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:781
+#: sssd.conf.5.xml:854
msgid "PAM configuration options"
msgstr "Options de configuration de PAM"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:856
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
@@ -1299,12 +1438,12 @@ msgstr ""
"Module (PAM)."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:788
+#: sssd.conf.5.xml:861
msgid "offline_credentials_expiration (integer)"
msgstr "offline_credentials_expiration (entier)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:791
+#: sssd.conf.5.xml:864
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
@@ -1314,17 +1453,17 @@ msgstr ""
"connexion réussie)."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:796 sssd.conf.5.xml:809
+#: sssd.conf.5.xml:869 sssd.conf.5.xml:882
msgid "Default: 0 (No limit)"
msgstr "Par défaut : 0 (pas de limite)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:802
+#: sssd.conf.5.xml:875
msgid "offline_failed_login_attempts (integer)"
msgstr "offline_failed_login_attempts (entier)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:805
+#: sssd.conf.5.xml:878
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
@@ -1333,12 +1472,12 @@ msgstr ""
"échouées sont autorisées."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:815
+#: sssd.conf.5.xml:888
msgid "offline_failed_login_delay (integer)"
msgstr "offline_failed_login_delay (entier)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:818
+#: sssd.conf.5.xml:891
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
@@ -1348,7 +1487,7 @@ msgstr ""
"soit possible."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:823
+#: sssd.conf.5.xml:896
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -1359,17 +1498,17 @@ msgstr ""
"connexion réussie en ligne peut réactiver l'authentification."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:829 sssd.conf.5.xml:882
+#: sssd.conf.5.xml:902 sssd.conf.5.xml:955
msgid "Default: 5"
msgstr "Par défaut : 5"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:835
+#: sssd.conf.5.xml:908
msgid "pam_verbosity (integer)"
msgstr "pam_verbosity (entier)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:838
+#: sssd.conf.5.xml:911
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
@@ -1379,44 +1518,44 @@ msgstr ""
"affichés sera important."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:843
+#: sssd.conf.5.xml:916
msgid "Currently sssd supports the following values:"
msgstr "Actuellement sssd supporte les valeurs suivantes :"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:846
+#: sssd.conf.5.xml:919
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr "<emphasis>0</emphasis> : ne pas afficher de message"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:849
+#: sssd.conf.5.xml:922
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr "<emphasis>1</emphasis> : afficher seulement les messages importants"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:853
+#: sssd.conf.5.xml:926
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr "<emphasis>2</emphasis> : afficher les messages d'information"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:856
+#: sssd.conf.5.xml:929
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
"<emphasis>3</emphasis> : afficher tous les messages et informations de "
"débogage"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:860 sssd.8.xml:63
+#: sssd.conf.5.xml:933 sssd.8.xml:63
msgid "Default: 1"
msgstr "Par défaut : 1"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:865
+#: sssd.conf.5.xml:938
msgid "pam_id_timeout (integer)"
msgstr "pam_id_timeout (entier)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:941
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -1428,7 +1567,7 @@ msgstr ""
"les dernières informations."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:874
+#: sssd.conf.5.xml:947
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
@@ -1442,17 +1581,17 @@ msgstr ""
"fournisseur d'identité."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:888
+#: sssd.conf.5.xml:961
msgid "pam_pwd_expiration_warning (integer)"
msgstr "pam_pwd_expiration_warning (entier)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:891 sssd.conf.5.xml:1492
+#: sssd.conf.5.xml:964 sssd.conf.5.xml:1631
msgid "Display a warning N days before the password expires."
msgstr "Afficher une alerte N jours avant l'expiration du mot de passe."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:894
+#: sssd.conf.5.xml:967
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -1463,7 +1602,7 @@ msgstr ""
"ne peut afficher de message d'alerte."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:900 sssd.conf.5.xml:1495
+#: sssd.conf.5.xml:973 sssd.conf.5.xml:1634
msgid ""
"If zero is set, then this filter is not applied, i.e. if the expiration "
"warning was received from backend server, it will automatically be displayed."
@@ -1473,7 +1612,7 @@ msgstr ""
"sera automatiquement affiché."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:905
+#: sssd.conf.5.xml:978
msgid ""
"This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
"emphasis> for a particular domain."
@@ -1481,107 +1620,204 @@ msgstr ""
"Ce paramètre peut être surchargé par le paramètre "
"<emphasis>pwd_expiration_warning</emphasis> pour un domaine particulier."
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:910 sssd.conf.5.xml:2224 sssd.8.xml:79
-msgid "Default: 0"
-msgstr "Par défaut : 0"
-
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:927
+#: sssd.conf.5.xml:1000
msgid "pam_trusted_users (string)"
msgstr "pam_trusted_users (chaîne)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:930
+#: sssd.conf.5.xml:1003
+#, fuzzy
+#| msgid ""
+#| "Specifies the comma-separated list of UID values or user names that are "
+#| "allowed to access the PAC responder. User names are resolved to UIDs at "
+#| "startup."
msgid ""
"Specifies the comma-separated list of UID values or user names that are "
-"allowed to access the PAM responder. User names are resolved to UIDs at "
+"allowed to run PAM conversations against trusted domains. Users not "
+"included in this list can only access domains marked as public with "
+"<quote>pam_public_domains</quote>. User names are resolved to UIDs at "
"startup."
msgstr ""
+"Spécifie la liste séparée par des virgules des UID ou noms d'utilisateurs "
+"qui sont autorisés à accéder au répondeur PAC. Les noms d'utilisateurs "
+"seront résolus en UID au démarrage."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:936
-msgid "Default: all (All users are allowed to access the PAM responder)"
+#: sssd.conf.5.xml:1013
+#, fuzzy
+#| msgid "Default: all (All users are allowed to access the PAM responder)"
+msgid "Default: All users are considered trusted by default"
msgstr ""
"Par défaut : all (tous les utilisateurs peuvent accéder au répondeur PAM)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940
+#: sssd.conf.5.xml:1017
msgid ""
"Please note that UID 0 is always allowed to access the PAM responder even in "
"case it is not in the pam_trusted_users list."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:947
+#: sssd.conf.5.xml:1024
msgid "pam_public_domains (string)"
msgstr "pam_public_domains (chaîne)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:950
+#: sssd.conf.5.xml:1027
msgid ""
"Specifies the comma-separated list of domain names that are accessible even "
"to untrusted users."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:954
+#: sssd.conf.5.xml:1031
msgid "Two special values for pam_public_domains option are defined:"
msgstr ""
+"Deux valeurs spéciales pour l'option pam_public_domains sont définies :"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:958
+#: sssd.conf.5.xml:1035
msgid ""
"all (Untrusted users are allowed to access all domains in PAM responder.)"
msgstr ""
+"all (tous les utilisateurs non dignes de confiance sont autorisés à accéder "
+"à tous les domaines PAM dans le répondeur.)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:962
+#: sssd.conf.5.xml:1039
msgid ""
"none (Untrusted users are not allowed to access any domains PAM in "
"responder.)"
msgstr ""
+"none (les utilisateurs non dignes de confiance, Untrusted, ne sont pas "
+"autorisés à accéder à un des domaines PAM dans le répondeur.)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1043 sssd.conf.5.xml:1068 sssd.conf.5.xml:1087
+#: sssd.conf.5.xml:1411 sssd.conf.5.xml:2342 sssd-ldap.5.xml:1793
+msgid "Default: none"
+msgstr "Par défaut : aucun"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:971
+#: sssd.conf.5.xml:1048
msgid "pam_account_expired_message (string)"
msgstr "pam_account_expired_message (chaîne)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:974
+#: sssd.conf.5.xml:1051
+msgid ""
+"Allows a custom expiration message to be set, replacing the default "
+"'Permission denied' message."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1056
+msgid ""
+"Note: Please be aware that message is only printed for the SSH service "
+"unless pam_verbostiy is set to 3 (show all messages and debug information)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd.conf.5.xml:1064
+#, fuzzy, no-wrap
+#| msgid ""
+#| "pam_account_expired_message = Account expired, please call help desk.\n"
+#| " "
+msgid ""
+"pam_account_expired_message = Account expired, please contact help desk.\n"
+" "
+msgstr ""
+"pam_account_expired_message = Account a expiré, merci de contacter votre assistance.\n"
+" "
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1073
+#, fuzzy
+#| msgid "pam_account_expired_message (string)"
+msgid "pam_account_locked_message (string)"
+msgstr "pam_account_expired_message (chaîne)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1076
msgid ""
-"If user is authenticating using SSH keys and account is expired then by "
-"default 'Permission denied' is output. This output will be changed to "
-"content of this variable if it is set."
+"Allows a custom lockout message to be set, replacing the default 'Permission "
+"denied' message."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:983
-#, no-wrap
+#: sssd.conf.5.xml:1083
+#, fuzzy, no-wrap
+#| msgid ""
+#| "pam_account_expired_message = Account expired, please call help desk.\n"
+#| " "
msgid ""
-"pam_account_expired_message = Account expired, please call help desk.\n"
+"pam_account_locked_message = Account locked, please contact help desk.\n"
+" "
+msgstr ""
+"pam_account_expired_message = Account a expiré, merci de contacter votre assistance.\n"
" "
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1092
+#, fuzzy
+#| msgid "enumerate (bool)"
+msgid "pam_cert_auth (bool)"
+msgstr "enumerate (booléen)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1095
+msgid ""
+"Enable certificate based Smartcard authentication. Since this requires "
+"additional communication with the Smartcard which will delay the "
+"authentication process this option is disabled by default."
msgstr ""
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1101 sssd-ldap.5.xml:1021 sssd-ldap.5.xml:1048
+#: sssd-ldap.5.xml:1339 sssd-ldap.5.xml:1360 sssd-ldap.5.xml:1866
+#: include/ldap_id_mapping.xml:244
+msgid "Default: False"
+msgstr "Par défaut : False"
+
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:992
+#: sssd.conf.5.xml:1106
+#, fuzzy
+#| msgid "krb5_confd_path (string)"
+msgid "pam_cert_db_path (string)"
+msgstr "krb5_confd_path (chaîne)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1109
+msgid ""
+"The path to the certificate database which contain the PKCS#11 modules to "
+"access the Smartcard."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1113
+msgid "Default: /etc/pki/nssdb (NSS version)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1118
#, fuzzy
#| msgid "pam_id_timeout (integer)"
msgid "p11_child_timeout (integer)"
msgstr "pam_id_timeout (entier)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:995
+#: sssd.conf.5.xml:1121
msgid "How many seconds will pam_sss wait for p11_child to finish."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1008
+#: sssd.conf.5.xml:1134
msgid "SUDO configuration options"
msgstr "Options de configuration de SUDO"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1010
+#: sssd.conf.5.xml:1136
msgid ""
"These options can be used to configure the sudo service. The detailed "
"instructions for configuration of <citerefentry> <refentrytitle>sudo</"
@@ -1598,12 +1834,12 @@ msgstr ""
"sudo</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1027
+#: sssd.conf.5.xml:1153
msgid "sudo_timed (bool)"
msgstr "sudo_timed (booléen)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1030
+#: sssd.conf.5.xml:1156
msgid ""
"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
"that implement time-dependent sudoers entries."
@@ -1612,22 +1848,22 @@ msgstr ""
"les entrées sudoers sensibles au temps."
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1043
+#: sssd.conf.5.xml:1169
msgid "AUTOFS configuration options"
msgstr "Options de configuration AUTOFS"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1045
+#: sssd.conf.5.xml:1171
msgid "These options can be used to configure the autofs service."
msgstr "Ces options peuvent être utilisées pour configurer le service autofs."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1049
+#: sssd.conf.5.xml:1175
msgid "autofs_negative_timeout (integer)"
msgstr "autofs_negative_timeout (entier)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1052
+#: sssd.conf.5.xml:1178
msgid ""
"Specifies for how many seconds should the autofs responder negative cache "
"hits (that is, queries for invalid map entries, like nonexistent ones) "
@@ -1639,23 +1875,23 @@ msgstr ""
"moteur."
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1068
+#: sssd.conf.5.xml:1194
msgid "SSH configuration options"
msgstr "Options de configuration SSH"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1070
+#: sssd.conf.5.xml:1196
msgid "These options can be used to configure the SSH service."
msgstr ""
"Les options suivantes peuvent être utilisées pour configurer le service SSH."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1074
+#: sssd.conf.5.xml:1200
msgid "ssh_hash_known_hosts (bool)"
msgstr "ssh_hash_known_hosts (bool)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1077
+#: sssd.conf.5.xml:1203
msgid ""
"Whether or not to hash host names and addresses in the managed known_hosts "
"file."
@@ -1663,12 +1899,12 @@ msgstr ""
"Condenser ou non les noms de systèmes et adresses du fichier known_hosts"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1086
+#: sssd.conf.5.xml:1212
msgid "ssh_known_hosts_timeout (integer)"
msgstr "ssh_known_hosts_timeout (integer)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1089
+#: sssd.conf.5.xml:1215
msgid ""
"How many seconds to keep a host in the managed known_hosts file after its "
"host keys were requested."
@@ -1677,38 +1913,38 @@ msgstr ""
"known_hosts géré après que ses clés de système ont été demandés."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1093
+#: sssd.conf.5.xml:1219
msgid "Default: 180"
msgstr "Par défaut : 180"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1098
+#: sssd.conf.5.xml:1224
#, fuzzy
#| msgid "mail_dir (string)"
msgid "ca_db (string)"
msgstr "mail_dir (chaîne)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1101
+#: sssd.conf.5.xml:1227
msgid ""
"Path to a storage of trusted CA certificates. The option is used to validate "
"user certificates before deriving public ssh keys from them."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1106
+#: sssd.conf.5.xml:1232
#, fuzzy
#| msgid "Default: /etc/krb5.keytab"
msgid "Default: /etc/pki/nssdb"
msgstr "Par défaut : /etc/krb5.keytab"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1114
+#: sssd.conf.5.xml:1240
msgid "PAC responder configuration options"
msgstr "Options de configuration du répondeur PAC"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1116
+#: sssd.conf.5.xml:1242
msgid ""
"The PAC responder works together with the authorization data plugin for MIT "
"Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the "
@@ -1727,7 +1963,7 @@ msgstr ""
"décodées et évaluées, les opérations suivantes sont effectuées :"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1125
+#: sssd.conf.5.xml:1251
msgid ""
"If the remote user does not exist in the cache, it is created. The uid is "
"determined with the help of the SID, trusted domains will have UPGs and the "
@@ -1745,7 +1981,7 @@ msgstr ""
"default_shell."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1133
+#: sssd.conf.5.xml:1259
msgid ""
"If there are SIDs of groups from domains sssd knows about, the user will be "
"added to those groups."
@@ -1754,19 +1990,19 @@ msgstr ""
"ajouté à ces groupes."
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1139
+#: sssd.conf.5.xml:1265
msgid "These options can be used to configure the PAC responder."
msgstr ""
"Les options suivantes peuvent être utilisées pour configurer le répondeur "
"PAC."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1143 sssd-ifp.5.xml:50
+#: sssd.conf.5.xml:1269 sssd-ifp.5.xml:50
msgid "allowed_uids (string)"
msgstr "allowed_uids (string)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1146
+#: sssd.conf.5.xml:1272
msgid ""
"Specifies the comma-separated list of UID values or user names that are "
"allowed to access the PAC responder. User names are resolved to UIDs at "
@@ -1777,14 +2013,14 @@ msgstr ""
"seront résolus en UID au démarrage."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1152
+#: sssd.conf.5.xml:1278
msgid "Default: 0 (only the root user is allowed to access the PAC responder)"
msgstr ""
"Par défaut : 0 (seul l'utilisateur root est autorisé à accéder au répondeur "
"PAC)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1156
+#: sssd.conf.5.xml:1282
msgid ""
"Please note that although the UID 0 is used as the default it will be "
"overwritten with this option. If you still want to allow the root user to "
@@ -1796,18 +2032,32 @@ msgstr ""
"accéder au répondeur PAC, ce qui serait un cas habituel, vous devez ajouter "
"0 à la liste des UID d'utilisateurs autorisés."
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1291
+#, fuzzy
+#| msgid "pam_id_timeout (integer)"
+msgid "pac_lifetime (integer)"
+msgstr "pam_id_timeout (entier)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1294
+msgid ""
+"Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC "
+"data can be used to determine the group memberships of a user."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1170
+#: sssd.conf.5.xml:1309
msgid "DOMAIN SECTIONS"
msgstr "SECTIONS DOMAINES"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1177
+#: sssd.conf.5.xml:1316
msgid "min_id,max_id (integer)"
msgstr "min_id,max_id (entier)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1180
+#: sssd.conf.5.xml:1319
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
@@ -1816,7 +2066,7 @@ msgstr ""
"dehors de ces limites, elle est ignorée."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1185
+#: sssd.conf.5.xml:1324
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -1829,7 +2079,7 @@ msgstr ""
"qui sont dans la plage seront rapportés comme prévu."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1192
+#: sssd.conf.5.xml:1331
msgid ""
"These ID limits affect even saving entries to cache, not only returning them "
"by name or ID."
@@ -1838,17 +2088,17 @@ msgstr ""
"pas seulement leur recherche par nom ou identifiant."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1196
+#: sssd.conf.5.xml:1335
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr "Default: 1 for min_id, 0 (no limit) for max_id"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1202
+#: sssd.conf.5.xml:1341
msgid "enumerate (bool)"
msgstr "enumerate (booléen)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1205
+#: sssd.conf.5.xml:1344
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
@@ -1857,22 +2107,22 @@ msgstr ""
"valeurs suivantes :"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1209
+#: sssd.conf.5.xml:1348
msgid "TRUE = Users and groups are enumerated"
msgstr "TRUE = utilisateurs et groupes sont énumérés"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1212
+#: sssd.conf.5.xml:1351
msgid "FALSE = No enumerations for this domain"
msgstr "FALSE = aucune énumération pour ce domaine"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1215 sssd.conf.5.xml:1447 sssd.conf.5.xml:1614
+#: sssd.conf.5.xml:1354 sssd.conf.5.xml:1586 sssd.conf.5.xml:1753
msgid "Default: FALSE"
msgstr "Par défaut : FALSE"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1218
+#: sssd.conf.5.xml:1357
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -1893,7 +2143,7 @@ msgstr ""
"être recalculées."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1231
+#: sssd.conf.5.xml:1370
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
@@ -1903,7 +2153,7 @@ msgstr ""
"l'énumération ne se termine."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1236
+#: sssd.conf.5.xml:1375
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -1917,7 +2167,7 @@ msgstr ""
"fournisseur d'identité spécifique utilisé."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1244
+#: sssd.conf.5.xml:1383
msgid ""
"For the reasons cited above, enabling enumeration is not recommended, "
"especially in large environments."
@@ -1926,32 +2176,32 @@ msgstr ""
"déconseillée, surtout dans les environnements de grande taille."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1252
+#: sssd.conf.5.xml:1391
msgid "subdomain_enumerate (string)"
msgstr "subdomain_enumerate (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1259
+#: sssd.conf.5.xml:1398
msgid "all"
msgstr "all"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1260
+#: sssd.conf.5.xml:1399
msgid "All discovered trusted domains will be enumerated"
msgstr "Tous les domaines approuvés découverts seront énumérés"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1263
+#: sssd.conf.5.xml:1402
msgid "none"
msgstr "none"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1264
+#: sssd.conf.5.xml:1403
msgid "No discovered trusted domains will be enumerated"
msgstr "Aucun domaine approuvé découvert ne sera énuméré"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1255
+#: sssd.conf.5.xml:1394
msgid ""
"Whether any of autodetected trusted domains should be enumerated. The "
"supported values are: <placeholder type=\"variablelist\" id=\"0\"/> "
@@ -1965,12 +2215,12 @@ msgstr ""
"activer l'énumération pour ces seuls domaines."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1295
+#: sssd.conf.5.xml:1434
msgid "entry_cache_timeout (integer)"
msgstr "entry_cache_timeout (entier)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1298
+#: sssd.conf.5.xml:1437
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
@@ -1979,7 +2229,7 @@ msgstr ""
"comme valides avant de les redemander au moteur"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1302
+#: sssd.conf.5.xml:1441
msgid ""
"The cache expiration timestamps are stored as attributes of individual "
"objects in the cache. Therefore, changing the cache timeout only has effect "
@@ -1997,17 +2247,17 @@ msgstr ""
"rafraîchissement des entrées qui sont déjà en cache."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1315
+#: sssd.conf.5.xml:1454
msgid "Default: 5400"
msgstr "Par défaut : 5400"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1321
+#: sssd.conf.5.xml:1460
msgid "entry_cache_user_timeout (integer)"
msgstr "entry_cache_user_timeout (entier)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1324
+#: sssd.conf.5.xml:1463
msgid ""
"How many seconds should nss_sss consider user entries valid before asking "
"the backend again"
@@ -2016,19 +2266,19 @@ msgstr ""
"d'utilisateurs comme valides avant de les redemander au moteur."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1328 sssd.conf.5.xml:1341 sssd.conf.5.xml:1354
-#: sssd.conf.5.xml:1367 sssd.conf.5.xml:1380 sssd.conf.5.xml:1394
-#: sssd.conf.5.xml:1408
+#: sssd.conf.5.xml:1467 sssd.conf.5.xml:1480 sssd.conf.5.xml:1493
+#: sssd.conf.5.xml:1506 sssd.conf.5.xml:1519 sssd.conf.5.xml:1533
+#: sssd.conf.5.xml:1547
msgid "Default: entry_cache_timeout"
msgstr "Par défaut : entry_cache_timeout"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1334
+#: sssd.conf.5.xml:1473
msgid "entry_cache_group_timeout (integer)"
msgstr "entry_cache_group_timeout (entier)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1337
+#: sssd.conf.5.xml:1476
msgid ""
"How many seconds should nss_sss consider group entries valid before asking "
"the backend again"
@@ -2037,12 +2287,12 @@ msgstr ""
"groupes comme valides avant de les redemander au moteur."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1347
+#: sssd.conf.5.xml:1486
msgid "entry_cache_netgroup_timeout (integer)"
msgstr "entry_cache_netgroup_timeout (entier)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1350
+#: sssd.conf.5.xml:1489
msgid ""
"How many seconds should nss_sss consider netgroup entries valid before "
"asking the backend again"
@@ -2051,12 +2301,12 @@ msgstr ""
"netgroup comme valides avant de les redemander au moteur."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1360
+#: sssd.conf.5.xml:1499
msgid "entry_cache_service_timeout (integer)"
msgstr "entry_cache_service_timeout (entier)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1363
+#: sssd.conf.5.xml:1502
msgid ""
"How many seconds should nss_sss consider service entries valid before asking "
"the backend again"
@@ -2065,12 +2315,12 @@ msgstr ""
"service valides avant de les redemander au moteur"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1373
+#: sssd.conf.5.xml:1512
msgid "entry_cache_sudo_timeout (integer)"
msgstr "entry_cache_sudo_timeout (integer)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1376
+#: sssd.conf.5.xml:1515
msgid ""
"How many seconds should sudo consider rules valid before asking the backend "
"again"
@@ -2079,12 +2329,12 @@ msgstr ""
"valides avant de les redemander au moteur"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1386
+#: sssd.conf.5.xml:1525
msgid "entry_cache_autofs_timeout (integer)"
msgstr "entry_cache_autofs_timeout (integer)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1389
+#: sssd.conf.5.xml:1528
msgid ""
"How many seconds should the autofs service consider automounter maps valid "
"before asking the backend again"
@@ -2093,24 +2343,26 @@ msgstr ""
"cartes d'automontage comme valides avant de les redemander au moteur"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1400
+#: sssd.conf.5.xml:1539
msgid "entry_cache_ssh_host_timeout (integer)"
msgstr "entry_cache_ssh_host_timeout (entier)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1403
+#: sssd.conf.5.xml:1542
msgid ""
"How many seconds to keep a host ssh key after refresh. IE how long to cache "
"the host key for."
msgstr ""
+"La durée en secondes pendant laquelle conserver une clé ssh d'hôte après "
+"rafraichissement. I.e. combien de temps mettre la clé en cache."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1414
+#: sssd.conf.5.xml:1553
msgid "refresh_expired_interval (integer)"
msgstr "refresh_expired_interval (entier)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1417
+#: sssd.conf.5.xml:1556
msgid ""
"Specifies how many seconds SSSD has to wait before triggering a background "
"refresh task which will refresh all expired or nearly expired records."
@@ -2120,48 +2372,48 @@ msgstr ""
"enregistrements expirés ou sur le point de l'être."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1422
+#: sssd.conf.5.xml:1561
msgid ""
"The background refresh will process users, groups and netgroups in the cache."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1426
+#: sssd.conf.5.xml:1565
msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
msgstr ""
"Il est envisageable de configurer cette valeur à 3/4 * entry_cache_timeout."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1430 sssd-ldap.5.xml:730 sssd-ipa.5.xml:227
+#: sssd.conf.5.xml:1569 sssd-ldap.5.xml:730 sssd-ipa.5.xml:227
msgid "Default: 0 (disabled)"
msgstr "Par défaut : 0 (désactivé)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1436
+#: sssd.conf.5.xml:1575
msgid "cache_credentials (bool)"
msgstr "cache_credentials (booléen)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1439
+#: sssd.conf.5.xml:1578
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
"Détermine si les données d'identification de l'utilisateur sont aussi mis en "
"cache dans le cache LDB local"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1443
+#: sssd.conf.5.xml:1582
msgid "User credentials are stored in a SHA512 hash, not in plaintext"
msgstr ""
"Les informations d'identification utilisateur sont stockées dans une table "
"de hachage SHA512, et non en texte brut"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1453
+#: sssd.conf.5.xml:1592
msgid "cache_credentials_minimal_first_factor_length (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1456
+#: sssd.conf.5.xml:1595
msgid ""
"If 2-Factor-Authentication (2FA) is used and credentials should be saved "
"this value determines the minimal length the first authentication factor "
@@ -2169,24 +2421,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1463
+#: sssd.conf.5.xml:1602
msgid ""
"This should avoid that the short PINs of a PIN based 2FA scheme are saved in "
"the cache which would make them easy targets for brute-force attacks."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1468
+#: sssd.conf.5.xml:1607
msgid "Default: 8"
msgstr "Par défaut : 8"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1474
+#: sssd.conf.5.xml:1613
msgid "account_cache_expiration (integer)"
msgstr "account_cache_expiration (entier)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1477
+#: sssd.conf.5.xml:1616
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -2199,17 +2451,17 @@ msgstr ""
"paramètre doit être supérieur ou égal à offline_credentials_expiration."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1484
+#: sssd.conf.5.xml:1623
msgid "Default: 0 (unlimited)"
msgstr "Par défaut : 0 (illimité)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1489
+#: sssd.conf.5.xml:1628
msgid "pwd_expiration_warning (integer)"
msgstr "pwd_expiration_warning (integer)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1500
+#: sssd.conf.5.xml:1639
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -2222,17 +2474,17 @@ msgstr ""
"fournisseur oauth doit être configuré pour le moteur."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1507
+#: sssd.conf.5.xml:1646
msgid "Default: 7 (Kerberos), 0 (LDAP)"
msgstr "Par défaut : 7 (Kerberos), 0 (LDAP)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1513
+#: sssd.conf.5.xml:1652
msgid "id_provider (string)"
msgstr "id_provider (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1516
+#: sssd.conf.5.xml:1655
msgid ""
"The identification provider used for the domain. Supported ID providers are:"
msgstr ""
@@ -2240,18 +2492,18 @@ msgstr ""
"d'identification pris en charge sont :"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1520
+#: sssd.conf.5.xml:1659
msgid "<quote>proxy</quote>: Support a legacy NSS provider"
msgstr "<quote>proxy</quote> : prise en charge de l'ancien fournisseur NSS"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1523 sssd.conf.5.xml:1660
+#: sssd.conf.5.xml:1662 sssd.conf.5.xml:1799
msgid "<quote>local</quote>: SSSD internal provider for local users"
msgstr ""
"<quote>local</quote> : Fournisseur interne SSSD pour les utilisateurs locaux"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1527
+#: sssd.conf.5.xml:1666
msgid ""
"<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-"
"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
@@ -2263,8 +2515,8 @@ msgstr ""
"LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1535 sssd.conf.5.xml:1640 sssd.conf.5.xml:1695
-#: sssd.conf.5.xml:1748
+#: sssd.conf.5.xml:1674 sssd.conf.5.xml:1779 sssd.conf.5.xml:1834
+#: sssd.conf.5.xml:1897
msgid ""
"<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management "
"provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
@@ -2277,8 +2529,8 @@ msgstr ""
"configuration de FreeIPA."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1544 sssd.conf.5.xml:1649 sssd.conf.5.xml:1704
-#: sssd.conf.5.xml:1757
+#: sssd.conf.5.xml:1683 sssd.conf.5.xml:1788 sssd.conf.5.xml:1843
+#: sssd.conf.5.xml:1906
msgid ""
"<quote>ad</quote>: Active Directory provider. See <citerefentry> "
"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2290,12 +2542,12 @@ msgstr ""
"d'Active Directory."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1555
+#: sssd.conf.5.xml:1694
msgid "use_fully_qualified_names (bool)"
msgstr "use_fully_qualified_names (booléen)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1558
+#: sssd.conf.5.xml:1697
msgid ""
"Use the full name and domain (as formatted by the domain's full_name_format) "
"as the user's login name reported to NSS."
@@ -2305,7 +2557,7 @@ msgstr ""
"communiqué à NSS."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1563
+#: sssd.conf.5.xml:1702
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -2319,7 +2571,7 @@ msgstr ""
"trouve."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1571
+#: sssd.conf.5.xml:1710
msgid ""
"NOTE: This option has no effect on netgroup lookups due to their tendency to "
"include nested netgroups without qualified names. For netgroups, all domains "
@@ -2331,22 +2583,22 @@ msgstr ""
"qualifié sera demandé."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1578
+#: sssd.conf.5.xml:1717
msgid "Default: FALSE (TRUE if default_domain_suffix is used)"
msgstr "Par défaut : false (true si default_domain_suffix est utilisée)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1584
+#: sssd.conf.5.xml:1723
msgid "ignore_group_members (bool)"
msgstr "ignore_group_members (booléen)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1587
+#: sssd.conf.5.xml:1726
msgid "Do not return group members for group lookups."
msgstr "Ne pas envoyer les membres des groupes sur les recherches de groupes."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1590
+#: sssd.conf.5.xml:1729
msgid ""
"If set to TRUE, the group membership attribute is not requested from the "
"ldap server, and group members are not returned when processing group lookup "
@@ -2358,7 +2610,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1608
+#: sssd.conf.5.xml:1747
msgid ""
"Enabling this option can also make access provider checks for group "
"membership significantly faster, especially for groups containing many "
@@ -2366,12 +2618,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1619
+#: sssd.conf.5.xml:1758
msgid "auth_provider (string)"
msgstr "auth_provider (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1622
+#: sssd.conf.5.xml:1761
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
@@ -2380,7 +2632,7 @@ msgstr ""
"pris en charge sont :"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1626 sssd.conf.5.xml:1688
+#: sssd.conf.5.xml:1765 sssd.conf.5.xml:1827
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2392,7 +2644,7 @@ msgstr ""
"LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1633
+#: sssd.conf.5.xml:1772
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2403,7 +2655,7 @@ msgstr ""
"citerefentry> pour plus d'informations sur la configuration de Kerberos."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1657
+#: sssd.conf.5.xml:1796
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
@@ -2411,12 +2663,12 @@ msgstr ""
"PAM."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1664
+#: sssd.conf.5.xml:1803
msgid "<quote>none</quote> disables authentication explicitly."
msgstr "<quote>none</quote> désactive l'authentification explicitement."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1667
+#: sssd.conf.5.xml:1806
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
@@ -2425,12 +2677,12 @@ msgstr ""
"gérer les requêtes d'authentification."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1673
+#: sssd.conf.5.xml:1812
msgid "access_provider (string)"
msgstr "access_provider (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1676
+#: sssd.conf.5.xml:1815
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -2441,7 +2693,7 @@ msgstr ""
"installés). Les fournisseurs internes spécifiques sont :"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1682
+#: sssd.conf.5.xml:1821
msgid ""
"<quote>permit</quote> always allow access. It's the only permitted access "
"provider for a local domain."
@@ -2450,12 +2702,12 @@ msgstr ""
"d'accès autorisé pour un domaine local."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1685
+#: sssd.conf.5.xml:1824
msgid "<quote>deny</quote> always deny access."
msgstr "<quote>deny</quote> toujours refuser les accès."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1712
+#: sssd.conf.5.xml:1851
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -2468,17 +2720,44 @@ msgstr ""
"d'informations sur la configuration du module d'accès simple."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1719
+#: sssd.conf.5.xml:1858
+#, fuzzy
+#| msgid ""
+#| "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
+#| "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
+#| "citerefentry> for more information on configuring Kerberos."
+msgid ""
+"<quote>krb5</quote>: .k5login based access control. See <citerefentry> "
+"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></"
+"citerefentry> for more information on configuring Kerberos."
+msgstr ""
+"<quote>krb5</quote> pour une authentification Kerberos. Cf. <citerefentry> "
+"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> pour plus d'informations sur la configuration de Kerberos."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1865
+#, fuzzy
+#| msgid ""
+#| "<quote>proxy</quote> for relaying password changes to some other PAM "
+#| "target."
+msgid "<quote>proxy</quote> for relaying access control to another PAM module."
+msgstr ""
+"<quote>proxy</quote> pour relayer le changement de mot de passe vers une "
+"autre cible PAM."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1868
msgid "Default: <quote>permit</quote>"
msgstr "Par défaut : <quote>permit</quote>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1724
+#: sssd.conf.5.xml:1873
msgid "chpass_provider (string)"
msgstr "chpass_provider (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1727
+#: sssd.conf.5.xml:1876
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
@@ -2487,7 +2766,7 @@ msgstr ""
"domaine. Les fournisseurs pris en charge sont :"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1732
+#: sssd.conf.5.xml:1881
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -2499,7 +2778,7 @@ msgstr ""
"configuration LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1740
+#: sssd.conf.5.xml:1889
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2511,7 +2790,7 @@ msgstr ""
"Kerberos."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1765
+#: sssd.conf.5.xml:1914
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
@@ -2519,14 +2798,14 @@ msgstr ""
"autre cible PAM."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1769
+#: sssd.conf.5.xml:1918
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr ""
"<quote>none</quote> pour désactiver explicitement le changement de mot de "
"passe."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1772
+#: sssd.conf.5.xml:1921
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
@@ -2535,19 +2814,19 @@ msgstr ""
"peut gérer les changements de mot de passe."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1779
+#: sssd.conf.5.xml:1928
msgid "sudo_provider (string)"
msgstr "sudo_provider (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1782
+#: sssd.conf.5.xml:1931
msgid "The SUDO provider used for the domain. Supported SUDO providers are:"
msgstr ""
"Le fournisseur SUDO, utilisé pour le domaine. Les fournisseurs SUDO pris en "
"charge sont :"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1786
+#: sssd.conf.5.xml:1935
msgid ""
"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2559,7 +2838,7 @@ msgstr ""
"LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1794
+#: sssd.conf.5.xml:1943
msgid ""
"<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default "
"settings."
@@ -2568,7 +2847,7 @@ msgstr ""
"par défaut pour IPA."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1798
+#: sssd.conf.5.xml:1947
msgid ""
"<quote>ad</quote> the same as <quote>ldap</quote> but with AD default "
"settings."
@@ -2577,20 +2856,20 @@ msgstr ""
"par défaut pour AD."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1802
+#: sssd.conf.5.xml:1951
msgid "<quote>none</quote> disables SUDO explicitly."
msgstr "<quote>none</quote> désactive explicitement SUDO."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1805 sssd.conf.5.xml:1883 sssd.conf.5.xml:1915
-#: sssd.conf.5.xml:1940
+#: sssd.conf.5.xml:1954 sssd.conf.5.xml:2032 sssd.conf.5.xml:2073
+#: sssd.conf.5.xml:2098
msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
msgstr ""
"Par défaut : La valeur de <quote>id_provider</quote> est utilisée si elle "
"est définie."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1809
+#: sssd.conf.5.xml:1958
msgid ""
"The detailed instructions for configuration of sudo_provider are in the "
"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -2601,12 +2880,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1826
+#: sssd.conf.5.xml:1975
msgid "selinux_provider (string)"
msgstr "selinux_provider (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1829
+#: sssd.conf.5.xml:1978
msgid ""
"The provider which should handle loading of selinux settings. Note that this "
"provider will be called right after access provider ends. Supported selinux "
@@ -2617,7 +2896,7 @@ msgstr ""
"fournisseur d'accès. Les fournisseurs selinux pris en charge sont :"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1835
+#: sssd.conf.5.xml:1984
msgid ""
"<quote>ipa</quote> to load selinux settings from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2629,14 +2908,14 @@ msgstr ""
"IPA."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1843
+#: sssd.conf.5.xml:1992
msgid "<quote>none</quote> disallows fetching selinux settings explicitly."
msgstr ""
"<quote>none</quote> n'autorise pas la récupération explicite des paramètres "
"selinux."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1846
+#: sssd.conf.5.xml:1995
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"selinux loading requests."
@@ -2645,12 +2924,12 @@ msgstr ""
"gérer le chargement selinux"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1852
+#: sssd.conf.5.xml:2001
msgid "subdomains_provider (string)"
msgstr "subdomains_provider (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1855
+#: sssd.conf.5.xml:2004
msgid ""
"The provider which should handle fetching of subdomains. This value should "
"be always the same as id_provider. Supported subdomain providers are:"
@@ -2660,7 +2939,7 @@ msgstr ""
"fournisseurs de sous-domaine pris en charge sont :"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1861
+#: sssd.conf.5.xml:2010
msgid ""
"<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2672,7 +2951,7 @@ msgstr ""
"IPA."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1870
+#: sssd.conf.5.xml:2019
msgid ""
"<quote>ad</quote> to load a list of subdomains from an Active Directory "
"server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> "
@@ -2681,18 +2960,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1879
+#: sssd.conf.5.xml:2028
msgid "<quote>none</quote> disallows fetching subdomains explicitly."
msgstr ""
"<quote>none</quote> désactive la récupération explicite des sous-domaines."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1890
+#: sssd.conf.5.xml:2039
msgid "autofs_provider (string)"
msgstr "autofs_provider (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1893
+#: sssd.conf.5.xml:2042
msgid ""
"The autofs provider used for the domain. Supported autofs providers are:"
msgstr ""
@@ -2700,7 +2979,7 @@ msgstr ""
"en charge sont :"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1897
+#: sssd.conf.5.xml:2046
msgid ""
"<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2712,7 +2991,7 @@ msgstr ""
"LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1904
+#: sssd.conf.5.xml:2053
msgid ""
"<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2724,17 +3003,34 @@ msgstr ""
"IPA."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1912
+#: sssd.conf.5.xml:2061
+#, fuzzy
+#| msgid ""
+#| "<quote>ipa</quote> to load maps stored in an IPA server. See "
+#| "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
+#| "manvolnum> </citerefentry> for more information on configuring IPA."
+msgid ""
+"<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> "
+"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> for more information on configuring the AD provider."
+msgstr ""
+"<quote>ipa</quote> pour charger les cartes stockées sur un serveur IPA. Cf. "
+"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> pour plus d'information sur la configuration de "
+"IPA."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2070
msgid "<quote>none</quote> disables autofs explicitly."
msgstr "<quote>none</quote> désactive explicitement autofs."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1922
+#: sssd.conf.5.xml:2080
msgid "hostid_provider (string)"
msgstr "hostid_provider (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1925
+#: sssd.conf.5.xml:2083
msgid ""
"The provider used for retrieving host identity information. Supported "
"hostid providers are:"
@@ -2743,7 +3039,7 @@ msgstr ""
"systèmes. Les fournisseurs de hostid pris en charge sont :"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1929
+#: sssd.conf.5.xml:2087
msgid ""
"<quote>ipa</quote> to load host identity stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2755,12 +3051,12 @@ msgstr ""
"configuration de IPA."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1937
+#: sssd.conf.5.xml:2095
msgid "<quote>none</quote> disables hostid explicitly."
msgstr "<quote>none</quote> désactive explicitement hostid."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1950
+#: sssd.conf.5.xml:2108
msgid ""
"Regular expression for this domain that describes how to parse the string "
"containing user name and domain into these components. The \"domain\" can "
@@ -2776,7 +3072,7 @@ msgstr ""
"domaine."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1959
+#: sssd.conf.5.xml:2117
msgid ""
"Default for the AD and IPA provider: <quote>(((?P&lt;domain&gt;[^\\\\]+)\\"
"\\(?P&lt;name&gt;.+$))|((?P&lt;name&gt;[^@]+)@(?P&lt;domain&gt;.+$))|(^(?"
@@ -2789,22 +3085,22 @@ msgstr ""
"styles différents pour les noms d'utilisateurs :"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1964
+#: sssd.conf.5.xml:2122
msgid "username"
msgstr "username"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1967
+#: sssd.conf.5.xml:2125
msgid "username@domain.name"
msgstr "username@domain.name"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1970
+#: sssd.conf.5.xml:2128
msgid "domain\\username"
msgstr "domain\\username"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1973
+#: sssd.conf.5.xml:2131
msgid ""
"While the first two correspond to the general default the third one is "
"introduced to allow easy integration of users from Windows domains."
@@ -2814,7 +3110,7 @@ msgstr ""
"utilisateurs de domaines Windows."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1978
+#: sssd.conf.5.xml:2136
msgid ""
"Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
"which translates to \"the name is everything up to the <quote>@</quote> "
@@ -2825,7 +3121,7 @@ msgstr ""
"importe le domaine après »"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1984
+#: sssd.conf.5.xml:2142
msgid ""
"PLEASE NOTE: the support for non-unique named subpatterns is not available "
"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
@@ -2837,7 +3133,7 @@ msgstr ""
"prendre en charge les sous-motifs nommés multiples."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1991
+#: sssd.conf.5.xml:2149
msgid ""
"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
"P&lt;name&gt;) to label subpatterns."
@@ -2846,17 +3142,17 @@ msgstr ""
"la syntaxe Python (?P&lt;name&gt;) pour nommer les sous-motifs."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2038
+#: sssd.conf.5.xml:2196
msgid "Default: <quote>%1$s@%2$s</quote>."
msgstr "Par défaut : <quote>%1$s@%2$s</quote>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2044
+#: sssd.conf.5.xml:2202
msgid "lookup_family_order (string)"
msgstr "lookup_family_order (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2047
+#: sssd.conf.5.xml:2205
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
@@ -2865,48 +3161,48 @@ msgstr ""
"utiliser pour effectuer les requêtes DNS."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2051
+#: sssd.conf.5.xml:2209
msgid "Supported values:"
msgstr "Valeurs prises en charge :"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2054
+#: sssd.conf.5.xml:2212
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
"ipv4_first : essayer de chercher une adresse IPv4, et en cas d'échec, "
"essayer IPv6."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2057
+#: sssd.conf.5.xml:2215
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr ""
"ipv4_only : ne tenter de résoudre les noms de systèmes qu'en adresses IPv4."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2060
+#: sssd.conf.5.xml:2218
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
"ipv6_first : essayer de chercher une adresse IPv6, et en cas d'échec, tenter "
"IPv4."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2063
+#: sssd.conf.5.xml:2221
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr ""
"ipv6_only : ne tenter de résoudre les noms de systèmes qu'en adresses IPv6."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2066
+#: sssd.conf.5.xml:2224
msgid "Default: ipv4_first"
msgstr "Par défaut : ipv4_first"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2072
+#: sssd.conf.5.xml:2230
msgid "dns_resolver_timeout (integer)"
msgstr "dns_resolver_timeout (entier)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2075
+#: sssd.conf.5.xml:2233
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -2917,18 +3213,18 @@ msgstr ""
"domaine continuera à opérer en mode déconnecté."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2081 sssd-ldap.5.xml:1203 sssd-ldap.5.xml:1245
-#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:248
+#: sssd.conf.5.xml:2239 sssd-ldap.5.xml:1221 sssd-ldap.5.xml:1263
+#: sssd-ldap.5.xml:1281 sssd-krb5.5.xml:248
msgid "Default: 6"
msgstr "Par défaut : 6"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2087
+#: sssd.conf.5.xml:2245
msgid "dns_discovery_domain (string)"
msgstr "dns_discovery_domain (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2090
+#: sssd.conf.5.xml:2248
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
@@ -2937,62 +3233,66 @@ msgstr ""
"du domaine faisant partie de la requête DNS de découverte de services."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2094
+#: sssd.conf.5.xml:2252
msgid "Default: Use the domain part of machine's hostname"
msgstr ""
"Par défaut : utiliser la partie du domaine qui est dans le nom de système de "
"la machine."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2100
+#: sssd.conf.5.xml:2258
msgid "override_gid (integer)"
msgstr "override_gid (entier)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2103
+#: sssd.conf.5.xml:2261
msgid "Override the primary GID value with the one specified."
msgstr "Redéfinit le GID primaire avec la valeur spécifiée."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2109
+#: sssd.conf.5.xml:2267
msgid "case_sensitive (string)"
msgstr "case_sensitive (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2117
+#: sssd.conf.5.xml:2275
msgid "True"
-msgstr ""
+msgstr "True"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2120
+#: sssd.conf.5.xml:2278
msgid "Case sensitive. This value is invalid for AD provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2126
+#: sssd.conf.5.xml:2284
msgid "False"
-msgstr ""
+msgstr "False"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2128
+#: sssd.conf.5.xml:2286
msgid "Case insensitive."
-msgstr ""
+msgstr "Insensible à la casse."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2132
+#: sssd.conf.5.xml:2290
msgid "Preserving"
-msgstr ""
+msgstr "Preserving"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2135
+#: sssd.conf.5.xml:2293
msgid ""
"Same as False (case insensitive), but does not lowercase names in the result "
"of NSS operations. Note that name aliases (and in case of services also "
"protocol names) are still lowercased in the output."
msgstr ""
+"Comme False (insensible à la casse), mais ne convertit pas les noms en "
+"minuscules lors des opérations NSS. Notez que les alias de noms (et dans le "
+"cas des services les noms de protocoles) sont toujours en minuscule dans la "
+"sortie."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2112
+#: sssd.conf.5.xml:2270
msgid ""
"Treat user and group names as case sensitive. At the moment, this option is "
"not supported in the local provider. Possible option values are: "
@@ -3000,46 +3300,89 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2147
+#: sssd.conf.5.xml:2305
msgid "Default: True (False for AD provider)"
msgstr "Par défaut : true (false pour le fournisseur AD)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2153
-msgid "proxy_fast_alias (boolean)"
-msgstr "proxy_fast_alias (boolean)"
+#: sssd.conf.5.xml:2311
+msgid "subdomain_inherit (string)"
+msgstr "subdomain_inherit (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2156
+#: sssd.conf.5.xml:2314
msgid ""
-"When a user or group is looked up by name in the proxy provider, a second "
-"lookup by ID is performed to \"canonicalize\" the name in case the requested "
-"name was an alias. Setting this option to true would cause the SSSD to "
-"perform the ID lookup from cache for performance reasons."
+"Specifies a list of configuration parameters that should be inherited by a "
+"subdomain. Please note that only selected parameters can be inherited. "
+"Currently the following options can be inherited:"
msgstr ""
-"Quand un utilisateur ou un groupe est recherché par son nom dans le "
-"fournisseur proxy, une deuxième recherche par ID est effectuée pour "
-"récupérer le nom canonique, dans le cas où le nom demandé serait un alias. "
-"Cette option positionnée à true active la recherche par l'ID dans le cache "
-"afin d'améliorer les performances."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2320
+msgid "ignore_group_members"
+msgstr "ignore_group_members"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2323
+msgid "ldap_purge_cache_timeout"
+msgstr "ldap_purge_cache_timeout"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2170
+#: sssd.conf.5.xml:2326 sssd-ldap.5.xml:1054
+msgid "ldap_use_tokengroups"
+msgstr "ldap_use_tokengroups"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2329
+msgid "ldap_user_principal"
+msgstr "ldap_user_principal"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2332
+msgid ""
+"ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab "
+"is not set explicitly)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd.conf.5.xml:2338
+#, no-wrap
+msgid ""
+"subdomain_inherit = ldap_purge_cache_timeout\n"
+" "
+msgstr ""
+"subdomain_inherit = ldap_purge_cache_timeout\n"
+" "
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2336
+msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr "Exemple : <placeholder type=\"programlisting\" id=\"0\"/>"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2345
+#, fuzzy
+#| msgid "This option is not available in IPA provider."
+msgid "Note: This option only works with the IPA and AD provider."
+msgstr "Cette option n'est pas disponible dans le fournisseur IPA."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2352
msgid "subdomain_homedir (string)"
msgstr "subdomain_homedir (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2181
+#: sssd.conf.5.xml:2363
msgid "%F"
msgstr "%F"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2182
+#: sssd.conf.5.xml:2364
msgid "flat (NetBIOS) name of a subdomain."
msgstr "nom plat (NetBIOS) d'un sous-domaine."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2173
+#: sssd.conf.5.xml:2355
msgid ""
"Use this homedir as default value for all subdomains within this domain in "
"IPA AD trust. See <emphasis>override_homedir</emphasis> for info about "
@@ -3055,7 +3398,7 @@ msgstr ""
"\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2187
+#: sssd.conf.5.xml:2369
msgid ""
"The value can be overridden by <emphasis>override_homedir</emphasis> option."
msgstr ""
@@ -3063,17 +3406,17 @@ msgstr ""
"emphasis>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2191
+#: sssd.conf.5.xml:2373
msgid "Default: <filename>/home/%d/%u</filename>"
msgstr "Par défaut : <filename>/home/%d/%u</filename>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2196
+#: sssd.conf.5.xml:2378
msgid "realmd_tags (string)"
msgstr "realmd_tags (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2199
+#: sssd.conf.5.xml:2381
msgid ""
"Various tags stored by the realmd configuration service for this domain."
msgstr ""
@@ -3081,14 +3424,14 @@ msgstr ""
"ce domaine."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2205
+#: sssd.conf.5.xml:2387
#, fuzzy
#| msgid "memcache_timeout (int)"
msgid "cached_auth_timeout (int)"
msgstr "memcache_timeout (int)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2208
+#: sssd.conf.5.xml:2390
msgid ""
"Specifies time in seconds since last successful online authentication for "
"which user will be authenticated using cached credentials while SSSD is in "
@@ -3096,12 +3439,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2214
+#: sssd.conf.5.xml:2396
msgid "Special value 0 implies that this feature is disabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2218
+#: sssd.conf.5.xml:2400
msgid ""
"Please note that if <quote>cached_auth_timeout</quote> is longer than "
"<quote>pam_id_timeout</quote> then the back end could be called to handle "
@@ -3109,7 +3452,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1172
+#: sssd.conf.5.xml:1311
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -3121,17 +3464,17 @@ msgstr ""
"id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2236
+#: sssd.conf.5.xml:2418
msgid "proxy_pam_target (string)"
msgstr "proxy_pam_target (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2239
+#: sssd.conf.5.xml:2421
msgid "The proxy target PAM proxies to."
msgstr "Le proxy cible duquel PAM devient mandataire."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2242
+#: sssd.conf.5.xml:2424
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
@@ -3140,12 +3483,12 @@ msgstr ""
"ou en créer une nouvelle et ajouter le nom de service ici."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2250
+#: sssd.conf.5.xml:2432
msgid "proxy_lib_name (string)"
msgstr "proxy_lib_name (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2253
+#: sssd.conf.5.xml:2435
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -3155,8 +3498,27 @@ msgstr ""
"recherches de fonctions NSS dans la bibliothèque sont sous la forme _nss_"
"$(libName)_$(function), par exemple _nss_files_getpwent."
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2445
+msgid "proxy_fast_alias (boolean)"
+msgstr "proxy_fast_alias (boolean)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2448
+msgid ""
+"When a user or group is looked up by name in the proxy provider, a second "
+"lookup by ID is performed to \"canonicalize\" the name in case the requested "
+"name was an alias. Setting this option to true would cause the SSSD to "
+"perform the ID lookup from cache for performance reasons."
+msgstr ""
+"Quand un utilisateur ou un groupe est recherché par son nom dans le "
+"fournisseur proxy, une deuxième recherche par ID est effectuée pour "
+"récupérer le nom canonique, dans le cas où le nom demandé serait un alias. "
+"Cette option positionnée à true active la recherche par l'ID dans le cache "
+"afin d'améliorer les performances."
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2232
+#: sssd.conf.5.xml:2414
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
@@ -3165,12 +3527,12 @@ msgstr ""
"id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2265
+#: sssd.conf.5.xml:2465
msgid "The local domain section"
msgstr "La section du domaine local"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2267
+#: sssd.conf.5.xml:2467
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -3181,29 +3543,29 @@ msgstr ""
"dire un domaine qui utilise <replaceable>id_provider=local</replaceable>."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2274
+#: sssd.conf.5.xml:2474
msgid "default_shell (string)"
msgstr "default_shell (chaîne)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2277
+#: sssd.conf.5.xml:2477
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
"L'interpréteur de commandes par défaut pour les utilisateurs créés avec les "
"outils en espace utilisateur SSSD."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2281
+#: sssd.conf.5.xml:2481
msgid "Default: <filename>/bin/bash</filename>"
msgstr "Par défaut : <filename>/bin/bash</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2286
+#: sssd.conf.5.xml:2486
msgid "base_directory (string)"
msgstr "base_directory (chaîne)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2289
+#: sssd.conf.5.xml:2489
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
@@ -3212,17 +3574,17 @@ msgstr ""
"replaceable> et l'utilisent comme dossier personnel."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2294
+#: sssd.conf.5.xml:2494
msgid "Default: <filename>/home</filename>"
msgstr "Par défaut : <filename>/home</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2299
+#: sssd.conf.5.xml:2499
msgid "create_homedir (bool)"
msgstr "create_homedir (booléen)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2302
+#: sssd.conf.5.xml:2502
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
@@ -3231,17 +3593,17 @@ msgstr ""
"utilisateurs. Peut être outrepassé par la ligne de commande."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2306 sssd.conf.5.xml:2318
+#: sssd.conf.5.xml:2506 sssd.conf.5.xml:2518
msgid "Default: TRUE"
msgstr "Par défaut : TRUE"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2311
+#: sssd.conf.5.xml:2511
msgid "remove_homedir (bool)"
msgstr "remove_homedir (booléen)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2314
+#: sssd.conf.5.xml:2514
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
@@ -3250,12 +3612,12 @@ msgstr ""
"suppression des utilisateurs. Peut être outrepassé par la ligne de commande."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2323
+#: sssd.conf.5.xml:2523
msgid "homedir_umask (integer)"
msgstr "homedir_umask (entier)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2326
+#: sssd.conf.5.xml:2526
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -3266,17 +3628,17 @@ msgstr ""
"défaut sur un répertoire personnel nouvellement créé."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2334
+#: sssd.conf.5.xml:2534
msgid "Default: 077"
msgstr "Par défaut : 077"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2339
+#: sssd.conf.5.xml:2539
msgid "skel_dir (string)"
msgstr "skel_dir (chaîne)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2342
+#: sssd.conf.5.xml:2542
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -3289,17 +3651,17 @@ msgstr ""
"manvolnum> </citerefentry>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2352
+#: sssd.conf.5.xml:2552
msgid "Default: <filename>/etc/skel</filename>"
msgstr "Par défaut : <filename>/etc/skel</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2357
+#: sssd.conf.5.xml:2557
msgid "mail_dir (string)"
msgstr "mail_dir (chaîne)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2360
+#: sssd.conf.5.xml:2560
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -3310,17 +3672,17 @@ msgstr ""
"précisé, la valeur par défaut est utilisée."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2367
+#: sssd.conf.5.xml:2567
msgid "Default: <filename>/var/mail</filename>"
msgstr "Par défaut : <filename>/var/mail</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2372
+#: sssd.conf.5.xml:2572
msgid "userdel_cmd (string)"
msgstr "userdel_cmd (chaîne)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2375
+#: sssd.conf.5.xml:2575
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -3331,19 +3693,19 @@ msgstr ""
"code en retour de la commande n'est pas pris en compte."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2381
+#: sssd.conf.5.xml:2581
msgid "Default: None, no command is run"
msgstr "Par défaut : None, aucune commande lancée"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:2391 sssd-ldap.5.xml:2611 sssd-simple.5.xml:131
-#: sssd-ipa.5.xml:717 sssd-ad.5.xml:889 sssd-krb5.5.xml:564
+#: sssd.conf.5.xml:2591 sssd-ldap.5.xml:2629 sssd-simple.5.xml:131
+#: sssd-ipa.5.xml:717 sssd-ad.5.xml:965 sssd-krb5.5.xml:564
#: sss_rpcidmapd.5.xml:98
msgid "EXAMPLE"
msgstr "EXEMPLE"
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:2397
+#: sssd.conf.5.xml:2597
#, no-wrap
msgid ""
"[sssd]\n"
@@ -3397,7 +3759,7 @@ msgstr ""
"enumerate = False\n"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2393
+#: sssd.conf.5.xml:2593
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -3461,7 +3823,7 @@ msgstr ""
"en tant que fournisseur d'accès."
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:88
+#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:89
#: sssd-krb5.5.xml:63 sssd-ifp.5.xml:44
msgid "CONFIGURATION OPTIONS"
msgstr "OPTIONS DE CONFIGURATION"
@@ -3482,7 +3844,7 @@ msgid ""
msgstr ""
"Spécifie par ordre de préférence la liste séparée par des virgules d'URI des "
"serveurs LDAP auquel doit se connecter SSSD. Se reporter à la section de "
-"<quote>BASCULEMENT</quote> pour plus d'informations sur le basculement et la "
+"<quote>BASCULE</quote> pour plus d'informations sur le repli et la "
"redondance de serveurs. Si aucune de ces options n'est spécifiée, la "
"découverte d'un service est activé. Pour plus d'informations, se reporter à "
"la section de <quote>DÉCOUVERTE DE SERVICE</quote>."
@@ -3526,8 +3888,8 @@ msgid ""
msgstr ""
"Spécifie la liste d'URI séparée par des virgules des serveurs LDAP auquel "
"doit se connecter DSSD par ordre de préférence pour changer le mot de passe "
-"d'un utilisateur. Reportez-vous à la section de <quote>basculement</quote> "
-"pour plus d'informations sur le repli et la redondance de serveurs."
+"d'un utilisateur. Reportez-vous à la section de <quote>bascule</quote> pour "
+"plus d'informations sur le repli et la redondance de serveurs."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:95
@@ -3582,8 +3944,8 @@ msgstr ""
"http://www.ietf.org/rfc/rfc2254.txt"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:646 sssd-ad.5.xml:212
-#: sss_override.8.xml:99 sss_override.8.xml:167
+#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:646 sssd-ad.5.xml:220
+#: sss_override.8.xml:137 sss_override.8.xml:234
msgid "Examples:"
msgstr "Exemples :"
@@ -3910,7 +4272,7 @@ msgid "ldap_user_modify_timestamp (string)"
msgstr "ldap_user_modify_timestamp (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:373 sssd-ldap.5.xml:914 sssd-ldap.5.xml:1119
+#: sssd-ldap.5.xml:373 sssd-ldap.5.xml:914 sssd-ldap.5.xml:1137
msgid ""
"The LDAP attribute that contains timestamp of the last modification of the "
"parent object."
@@ -3919,7 +4281,7 @@ msgstr ""
"l'objet parent."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:377 sssd-ldap.5.xml:918 sssd-ldap.5.xml:1126
+#: sssd-ldap.5.xml:377 sssd-ldap.5.xml:918 sssd-ldap.5.xml:1144
msgid "Default: modifyTimestamp"
msgstr "Par défaut : modifyTimestamp"
@@ -4385,8 +4747,8 @@ msgid "The LDAP attribute that corresponds to the user's full name."
msgstr "L'attribut LDAP correspondant au nom complet de l'utilisateur."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:743 sssd-ldap.5.xml:850 sssd-ldap.5.xml:1077
-#: sssd-ldap.5.xml:1151 sssd-ldap.5.xml:2192 sssd-ipa.5.xml:590
+#: sssd-ldap.5.xml:743 sssd-ldap.5.xml:850 sssd-ldap.5.xml:1095
+#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:2210 sssd-ipa.5.xml:590
msgid "Default: cn"
msgstr "Par défaut : cn"
@@ -4621,11 +4983,33 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:945
+#, fuzzy
+#| msgid "ldap_group_member (string)"
+msgid "ldap_group_external_member (string)"
+msgstr "ldap_group_member (chaîne)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:948
+msgid ""
+"The LDAP attribute that references group members that are defined in an "
+"external domain. At the moment, only IPA's external members are supported."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:954
+#, fuzzy
+#| msgid "Default: groupType in the AD provider, othewise not set"
+msgid "Default: ipaExternalMember in the IPA provider, otherwise unset."
+msgstr ""
+"Par défaut : groupType dans le fournisseur AD, non configuré pour les autres"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:961
msgid "ldap_group_nesting_level (integer)"
msgstr "ldap_group_nesting_level (entier)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:948
+#: sssd-ldap.5.xml:964
msgid ""
"If ldap_schema is set to a schema format that supports nested groups (e.g. "
"RFC2307bis), then this option controls how many levels of nesting SSSD will "
@@ -4637,7 +5021,7 @@ msgstr ""
"schéma RFC2307."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:955
+#: sssd-ldap.5.xml:971
msgid ""
"Note: This option specifies the guaranteed level of nested groups to be "
"processed for any lookup. However, nested groups beyond this limit "
@@ -4647,26 +5031,27 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:964
+#: sssd-ldap.5.xml:980
msgid ""
"If ldap_group_nesting_level is set to 0 then no nested groups are processed "
-"at all. However, when connected to Active-Directory Server 2008 and later it "
-"is furthermore required to disable usage of Token-Groups by setting "
-"ldap_use_tokengroups to false."
+"at all. However, when connected to Active-Directory Server 2008 and later "
+"using <quote>id_provider=ad</quote> it is furthermore required to disable "
+"usage of Token-Groups by setting ldap_use_tokengroups to false in order to "
+"restrict group nesting."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:971
+#: sssd-ldap.5.xml:989
msgid "Default: 2"
msgstr "Par défaut : 2"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:977
+#: sssd-ldap.5.xml:995
msgid "ldap_groups_use_matching_rule_in_chain"
msgstr "ldap_groups_use_matching_rule_in_chain"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:980
+#: sssd-ldap.5.xml:998
msgid ""
"This option tells SSSD to take advantage of an Active Directory-specific "
"feature which may speed up group lookup operations on deployments with "
@@ -4678,7 +5063,7 @@ msgstr ""
"complexes."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:986
+#: sssd-ldap.5.xml:1004
msgid ""
"In most common cases, it is best to leave this option disabled. It generally "
"only provides a performance increase on very complex nestings."
@@ -4688,7 +5073,7 @@ msgstr ""
"imbrications très complexes."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:991 sssd-ldap.5.xml:1018
+#: sssd-ldap.5.xml:1009 sssd-ldap.5.xml:1036
msgid ""
"If this option is enabled, SSSD will use it if it detects that the server "
"supports it during initial connection. So \"True\" here essentially means "
@@ -4699,7 +5084,7 @@ msgstr ""
"essentiellement « auto-detect »."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:997 sssd-ldap.5.xml:1024
+#: sssd-ldap.5.xml:1015 sssd-ldap.5.xml:1042
msgid ""
"Note: This feature is currently known to work only with Active Directory "
"2008 R1 and later. See <ulink url=\"http://msdn.microsoft.com/en-us/library/"
@@ -4711,19 +5096,13 @@ msgstr ""
"com/en-us/library/windows/desktop/aa746475%28v=vs.85%29.aspx\">la "
"documentation de MSDN(TM)</ulink> pour plus de détails."
-#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1003 sssd-ldap.5.xml:1030 sssd-ldap.5.xml:1321
-#: sssd-ldap.5.xml:1342 sssd-ldap.5.xml:1848 include/ldap_id_mapping.xml:242
-msgid "Default: False"
-msgstr "Par défaut : False"
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1009
+#: sssd-ldap.5.xml:1027
msgid "ldap_initgroups_use_matching_rule_in_chain"
msgstr "ldap_initgroups_use_matching_rule_in_chain"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1012
+#: sssd-ldap.5.xml:1030
msgid ""
"This option tells SSSD to take advantage of an Active Directory-specific "
"feature which might speed up initgroups operations (most notably when "
@@ -4735,7 +5114,7 @@ msgstr ""
"complexes)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1039
+#: sssd-ldap.5.xml:1057
msgid ""
"This options enables or disables use of Token-Groups attribute when "
"performing initgroup for users from Active Directory Server 2008 and later."
@@ -4745,76 +5124,76 @@ msgstr ""
"2008 et versions ultérieures."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1044
+#: sssd-ldap.5.xml:1062
msgid "Default: True for AD and IPA otherwise False."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1050
+#: sssd-ldap.5.xml:1068
msgid "ldap_netgroup_object_class (string)"
msgstr "ldap_netgroup_object_class (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1053
+#: sssd-ldap.5.xml:1071
msgid "The object class of a netgroup entry in LDAP."
msgstr "La classe d'objet d'une entrée de netgroup dans LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1056
+#: sssd-ldap.5.xml:1074
msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
msgstr ""
"Pour un fournisseur IPA, ipa_netgroup_object_class doit être utilisé à la "
"place."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1060
+#: sssd-ldap.5.xml:1078
msgid "Default: nisNetgroup"
msgstr "Par défaut : nisNetgroup"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1066
+#: sssd-ldap.5.xml:1084
msgid "ldap_netgroup_name (string)"
msgstr "ldap_netgroup_name (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1069
+#: sssd-ldap.5.xml:1087
msgid "The LDAP attribute that corresponds to the netgroup name."
msgstr "L'attribut LDAP correspondant au nom du netgroup."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1073
+#: sssd-ldap.5.xml:1091
msgid "In IPA provider, ipa_netgroup_name should be used instead."
msgstr ""
"Dans le fournisseur IPA, ipa_netgroup_name doit être utilisé à la place."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1083
+#: sssd-ldap.5.xml:1101
msgid "ldap_netgroup_member (string)"
msgstr "ldap_netgroup_member (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1086
+#: sssd-ldap.5.xml:1104
msgid "The LDAP attribute that contains the names of the netgroup's members."
msgstr "L'attribut LDAP contenant les noms des membres du netgroup."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1090
+#: sssd-ldap.5.xml:1108
msgid "In IPA provider, ipa_netgroup_member should be used instead."
msgstr ""
"Dans le fournisseur IPA, ipa_netgroup_member doit être utilisé à la place."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1094
+#: sssd-ldap.5.xml:1112
msgid "Default: memberNisNetgroup"
msgstr "Par défaut : memberNisNetgroup"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1100
+#: sssd-ldap.5.xml:1118
msgid "ldap_netgroup_triple (string)"
msgstr "ldap_netgroup_triple (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1103
+#: sssd-ldap.5.xml:1121
msgid ""
"The LDAP attribute that contains the (host, user, domain) netgroup triples."
msgstr ""
@@ -4822,42 +5201,42 @@ msgstr ""
"netgroup."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1107 sssd-ldap.5.xml:1123
+#: sssd-ldap.5.xml:1125 sssd-ldap.5.xml:1141
msgid "This option is not available in IPA provider."
msgstr "Cette option n'est pas disponible dans le fournisseur IPA."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1110
+#: sssd-ldap.5.xml:1128
msgid "Default: nisNetgroupTriple"
msgstr "Par défaut : nisNetgroupTriple"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1116
+#: sssd-ldap.5.xml:1134
msgid "ldap_netgroup_modify_timestamp (string)"
msgstr "ldap_netgroup_modify_timestamp (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1132
+#: sssd-ldap.5.xml:1150
msgid "ldap_service_object_class (string)"
msgstr "ldap_service_object_class (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1135
+#: sssd-ldap.5.xml:1153
msgid "The object class of a service entry in LDAP."
msgstr "La classe d'objet d'une entrée de service LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1138
+#: sssd-ldap.5.xml:1156
msgid "Default: ipService"
msgstr "Par défaut : ipService"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1144
+#: sssd-ldap.5.xml:1162
msgid "ldap_service_name (string)"
msgstr "ldap_service_name (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1147
+#: sssd-ldap.5.xml:1165
msgid ""
"The LDAP attribute that contains the name of service attributes and their "
"aliases."
@@ -4866,48 +5245,48 @@ msgstr ""
"alias."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1157
+#: sssd-ldap.5.xml:1175
msgid "ldap_service_port (string)"
msgstr "ldap_service_port (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1160
+#: sssd-ldap.5.xml:1178
msgid "The LDAP attribute that contains the port managed by this service."
msgstr "L'attribut LDAP qui contient le port géré par ce service."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1164
+#: sssd-ldap.5.xml:1182
msgid "Default: ipServicePort"
msgstr "Par défaut : ipServicePort"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1170
+#: sssd-ldap.5.xml:1188
msgid "ldap_service_proto (string)"
msgstr "ldap_service_proto (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1173
+#: sssd-ldap.5.xml:1191
msgid ""
"The LDAP attribute that contains the protocols understood by this service."
msgstr "L'attribut LDAP qui contient les protocoles compris par ce service."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1177
+#: sssd-ldap.5.xml:1195
msgid "Default: ipServiceProtocol"
msgstr "Par défaut : ipServiceProtocol"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1183
+#: sssd-ldap.5.xml:1201
msgid "ldap_service_search_base (string)"
msgstr "ldap_service_search_base (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1188
+#: sssd-ldap.5.xml:1206
msgid "ldap_search_timeout (integer)"
msgstr "ldap_search_timeout (entier)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1191
+#: sssd-ldap.5.xml:1209
msgid ""
"Specifies the timeout (in seconds) that ldap searches are allowed to run "
"before they are cancelled and cached results are returned (and offline mode "
@@ -4918,7 +5297,7 @@ msgstr ""
"activation du mode hors ligne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1197
+#: sssd-ldap.5.xml:1215
msgid ""
"Note: this option is subject to change in future versions of the SSSD. It "
"will likely be replaced at some point by a series of timeouts for specific "
@@ -4929,12 +5308,12 @@ msgstr ""
"différents types de recherches."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1209
+#: sssd-ldap.5.xml:1227
msgid "ldap_enumeration_search_timeout (integer)"
msgstr "ldap_enumeration_search_timeout (entier)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1212
+#: sssd-ldap.5.xml:1230
msgid ""
"Specifies the timeout (in seconds) that ldap searches for user and group "
"enumerations are allowed to run before they are cancelled and cached results "
@@ -4945,12 +5324,12 @@ msgstr ""
"résultats mis en cache (et activation du mode hors ligne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1225
+#: sssd-ldap.5.xml:1243
msgid "ldap_network_timeout (integer)"
msgstr "ldap_network_timeout (entier)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1228
+#: sssd-ldap.5.xml:1246
msgid ""
"Specifies the timeout (in seconds) after which the <citerefentry> "
"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
@@ -4967,12 +5346,12 @@ msgstr ""
"citerefentry> rendent la main en cas d'inactivité."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1251
+#: sssd-ldap.5.xml:1269
msgid "ldap_opt_timeout (integer)"
msgstr "ldap_opt_timeout (entier)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1254
+#: sssd-ldap.5.xml:1272
msgid ""
"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
"will abort if no response is received. Also controls the timeout when "
@@ -4981,12 +5360,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1269
+#: sssd-ldap.5.xml:1287
msgid "ldap_connection_expire_timeout (integer)"
msgstr "ldap_connection_expire_timeout (entier)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1272
+#: sssd-ldap.5.xml:1290
msgid ""
"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
"maintained. After this time, the connection will be re-established. If used "
@@ -4999,17 +5378,17 @@ msgstr ""
"courte des deux valeurs entre celle-ci et la durée de vie TGT sera utilisée."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1280 sssd-ldap.5.xml:2349
+#: sssd-ldap.5.xml:1298 sssd-ldap.5.xml:2367
msgid "Default: 900 (15 minutes)"
msgstr "Par défaut : 900 (15 minutes)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1286
+#: sssd-ldap.5.xml:1304
msgid "ldap_page_size (integer)"
msgstr "ldap_page_size (entier)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1289
+#: sssd-ldap.5.xml:1307
msgid ""
"Specify the number of records to retrieve from LDAP in a single request. "
"Some LDAP servers enforce a maximum limit per-request."
@@ -5018,17 +5397,17 @@ msgstr ""
"Certains serveurs LDAP imposent une limite maximale par requête."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1294
+#: sssd-ldap.5.xml:1312
msgid "Default: 1000"
msgstr "Par défaut : 1000"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1300
+#: sssd-ldap.5.xml:1318
msgid "ldap_disable_paging (boolean)"
msgstr "ldap_disable_paging (boolean)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1303
+#: sssd-ldap.5.xml:1321
msgid ""
"Disable the LDAP paging control. This option should be used if the LDAP "
"server reports that it supports the LDAP paging control in its RootDSE but "
@@ -5040,7 +5419,7 @@ msgstr ""
"correctement."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1309
+#: sssd-ldap.5.xml:1327
msgid ""
"Example: OpenLDAP servers with the paging control module installed on the "
"server but not enabled will report it in the RootDSE but be unable to use it."
@@ -5050,7 +5429,7 @@ msgstr ""
"sera impossible de l'utiliser."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1315
+#: sssd-ldap.5.xml:1333
msgid ""
"Example: 389 DS has a bug where it can only support a one paging control at "
"a time on a single connection. On busy clients, this can result in some "
@@ -5061,17 +5440,17 @@ msgstr ""
"cela peut entraîner l'échec de certaines demandes."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1327
+#: sssd-ldap.5.xml:1345
msgid "ldap_disable_range_retrieval (boolean)"
msgstr "ldap_disable_range_retrieval (booléen)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1330
+#: sssd-ldap.5.xml:1348
msgid "Disable Active Directory range retrieval."
msgstr "Désactiver la récupération de plage Active Directory."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1333
+#: sssd-ldap.5.xml:1351
msgid ""
"Active Directory limits the number of members to be retrieved in a single "
"lookup using the MaxValRange policy (which defaults to 1500 members). If a "
@@ -5087,12 +5466,12 @@ msgstr ""
"apparaissant ainsi sans aucun membre."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1348
+#: sssd-ldap.5.xml:1366
msgid "ldap_sasl_minssf (integer)"
msgstr "ldap_sasl_minssf (integer)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1351
+#: sssd-ldap.5.xml:1369
msgid ""
"When communicating with an LDAP server using SASL, specify the minimum "
"security level necessary to establish the connection. The values of this "
@@ -5103,19 +5482,19 @@ msgstr ""
"de cette option sont définies par OpenLDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1357
+#: sssd-ldap.5.xml:1375
msgid "Default: Use the system default (usually specified by ldap.conf)"
msgstr ""
"Par défaut : Utiliser la valeur par défaut du système (généralement spécifié "
"par ldap.conf)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1364
+#: sssd-ldap.5.xml:1382
msgid "ldap_deref_threshold (integer)"
msgstr "ldap_deref_threshold (entier)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1367
+#: sssd-ldap.5.xml:1385
msgid ""
"Specify the number of group members that must be missing from the internal "
"cache in order to trigger a dereference lookup. If less members are missing, "
@@ -5126,7 +5505,7 @@ msgstr ""
"membres manquants est inférieur, ils sont recherchés individuellement."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1373
+#: sssd-ldap.5.xml:1391
msgid ""
"You can turn off dereference lookups completely by setting the value to 0."
msgstr ""
@@ -5134,7 +5513,7 @@ msgstr ""
"affectant la valeur 0."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1377
+#: sssd-ldap.5.xml:1395
msgid ""
"A dereference lookup is a means of fetching all group members in a single "
"LDAP call. Different LDAP servers may implement different dereference "
@@ -5147,7 +5526,7 @@ msgstr ""
"acceptés sont 389/RHDS, OpenLDAP et Active Directory."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1385
+#: sssd-ldap.5.xml:1403
msgid ""
"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
"filter, then the dereference lookup performance enhancement will be disabled "
@@ -5158,12 +5537,12 @@ msgstr ""
"déréférencement est désactivée indépendamment de ce paramètre."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1398
+#: sssd-ldap.5.xml:1416
msgid "ldap_tls_reqcert (string)"
msgstr "ldap_tls_reqcert (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1401
+#: sssd-ldap.5.xml:1419
msgid ""
"Specifies what checks to perform on server certificates in a TLS session, if "
"any. It can be specified as one of the following values:"
@@ -5172,7 +5551,7 @@ msgstr ""
"session TLS, si elle existe. Une des valeurs suivantes est utilisable :"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1407
+#: sssd-ldap.5.xml:1425
msgid ""
"<emphasis>never</emphasis> = The client will not request or check any server "
"certificate."
@@ -5181,7 +5560,7 @@ msgstr ""
"quelconque certificat du serveur."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1411
+#: sssd-ldap.5.xml:1429
msgid ""
"<emphasis>allow</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -5192,7 +5571,7 @@ msgstr ""
"certificat est fourni, il est ignoré et la session continue normalement."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1418
+#: sssd-ldap.5.xml:1436
msgid ""
"<emphasis>try</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -5203,7 +5582,7 @@ msgstr ""
"certificat est fourni, la session se termine immédiatement."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1424
+#: sssd-ldap.5.xml:1442
msgid ""
"<emphasis>demand</emphasis> = The server certificate is requested. If no "
"certificate is provided, or a bad certificate is provided, the session is "
@@ -5214,22 +5593,22 @@ msgstr ""
"immédiatement."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1430
+#: sssd-ldap.5.xml:1448
msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
msgstr "<emphasis>hard</emphasis> : identique à <quote>demand</quote>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1434
+#: sssd-ldap.5.xml:1452
msgid "Default: hard"
msgstr "Par défaut : hard"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1440
+#: sssd-ldap.5.xml:1458
msgid "ldap_tls_cacert (string)"
msgstr "ldap_tls_cacert (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1443
+#: sssd-ldap.5.xml:1461
msgid ""
"Specifies the file that contains certificates for all of the Certificate "
"Authorities that <command>sssd</command> will recognize."
@@ -5238,7 +5617,7 @@ msgstr ""
"certification que <command>sssd</command> reconnaîtra."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1448 sssd-ldap.5.xml:1466 sssd-ldap.5.xml:1507
+#: sssd-ldap.5.xml:1466 sssd-ldap.5.xml:1484 sssd-ldap.5.xml:1525
msgid ""
"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
"conf</filename>"
@@ -5247,12 +5626,12 @@ msgstr ""
"<filename>/etc/openldap/ldap.conf</filename>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1455
+#: sssd-ldap.5.xml:1473
msgid "ldap_tls_cacertdir (string)"
msgstr "ldap_tls_cacertdir (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1458
+#: sssd-ldap.5.xml:1476
msgid ""
"Specifies the path of a directory that contains Certificate Authority "
"certificates in separate individual files. Typically the file names need to "
@@ -5266,32 +5645,32 @@ msgstr ""
"corrects."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1473
+#: sssd-ldap.5.xml:1491
msgid "ldap_tls_cert (string)"
msgstr "ldap_tls_cert (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1476
+#: sssd-ldap.5.xml:1494
msgid "Specifies the file that contains the certificate for the client's key."
msgstr "Définit le fichier qui contient le certificat pour la clef du client."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1486
+#: sssd-ldap.5.xml:1504
msgid "ldap_tls_key (string)"
msgstr "ldap_tls_key (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1489
+#: sssd-ldap.5.xml:1507
msgid "Specifies the file that contains the client's key."
msgstr "Définit le fichier qui contient la clef du client."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1498
+#: sssd-ldap.5.xml:1516
msgid "ldap_tls_cipher_suite (string)"
msgstr "ldap_tls_cipher_suite (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1501
+#: sssd-ldap.5.xml:1519
msgid ""
"Specifies acceptable cipher suites. Typically this is a colon separated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -5299,12 +5678,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1514
+#: sssd-ldap.5.xml:1532
msgid "ldap_id_use_start_tls (boolean)"
msgstr "ldap_id_use_start_tls (booléen)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1517
+#: sssd-ldap.5.xml:1535
msgid ""
"Specifies that the id_provider connection must also use <systemitem class="
"\"protocol\">tls</systemitem> to protect the channel."
@@ -5314,12 +5693,12 @@ msgstr ""
"canal."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1527
+#: sssd-ldap.5.xml:1545
msgid "ldap_id_mapping (boolean)"
msgstr "ldap_id_mapping (boolean)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1530
+#: sssd-ldap.5.xml:1548
msgid ""
"Specifies that SSSD should attempt to map user and group IDs from the "
"ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
@@ -5331,19 +5710,19 @@ msgstr ""
"ldap_group_gid_number."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1536
+#: sssd-ldap.5.xml:1554
msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
msgstr ""
"Cette fonctionnalité ne prend actuellement en charge que la correspondance "
"par objectSID avec Active Directory."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1546
+#: sssd-ldap.5.xml:1564
msgid "ldap_min_id, ldap_max_id (interger)"
msgstr "ldap_min_id, ldap_max_id (entiers)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1549
+#: sssd-ldap.5.xml:1567
msgid ""
"In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
"set to true the allowed ID range for ldap_user_uid_number and "
@@ -5363,17 +5742,17 @@ msgstr ""
"identifiants."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1561
+#: sssd-ldap.5.xml:1579
msgid "Default: not set (both options are set to 0)"
msgstr "Par défaut : non indiqué (les deux options sont à 0)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1567
+#: sssd-ldap.5.xml:1585
msgid "ldap_sasl_mech (string)"
msgstr "ldap_sasl_mech (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1570
+#: sssd-ldap.5.xml:1588
msgid ""
"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
"supported."
@@ -5382,12 +5761,12 @@ msgstr ""
"pris en charge."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1580
+#: sssd-ldap.5.xml:1598
msgid "ldap_sasl_authid (string)"
msgstr "ldap_sasl_authid (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1583
+#: sssd-ldap.5.xml:1601
msgid ""
"Specify the SASL authorization id to use. When GSSAPI is used, this "
"represents the Kerberos principal used for authentication to the directory. "
@@ -5401,17 +5780,17 @@ msgstr ""
"exemple host/myhost)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1591
+#: sssd-ldap.5.xml:1609
msgid "Default: host/hostname@REALM"
msgstr "Par défaut : host/hostname@REALM"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1597
+#: sssd-ldap.5.xml:1615
msgid "ldap_sasl_realm (string)"
msgstr "ldap_sasl_realm (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1600
+#: sssd-ldap.5.xml:1618
msgid ""
"Specify the SASL realm to use. When not specified, this option defaults to "
"the value of krb5_realm. If the ldap_sasl_authid contains the realm as "
@@ -5422,17 +5801,17 @@ msgstr ""
"domaine, cette option est ignorée."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1606
+#: sssd-ldap.5.xml:1624
msgid "Default: the value of krb5_realm."
msgstr "Par défaut : la valeur de krb5_realm."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1612
+#: sssd-ldap.5.xml:1630
msgid "ldap_sasl_canonicalize (boolean)"
msgstr "ldap_sasl_canonicalize (booléen)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1615
+#: sssd-ldap.5.xml:1633
msgid ""
"If set to true, the LDAP library would perform a reverse lookup to "
"canonicalize the host name during a SASL bind."
@@ -5441,34 +5820,34 @@ msgstr ""
"le nom de l'hôte au cours d'une liaison SASL."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1620
+#: sssd-ldap.5.xml:1638
msgid "Default: false;"
msgstr "Défaut : false;"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1626
+#: sssd-ldap.5.xml:1644
msgid "ldap_krb5_keytab (string)"
msgstr "ldap_krb5_keytab (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1629
+#: sssd-ldap.5.xml:1647
msgid "Specify the keytab to use when using SASL/GSSAPI."
msgstr "Définit le fichier keytab à utiliser pour utiliser SASL/GSSAPI."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1632
+#: sssd-ldap.5.xml:1650
msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
msgstr ""
"Par défaut : le fichier keytab du système, normalement <filename>/etc/krb5."
"keytab</filename>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1638
+#: sssd-ldap.5.xml:1656
msgid "ldap_krb5_init_creds (boolean)"
msgstr "ldap_krb5_init_creds (booléen)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1641
+#: sssd-ldap.5.xml:1659
msgid ""
"Specifies that the id_provider should init Kerberos credentials (TGT). This "
"action is performed only if SASL is used and the mechanism selected is "
@@ -5479,27 +5858,27 @@ msgstr ""
"SASL est utilisé et que le mécanisme choisi est GSSAPI."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1653
+#: sssd-ldap.5.xml:1671
msgid "ldap_krb5_ticket_lifetime (integer)"
msgstr "ldap_krb5_ticket_lifetime (entier)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1656
+#: sssd-ldap.5.xml:1674
msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr "Définit la durée de vie, en secondes, des TGT si GSSAPI est utilisé."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1660 sssd-ad.5.xml:783
+#: sssd-ldap.5.xml:1678 sssd-ad.5.xml:859
msgid "Default: 86400 (24 hours)"
msgstr "Par défaut : 86400 (24 heures)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1666 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1684 sssd-krb5.5.xml:74
msgid "krb5_server, krb5_backup_server (string)"
msgstr "krb5_server, krb5_backup_server (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1669
+#: sssd-ldap.5.xml:1687
msgid ""
"Specifies the comma-separated list of IP addresses or hostnames of the "
"Kerberos servers to which SSSD should connect in the order of preference. "
@@ -5511,15 +5890,15 @@ msgid ""
msgstr ""
"Spécifie par ordre de préférence la liste séparée par des virgules des "
"adresses IP ou des noms de systèmes des serveurs Kerberos auquel SSSD doit "
-"se connecter. Pour plus d'informations sur la redondance de basculement et "
-"le serveur, consulter la section <quote>BASCULEMENT</quote>. Un numéro de "
-"port facultatif (précédé de deux-points) peut être ajouté aux adresses ou "
-"aux noms de systèmes. Si vide, la découverte de services est activée - pour "
-"plus d'informations, se reporter à la section de <quote>DÉCOUVERTE DE "
-"SERVICES</quote>."
+"se connecter. Pour plus d'informations sur la redondance de bascule et la "
+"redondance de serveur, consulter la section <quote>BASCULE</quote>. Un "
+"numéro de port facultatif (précédé de deux-points) peut être ajouté aux "
+"adresses ou aux noms de systèmes. Si vide, la découverte de services est "
+"activée - pour plus d'informations, se reporter à la section de "
+"<quote>DÉCOUVERTE DE SERVICES</quote>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1681 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1699 sssd-krb5.5.xml:89
msgid ""
"When using service discovery for KDC or kpasswd servers, SSSD first searches "
"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -5530,7 +5909,7 @@ msgstr ""
"comme protocole, et passe sur _tcp si aucune entrée n'est trouvée."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1686 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1704 sssd-krb5.5.xml:94
msgid ""
"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
"While the legacy name is recognized for the time being, users are advised to "
@@ -5542,29 +5921,29 @@ msgstr ""
"l'utilisation de <quote>krb5_server</quote>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1695 sssd-ipa.5.xml:415 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1713 sssd-ipa.5.xml:415 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr "krb5_realm (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1698
+#: sssd-ldap.5.xml:1716
msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
msgstr "Définit le DOMAINE de Kerberos (pour l'authentification SASL/GSSAPI)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1701
+#: sssd-ldap.5.xml:1719
msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
msgstr ""
"Par défaut : valeur par défaut du système, voir <filename>/etc/krb5.conf</"
"filename>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1707 sssd-ipa.5.xml:430 sssd-krb5.5.xml:462
+#: sssd-ldap.5.xml:1725 sssd-ipa.5.xml:430 sssd-krb5.5.xml:462
msgid "krb5_canonicalize (boolean)"
msgstr "krb5_canonicalize (booléen)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1710
+#: sssd-ldap.5.xml:1728
msgid ""
"Specifies if the host principal should be canonicalized when connecting to "
"LDAP server. This feature is available with MIT Kerberos >= 1.7"
@@ -5574,12 +5953,12 @@ msgstr ""
"Kerberos > = 1.7"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1722 sssd-krb5.5.xml:477
+#: sssd-ldap.5.xml:1740 sssd-krb5.5.xml:477
msgid "krb5_use_kdcinfo (boolean)"
msgstr "krb5_use_kdcinfo (booléen)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1725 sssd-krb5.5.xml:480
+#: sssd-ldap.5.xml:1743 sssd-krb5.5.xml:480
msgid ""
"Specifies if the SSSD should instruct the Kerberos libraries what realm and "
"which KDCs to use. This option is on by default, if you disable it, you need "
@@ -5594,7 +5973,7 @@ msgstr ""
"<manvolnum>5</manvolnum> </citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1736 sssd-krb5.5.xml:491
+#: sssd-ldap.5.xml:1754 sssd-krb5.5.xml:491
msgid ""
"See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
@@ -5606,12 +5985,12 @@ msgstr ""
"localisation."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1750
+#: sssd-ldap.5.xml:1768
msgid "ldap_pwd_policy (string)"
msgstr "ldap_pwd_policy (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1753
+#: sssd-ldap.5.xml:1771
msgid ""
"Select the policy to evaluate the password expiration on the client side. "
"The following values are allowed:"
@@ -5620,7 +5999,7 @@ msgstr ""
"valeurs suivantes sont acceptées :"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1758
+#: sssd-ldap.5.xml:1776
msgid ""
"<emphasis>none</emphasis> - No evaluation on the client side. This option "
"cannot disable server-side password policies."
@@ -5629,7 +6008,7 @@ msgstr ""
"peut pas désactiver la politique sur les mots de passe du côté serveur."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1763
+#: sssd-ldap.5.xml:1781
msgid ""
"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -5640,7 +6019,7 @@ msgstr ""
"manvolnum></citerefentry> pour évaluer si le mot de passe a expiré."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1769
+#: sssd-ldap.5.xml:1787
msgid ""
"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
"to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -5652,7 +6031,7 @@ msgstr ""
"est changé."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1778
+#: sssd-ldap.5.xml:1796
msgid ""
"<emphasis>Note</emphasis>: if a password policy is configured on server "
"side, it always takes precedence over policy set with this option."
@@ -5661,17 +6040,17 @@ msgstr ""
"côté serveur, elle prend le pas sur la politique indiquée avec cette option."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1786
+#: sssd-ldap.5.xml:1804
msgid "ldap_referrals (boolean)"
msgstr "ldap_referrals (booléen)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1789
+#: sssd-ldap.5.xml:1807
msgid "Specifies whether automatic referral chasing should be enabled."
msgstr "Définit si le déréférencement automatique doit être activé."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1793
+#: sssd-ldap.5.xml:1811
msgid ""
"Please note that sssd only supports referral chasing when it is compiled "
"with OpenLDAP version 2.4.13 or higher."
@@ -5680,7 +6059,7 @@ msgstr ""
"compilé avec OpenLDAP version 2.4.13 ou supérieur."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1798
+#: sssd-ldap.5.xml:1816
msgid ""
"Chasing referrals may incur a performance penalty in environments that use "
"them heavily, a notable example is Microsoft Active Directory. If your setup "
@@ -5694,29 +6073,29 @@ msgstr ""
"permettre d'améliorer de façon notable les performances."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1812
+#: sssd-ldap.5.xml:1830
msgid "ldap_dns_service_name (string)"
msgstr "ldap_dns_service_name (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1815
+#: sssd-ldap.5.xml:1833
msgid "Specifies the service name to use when service discovery is enabled."
msgstr ""
"Définit le nom de service à utiliser quand la découverte de services est "
"activée."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1819
+#: sssd-ldap.5.xml:1837
msgid "Default: ldap"
msgstr "Par défaut : ldap"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1825
+#: sssd-ldap.5.xml:1843
msgid "ldap_chpass_dns_service_name (string)"
msgstr "ldap_chpass_dns_service_name (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1828
+#: sssd-ldap.5.xml:1846
msgid ""
"Specifies the service name to use to find an LDAP server which allows "
"password changes when service discovery is enabled."
@@ -5725,19 +6104,19 @@ msgstr ""
"un changement de mot de passe quand la découverte de services est activée."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1833
+#: sssd-ldap.5.xml:1851
msgid "Default: not set, i.e. service discovery is disabled"
msgstr ""
"Par défaut : non défini, c'est-à-dire que le service de découverte est "
"désactivé."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1839
+#: sssd-ldap.5.xml:1857
msgid "ldap_chpass_update_last_change (bool)"
msgstr "ldap_chpass_update_last_change (bool)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1842
+#: sssd-ldap.5.xml:1860
msgid ""
"Specifies whether to update the ldap_user_shadow_last_change attribute with "
"days since the Epoch after a password change operation."
@@ -5747,12 +6126,12 @@ msgstr ""
"de passe."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1854
+#: sssd-ldap.5.xml:1872
msgid "ldap_access_filter (string)"
msgstr "ldap_access_filter (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1857
+#: sssd-ldap.5.xml:1875
msgid ""
"If using access_provider = ldap and ldap_access_order = filter (default), "
"this option is mandatory. It specifies an LDAP search filter criteria that "
@@ -5768,12 +6147,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1877
+#: sssd-ldap.5.xml:1895
msgid "Example:"
-msgstr "Exemple:"
+msgstr "Exemple :"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1880
+#: sssd-ldap.5.xml:1898
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -5785,7 +6164,7 @@ msgstr ""
" "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1884
+#: sssd-ldap.5.xml:1902
msgid ""
"This example means that access to this host is restricted to users whose "
"employeeType attribute is set to \"admin\"."
@@ -5794,7 +6173,7 @@ msgstr ""
"dont l'attribut employeeType est « admin »."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1889
+#: sssd-ldap.5.xml:1907
msgid ""
"Offline caching for this feature is limited to determining whether the "
"user's last online login was granted access permission. If they were granted "
@@ -5806,17 +6185,17 @@ msgstr ""
"Si tel était le cas, l'accès sera conservé en mode hors-ligne et vice-versa."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1897 sssd-ldap.5.xml:1954
+#: sssd-ldap.5.xml:1915 sssd-ldap.5.xml:1972
msgid "Default: Empty"
msgstr "Par défaut : vide"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1903
+#: sssd-ldap.5.xml:1921
msgid "ldap_account_expire_policy (string)"
msgstr "ldap_account_expire_policy (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1906
+#: sssd-ldap.5.xml:1924
msgid ""
"With this option a client side evaluation of access control attributes can "
"be enabled."
@@ -5825,7 +6204,7 @@ msgstr ""
"être activée."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1910
+#: sssd-ldap.5.xml:1928
msgid ""
"Please note that it is always recommended to use server side access control, "
"i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -5837,12 +6216,12 @@ msgstr ""
"correct."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1917
+#: sssd-ldap.5.xml:1935
msgid "The following values are allowed:"
msgstr "Les valeurs suivantes sont autorisées :"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1920
+#: sssd-ldap.5.xml:1938
msgid ""
"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
"determine if the account is expired."
@@ -5851,7 +6230,7 @@ msgstr ""
"pour déterminer si le compte a expiré."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1925
+#: sssd-ldap.5.xml:1943
msgid ""
"<emphasis>ad</emphasis>: use the value of the 32bit field "
"ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -5864,7 +6243,7 @@ msgstr ""
"d'expiration du compte est aussi vérifiée."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1932
+#: sssd-ldap.5.xml:1950
msgid ""
"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
"emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -5875,7 +6254,7 @@ msgstr ""
"l'accès est autorisé ou non."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1938
+#: sssd-ldap.5.xml:1956
msgid ""
"<emphasis>nds</emphasis>: the values of "
"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -5888,7 +6267,7 @@ msgstr ""
"est autorisé. Si les deux attributs sont manquants, l'accès est autorisé."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1947
+#: sssd-ldap.5.xml:1965
msgid ""
"Please note that the ldap_access_order configuration option <emphasis>must</"
"emphasis> include <quote>expire</quote> in order for the "
@@ -5899,24 +6278,24 @@ msgstr ""
"ldap_account_expire_policy de fonctionner."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1960
+#: sssd-ldap.5.xml:1978
msgid "ldap_access_order (string)"
msgstr "ldap_access_order (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1963
+#: sssd-ldap.5.xml:1981
msgid "Comma separated list of access control options. Allowed values are:"
msgstr ""
"Liste séparées par des virgules des options de contrôles d'accès. Les "
"valeurs autorisées sont :"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1967
+#: sssd-ldap.5.xml:1985
msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
msgstr "<emphasis>filter</emphasis> : utiliser ldap_access_filter"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1970
+#: sssd-ldap.5.xml:1988
msgid ""
"<emphasis>lockout</emphasis>: use account locking. If set, this option "
"denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -5926,14 +6305,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1980
+#: sssd-ldap.5.xml:1998
msgid ""
"<emphasis> Please note that this option is superseded by the <quote>ppolicy</"
"quote> option and might be removed in a future release. </emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1987
+#: sssd-ldap.5.xml:2005
msgid ""
"<emphasis>ppolicy</emphasis>: use account locking. If set, this option "
"denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -5946,12 +6325,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2004
+#: sssd-ldap.5.xml:2022
msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
msgstr "<emphasis>expire</emphasis>: utiliser ldap_account_expire_policy"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2008
+#: sssd-ldap.5.xml:2026
msgid ""
"<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, "
"pwd_expire_policy_renew: </emphasis> These options are useful if users are "
@@ -5961,7 +6340,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2018
+#: sssd-ldap.5.xml:2036
msgid ""
"The difference between these options is the action taken if user password is "
"expired: pwd_expire_policy_reject - user is denied to log in, "
@@ -5971,20 +6350,20 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2026
+#: sssd-ldap.5.xml:2044
msgid ""
"Note If user password is expired no explicit message is prompted by SSSD."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2030
+#: sssd-ldap.5.xml:2048
msgid ""
"Please note that 'access_provider = ldap' must be set for this feature to "
"work. Also 'ldap_pwd_policy' must be set to an appropriate password policy."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2035
+#: sssd-ldap.5.xml:2053
msgid ""
"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
"to determine access"
@@ -5993,18 +6372,18 @@ msgstr ""
"authorizedService pour déterminer l'accès"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2040
+#: sssd-ldap.5.xml:2058
msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
msgstr ""
"<emphasis>host</emphasis> : utilise l'attribut host pour déterminer l'accès"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2044
+#: sssd-ldap.5.xml:2062
msgid "Default: filter"
msgstr "Par défaut : filter"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2047
+#: sssd-ldap.5.xml:2065
msgid ""
"Please note that it is a configuration error if a value is used more than "
"once."
@@ -6013,12 +6392,12 @@ msgstr ""
"de configuration."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2054
+#: sssd-ldap.5.xml:2072
msgid "ldap_pwdlockout_dn (string)"
msgstr "ldap_pwdlockout_dn (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2057
+#: sssd-ldap.5.xml:2075
msgid ""
"This option specifies the DN of password policy entry on LDAP server. Please "
"note that absence of this option in sssd.conf in case of enabled account "
@@ -6027,22 +6406,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2065
+#: sssd-ldap.5.xml:2083
msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com"
-msgstr ""
+msgstr "Exemple : cn=ppolicy,ou=policies,dc=example,dc=com"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2068
+#: sssd-ldap.5.xml:2086
msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2074
+#: sssd-ldap.5.xml:2092
msgid "ldap_deref (string)"
msgstr "ldap_deref (chaînes)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2077
+#: sssd-ldap.5.xml:2095
msgid ""
"Specifies how alias dereferencing is done when performing a search. The "
"following options are allowed:"
@@ -6051,12 +6430,12 @@ msgstr ""
"recherche. Les options suivantes sont autorisées :"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2082
+#: sssd-ldap.5.xml:2100
msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
msgstr "<emphasis>never</emphasis> : les alias ne sont jamais déréférencés."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2086
+#: sssd-ldap.5.xml:2104
msgid ""
"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
"the base object, but not in locating the base object of the search."
@@ -6066,7 +6445,7 @@ msgstr ""
"recherche."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2091
+#: sssd-ldap.5.xml:2109
msgid ""
"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
"the base object of the search."
@@ -6075,7 +6454,7 @@ msgstr ""
"la localisation de l'objet de base de la recherche."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2096
+#: sssd-ldap.5.xml:2114
msgid ""
"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
"in locating the base object of the search."
@@ -6084,7 +6463,7 @@ msgstr ""
"recherche et et la localisation de l'objet de base de la recherche."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2101
+#: sssd-ldap.5.xml:2119
msgid ""
"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
"client libraries)"
@@ -6093,12 +6472,12 @@ msgstr ""
"bibliothèques clientes LDAP)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2109
+#: sssd-ldap.5.xml:2127
msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
msgstr "ldap_rfc2307_fallback_to_local_users (booléen)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2112
+#: sssd-ldap.5.xml:2130
msgid ""
"Allows to retain local users as members of an LDAP group for servers that "
"use the RFC2307 schema."
@@ -6107,7 +6486,7 @@ msgstr ""
"LDAP pour les serveurs qui utilisent le schéma RFC2307."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2116
+#: sssd-ldap.5.xml:2134
msgid ""
"In some environments where the RFC2307 schema is used, local users are made "
"members of LDAP groups by adding their names to the memberUid attribute. "
@@ -6125,7 +6504,7 @@ msgstr ""
"initgoups()."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2127
+#: sssd-ldap.5.xml:2145
msgid ""
"This option falls back to checking if local users are referenced, and caches "
"them so that later initgroups() calls will augment the local users with the "
@@ -6136,26 +6515,26 @@ msgstr ""
"ajoutent les utilisateurs locaux aux groupes LDAP."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2139 sssd-ifp.5.xml:136
+#: sssd-ldap.5.xml:2157 sssd-ifp.5.xml:136
#, fuzzy
#| msgid "ldap_opt_timeout (integer)"
msgid "wildcart_limit (integer)"
msgstr "ldap_opt_timeout (entier)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2142
+#: sssd-ldap.5.xml:2160
msgid ""
"Specifies an upper limit on the number of entries that are downloaded during "
"a wildcard lookup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2146
+#: sssd-ldap.5.xml:2164
msgid "At the moment, only the InfoPipe responder supports wildcard lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2150
+#: sssd-ldap.5.xml:2168
msgid "Default: 1000 (often the size of one page)"
msgstr ""
@@ -6175,12 +6554,12 @@ msgstr ""
"détails. <placeholder type=\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2160
+#: sssd-ldap.5.xml:2178
msgid "SUDO OPTIONS"
msgstr "OPTIONS DE SUDO"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2162
+#: sssd-ldap.5.xml:2180
msgid ""
"The detailed instructions for configuration of sudo_provider are in the "
"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -6188,52 +6567,52 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2173
+#: sssd-ldap.5.xml:2191
msgid "ldap_sudorule_object_class (string)"
msgstr "ldap_sudorule_object_class (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2176
+#: sssd-ldap.5.xml:2194
msgid "The object class of a sudo rule entry in LDAP."
msgstr "La classe d'objet d'une entrée de règle de sudo dans LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2179
+#: sssd-ldap.5.xml:2197
msgid "Default: sudoRole"
msgstr "Par défaut : sudoRole"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2185
+#: sssd-ldap.5.xml:2203
msgid "ldap_sudorule_name (string)"
msgstr "ldap_sudorule_name (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2188
+#: sssd-ldap.5.xml:2206
msgid "The LDAP attribute that corresponds to the sudo rule name."
msgstr "L'attribut LDAP qui correspond au nom de la règle de sudo."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2198
+#: sssd-ldap.5.xml:2216
msgid "ldap_sudorule_command (string)"
msgstr "ldap_sudorule_command (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2201
+#: sssd-ldap.5.xml:2219
msgid "The LDAP attribute that corresponds to the command name."
msgstr "L'attribut LDAP qui correspond au nom de la commande."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2205
+#: sssd-ldap.5.xml:2223
msgid "Default: sudoCommand"
msgstr "Par défaut : sudoCommand"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2211
+#: sssd-ldap.5.xml:2229
msgid "ldap_sudorule_host (string)"
msgstr "ldap_sudorule_host (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2214
+#: sssd-ldap.5.xml:2232
msgid ""
"The LDAP attribute that corresponds to the host name (or host IP address, "
"host IP network, or host netgroup)"
@@ -6242,17 +6621,17 @@ msgstr ""
"réseau IP de l'hôte ou netgroup de l'hôte)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2219
+#: sssd-ldap.5.xml:2237
msgid "Default: sudoHost"
msgstr "Par défaut : sudoHost"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2225
+#: sssd-ldap.5.xml:2243
msgid "ldap_sudorule_user (string)"
msgstr "ldap_sudorule_user (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2228
+#: sssd-ldap.5.xml:2246
msgid ""
"The LDAP attribute that corresponds to the user name (or UID, group name or "
"user's netgroup)"
@@ -6261,32 +6640,32 @@ msgstr ""
"groupe ou netgroup de l'utilisateur)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2232
+#: sssd-ldap.5.xml:2250
msgid "Default: sudoUser"
msgstr "Par défaut : sudoUser"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2238
+#: sssd-ldap.5.xml:2256
msgid "ldap_sudorule_option (string)"
msgstr "ldap_sudorule_option (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2241
+#: sssd-ldap.5.xml:2259
msgid "The LDAP attribute that corresponds to the sudo options."
msgstr "L'attribut LDAP qui correspond aux options sudo."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2245
+#: sssd-ldap.5.xml:2263
msgid "Default: sudoOption"
msgstr "Par défaut : sudoOption"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2251
+#: sssd-ldap.5.xml:2269
msgid "ldap_sudorule_runasuser (string)"
msgstr "ldap_sudorule_runasuser (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2254
+#: sssd-ldap.5.xml:2272
msgid ""
"The LDAP attribute that corresponds to the user name that commands may be "
"run as."
@@ -6295,17 +6674,17 @@ msgstr ""
"nom d'utilisateur."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2258
+#: sssd-ldap.5.xml:2276
msgid "Default: sudoRunAsUser"
msgstr "Par défaut : sudoRunAsUser"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2264
+#: sssd-ldap.5.xml:2282
msgid "ldap_sudorule_runasgroup (string)"
msgstr "ldap_sudorule_runasgroup (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2267
+#: sssd-ldap.5.xml:2285
msgid ""
"The LDAP attribute that corresponds to the group name or group GID that "
"commands may be run as."
@@ -6314,17 +6693,17 @@ msgstr ""
"les commandes seront être exécutées."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2271
+#: sssd-ldap.5.xml:2289
msgid "Default: sudoRunAsGroup"
msgstr "Par défaut : sudoRunAsGroup"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2277
+#: sssd-ldap.5.xml:2295
msgid "ldap_sudorule_notbefore (string)"
msgstr "ldap_sudorule_notbefore (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2280
+#: sssd-ldap.5.xml:2298
msgid ""
"The LDAP attribute that corresponds to the start date/time for when the sudo "
"rule is valid."
@@ -6333,17 +6712,17 @@ msgstr ""
"règle sudo est valide."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2284
+#: sssd-ldap.5.xml:2302
msgid "Default: sudoNotBefore"
msgstr "Par défaut : sudoNotBefore"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2290
+#: sssd-ldap.5.xml:2308
msgid "ldap_sudorule_notafter (string)"
msgstr "ldap_sudorule_notafter (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2293
+#: sssd-ldap.5.xml:2311
msgid ""
"The LDAP attribute that corresponds to the expiration date/time, after which "
"the sudo rule will no longer be valid."
@@ -6352,32 +6731,32 @@ msgstr ""
"règle sudo ne sera plus valide."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2298
+#: sssd-ldap.5.xml:2316
msgid "Default: sudoNotAfter"
msgstr "Par défaut : sudoNotAfter"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2304
+#: sssd-ldap.5.xml:2322
msgid "ldap_sudorule_order (string)"
msgstr "ldap_sudorule_order (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2307
+#: sssd-ldap.5.xml:2325
msgid "The LDAP attribute that corresponds to the ordering index of the rule."
msgstr "L'attribut LDAP qui correspond à l'index de tri de la règle."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2311
+#: sssd-ldap.5.xml:2329
msgid "Default: sudoOrder"
msgstr "Par défaut : sudoOrder"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2317
+#: sssd-ldap.5.xml:2335
msgid "ldap_sudo_full_refresh_interval (integer)"
msgstr "ldap_sudo_full_refresh_interval (integer)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2320
+#: sssd-ldap.5.xml:2338
msgid ""
"How many seconds SSSD will wait between executing a full refresh of sudo "
"rules (which downloads all rules that are stored on the server)."
@@ -6387,7 +6766,7 @@ msgstr ""
"règles qui sont stockées sur le serveur)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2325
+#: sssd-ldap.5.xml:2343
msgid ""
"The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
"emphasis>"
@@ -6396,17 +6775,17 @@ msgstr ""
"emphasis>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2330
+#: sssd-ldap.5.xml:2348
msgid "Default: 21600 (6 hours)"
msgstr "Par défaut : 21600 (6 heures)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2336
+#: sssd-ldap.5.xml:2354
msgid "ldap_sudo_smart_refresh_interval (integer)"
msgstr "ldap_sudo_smart_refresh_interval (integer)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2339
+#: sssd-ldap.5.xml:2357
msgid ""
"How many seconds SSSD has to wait before executing a smart refresh of sudo "
"rules (which downloads all rules that have USN higher than the highest USN "
@@ -6418,7 +6797,7 @@ msgstr ""
"cache)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2345
+#: sssd-ldap.5.xml:2363
msgid ""
"If USN attributes are not supported by the server, the modifyTimestamp "
"attribute is used instead."
@@ -6427,12 +6806,12 @@ msgstr ""
"modifyTimestamp est utilisé à la place."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2355
+#: sssd-ldap.5.xml:2373
msgid "ldap_sudo_use_host_filter (boolean)"
msgstr "ldap_sudo_use_host_filter (boolean)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2358
+#: sssd-ldap.5.xml:2376
msgid ""
"If true, SSSD will download only rules that are applicable to this machine "
"(using the IPv4 or IPv6 host/network addresses and hostnames)."
@@ -6442,12 +6821,12 @@ msgstr ""
"noms de systèmes)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2369
+#: sssd-ldap.5.xml:2387
msgid "ldap_sudo_hostnames (string)"
msgstr "ldap_sudo_hostnames (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2372
+#: sssd-ldap.5.xml:2390
msgid ""
"Space separated list of hostnames or fully qualified domain names that "
"should be used to filter the rules."
@@ -6456,7 +6835,7 @@ msgstr ""
"doivent être utilisés pour filtrer les règles."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2377
+#: sssd-ldap.5.xml:2395
msgid ""
"If this option is empty, SSSD will try to discover the hostname and the "
"fully qualified domain name automatically."
@@ -6465,8 +6844,8 @@ msgstr ""
"nom de système et le nom de domaine pleinement qualifié."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2382 sssd-ldap.5.xml:2405 sssd-ldap.5.xml:2423
-#: sssd-ldap.5.xml:2441
+#: sssd-ldap.5.xml:2400 sssd-ldap.5.xml:2423 sssd-ldap.5.xml:2441
+#: sssd-ldap.5.xml:2459
msgid ""
"If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
"emphasis> then this option has no effect."
@@ -6475,17 +6854,17 @@ msgstr ""
"emphasis>, alors cette option n'a aucun effet."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2387 sssd-ldap.5.xml:2410
+#: sssd-ldap.5.xml:2405 sssd-ldap.5.xml:2428
msgid "Default: not specified"
msgstr "Par défaut : non spécifié"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2393
+#: sssd-ldap.5.xml:2411
msgid "ldap_sudo_ip (string)"
msgstr "ldap_sudo_ip (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2396
+#: sssd-ldap.5.xml:2414
msgid ""
"Space separated list of IPv4 or IPv6 host/network addresses that should be "
"used to filter the rules."
@@ -6494,7 +6873,7 @@ msgstr ""
"IPv6 qui doivent être utilisés pour filtrer les règles."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2401
+#: sssd-ldap.5.xml:2419
msgid ""
"If this option is empty, SSSD will try to discover the addresses "
"automatically."
@@ -6503,12 +6882,12 @@ msgstr ""
"automatiquement."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2416
+#: sssd-ldap.5.xml:2434
msgid "ldap_sudo_include_netgroups (boolean)"
msgstr "ldap_sudo_include_netgroups (boolean)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2419
+#: sssd-ldap.5.xml:2437
msgid ""
"If true then SSSD will download every rule that contains a netgroup in "
"sudoHost attribute."
@@ -6517,12 +6896,12 @@ msgstr ""
"netgroup dans l'attribut sudoHost."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2434
+#: sssd-ldap.5.xml:2452
msgid "ldap_sudo_include_regexp (boolean)"
msgstr "ldap_sudo_include_regexp (boolean)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2437
+#: sssd-ldap.5.xml:2455
msgid ""
"If true then SSSD will download every rule that contains a wildcard in "
"sudoHost attribute."
@@ -6531,7 +6910,7 @@ msgstr ""
"un joker dans l'attribut sudoHost."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2453
+#: sssd-ldap.5.xml:2471
msgid ""
"This manual page only describes attribute name mapping. For detailed "
"explanation of sudo related attribute semantics, see <citerefentry> "
@@ -6544,72 +6923,72 @@ msgstr ""
"manvolnum></citerefentry>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2463
+#: sssd-ldap.5.xml:2481
msgid "AUTOFS OPTIONS"
msgstr "OPTIONS AUTOFS"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2465
+#: sssd-ldap.5.xml:2483
msgid ""
"Some of the defaults for the parameters below are dependent on the LDAP "
"schema."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2471
+#: sssd-ldap.5.xml:2489
msgid "ldap_autofs_map_master_name (string)"
msgstr "ldap_autofs_map_master_name (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2474
+#: sssd-ldap.5.xml:2492
msgid "The name of the automount master map in LDAP."
msgstr "Le nom de la table de montage automatique maîtresse dans LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2477
+#: sssd-ldap.5.xml:2495
msgid "Default: auto.master"
msgstr "Par défaut : auto.master"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2484
+#: sssd-ldap.5.xml:2502
msgid "ldap_autofs_map_object_class (string)"
msgstr "ldap_autofs_map_object_class (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2487
+#: sssd-ldap.5.xml:2505
msgid "The object class of an automount map entry in LDAP."
msgstr ""
"La classe d'objet d'une entrée de table de montage automatique dans LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2490
+#: sssd-ldap.5.xml:2508
msgid "Default: automountMap"
msgstr "Par défaut : automountMap"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2497
+#: sssd-ldap.5.xml:2515
msgid "ldap_autofs_map_name (string)"
msgstr "ldap_autofs_map_name (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2500
+#: sssd-ldap.5.xml:2518
msgid "The name of an automount map entry in LDAP."
msgstr "Le nom d'une entrée de table de montage automatique dans LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2503
+#: sssd-ldap.5.xml:2521
#, fuzzy
#| msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
msgid "Default: ou (rfc2307), automountMapName (rfc2307bis, ipa, ad)"
msgstr "Par défaut : memberuid (rfc2307) / member (rfc2307bis)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2511
+#: sssd-ldap.5.xml:2529
msgid "ldap_autofs_entry_object_class (string)"
msgstr "ldap_autofs_entry_object_class (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2514
+#: sssd-ldap.5.xml:2532
#, fuzzy
#| msgid ""
#| "The key of an automount entry in LDAP. The entry usually corresponds to a "
@@ -6622,19 +7001,19 @@ msgstr ""
"généralement à un point de montage."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2519
+#: sssd-ldap.5.xml:2537
#, fuzzy
#| msgid "Default: automountMap"
msgid "Default: automount"
msgstr "Par défaut : automountMap"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2526
+#: sssd-ldap.5.xml:2544
msgid "ldap_autofs_entry_key (string)"
msgstr "ldap_autofs_entry_key (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2529 sssd-ldap.5.xml:2544
+#: sssd-ldap.5.xml:2547 sssd-ldap.5.xml:2562
msgid ""
"The key of an automount entry in LDAP. The entry usually corresponds to a "
"mount point."
@@ -6643,24 +7022,24 @@ msgstr ""
"généralement à un point de montage."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2533
+#: sssd-ldap.5.xml:2551
#, fuzzy
#| msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
msgid "Default: cn (rfc2307), automountKey (rfc2307bis, ipa, ad)"
msgstr "Par défaut : memberuid (rfc2307) / member (rfc2307bis)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2541
+#: sssd-ldap.5.xml:2559
msgid "ldap_autofs_entry_value (string)"
msgstr "ldap_autofs_entry_value (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2548
+#: sssd-ldap.5.xml:2566
msgid "Default: automountInformation"
msgstr "Par défaut : automountInformation"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2469
+#: sssd-ldap.5.xml:2487
msgid ""
"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
@@ -6673,32 +7052,32 @@ msgstr ""
"\"variablelist\" id=\"4\"/> <placeholder type=\"variablelist\" id=\"5\"/>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2558
+#: sssd-ldap.5.xml:2576
msgid "ADVANCED OPTIONS"
msgstr "OPTIONS AVANCÉES"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2565
+#: sssd-ldap.5.xml:2583
msgid "ldap_netgroup_search_base (string)"
msgstr "ldap_netgroup_search_base (chaînes)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2570
+#: sssd-ldap.5.xml:2588
msgid "ldap_user_search_base (string)"
msgstr "ldap_user_search_base (chaînes)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2575
+#: sssd-ldap.5.xml:2593
msgid "ldap_group_search_base (string)"
msgstr "ldap_group_search_base (chaînes)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><note>
-#: sssd-ldap.5.xml:2580
+#: sssd-ldap.5.xml:2598
msgid "<note>"
-msgstr ""
+msgstr "<note>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para>
-#: sssd-ldap.5.xml:2582
+#: sssd-ldap.5.xml:2600
msgid ""
"If the option <quote>ldap_use_tokengroups</quote> is enabled. The searches "
"against Active Directory will not be restricted and return all groups "
@@ -6707,22 +7086,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist>
-#: sssd-ldap.5.xml:2589
+#: sssd-ldap.5.xml:2607
msgid "</note>"
-msgstr ""
+msgstr "</note>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2591
+#: sssd-ldap.5.xml:2609
msgid "ldap_sudo_search_base (string)"
msgstr "ldap_sudo_search_base (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2596
+#: sssd-ldap.5.xml:2614
msgid "ldap_autofs_search_base (string)"
msgstr "ldap_autofs_search_base (string)"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2560
+#: sssd-ldap.5.xml:2578
msgid ""
"These options are supported by LDAP domains, but they should be used with "
"caution. Please include them in your configuration only if you know what you "
@@ -6731,7 +7110,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2613
+#: sssd-ldap.5.xml:2631
msgid ""
"The following example assumes that SSSD is correctly configured and LDAP is "
"set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -6742,7 +7121,7 @@ msgstr ""
"replaceable>."
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2619
+#: sssd-ldap.5.xml:2637
#, no-wrap
msgid ""
"[domain/LDAP]\n"
@@ -6753,28 +7132,35 @@ msgid ""
"ldap_tls_reqcert = demand\n"
"cache_credentials = true\n"
msgstr ""
+"[domain/LDAP]\n"
+"id_provider = ldap\n"
+"auth_provider = ldap\n"
+"ldap_uri = ldap://ldap.mydomain.org\n"
+"ldap_search_base = dc=mydomain,dc=org\n"
+"ldap_tls_reqcert = demand\n"
+"cache_credentials = true\n"
#. type: Content of: <refsect1><refsect2><para>
-#: sssd-ldap.5.xml:2618 sssd-ldap.5.xml:2636 sssd-simple.5.xml:139
-#: sssd-ipa.5.xml:725 sssd-ad.5.xml:897 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98
+#: sssd-ldap.5.xml:2636 sssd-ldap.5.xml:2654 sssd-simple.5.xml:139
+#: sssd-ipa.5.xml:725 sssd-ad.5.xml:973 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98
#: sssd-krb5.5.xml:573 include/ldap_id_mapping.xml:105
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr "<placeholder type=\"programlisting\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2630
+#: sssd-ldap.5.xml:2648
msgid "LDAP ACCESS FILTER EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2632
+#: sssd-ldap.5.xml:2650
msgid ""
"The following example assumes that SSSD is correctly configured and to use "
"the ldap_access_order=lockout."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2637
+#: sssd-ldap.5.xml:2655
#, no-wrap
msgid ""
"[domain/LDAP]\n"
@@ -6788,15 +7174,25 @@ msgid ""
"ldap_tls_reqcert = demand\n"
"cache_credentials = true\n"
msgstr ""
+"[domain/LDAP]\n"
+"id_provider = ldap\n"
+"auth_provider = ldap\n"
+"access_provider = ldap\n"
+"ldap_access_order = lockout\n"
+"ldap_pwdlockout_dn = cn=ppolicy,ou=policies,dc=mydomain,dc=org\n"
+"ldap_uri = ldap://ldap.mydomain.org\n"
+"ldap_search_base = dc=mydomain,dc=org\n"
+"ldap_tls_reqcert = demand\n"
+"cache_credentials = true\n"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2652 sssd_krb5_locator_plugin.8.xml:61
-#: sssd-simple.5.xml:148 sssd-ad.5.xml:912 sssd.8.xml:195 sss_seed.8.xml:163
+#: sssd-ldap.5.xml:2670 sssd_krb5_locator_plugin.8.xml:61
+#: sssd-simple.5.xml:148 sssd-ad.5.xml:988 sssd.8.xml:195 sss_seed.8.xml:163
msgid "NOTES"
msgstr "NOTES"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2654
+#: sssd-ldap.5.xml:2672
msgid ""
"The descriptions of some of the configuration options in this manual page "
"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -6837,11 +7233,12 @@ msgid ""
"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </"
"arg> <arg choice='opt'> <replaceable>ignore_unknown_user</replaceable> </"
"arg> <arg choice='opt'> <replaceable>ignore_authinfo_unavail</replaceable> </"
-"arg> <arg choice='opt'> <replaceable>domains=X</replaceable> </arg>"
+"arg> <arg choice='opt'> <replaceable>domains=X</replaceable> </arg> <arg "
+"choice='opt'> <replaceable>allow_missing_name</replaceable> </arg>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:54
+#: pam_sss.8.xml:57
msgid ""
"<command>pam_sss.so</command> is the PAM interface to the System Security "
"Services daemon (SSSD). Errors and results are logged through "
@@ -6852,22 +7249,22 @@ msgstr ""
"<command>syslog(3)</command> avec l'argument LOG_AUTHPRIV."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:64
+#: pam_sss.8.xml:67
msgid "<option>quiet</option>"
msgstr "<option>quiet</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:67
+#: pam_sss.8.xml:70
msgid "Suppress log messages for unknown users."
msgstr "Supprimer les messages de journal pour les utilisateurs inconnus."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:72
+#: pam_sss.8.xml:75
msgid "<option>forward_pass</option>"
msgstr "<option>forward_pass</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:75
+#: pam_sss.8.xml:78
msgid ""
"If <option>forward_pass</option> is set the entered password is put on the "
"stack for other PAM modules to use."
@@ -6876,12 +7273,12 @@ msgstr ""
"inséré en mémoire pour les autres modules PAM utilisés."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:82
+#: pam_sss.8.xml:85
msgid "<option>use_first_pass</option>"
msgstr "<option>use_first_pass</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:85
+#: pam_sss.8.xml:88
msgid ""
"The argument use_first_pass forces the module to use a previous stacked "
"modules password and will never prompt the user - if no password is "
@@ -6893,12 +7290,12 @@ msgstr ""
"l'utilisateur verra son accès refusé."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:93
+#: pam_sss.8.xml:96
msgid "<option>use_authtok</option>"
msgstr "<option>use_authtok</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:96
+#: pam_sss.8.xml:99
msgid ""
"When password changing enforce the module to set the new password to the one "
"provided by a previously stacked password module."
@@ -6907,12 +7304,12 @@ msgstr ""
"passe par celui fourni par un module de mot de passe déjà chargé en mémoire."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:103
+#: pam_sss.8.xml:106
msgid "<option>retry=N</option>"
msgstr "<option>retry=N</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:106
+#: pam_sss.8.xml:109
msgid ""
"If specified the user is asked another N times for a password if "
"authentication fails. Default is 0."
@@ -6921,7 +7318,7 @@ msgstr ""
"l'authentification échoue. Par défaut : 0."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:108
+#: pam_sss.8.xml:111
msgid ""
"Please note that this option might not work as expected if the application "
"calling PAM handles the user dialog on its own. A typical example is "
@@ -6933,36 +7330,36 @@ msgstr ""
"<option>PasswordAuthentication</option>."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:117
+#: pam_sss.8.xml:120
msgid "<option>ignore_unknown_user</option>"
msgstr "<option>ignore_unknown_user</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:120
+#: pam_sss.8.xml:123
msgid ""
"If this option is specified and the user does not exist, the PAM module will "
"return PAM_IGNORE. This causes the PAM framework to ignore this module."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:127
+#: pam_sss.8.xml:130
msgid "<option>ignore_authinfo_unavail</option>"
msgstr "<option>ignore_authinfo_unavail</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:131
+#: pam_sss.8.xml:134
msgid ""
"Specifies that the PAM module should return PAM_IGNORE if it cannot contact "
"the SSSD daemon. This causes the PAM framework to ignore this module."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:138
+#: pam_sss.8.xml:141
msgid "<option>domains</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:142
+#: pam_sss.8.xml:145
msgid ""
"Allows the administrator to restrict the domains a particular PAM service is "
"allowed to authenticate against. The format is a comma-separated list of "
@@ -6970,7 +7367,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:148
+#: pam_sss.8.xml:151
msgid ""
"NOTE: Must be used in conjunction with the <quote>pam_trusted_users</quote> "
"and <quote>pam_public_domains</quote> options. Please see the "
@@ -6979,13 +7376,46 @@ msgid ""
"responder options."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:165
+#, fuzzy
+#| msgid "<option>forward_pass</option>"
+msgid "<option>allow_missing_name</option>"
+msgstr "<option>forward_pass</option>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:169
+msgid ""
+"The main purpose of this option is to let SSSD determine the user name based "
+"on additional information, e.g. the certificate from a Smartcard."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
+#: pam_sss.8.xml:179
+#, no-wrap
+msgid ""
+" auth sufficient pam_sss.so allow_missing_name\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:174
+msgid ""
+"The current use case are login managers which can monitor a Smartcard reader "
+"for card events. In case a Smartcard is inserted the login manager will call "
+"a PAM stack which includes a line like <placeholder type=\"programlisting\" "
+"id=\"0\"/> In this case SSSD will try to determine the user name based on "
+"the content of the Smartcard, returns it to pam_sss which will finally put "
+"it on the PAM stack."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:164
+#: pam_sss.8.xml:191
msgid "MODULE TYPES PROVIDED"
msgstr "TYPES DE MODULES FOURNIS"
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:165
+#: pam_sss.8.xml:192
msgid ""
"All module types (<option>account</option>, <option>auth</option>, "
"<option>password</option> and <option>session</option>) are provided."
@@ -6994,12 +7424,12 @@ msgstr ""
"<option>password</option> et <option>session</option>) sont fournis."
#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:171
+#: pam_sss.8.xml:198
msgid "FILES"
msgstr "FICHIERS"
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:172
+#: pam_sss.8.xml:199
msgid ""
"If a password reset by root fails, because the corresponding SSSD provider "
"does not support password resets, an individual message can be displayed. "
@@ -7011,7 +7441,7 @@ msgstr ""
"exemple, contenir les instructions permettant la réinitialisation."
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:177
+#: pam_sss.8.xml:204
msgid ""
"The message is read from the file <filename>pam_sss_pw_reset_message.LOC</"
"filename> where LOC stands for a locale string returned by <citerefentry> "
@@ -7031,7 +7461,7 @@ msgstr ""
"utilisateurs doivent avoir les autorisations en lecture seule."
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:187
+#: pam_sss.8.xml:214
msgid ""
"These files are searched in the directory <filename>/etc/sssd/customize/"
"DOMAIN_NAME/</filename>. If no matching file is present a generic message is "
@@ -7244,7 +7674,7 @@ msgstr ""
"pas pris en compte."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:89
+#: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:90
msgid ""
"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -7420,11 +7850,10 @@ msgid ""
msgstr ""
"La liste par ordre de préférence séparée par des virgules des adresses IP ou "
"des noms de systèmes des serveurs IPA auxquels SSSD doit se connecter . Pour "
-"plus d'informations sur la redondance de serveurs et le basculement, "
-"consulter la section de <quote>BASCULEMENT</quote>. Ceci est facultatif si "
-"la découverte automatique est activée. Pour plus d'informations sur la "
-"découverte de services, se reporter à la section de <quote>DÉCOUVERTE DE "
-"SERVICE</quote>."
+"plus d'informations sur la redondance de serveurs et la bascule, consulter "
+"la section <quote>BASCULE</quote>. Ceci est facultatif si la découverte "
+"automatique est activée. Pour plus d'informations sur la découverte de "
+"services, se reporter à la section de <quote>DÉCOUVERTE DE SERVICE</quote>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ipa.5.xml:105
@@ -7442,18 +7871,25 @@ msgstr ""
"identifier l'hôte."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:116 sssd-ad.5.xml:714
+#: sssd-ipa.5.xml:116 sssd-ad.5.xml:790
msgid "dyndns_update (boolean)"
msgstr "dyndns_update (booléen)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:119
+#, fuzzy
+#| msgid ""
+#| "Optional. This option tells SSSD to automatically update the DNS server "
+#| "built into FreeIPA v2 with the IP address of this client. The update is "
+#| "secured using GSS-TSIG. The IP address of the IPA LDAP connection is used "
+#| "for the updates, if it is not otherwise specified by using the "
+#| "<quote>dyndns_iface</quote> option."
msgid ""
"Optional. This option tells SSSD to automatically update the DNS server "
-"built into FreeIPA v2 with the IP address of this client. The update is "
-"secured using GSS-TSIG. The IP address of the IPA LDAP connection is used "
-"for the updates, if it is not otherwise specified by using the "
-"<quote>dyndns_iface</quote> option."
+"built into FreeIPA with the IP address of this client. The update is secured "
+"using GSS-TSIG. The IP address of the IPA LDAP connection is used for the "
+"updates, if it is not otherwise specified by using the <quote>dyndns_iface</"
+"quote> option."
msgstr ""
"Facultatif. Cette option indique à SSSD de mettre à jour automatiquement le "
"serveur DNS intégré à IPA v2 avec l'adresse IP de ce client. La mise à jour "
@@ -7462,7 +7898,7 @@ msgstr ""
"l'utilisation de l'option <quote>dyndns_iface</quote>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:128 sssd-ad.5.xml:728
+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:804
msgid ""
"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
"the default Kerberos realm must be set properly in /etc/krb5.conf"
@@ -7484,12 +7920,12 @@ msgstr ""
"configuration."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:145 sssd-ad.5.xml:739
+#: sssd-ipa.5.xml:145 sssd-ad.5.xml:815
msgid "dyndns_ttl (integer)"
msgstr "dyndns_ttl (entier)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:148 sssd-ad.5.xml:742
+#: sssd-ipa.5.xml:148 sssd-ad.5.xml:818
msgid ""
"The TTL to apply to the client DNS record when updating it. If "
"dyndns_update is false this has no effect. This will override the TTL "
@@ -7516,12 +7952,12 @@ msgid "Default: 1200 (seconds)"
msgstr "Par défaut : 1200 (secondes)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:165 sssd-ad.5.xml:753
+#: sssd-ipa.5.xml:165 sssd-ad.5.xml:829
msgid "dyndns_iface (string)"
msgstr "dyndns_iface (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168 sssd-ad.5.xml:756
+#: sssd-ipa.5.xml:168 sssd-ad.5.xml:832
#, fuzzy
#| msgid ""
#| "Optional. Applicable only when dyndns_update is true. Choose the "
@@ -7558,7 +7994,7 @@ msgid ""
msgstr "Par défaut : utilise l'adresse IP de la connexion IPA LDAP"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:185 sssd-ad.5.xml:767
+#: sssd-ipa.5.xml:185 sssd-ad.5.xml:843
msgid "Example: dyndns_iface = em1, vnet1, vnet2"
msgstr ""
@@ -7568,7 +8004,7 @@ msgid "ipa_enable_dns_sites (boolean)"
msgstr "ipa_enable_dns_sites (booléen)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:194 sssd-ad.5.xml:152
+#: sssd-ipa.5.xml:194 sssd-ad.5.xml:160
msgid "Enables DNS sites - location based service discovery."
msgstr "Active les sites DNS - découverte de service basée sur l'emplacement"
@@ -7593,12 +8029,12 @@ msgstr ""
"seront utilisés comme serveurs de repli"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:217 sssd-ad.5.xml:773
+#: sssd-ipa.5.xml:217 sssd-ad.5.xml:849
msgid "dyndns_refresh_interval (integer)"
msgstr "dyndns_refresh_interval (entier)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:220 sssd-ad.5.xml:776
+#: sssd-ipa.5.xml:220 sssd-ad.5.xml:852
msgid ""
"How often should the back end perform periodic DNS update in addition to the "
"automatic update performed when the back end goes online. This option is "
@@ -7610,12 +8046,12 @@ msgstr ""
"configurée à true."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:233 sssd-ad.5.xml:789
+#: sssd-ipa.5.xml:233 sssd-ad.5.xml:865
msgid "dyndns_update_ptr (bool)"
msgstr "dyndns_update_ptr (booléen)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:236 sssd-ad.5.xml:792
+#: sssd-ipa.5.xml:236 sssd-ad.5.xml:868
msgid ""
"Whether the PTR record should also be explicitly updated when updating the "
"client's DNS records. Applicable only when dyndns_update is true."
@@ -7640,12 +8076,12 @@ msgid "Default: False (disabled)"
msgstr "Par défaut : False (désactivé)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:253 sssd-ad.5.xml:803
+#: sssd-ipa.5.xml:253 sssd-ad.5.xml:879
msgid "dyndns_force_tcp (bool)"
msgstr "dyndns_force_tcp (booléen)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:256 sssd-ad.5.xml:806
+#: sssd-ipa.5.xml:256 sssd-ad.5.xml:882
msgid ""
"Whether the nsupdate utility should default to using TCP for communicating "
"with the DNS server."
@@ -7654,40 +8090,40 @@ msgstr ""
"communication avec le serveur DNS."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:260 sssd-ad.5.xml:810
+#: sssd-ipa.5.xml:260 sssd-ad.5.xml:886
msgid "Default: False (let nsupdate choose the protocol)"
msgstr "Par défaut : False (laisser nsupdate choisir le protocole)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:266 sssd-ad.5.xml:816
+#: sssd-ipa.5.xml:266 sssd-ad.5.xml:892
#, fuzzy
#| msgid "dyndns_iface (string)"
msgid "dyndns_server (string)"
msgstr "dyndns_iface (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:269 sssd-ad.5.xml:819
+#: sssd-ipa.5.xml:269 sssd-ad.5.xml:895
msgid ""
"The DNS server to use when performing a DNS update. In most setups, it's "
"recommended to leave this option unset."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:274 sssd-ad.5.xml:824
+#: sssd-ipa.5.xml:274 sssd-ad.5.xml:900
msgid ""
"Setting this option makes sense for environments where the DNS server is "
"different from the identity server."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:279 sssd-ad.5.xml:829
+#: sssd-ipa.5.xml:279 sssd-ad.5.xml:905
msgid ""
"Please note that this option will be only used in fallback attempt when "
"previous attempt using autodetected settings failed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:284 sssd-ad.5.xml:834
+#: sssd-ipa.5.xml:284 sssd-ad.5.xml:910
#, fuzzy
#| msgid "Default: False (let nsupdate choose the protocol)"
msgid "Default: None (let nsupdate choose the server)"
@@ -7811,7 +8247,7 @@ msgid ""
msgstr "Vérifie avec l'aide de krb5_keytab que le TGT obtenu n'est pas usurpé."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:408 sssd-ad.5.xml:855
+#: sssd-ipa.5.xml:408 sssd-ad.5.xml:931
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
@@ -7874,6 +8310,9 @@ msgid ""
"continue the authentication without it. This is equivalent to not setting "
"this option at all."
msgstr ""
+"<emphasis>try</emphasis> : eassyer d'utiliser FAST. Si le serveur ne prend "
+"pas en charge FAST, continuer l'authentification sans. Ceci équivaut à ne "
+"pas définir cette option."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:463 sssd-krb5.5.xml:433
@@ -7881,8 +8320,8 @@ msgid ""
"<emphasis>demand</emphasis> to use FAST. The authentication fails if the "
"server does not require fast."
msgstr ""
-"<emphasis>imposer</emphasis> d'utiliser FAST. L'authentification échoue si "
-"le serveur ne requiert pas FAST."
+"<emphasis>demander</emphasis>  : imposer d'utiliser FAST. L'authentification "
+"échoue si le serveur ne requiert pas FAST."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:468
@@ -7901,26 +8340,26 @@ msgstr ""
"MIT Kerberos avec cette option est une erreur de configuration."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:480 sssd-ad.5.xml:862
+#: sssd-ipa.5.xml:480 sssd-ad.5.xml:938
msgid "krb5_confd_path (string)"
msgstr "krb5_confd_path (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:483 sssd-ad.5.xml:865
+#: sssd-ipa.5.xml:483 sssd-ad.5.xml:941
msgid ""
"Absolute path of a directory where SSSD should place Kerberos configuration "
"snippets."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:487 sssd-ad.5.xml:869
+#: sssd-ipa.5.xml:487 sssd-ad.5.xml:945
msgid ""
"To disable the creation of the configuration snippets set the parameter to "
"'none'."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:491 sssd-ad.5.xml:873
+#: sssd-ipa.5.xml:491 sssd-ad.5.xml:949
msgid ""
"Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
msgstr ""
@@ -7942,7 +8381,7 @@ msgstr ""
"beaucoup de requêtes de contrôle d'accès sur une courte période."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:508 sssd-ipa.5.xml:524 sssd-ad.5.xml:347
+#: sssd-ipa.5.xml:508 sssd-ipa.5.xml:524 sssd-ad.5.xml:355
msgid "Default: 5 (seconds)"
msgstr "Par défaut : 5 (secondes)"
@@ -8275,13 +8714,14 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ad.5.xml:45
msgid ""
-"The AD provider is able to provide identity information and authentication "
-"for entities from trusted domains as well. Currently only trusted domains in "
-"the same forest are recognized."
+"The AD provider can be used to get user information and authenticate users "
+"from trusted domains. Currently only trusted domains in the same forest are "
+"recognized. In addition servers from trusted domains are always auto-"
+"discovered."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:50
+#: sssd-ad.5.xml:51
msgid ""
"The AD provider accepts the same options used by the <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -8296,15 +8736,27 @@ msgstr ""
"manvolnum></citerefentry> avec les quelques exceptions décrites ci-dessous."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:62
+#: sssd-ad.5.xml:63
+#, fuzzy
+#| msgid ""
+#| "However, it is neither necessary nor recommended to set these options. "
+#| "IPA provider can also be used as an access and chpass provider. As an "
+#| "access provider it uses HBAC (host-based access control) rules. Please "
+#| "refer to freeipa.org for more information about HBAC. No configuration of "
+#| "access provider is required on the client side."
msgid ""
"However, it is neither necessary nor recommended to set these options. The "
-"AD provider can also be used as an access, chpass and sudo provider. No "
-"configuration of the access provider is required on the client side."
+"AD provider can also be used as an access, chpass, sudo and autofs provider. "
+"No configuration of the access provider is required on the client side."
msgstr ""
+"Toutefois, il n'est ni nécessaire ni recommandé de définir ces options. Le "
+"fournisseur IPA peut également servir comme fournisseur d'accès et chpass. "
+"En tant que fournisseur d'accès, il utilise des règles HBAC (host-based "
+"access control). Veuillez consulter freeipa.org pour plus d'informations sur "
+"HBAC. Aucune configuration de fournisseur d'accès n'est requise côté client."
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:74
+#: sssd-ad.5.xml:75
#, no-wrap
msgid ""
"ldap_id_mapping = False\n"
@@ -8314,7 +8766,7 @@ msgstr ""
" "
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:68
+#: sssd-ad.5.xml:69
msgid ""
"By default, the AD provider will map UID and GID values from the objectSID "
"parameter in Active Directory. For details on this, see the <quote>ID "
@@ -8327,7 +8779,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:81
+#: sssd-ad.5.xml:82
msgid ""
"Users, groups and other entities served by SSSD are always treated as case-"
"insensitive in the AD provider for compatibility with Active Directory's "
@@ -8335,12 +8787,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:96
+#: sssd-ad.5.xml:97
msgid "ad_domain (string)"
msgstr "ad_domain (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:99
+#: sssd-ad.5.xml:100
msgid ""
"Specifies the name of the Active Directory domain. This is optional. If not "
"provided, the configuration domain name is used."
@@ -8349,7 +8801,7 @@ msgstr ""
"n'est pas fourni, le nom de domaine de la configuration est utilisé."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:104
+#: sssd-ad.5.xml:105
msgid ""
"For proper operation, this option should be specified as the lower-case "
"version of the long version of the Active Directory domain."
@@ -8358,7 +8810,7 @@ msgstr ""
"domaine Active Directory, spécifié en minuscules."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:109
+#: sssd-ad.5.xml:110
msgid ""
"The short domain name (also known as the NetBIOS or the flat name) is "
"autodetected by the SSSD."
@@ -8367,33 +8819,52 @@ msgstr ""
"autodétecté par SSSD."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:116
+#: sssd-ad.5.xml:117
msgid "ad_server, ad_backup_server (string)"
msgstr "ad_server, ad_backup_server (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:119
+#: sssd-ad.5.xml:120
+#, fuzzy
+#| msgid ""
+#| "The comma-separated list of hostnames of the AD servers to which SSSD "
+#| "should connect in order of preference. For more information on failover "
+#| "and server redundancy, see the <quote>FAILOVER</quote> section. This is "
+#| "optional if autodiscovery is enabled. For more information on service "
+#| "discovery, refer to the <quote>SERVICE DISCOVERY</quote> section."
msgid ""
"The comma-separated list of hostnames of the AD servers to which SSSD should "
"connect in order of preference. For more information on failover and server "
-"redundancy, see the <quote>FAILOVER</quote> section. This is optional if "
-"autodiscovery is enabled. For more information on service discovery, refer "
-"to the <quote>SERVICE DISCOVERY</quote> section."
+"redundancy, see the <quote>FAILOVER</quote> section."
msgstr ""
"La liste par ordre de préférence séparée par des virgules des noms de "
"systèmes des serveurs AD auquel SSSD doit se connecter. Pour plus "
-"d'informations sur la redondance de serveurs et le basculement, consulter la "
-"section <quote>BASCULEMENT</quote>. Ceci est optionnel si la découverte "
+"d'informations sur la redondance de serveurs et la bascule, consulter la "
+"section <quote>BASCULE</quote>. Ceci est facultatif si la découverte "
"automatique est activée. Pour plus d'informations sur la découverte de "
"services, se reporter à la section de <quote>DÉCOUVERTE DE SERVICE</quote>."
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:127
+msgid ""
+"This is optional if autodiscovery is enabled. For more information on "
+"service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ad.5.xml:132
+msgid ""
+"Note: Trusted domains will always auto-discover servers even if the primary "
+"server is explicitly defined in the ad_server option."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:140
msgid "ad_hostname (string)"
msgstr "ad_hostname (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:135
+#: sssd-ad.5.xml:143
msgid ""
"Optional. May be set on machines where the hostname(5) does not reflect the "
"fully qualified name used in the Active Directory domain to identify this "
@@ -8404,7 +8875,7 @@ msgstr ""
"identifier ce système."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:141
+#: sssd-ad.5.xml:149
msgid ""
"This field is used to determine the host principal in use in the keytab. It "
"must match the hostname for which the keytab was issued."
@@ -8414,12 +8885,12 @@ msgstr ""
"publié un fichier keytab."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:149
+#: sssd-ad.5.xml:157
msgid "ad_enable_dns_sites (boolean)"
msgstr "ad_enable_dns_sites (booléen)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:156
+#: sssd-ad.5.xml:164
msgid ""
"If true and service discovery (see Service Discovery paragraph at the bottom "
"of the man page) is enabled, the SSSD will first attempt to discover the "
@@ -8437,12 +8908,12 @@ msgstr ""
"utilisée pendant la découverte de site."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:172
+#: sssd-ad.5.xml:180
msgid "ad_access_filter (string)"
msgstr "ad_access_filter (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:175
+#: sssd-ad.5.xml:183
msgid ""
"This option specifies LDAP access control filter that the user must match in "
"order to be allowed access. Please note that the <quote>access_provider</"
@@ -8451,7 +8922,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:183
+#: sssd-ad.5.xml:191
msgid ""
"The option also supports specifying different filters per domain or forest. "
"This extended filter would consist of: <quote>KEYWORD:NAME:FILTER</quote>. "
@@ -8460,7 +8931,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:191
+#: sssd-ad.5.xml:199
msgid ""
"If the keyword equals to <quote>DOM</quote> or is missing, then <quote>NAME</"
"quote> specifies the domain or subdomain the filter applies to. If the "
@@ -8469,14 +8940,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:199
+#: sssd-ad.5.xml:207
msgid ""
"Multiple filters can be separated with the <quote>?</quote> character, "
"similarly to how search bases work."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:204
+#: sssd-ad.5.xml:212
msgid ""
"The most specific match is always used. For example, if the option specified "
"filter for a domain the user is a member of and a global filter, the per-"
@@ -8485,7 +8956,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ad.5.xml:215
+#: sssd-ad.5.xml:223
#, no-wrap
msgid ""
"# apply filter on domain called dom1 only:\n"
@@ -8509,29 +8980,29 @@ msgstr ""
" "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:225 sssd-ad.5.xml:239
+#: sssd-ad.5.xml:233 sssd-ad.5.xml:247
msgid "Default: Not set"
msgstr "Par défaut : non défini"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:231
+#: sssd-ad.5.xml:239
msgid "ad_site (string)"
msgstr "ad_site (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:234
+#: sssd-ad.5.xml:242
msgid ""
"Specify AD site to which client should try to connect. If this option is "
"not provided, the AD site will be auto-discovered."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:245
+#: sssd-ad.5.xml:253
msgid "ad_enable_gc (boolean)"
msgstr "ad_enable_gc (booléen)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:248
+#: sssd-ad.5.xml:256
msgid ""
"By default, the SSSD connects to the Global Catalog first to retrieve users "
"from trusted domains and uses the LDAP port to retrieve group memberships or "
@@ -8540,7 +9011,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:256
+#: sssd-ad.5.xml:264
msgid ""
"Please note that disabling Global Catalog support does not disable "
"retrieving users from trusted domains. The SSSD would connect to the LDAP "
@@ -8549,12 +9020,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:270
+#: sssd-ad.5.xml:278
msgid "ad_gpo_access_control (string)"
msgstr "ad_gpo_access_control (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:273
+#: sssd-ad.5.xml:281
msgid ""
"This option specifies the operation mode for GPO-based access control "
"functionality: whether it operates in disabled mode, enforcing mode, or "
@@ -8564,14 +9035,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:282
+#: sssd-ad.5.xml:290
msgid ""
"GPO-based access control functionality uses GPO policy settings to determine "
"whether or not a particular user is allowed to logon to a particular host."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:288
+#: sssd-ad.5.xml:296
msgid ""
"NOTE: If the operation mode is set to enforcing, it is possible that users "
"that were previously allowed logon access will now be denied logon access "
@@ -8584,23 +9055,23 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:301
+#: sssd-ad.5.xml:309
msgid "There are three supported values for this option:"
msgstr "Il existe trois valeurs prises en charge pour cette option :"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:305
+#: sssd-ad.5.xml:313
msgid ""
"disabled: GPO-based access control rules are neither evaluated nor enforced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:311
+#: sssd-ad.5.xml:319
msgid "enforcing: GPO-based access control rules are evaluated and enforced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:317
+#: sssd-ad.5.xml:325
msgid ""
"permissive: GPO-based access control rules are evaluated, but not enforced. "
"Instead, a syslog message will be emitted indicating that the user would "
@@ -8608,22 +9079,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:328
+#: sssd-ad.5.xml:336
msgid "Default: permissive"
msgstr "Par défaut : permissive"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:331
+#: sssd-ad.5.xml:339
msgid "Default: enforcing"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:337
+#: sssd-ad.5.xml:345
msgid "ad_gpo_cache_timeout (integer)"
msgstr "ad_gpo_cache_timeout (entier)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:340
+#: sssd-ad.5.xml:348
msgid ""
"The amount of time between lookups of GPO policy files against the AD "
"server. This will reduce the latency and load on the AD server if there are "
@@ -8631,12 +9102,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:353
+#: sssd-ad.5.xml:361
msgid "ad_gpo_map_interactive (string)"
msgstr "ad_gpo_map_interactive (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:356
+#: sssd-ad.5.xml:364
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the InteractiveLogonRight and "
@@ -8644,14 +9115,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:362
+#: sssd-ad.5.xml:370
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on locally\" and \"Deny log on locally\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:376
+#: sssd-ad.5.xml:384
#, no-wrap
msgid ""
"ad_gpo_map_interactive = +my_pam_service, -login\n"
@@ -8659,7 +9130,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:367
+#: sssd-ad.5.xml:375
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -8671,53 +9142,78 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:380 sssd-ad.5.xml:451 sssd-ad.5.xml:492 sssd-ad.5.xml:537
-#: sssd-ad.5.xml:603
+#: sssd-ad.5.xml:388 sssd-ad.5.xml:484 sssd-ad.5.xml:530 sssd-ad.5.xml:575
+#: sssd-ad.5.xml:641
msgid "Default: the default set of PAM service names includes:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:384
+#: sssd-ad.5.xml:392
msgid "login"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:389
+#: sssd-ad.5.xml:397
msgid "su"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:394
+#: sssd-ad.5.xml:402
msgid "su-l"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:399
+#: sssd-ad.5.xml:407
msgid "gdm-fingerprint"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:404
+#: sssd-ad.5.xml:412
msgid "gdm-password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:409
+#: sssd-ad.5.xml:417
msgid "gdm-smartcard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:414
+#: sssd-ad.5.xml:422
msgid "kdm"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:427
+msgid "lightdm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:432
+msgid "lxdm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:437
+msgid "sddm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:442
+msgid "unity"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:447
+msgid "xdm"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:423
+#: sssd-ad.5.xml:456
msgid "ad_gpo_map_remote_interactive (string)"
msgstr "ad_gpo_map_remote_interactive (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:426
+#: sssd-ad.5.xml:459
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the RemoteInteractiveLogonRight and "
@@ -8725,7 +9221,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:432
+#: sssd-ad.5.xml:465
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on through Remote Desktop Services\" and \"Deny log on through Remote "
@@ -8733,7 +9229,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:447
+#: sssd-ad.5.xml:480
#, no-wrap
msgid ""
"ad_gpo_map_remote_interactive = +my_pam_service, -sshd\n"
@@ -8741,7 +9237,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:438
+#: sssd-ad.5.xml:471
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -8753,17 +9249,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:455
+#: sssd-ad.5.xml:488
msgid "sshd"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:493
+msgid "cockpit"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:464
+#: sssd-ad.5.xml:502
msgid "ad_gpo_map_network (string)"
msgstr "ad_gpo_map_network (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:467
+#: sssd-ad.5.xml:505
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the NetworkLogonRight and "
@@ -8771,7 +9272,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:473
+#: sssd-ad.5.xml:511
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Access "
"this computer from the network\" and \"Deny access to this computer from the "
@@ -8779,7 +9280,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:488
+#: sssd-ad.5.xml:526
#, no-wrap
msgid ""
"ad_gpo_map_network = +my_pam_service, -ftp\n"
@@ -8787,7 +9288,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:479
+#: sssd-ad.5.xml:517
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -8799,22 +9300,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:496
+#: sssd-ad.5.xml:534
msgid "ftp"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:501
+#: sssd-ad.5.xml:539
msgid "samba"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:510
+#: sssd-ad.5.xml:548
msgid "ad_gpo_map_batch (string)"
msgstr "ad_gpo_map_batch (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:513
+#: sssd-ad.5.xml:551
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the BatchLogonRight and DenyBatchLogonRight "
@@ -8822,14 +9323,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:519
+#: sssd-ad.5.xml:557
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on as a batch job\" and \"Deny log on as a batch job\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:533
+#: sssd-ad.5.xml:571
#, no-wrap
msgid ""
"ad_gpo_map_batch = +my_pam_service, -crond\n"
@@ -8837,7 +9338,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:524
+#: sssd-ad.5.xml:562
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -8849,17 +9350,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:541
+#: sssd-ad.5.xml:579
msgid "crond"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:550
+#: sssd-ad.5.xml:588
msgid "ad_gpo_map_service (string)"
msgstr "ad_gpo_map_service (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:553
+#: sssd-ad.5.xml:591
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the ServiceLogonRight and "
@@ -8867,14 +9368,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:559
+#: sssd-ad.5.xml:597
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on as a service\" and \"Deny log on as a service\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:572
+#: sssd-ad.5.xml:610
#, no-wrap
msgid ""
"ad_gpo_map_service = +my_pam_service\n"
@@ -8882,7 +9383,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:564 sssd-ad.5.xml:634
+#: sssd-ad.5.xml:602 sssd-ad.5.xml:677
msgid ""
"It is possible to add a PAM service name to the default set by using <quote>"
"+service_name</quote>. Since the default set is empty, it is not possible "
@@ -8893,19 +9394,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:582
+#: sssd-ad.5.xml:620
msgid "ad_gpo_map_permit (string)"
msgstr "ad_gpo_map_permit (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:585
+#: sssd-ad.5.xml:623
msgid ""
"A comma-separated list of PAM service names for which GPO-based access is "
"always granted, regardless of any GPO Logon Rights."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:599
+#: sssd-ad.5.xml:637
#, no-wrap
msgid ""
"ad_gpo_map_permit = +my_pam_service, -sudo\n"
@@ -8913,7 +9414,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:590
+#: sssd-ad.5.xml:628
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -8925,34 +9426,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:607
+#: sssd-ad.5.xml:645
+msgid "polkit-1"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:650
msgid "sudo"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:612
+#: sssd-ad.5.xml:655
msgid "sudo-i"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:617
+#: sssd-ad.5.xml:660
msgid "systemd-user"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:626
+#: sssd-ad.5.xml:669
msgid "ad_gpo_map_deny (string)"
msgstr "ad_gpo_map_deny (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:629
+#: sssd-ad.5.xml:672
msgid ""
"A comma-separated list of PAM service names for which GPO-based access is "
"always denied, regardless of any GPO Logon Rights."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:642
+#: sssd-ad.5.xml:685
#, no-wrap
msgid ""
"ad_gpo_map_deny = +my_pam_service\n"
@@ -8960,12 +9466,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:652
+#: sssd-ad.5.xml:695
msgid "ad_gpo_default_right (string)"
msgstr "ad_gpo_default_right (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:655
+#: sssd-ad.5.xml:698
msgid ""
"This option defines how access control is evaluated for PAM service names "
"that are not explicitly listed in one of the ad_gpo_map_* options. This "
@@ -8978,52 +9484,96 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:668
+#: sssd-ad.5.xml:711
msgid "Supported values for this option include:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:672
+#: sssd-ad.5.xml:715
msgid "interactive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:677
+#: sssd-ad.5.xml:720
msgid "remote_interactive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:682
+#: sssd-ad.5.xml:725
msgid "network"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:687
+#: sssd-ad.5.xml:730
msgid "batch"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:692
+#: sssd-ad.5.xml:735
msgid "service"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:697
+#: sssd-ad.5.xml:740
msgid "permit"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:702
+#: sssd-ad.5.xml:745
msgid "deny"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:708
+#: sssd-ad.5.xml:751
msgid "Default: deny"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:757
+msgid "ad_maximum_machine_account_password_age (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:760
+msgid ""
+"SSSD will check once a day if the machine account password is older than the "
+"given age in days and try to renew it. A value of 0 will disable the renewal "
+"attempt."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:766
+#, fuzzy
+#| msgid "Default: 300"
+msgid "Default: 30 days"
+msgstr "Par défaut : 300"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:772
+#, fuzzy
+#| msgid "pam_account_expired_message (string)"
+msgid "ad_machine_account_password_renewal_opts (string)"
+msgstr "pam_account_expired_message (chaîne)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:775
+msgid ""
+"This option should only be used to test the machine account renewal task. "
+"The option expect 2 integers seperated by a colon (':'). The first integer "
+"defines the interval in seconds how often the task is run. The second "
+"specifies the inital timeout in seconds before the task is run for the first "
+"time after startup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:784
+#, fuzzy
+#| msgid "Default: 86400 (24 hours)"
+msgid "Default: 86400:750 (24h and 15m)"
+msgstr "Par défaut : 86400 (24 heures)"
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:717
+#: sssd-ad.5.xml:793
msgid ""
"Optional. This option tells SSSD to automatically update the Active "
"Directory DNS server with the IP address of this client. The update is "
@@ -9041,12 +9591,12 @@ msgstr ""
"<quote>dyndns_iface</quote>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:747
+#: sssd-ad.5.xml:823
msgid "Default: 3600 (seconds)"
msgstr "Par défaut : 3600 (secondes)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:763
+#: sssd-ad.5.xml:839
#, fuzzy
#| msgid "Default: Use the IP address of the AD LDAP connection"
msgid ""
@@ -9055,17 +9605,17 @@ msgid ""
msgstr "Par défaut : utilise l'adresse IP de la connexion LDAP AD"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:797 sss_rpcidmapd.5.xml:76
+#: sssd-ad.5.xml:873 sss_rpcidmapd.5.xml:76
msgid "Default: True"
msgstr "Par défaut : True"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:843 sssd-krb5.5.xml:505
+#: sssd-ad.5.xml:919 sssd-krb5.5.xml:505
msgid "krb5_use_enterprise_principal (boolean)"
msgstr "krb5_use_enterprise_principal (booléen)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:846 sssd-krb5.5.xml:508
+#: sssd-ad.5.xml:922 sssd-krb5.5.xml:508
msgid ""
"Specifies if the user principal should be treated as enterprise principal. "
"See section 5 of RFC 6806 for more details about enterprise principals."
@@ -9075,7 +9625,7 @@ msgstr ""
"principals d'entreprise."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:891
+#: sssd-ad.5.xml:967
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -9086,7 +9636,7 @@ msgstr ""
"exemples montrent seulement les options spécifiques au fournisseur AD."
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:898
+#: sssd-ad.5.xml:974
#, no-wrap
msgid ""
"[domain/EXAMPLE]\n"
@@ -9110,7 +9660,7 @@ msgstr ""
"ad_domain = example.com\n"
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:918
+#: sssd-ad.5.xml:994
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -9122,7 +9672,7 @@ msgstr ""
"ldap_account_expire_policy = ad\n"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:914
+#: sssd-ad.5.xml:990
msgid ""
"The AD access control provider checks if the account is expired. It has the "
"same effect as the following configuration of the LDAP provider: "
@@ -9133,7 +9683,7 @@ msgstr ""
"<placeholder type=\"programlisting\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:924
+#: sssd-ad.5.xml:1000
msgid ""
"However, unless the <quote>ad</quote> access control provider is explicitly "
"configured, the default access provider is <quote>permit</quote>. Please "
@@ -9142,6 +9692,14 @@ msgid ""
"encryption details) manually."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ad.5.xml:1008
+msgid ""
+"When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema "
+"attribute mapping (nisMap, nisObject, ...) is used, because these attributes "
+"are included in the default Active Directory schema."
+msgstr ""
+
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16
msgid "sssd-sudo"
@@ -9718,7 +10276,7 @@ msgid "The password to obfuscate will be read from standard input."
msgstr "Le mot de passe chiffré sera lu sur l'entrée standard."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:80
+#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:70
#: sss_ssh_knownhostsproxy.1.xml:78
msgid ""
"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
@@ -9793,17 +10351,22 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_override.8.xml:37
msgid ""
-"Overrides data are stored in SSSD cache. If the cache is deleted all local "
-"overrides are lost."
+"Overrides data are stored in the SSSD cache. If the cache is deleted, all "
+"local overrides are lost. Please note that after the first override is "
+"created using any of the following <emphasis>user-add</emphasis>, "
+"<emphasis>group-add</emphasis>, <emphasis>user-import</emphasis> or "
+"<emphasis>group-import</emphasis> command. SSSD needs to be restarted to "
+"take effect. <emphasis>sss_override</emphasis> prints message when a "
+"restart is required."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_override.8.xml:43
+#: sss_override.8.xml:50
msgid "AVAILABLE COMMANDS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_override.8.xml:45
+#: sss_override.8.xml:52
msgid ""
"Argument <emphasis>NAME</emphasis> is the name of original object in all "
"commands. It is not possible to override <emphasis>uid</emphasis> or "
@@ -9811,52 +10374,90 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:52
+#: sss_override.8.xml:59
msgid ""
"<option>user-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--"
"name</option> NAME</optional> <optional><option>-u,--uid</option> UID</"
"optional> <optional><option>-g,--gid</option> GID</optional> "
"<optional><option>-h,--home</option> HOME</optional> <optional><option>-s,--"
"shell</option> SHELL</optional> <optional><option>-c,--gecos</option> GECOS</"
-"optional>"
+"optional> <optional><option>-x,--certificate</option> BASE64 ENCODED "
+"CERTIFICATE</optional>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:63
-msgid "Override attributes of an user."
+#: sss_override.8.xml:72
+msgid ""
+"Override attributes of an user. Please be aware that calling this command "
+"will replace any previous override for the (NAMEd) user."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:69
+#: sss_override.8.xml:80
#, fuzzy
#| msgid "<option>--delattr</option> <replaceable>ATTR_NAME_VAL</replaceable>"
msgid "<option>user-del</option> <emphasis>NAME</emphasis>"
msgstr "<option>--delattr</option> <replaceable>ATTR_NAME_VAL</replaceable>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:74
-msgid "Remove user overrides."
+#: sss_override.8.xml:85
+msgid ""
+"Remove user overrides. However be aware that overridden attributes might be "
+"returned from memory cache. Please see SSSD option "
+"<emphasis>memcache_timeout</emphasis> for more details."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:80
+#: sss_override.8.xml:94
+#, fuzzy
+#| msgid ""
+#| "<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
+#| "replaceable>"
+msgid ""
+"<option>user-find</option> <optional><option>-d,--domain</option> DOMAIN</"
+"optional>"
+msgstr ""
+"<option>-d</option>,<option>--domain</option> <replaceable>DOMAINE</"
+"replaceable>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:99
+msgid ""
+"List all users with set overrides. If <emphasis>DOMAIN</emphasis> parameter "
+"is set, only users from the domain are listed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:107
+#, fuzzy
+#| msgid "<option>--setattr</option> <replaceable>ATTR_NAME_VAL</replaceable>"
+msgid "<option>user-show</option> <emphasis>NAME</emphasis>"
+msgstr "<option>--setattr</option> <replaceable>ATTR_NAME_VAL</replaceable>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:112
+msgid "Show user overrides."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:118
msgid "<option>user-import</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:85
+#: sss_override.8.xml:123
msgid ""
"Import user overrides from <emphasis>FILE</emphasis>. Data format is "
"similar to standard passwd file. The format is:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:90
-msgid "original_name:name:uid:gid:gecos:home:shell"
+#: sss_override.8.xml:128
+msgid "original_name:name:uid:gid:gecos:home:shell:base64_encoded_certificate"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:93
+#: sss_override.8.xml:131
msgid ""
"where original_name is original name of the user whose attributes should be "
"overridden. The rest of fields correspond to new values. You can omit a "
@@ -9864,29 +10465,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:102
+#: sss_override.8.xml:140
msgid "ckent:superman::::::"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:105
-msgid "ckent@krypton.com::501:501:Superman:/home/earth:/bin/bash"
+#: sss_override.8.xml:143
+msgid "ckent@krypton.com::501:501:Superman:/home/earth:/bin/bash:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:111
+#: sss_override.8.xml:149
msgid "<option>user-export</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:116
+#: sss_override.8.xml:154
msgid ""
"Export all overridden attributes and store them in <emphasis>FILE</"
"emphasis>. See <emphasis>user-import</emphasis> for data format."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:124
+#: sss_override.8.xml:162
msgid ""
"<option>group-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--"
"name</option> NAME</optional> <optional><option>-g,--gid</option> GID</"
@@ -9894,43 +10495,76 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:131
-#, fuzzy
-#| msgid "print properties of a group"
-msgid "Override attributes of a group."
-msgstr "affiche les propriétés d'un groupe"
+#: sss_override.8.xml:169
+msgid ""
+"Override attributes of a group. Please be aware that calling this command "
+"will replace any previous override for the (NAMEd) group."
+msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:137
+#: sss_override.8.xml:177
#, fuzzy
#| msgid "<option>--delattr</option> <replaceable>ATTR_NAME_VAL</replaceable>"
msgid "<option>group-del</option> <emphasis>NAME</emphasis>"
msgstr "<option>--delattr</option> <replaceable>ATTR_NAME_VAL</replaceable>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:142
-msgid "Remove group overrides."
+#: sss_override.8.xml:182
+msgid ""
+"Remove group overrides. However be aware that overridden attributes might be "
+"returned from memory cache. Please see SSSD option "
+"<emphasis>memcache_timeout</emphasis> for more details."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:191
+#, fuzzy
+#| msgid ""
+#| "<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
+#| "replaceable>"
+msgid ""
+"<option>group-find</option> <optional><option>-d,--domain</option> DOMAIN</"
+"optional>"
+msgstr ""
+"<option>-d</option>,<option>--domain</option> <replaceable>DOMAINE</"
+"replaceable>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:196
+msgid ""
+"List all groups with set overrides. If <emphasis>DOMAIN</emphasis> "
+"parameter is set, only groups from the domain are listed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:204
+msgid "<option>group-show</option> <emphasis>NAME</emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:209
+msgid "Show group overrides."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:148
+#: sss_override.8.xml:215
msgid "<option>group-import</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:153
+#: sss_override.8.xml:220
msgid ""
"Import group overrides from <emphasis>FILE</emphasis>. Data format is "
"similar to standard group file. The format is:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:158
+#: sss_override.8.xml:225
msgid "original_name:name:gid"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:161
+#: sss_override.8.xml:228
msgid ""
"where original_name is original name of the group whose attributes should be "
"overridden. The rest of fields correspond to new values. You can omit a "
@@ -9938,43 +10572,43 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:170
+#: sss_override.8.xml:237
msgid "admins:administrators:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:173
+#: sss_override.8.xml:240
msgid "Domain Users:Users:501"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:179
+#: sss_override.8.xml:246
msgid "<option>group-export</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:184
+#: sss_override.8.xml:251
msgid ""
"Export all overridden attributes and store them in <emphasis>FILE</"
"emphasis>. See <emphasis>group-import</emphasis> for data format."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_override.8.xml:194
+#: sss_override.8.xml:261
#, fuzzy
#| msgid "SUDO OPTIONS"
msgid "COMMON OPTIONS"
msgstr "OPTIONS DE SUDO"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_override.8.xml:196
+#: sss_override.8.xml:263
#, fuzzy
#| msgid "This option is not available in IPA provider."
msgid "Those options are available with all commands."
msgstr "Cette option n'est pas disponible dans le fournisseur IPA."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:201
+#: sss_override.8.xml:268
#, fuzzy
#| msgid "<option>--delattr</option> <replaceable>ATTR_NAME_VAL</replaceable>"
msgid "<option>--debug</option> <replaceable>LEVEL</replaceable>"
@@ -10279,11 +10913,11 @@ msgid ""
msgstr ""
"Spécifie la liste séparée par des virgules des adresses IP ou des noms de "
"systèmes des serveurs Kerberos auquel SSSD doit se connecter, par ordre de "
-"préférence. Pour plus d'informations sur la redondance de basculement et le "
-"serveur, consultez la section de <quote>BASCULEMENT</quote>. Un numéro de "
-"port facultatif (précédé de deux-points) peut être ajouté aux adresses ou "
-"aux noms de systèmes. Si vide, le service de découverte est activé - pour "
-"plus d'informations, se reporter à la section <quote>DÉCOUVERTE DE SERVICE</"
+"préférence. Pour plus d'informations sur la redondance par bascule et le "
+"serveur, consultez la section de <quote>BASCULE</quote>. Un numéro de port "
+"facultatif (précédé de deux-points) peut être ajouté aux adresses ou aux "
+"noms de systèmes. Si vide, le service de découverte est activé - pour plus "
+"d'informations, se reporter à la section <quote>DÉCOUVERTE DE SERVICE</"
"quote>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
@@ -10320,9 +10954,9 @@ msgid ""
"servers to try, the backend is not switched to operate offline if "
"authentication against the KDC is still possible."
msgstr ""
-"Pour plus d'information sur le basculement et la redondance de serveurs, "
-"voir la section <quote>BASCULEMENT</quote>. Noter que même si il n'y a plus "
-"de serveurs kpasswd à essayer, le moteur ne passe pas en mode hors-ligne si "
+"Pour plus d'information sur la bascule et la redondance de serveurs, voir la "
+"section <quote>BASCULE</quote>. Noter que même si il n'y a plus de serveurs "
+"kpasswd à essayer, le moteur ne passe pas en mode hors-ligne si "
"l'authentification KDC est toujours possible."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
@@ -10680,8 +11314,8 @@ msgid ""
"<emphasis>never</emphasis> use FAST. This is equivalent to not setting this "
"option at all."
msgstr ""
-"ne <emphasis>jamais</emphasis> utiliser FAST. Ceci équivaut à ne pas définir "
-"cette option."
+"<emphasis>never</emphasis> : ne jamais utiliser FAST. Ceci équivaut à ne pas "
+"définir cette option."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:428
@@ -10689,8 +11323,8 @@ msgid ""
"<emphasis>try</emphasis> to use FAST. If the server does not support FAST, "
"continue the authentication without it."
msgstr ""
-"<emphasis>essayer</emphasis> d'utiliser FAST. Si le serveur ne prend pas en "
-"charge FAST, continuer l'authentification sans."
+"<emphasis>try</emphasis> : eassyer d'utiliser FAST. Si le serveur ne prend "
+"pas en charge FAST, continuer l'authentification sans."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:438
@@ -10749,6 +11383,8 @@ msgid ""
"krb5_realm = REALM\n"
"krb5_map_user = joe:juser,dick:richard\n"
msgstr ""
+"krb5_realm = REALM\n"
+"krb5_map_user = joe:juser,dick:richard\n"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:540
@@ -10798,6 +11434,10 @@ msgid ""
"krb5_server = 192.168.1.1\n"
"krb5_realm = EXAMPLE.COM\n"
msgstr ""
+"[domain/FOO]\n"
+"auth_provider = krb5\n"
+"krb5_server = 192.168.1.1\n"
+"krb5_realm = EXAMPLE.COM\n"
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sss_groupadd.8.xml:10 sss_groupadd.8.xml:15
@@ -11338,6 +11978,46 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_cache.8.xml:185
+#, fuzzy
+#| msgid ""
+#| "<option>-g</option>,<option>--group</option> <replaceable>group</"
+#| "replaceable>"
+msgid ""
+"<option>-r</option>,<option>--sudo-rule</option> <replaceable>rule</"
+"replaceable>"
+msgstr ""
+"<option>-g</option>,<option>--group</option> <replaceable>group</replaceable>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:190
+#, fuzzy
+#| msgid "Invalidate all cached entries except for sudo rules."
+msgid "Invalidate particular sudo rule."
+msgstr "Invalider toutes les entrées en cache hors règles sudo."
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:196
+#, fuzzy
+#| msgid "<option>-R</option>,<option>--no-remove</option>"
+msgid "<option>-R</option>,<option>--sudo-rules</option>"
+msgstr "<option>-R</option>,<option>--no-remove</option>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:200
+#, fuzzy
+#| msgid ""
+#| "Invalidate all user records. This option overrides invalidation of "
+#| "specific user if it was also set."
+msgid ""
+"Invalidate all cached sudo rules. This option overrides invalidation of "
+"specific sudo rule if it was also set."
+msgstr ""
+"L'annulation de tous les enregistrements d'utilisateur. Cette option prend "
+"le pas sur l'invalidation d'un utilisateur spécifique, si elle a été "
+"également configuré."
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:208
msgid ""
"<option>-d</option>,<option>--domain</option> <replaceable>domain</"
"replaceable>"
@@ -11346,7 +12026,7 @@ msgstr ""
"replaceable>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_cache.8.xml:190
+#: sss_cache.8.xml:213
msgid "Restrict invalidation process only to a particular domain."
msgstr "Restreindre le processus d'invalidation à un domaine particulier."
@@ -11716,7 +12396,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
#: sss_rpcidmapd.5.xml:37
msgid "CONFIGURATION FILE"
-msgstr ""
+msgstr "FICHIER DE CONFIGURATION"
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_rpcidmapd.5.xml:39
@@ -11729,7 +12409,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
#: sss_rpcidmapd.5.xml:49
msgid "SSS CONFIGURATION EXTENSION"
-msgstr ""
+msgstr "EXTENSION DE CONFIGURATION SSS"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
#: sss_rpcidmapd.5.xml:51
@@ -11746,7 +12426,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
#: sss_rpcidmapd.5.xml:59
msgid "[sss] config section"
-msgstr ""
+msgstr "Section de configuration [sss]"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
#: sss_rpcidmapd.5.xml:61
@@ -11774,7 +12454,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
#: sss_rpcidmapd.5.xml:85
msgid "SSSD INTEGRATION"
-msgstr ""
+msgstr "INTÉGRATION SSSD"
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_rpcidmapd.5.xml:87
@@ -11808,6 +12488,18 @@ msgid ""
"[Translation]\n"
"Method = sss\n"
msgstr ""
+"[General]\n"
+"Verbosity = 2\n"
+"# domain must be synced between NFSv4 server and clients\n"
+"# Solaris/Illumos/AIX use \"localdomain\" as default!\n"
+"Domain = default\n"
+"\n"
+"[Mapping]\n"
+"Nobody-User = nfsnobody\n"
+"Nobody-Group = nfsnobody\n"
+"\n"
+"[Translation]\n"
+"Method = sss\n"
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_rpcidmapd.5.xml:100
@@ -11828,6 +12520,9 @@ msgid ""
"citerefentry>, <citerefentry> <refentrytitle>idmapd.conf</refentrytitle> "
"<manvolnum>5</manvolnum> </citerefentry>"
msgstr ""
+"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>idmapd.conf</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry>"
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sss_ssh_authorizedkeys.1.xml:10 sss_ssh_authorizedkeys.1.xml:15
@@ -11872,13 +12567,22 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_ssh_authorizedkeys.1.xml:41
+#, fuzzy
+#| msgid ""
+#| "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</"
+#| "manvolnum></citerefentry> can be configured to use "
+#| "<command>sss_ssh_authorizedkeys</command> for public key user "
+#| "authentication if it is compiled with support for either "
+#| "<quote>AuthorizedKeysCommand</quote> or <quote>PubkeyAgent</quote> "
+#| "<citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</"
+#| "manvolnum></citerefentry> options."
msgid ""
"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
"citerefentry> can be configured to use <command>sss_ssh_authorizedkeys</"
"command> for public key user authentication if it is compiled with support "
-"for either <quote>AuthorizedKeysCommand</quote> or <quote>PubkeyAgent</"
-"quote> <citerefentry> <refentrytitle>sshd_config</refentrytitle> "
-"<manvolnum>5</manvolnum></citerefentry> options."
+"for <quote>AuthorizedKeysCommand</quote> option. Please refer to the "
+"<citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</"
+"manvolnum></citerefentry> man page for more details about this option."
msgstr ""
"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
"citerefentry> peut être configuré pour utiliser "
@@ -11889,15 +12593,17 @@ msgstr ""
"manvolnum></citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sss_ssh_authorizedkeys.1.xml:58
+#: sss_ssh_authorizedkeys.1.xml:59
#, no-wrap
msgid ""
" AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n"
" AuthorizedKeysCommandUser nobody\n"
msgstr ""
+" AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n"
+" AuthorizedKeysCommandUser nobody\n"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:51
+#: sss_ssh_authorizedkeys.1.xml:52
msgid ""
"If <quote>AuthorizedKeysCommand</quote> is supported, "
"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
@@ -11907,31 +12613,8 @@ msgid ""
"\" id=\"0\"/>"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sss_ssh_authorizedkeys.1.xml:70
-#, no-wrap
-msgid "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n"
-msgstr "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n"
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:63
-msgid ""
-"If <quote>PubkeyAgent</quote> is supported, "
-"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
-"citerefentry> can be configured to use it by using the following directive "
-"for <citerefentry> <refentrytitle>sshd</refentrytitle> <manvolnum>8</"
-"manvolnum></citerefentry> configuration: <placeholder type=\"programlisting"
-"\" id=\"0\"/>"
-msgstr ""
-"Si <quote>PubkeyAgent</quote> est pris en charge, "
-"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
-"citerefentry> peut être configuré pour l'utiliser en utilisant la directive "
-"suivante de la configuration de <citerefentry><refentrytitle>sshd</"
-"refentrytitle> <manvolnum>8</manvolnum></citerefentry> : <placeholder type="
-"\"programlisting\" id=\"0\"/>"
-
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_ssh_authorizedkeys.1.xml:85
+#: sss_ssh_authorizedkeys.1.xml:75
msgid ""
"Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>."
msgstr ""
@@ -11939,12 +12622,12 @@ msgstr ""
"replaceable>."
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_ssh_authorizedkeys.1.xml:94 sss_ssh_knownhostsproxy.1.xml:92
+#: sss_ssh_authorizedkeys.1.xml:84 sss_ssh_knownhostsproxy.1.xml:92
msgid "EXIT STATUS"
msgstr "CODE RETOUR"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:96 sss_ssh_knownhostsproxy.1.xml:94
+#: sss_ssh_authorizedkeys.1.xml:86 sss_ssh_knownhostsproxy.1.xml:94
msgid ""
"In case of success, an exit value of 0 is returned. Otherwise, 1 is returned."
msgstr ""
@@ -12145,7 +12828,7 @@ msgstr "<placeholder type=\"refentryinfo\" id=\"0\"/>"
#. type: Content of: <refsect1><title>
#: include/failover.xml:2
msgid "FAILOVER"
-msgstr "BASCULEMENT"
+msgstr "BASCULE"
#. type: Content of: <refsect1><para>
#: include/failover.xml:4
@@ -12153,13 +12836,13 @@ msgid ""
"The failover feature allows back ends to automatically switch to a different "
"server if the current server fails."
msgstr ""
-"La fonctionnalité de basculement autorise le moteur à basculer "
-"automatiquement sur un serveur différent si le serveur actuel est défaillant."
+"La fonctionnalité de bascule autorise le moteur à basculer automatiquement "
+"sur un serveur différent si le serveur actuel est défaillant."
#. type: Content of: <refsect1><refsect2><title>
#: include/failover.xml:8
msgid "Failover Syntax"
-msgstr "Syntaxe de basculement"
+msgstr "Syntaxe de bascule"
#. type: Content of: <refsect1><refsect2><para>
#: include/failover.xml:10
@@ -12184,7 +12867,7 @@ msgid ""
"periodically try to reconnect to one of the primary servers. If it succeeds, "
"it will replace the current active (backup) server."
msgstr ""
-"Pour chaque option de configuration alors que le basculement est activé, il "
+"Pour chaque option de configuration alors que la bascule est activée, il "
"existe deux variantes : <emphasis>primary</emphasis> et <emphasis>backup</"
"emphasis>. L'idée est que les serveurs dans la liste principale sont "
"préférés et les serveurs de secours sont interrogés uniquement si aucun "
@@ -12196,7 +12879,7 @@ msgstr ""
#. type: Content of: <refsect1><refsect2><title>
#: include/failover.xml:27
msgid "The Failover Mechanism"
-msgstr "Mécanisme de basculement"
+msgstr "Mécanisme de bascule"
#. type: Content of: <refsect1><refsect2><para>
#: include/failover.xml:29
@@ -12211,7 +12894,7 @@ msgid ""
"switches over to the next service. The machine is still considered online "
"and might still be tried for another service."
msgstr ""
-"Le mécanisme de basculement fait la distinction entre une machine et d'un "
+"Le mécanisme de bascule fait la distinction entre une machine et d'un "
"service. Le moteur tente d'abord de résoudre le nom d'hôte d'un ordinateur "
"donné ; en cas d'échec de cette tentative de résolution, la machine est "
"considérée comme hors ligne. Aucune autre tentative n'est faite pour se "
@@ -12460,7 +13143,7 @@ msgstr ""
"<quote>ldap_idmap_range_min</quote>"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:137 include/ldap_id_mapping.xml:189
+#: include/ldap_id_mapping.xml:137 include/ldap_id_mapping.xml:191
msgid "Default: 200000"
msgstr "Par défaut : 200000"
@@ -12528,11 +13211,12 @@ msgstr ""
msgid ""
"For example, if your most recently-added Active Directory user has "
"objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, "
-"<quote>ldap_idmap_range_size</quote> must be at least 1107."
+"<quote>ldap_idmap_range_size</quote> must be at least 1108 as range size is "
+"equal to maximal SID minus minimal SID plus one (e.g. 1108 = 1107 - 0 + 1)."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:184
+#: include/ldap_id_mapping.xml:186
msgid ""
"It is important to plan ahead for future expansion, as changing this value "
"will result in changing all of the ID mappings on the system, leading to "
@@ -12540,12 +13224,12 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:194
+#: include/ldap_id_mapping.xml:196
msgid "ldap_idmap_default_domain_sid (string)"
msgstr "ldap_idmap_default_domain_sid (chaîne)"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:197
+#: include/ldap_id_mapping.xml:199
msgid ""
"Specify the domain SID of the default domain. This will guarantee that this "
"domain will always be assigned to slice zero in the ID map, bypassing the "
@@ -12556,22 +13240,22 @@ msgstr ""
"passer par l'algorithme murmurhash décrit ci-dessus."
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:208
+#: include/ldap_id_mapping.xml:210
msgid "ldap_idmap_default_domain (string)"
msgstr "ldap_idmap_default_domain (chaîne)"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:211
+#: include/ldap_id_mapping.xml:213
msgid "Specify the name of the default domain."
msgstr "Spécifier le nom de domaine par défaut."
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:219
+#: include/ldap_id_mapping.xml:221
msgid "ldap_idmap_autorid_compat (boolean)"
msgstr "ldap_idmap_autorid_compat (boolean)"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:222
+#: include/ldap_id_mapping.xml:224
msgid ""
"Changes the behavior of the ID-mapping algorithm to behave more similarly to "
"winbind's <quote>idmap_autorid</quote> algorithm."
@@ -12581,7 +13265,7 @@ msgstr ""
"quote> de winbind."
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:227
+#: include/ldap_id_mapping.xml:229
msgid ""
"When this option is configured, domains will be allocated starting with "
"slice zero and increasing monatomically with each additional domain."
@@ -12591,7 +13275,7 @@ msgstr ""
"domaine supplémentaire."
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:232
+#: include/ldap_id_mapping.xml:234
msgid ""
"NOTE: This algorithm is non-deterministic (it depends on the order that "
"users and groups are requested). If this mode is required for compatibility "
@@ -12606,13 +13290,36 @@ msgstr ""
"<quote>ldap_idmap_default_domain_sid</quote> pour garantir qu'au moins un "
"domaine est systématiquement alloué à la tranche zéro."
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:249
+#, fuzzy
+#| msgid "ldap_idmap_range_size (integer)"
+msgid "ldap_idmap_helper_table_size (integer)"
+msgstr "ldap_idmap_range_size (integer)"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:252
+msgid ""
+"Maximal number of secondary slices that is tried when performing mapping "
+"from UNIX id to SID."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:256
+msgid ""
+"Note: Additional secondary slices might be generated when SID is being "
+"mapped to UNIX id and RID part of SID is out of range for secondary slices "
+"generated so far. If value of ldap_idmap_helper_table_size is equal to 0 "
+"then no additional secondary slices are generated."
+msgstr ""
+
#. type: Content of: <refsect1><refsect2><title>
-#: include/ldap_id_mapping.xml:251
+#: include/ldap_id_mapping.xml:273
msgid "Well-Known SIDs"
msgstr "SID bien connus"
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:253
+#: include/ldap_id_mapping.xml:275
msgid ""
"SSSD supports to look up the names of Well-Known SIDs, i.e. SIDs with a "
"special hardcoded meaning. Since the generic users and groups related to "
@@ -12621,51 +13328,51 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:259
+#: include/ldap_id_mapping.xml:281
msgid ""
"The SID name space is organized in authorities which can be seen as "
"different domains. The authorities for the Well-Known SIDs are"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:262
+#: include/ldap_id_mapping.xml:284
msgid "Null Authority"
msgstr "Null Authority"
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:263
+#: include/ldap_id_mapping.xml:285
msgid "World Authority"
msgstr "World Authority"
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:264
+#: include/ldap_id_mapping.xml:286
msgid "Local Authority"
msgstr "Local Authority"
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:265
+#: include/ldap_id_mapping.xml:287
msgid "Creator Authority"
msgstr "Creator Authority"
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:266
+#: include/ldap_id_mapping.xml:288
msgid "NT Authority"
msgstr "NT Authority"
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:267
+#: include/ldap_id_mapping.xml:289
msgid "Built-in"
msgstr "Built-in"
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:269
+#: include/ldap_id_mapping.xml:291
msgid ""
"The capitalized version of these names are used as domain names when "
"returning the fully qualified name of a Well-Known SID."
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:273
+#: include/ldap_id_mapping.xml:295
msgid ""
"Since some utilities allow to modify SID based access control information "
"with the help of a name instead of using the SID directly SSSD supports to "
@@ -13166,3 +13873,22 @@ msgstr "Par défaut : /home"
#~ msgid "Default: ou"
#~ msgstr "Par défaut : ou"
+
+#~ msgid "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n"
+#~ msgstr "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n"
+
+#~ msgid ""
+#~ "If <quote>PubkeyAgent</quote> is supported, "
+#~ "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</"
+#~ "manvolnum></citerefentry> can be configured to use it by using the "
+#~ "following directive for <citerefentry> <refentrytitle>sshd</"
+#~ "refentrytitle> <manvolnum>8</manvolnum></citerefentry> configuration: "
+#~ "<placeholder type=\"programlisting\" id=\"0\"/>"
+#~ msgstr ""
+#~ "Si <quote>PubkeyAgent</quote> est pris en charge, "
+#~ "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</"
+#~ "manvolnum></citerefentry> peut être configuré pour l'utiliser en "
+#~ "utilisant la directive suivante de la configuration de "
+#~ "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</"
+#~ "manvolnum></citerefentry> : <placeholder type=\"programlisting\" id=\"0\"/"
+#~ ">"
diff --git a/src/man/po/ja.po b/src/man/po/ja.po
index f004980b5..cdfb8984b 100644
--- a/src/man/po/ja.po
+++ b/src/man/po/ja.po
@@ -10,7 +10,7 @@ msgid ""
msgstr ""
"Project-Id-Version: sssd-docs 1.12.90\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2015-09-30 11:58+0200\n"
+"POT-Creation-Date: 2016-06-20 21:22+0200\n"
"PO-Revision-Date: 2014-06-04 02:04-0400\n"
"Last-Translator: jhrozek <jhrozek@redhat.com>\n"
"Language-Team: Japanese (http://www.transifex.com/projects/p/sssd/language/"
@@ -20,7 +20,7 @@ msgstr ""
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=1; plural=0;\n"
-"X-Generator: Zanata 3.7.2\n"
+"X-Generator: Zanata 3.8.4\n"
#. type: Content of: <reference><title>
#: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5
@@ -66,7 +66,7 @@ msgstr ""
"arg>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:53
+#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:56
#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21
#: sssd-ad.5.xml:21 sssd-sudo.5.xml:21 sssd.8.xml:29 sss_obfuscate.8.xml:30
#: sss_override.8.xml:30 sss_useradd.8.xml:30 sssd-krb5.5.xml:21
@@ -87,11 +87,11 @@ msgstr ""
"するようグループを変更します。"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:39 pam_sss.8.xml:60 sssd.8.xml:42 sss_obfuscate.8.xml:58
+#: sss_groupmod.8.xml:39 pam_sss.8.xml:63 sssd.8.xml:42 sss_obfuscate.8.xml:58
#: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
#: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
#: sss_cache.8.xml:38 sss_debuglevel.8.xml:38 sss_seed.8.xml:42
-#: sss_ssh_authorizedkeys.1.xml:76 sss_ssh_knownhostsproxy.1.xml:62
+#: sss_ssh_authorizedkeys.1.xml:66 sss_ssh_knownhostsproxy.1.xml:62
msgid "OPTIONS"
msgstr "オプション"
@@ -241,95 +241,112 @@ msgstr "debug_level (整数)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:73
+#, fuzzy
+#| msgid "debug_level (integer)"
+msgid "debug (integer)"
+msgstr "debug_level (整数)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:76
+msgid ""
+"SSSD 1.14 and later also includes the <replaceable>debug</replaceable> alias "
+"for <replaceable>debug_level</replaceable> as a convenience feature. If both "
+"are specified, the value of <replaceable>debug_level</replaceable> will be "
+"used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:86
msgid "debug_timestamps (bool)"
msgstr "debug_timestamps (論理値)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:76
+#: sssd.conf.5.xml:89
msgid ""
"Add a timestamp to the debug messages. If journald is enabled for SSSD "
"debug logging this option is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:81 sssd.conf.5.xml:605 sssd.conf.5.xml:1081
-#: sssd-ldap.5.xml:1647 sssd-ldap.5.xml:1744 sssd-ldap.5.xml:1806
-#: sssd-ldap.5.xml:2363 sssd-ldap.5.xml:2428 sssd-ldap.5.xml:2446
-#: sssd-ipa.5.xml:405 sssd-ipa.5.xml:440 sssd-ad.5.xml:166 sssd-ad.5.xml:264
-#: sssd-ad.5.xml:733 sssd-ad.5.xml:852 sssd-krb5.5.xml:499
+#: sssd.conf.5.xml:94 sssd.conf.5.xml:672 sssd.conf.5.xml:1207
+#: sssd-ldap.5.xml:1665 sssd-ldap.5.xml:1762 sssd-ldap.5.xml:1824
+#: sssd-ldap.5.xml:2381 sssd-ldap.5.xml:2446 sssd-ldap.5.xml:2464
+#: sssd-ipa.5.xml:405 sssd-ipa.5.xml:440 sssd-ad.5.xml:174 sssd-ad.5.xml:272
+#: sssd-ad.5.xml:809 sssd-ad.5.xml:928 sssd-krb5.5.xml:499
msgid "Default: true"
msgstr "初期値: true"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:86
+#: sssd.conf.5.xml:99
msgid "debug_microseconds (bool)"
msgstr "debug_microseconds (論理値)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:89
+#: sssd.conf.5.xml:102
msgid ""
"Add microseconds to the timestamp in debug messages. If journald is enabled "
"for SSSD debug logging this option is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:94 sssd.conf.5.xml:1035 sssd.conf.5.xml:2164
-#: sssd-ldap.5.xml:692 sssd-ldap.5.xml:1521 sssd-ldap.5.xml:1540
-#: sssd-ldap.5.xml:1716 sssd-ldap.5.xml:2133 sssd-ipa.5.xml:139
+#: sssd.conf.5.xml:107 sssd.conf.5.xml:1161 sssd.conf.5.xml:2456
+#: sssd-ldap.5.xml:692 sssd-ldap.5.xml:1539 sssd-ldap.5.xml:1558
+#: sssd-ldap.5.xml:1734 sssd-ldap.5.xml:2151 sssd-ipa.5.xml:139
#: sssd-ipa.5.xml:211 sssd-ipa.5.xml:542 sssd-krb5.5.xml:266
#: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471
msgid "Default: false"
msgstr "初期値: false"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:67 sssd.conf.5.xml:105 sssd-ldap.5.xml:2171
+#: sssd.conf.5.xml:67 sssd.conf.5.xml:118 sssd-ldap.5.xml:2189
msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
msgstr "<placeholder type=\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:103
+#: sssd.conf.5.xml:116
msgid "Options usable in SERVICE and DOMAIN sections"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:107
+#: sssd.conf.5.xml:120
msgid "timeout (integer)"
msgstr "timeout (整数)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:110
+#: sssd.conf.5.xml:123
msgid ""
"Timeout in seconds between heartbeats for this service. This is used to "
"ensure that the process is alive and capable of answering requests."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:115 sssd.conf.5.xml:999 sssd-ldap.5.xml:1392
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:128 sssd.conf.5.xml:1125 sssd-ldap.5.xml:1410
+#: include/ldap_id_mapping.xml:264
msgid "Default: 10"
msgstr "初期値: 10"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:125
+#: sssd.conf.5.xml:138
msgid "SPECIAL SECTIONS"
msgstr "特別セクション"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:128
+#: sssd.conf.5.xml:141
msgid "The [sssd] section"
msgstr "[sssd] セクション"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:137 sssd.conf.5.xml:2272
+#: sssd.conf.5.xml:150 sssd.conf.5.xml:2472
msgid "Section parameters"
msgstr "セクションのパラメーター"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:139
+#: sssd.conf.5.xml:152
msgid "config_file_version (integer)"
msgstr "config_file_version (整数)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:142
+#: sssd.conf.5.xml:155
msgid ""
"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use "
"version 2."
@@ -338,18 +355,18 @@ msgstr ""
"ジョン 2 を使用します。"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:148
+#: sssd.conf.5.xml:161
msgid "services"
msgstr "services"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:151
+#: sssd.conf.5.xml:164
msgid ""
"Comma separated list of services that are started when sssd itself starts."
msgstr "sssd 自身が開始するときに開始されるサービスのカンマ区切り一覧です。"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:155
+#: sssd.conf.5.xml:168
msgid ""
"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> "
"<phrase condition=\"with_autofs\">, autofs</phrase> <phrase condition="
@@ -358,12 +375,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:165 sssd.conf.5.xml:390
+#: sssd.conf.5.xml:178 sssd.conf.5.xml:468
msgid "reconnection_retries (integer)"
msgstr "reconnection_retries (整数)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:168 sssd.conf.5.xml:393
+#: sssd.conf.5.xml:181 sssd.conf.5.xml:471
msgid ""
"Number of times services should attempt to reconnect in the event of a Data "
"Provider crash or restart before they give up"
@@ -372,17 +389,17 @@ msgstr ""
"める前に試行する回数です。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:173 sssd.conf.5.xml:398
+#: sssd.conf.5.xml:186 sssd.conf.5.xml:476
msgid "Default: 3"
msgstr "初期値: 3"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:178
+#: sssd.conf.5.xml:191
msgid "domains"
msgstr "domains"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:181
+#: sssd.conf.5.xml:194
msgid ""
"A domain is a database containing user information. SSSD can use more "
"domains at the same time, but at least one must be configured or SSSD won't "
@@ -392,19 +409,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:193 sssd.conf.5.xml:1947
+#: sssd.conf.5.xml:206 sssd.conf.5.xml:2105
msgid "re_expression (string)"
msgstr "re_expression (文字列)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:196
+#: sssd.conf.5.xml:209
msgid ""
"Default regular expression that describes how to parse the string containing "
"user name and domain into these components."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:201
+#: sssd.conf.5.xml:214
msgid ""
"Each domain can have an individual regular expression configured. For some "
"ID providers there are also default regular expressions. See DOMAIN "
@@ -412,12 +429,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:210 sssd.conf.5.xml:1998
+#: sssd.conf.5.xml:223 sssd.conf.5.xml:2156
msgid "full_name_format (string)"
msgstr "full_name_format (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:213 sssd.conf.5.xml:2001
+#: sssd.conf.5.xml:226 sssd.conf.5.xml:2159
msgid ""
"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
"manvolnum> </citerefentry>-compatible format that describes how to compose a "
@@ -428,39 +445,39 @@ msgstr ""
"manvolnum> </citerefentry> 互換形式。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:224 sssd.conf.5.xml:2012
+#: sssd.conf.5.xml:237 sssd.conf.5.xml:2170
msgid "%1$s"
msgstr "%1$s"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:225 sssd.conf.5.xml:2013
+#: sssd.conf.5.xml:238 sssd.conf.5.xml:2171
msgid "user name"
msgstr "ユーザー名"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:228 sssd.conf.5.xml:2016
+#: sssd.conf.5.xml:241 sssd.conf.5.xml:2174
msgid "%2$s"
msgstr "%2$s"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:231 sssd.conf.5.xml:2019
+#: sssd.conf.5.xml:244 sssd.conf.5.xml:2177
msgid "domain name as specified in the SSSD config file."
msgstr "SSSD 設定ファイルにおいて指定されるドメイン名。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:237 sssd.conf.5.xml:2025
+#: sssd.conf.5.xml:250 sssd.conf.5.xml:2183
msgid "%3$s"
msgstr "%3$s"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:240 sssd.conf.5.xml:2028
+#: sssd.conf.5.xml:253 sssd.conf.5.xml:2186
msgid ""
"domain flat name. Mostly usable for Active Directory domains, both directly "
"configured or discovered via IPA trusts."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:221 sssd.conf.5.xml:2009
+#: sssd.conf.5.xml:234 sssd.conf.5.xml:2167
msgid ""
"The following expansions are supported: <placeholder type=\"variablelist\" "
"id=\"0\"/>"
@@ -469,19 +486,19 @@ msgstr ""
"id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:250
+#: sssd.conf.5.xml:263
msgid ""
"Each domain can have an individual format string configured. see DOMAIN "
"SECTIONS for more info on this option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:256
+#: sssd.conf.5.xml:269
msgid "try_inotify (boolean)"
msgstr "try_inotify (論理値)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:259
+#: sssd.conf.5.xml:272
msgid ""
"SSSD monitors the state of resolv.conf to identify when it needs to update "
"its internal DNS resolver. By default, we will attempt to use inotify for "
@@ -494,7 +511,7 @@ msgstr ""
"フォールバックします。"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:267
+#: sssd.conf.5.xml:280
msgid ""
"There are some limited situations where it is preferred that we should skip "
"even trying to use inotify. In these rare cases, this option should be set "
@@ -505,7 +522,7 @@ msgstr ""
"です"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:273
+#: sssd.conf.5.xml:286
msgid ""
"Default: true on platforms where inotify is supported. False on other "
"platforms."
@@ -514,7 +531,7 @@ msgstr ""
"トフォームにおいては偽です。"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:277
+#: sssd.conf.5.xml:290
msgid ""
"Note: this option will have no effect on platforms where inotify is "
"unavailable. On these platforms, polling will always be used."
@@ -523,12 +540,12 @@ msgstr ""
"ません。これらのプラットフォームにおいては、ポーリングが常に使用されます。"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:284
+#: sssd.conf.5.xml:297
msgid "krb5_rcache_dir (string)"
msgstr "krb5_rcache_dir (文字列)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:287
+#: sssd.conf.5.xml:300
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
@@ -537,7 +554,7 @@ msgstr ""
"クトリーです。"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:291
+#: sssd.conf.5.xml:304
msgid ""
"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct "
"SSSD to let libkrb5 decide the appropriate location for the replay cache."
@@ -546,7 +563,7 @@ msgstr ""
"よう SSSD に指示する、特別な値 __LIBKRB5_DEFAULTS__ を受け付けます。"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:297
+#: sssd.conf.5.xml:310
msgid ""
"Default: Distribution-specific and specified at build-time. "
"(__LIBKRB5_DEFAULTS__ if not configured)"
@@ -555,29 +572,29 @@ msgstr ""
"ければ __LIBKRB5_DEFAULTS__ です)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:304
+#: sssd.conf.5.xml:317
msgid "user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:307
+#: sssd.conf.5.xml:320
msgid ""
"The user to drop the privileges to where appropriate to avoid running as the "
"root user."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:312
+#: sssd.conf.5.xml:325
msgid "Default: not set, process will run as root"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:317
+#: sssd.conf.5.xml:330
msgid "default_domain_suffix (string)"
msgstr "default_domain_suffix (文字列)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:320
+#: sssd.conf.5.xml:333
msgid ""
"This string will be used as a default domain name for all names without a "
"domain name component. The main use case is environments where the primary "
@@ -587,7 +604,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:330
+#: sssd.conf.5.xml:343
msgid ""
"Please note that if this option is set all users from the primary domain "
"have to use their fully qualified name, e.g. user@domain.name, to log in. "
@@ -597,20 +614,20 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:339 sssd-ldap.5.xml:663 sssd-ldap.5.xml:1480
-#: sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1574 sssd-ad.5.xml:576
-#: sssd-ad.5.xml:646 sssd-krb5.5.xml:410 sssd-krb5.5.xml:550
-#: include/ldap_id_mapping.xml:203 include/ldap_id_mapping.xml:214
+#: sssd.conf.5.xml:352 sssd-ldap.5.xml:663 sssd-ldap.5.xml:1498
+#: sssd-ldap.5.xml:1510 sssd-ldap.5.xml:1592 sssd-ad.5.xml:614
+#: sssd-ad.5.xml:689 sssd-krb5.5.xml:410 sssd-krb5.5.xml:550
+#: include/ldap_id_mapping.xml:205 include/ldap_id_mapping.xml:216
msgid "Default: not set"
msgstr "初期値: 設定されません"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:344
+#: sssd.conf.5.xml:357
msgid "override_space (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:347
+#: sssd.conf.5.xml:360
msgid ""
"This parameter will replace spaces (space bar) with the given character for "
"user and group names. e.g. (_). User name &quot;john doe&quot; will be "
@@ -620,7 +637,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:356
+#: sssd.conf.5.xml:369
msgid ""
"Please note it is a configuration error to use a replacement character that "
"might be used in user or group names. If a name contains the replacement "
@@ -629,12 +646,101 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:364
+#: sssd.conf.5.xml:377
msgid "Default: not set (spaces will not be replaced)"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:382
+#, fuzzy
+#| msgid "re_expression (string)"
+msgid "certificate_verification (string)"
+msgstr "re_expression (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:390
+msgid "no_ocsp"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:392
+msgid ""
+"Disables Online Certificate Status Protocol (OCSP) checks. This might be "
+"needed if the OCSP servers defined in the certificate are not reachable from "
+"the client."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:400
+msgid "no_verification"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:402
+msgid ""
+"Disables verification completely. This option should only be used for "
+"testing."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:408
+msgid "ocsp_default_responder=URL"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:410
+msgid ""
+"Sets the OCSP default responder which should be used instead of the one "
+"mentioned in the certificate. URL must be replaced with the URL of the OCSP "
+"default responder e.g. http://example.com:80/ocsp."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:416
+msgid ""
+"This option must be used together with ocsp_default_responder_signing_cert."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:424
+msgid "ocsp_default_responder_signing_cert=NAME"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:426
+msgid ""
+"The nickname of the cert to trust (expected) to sign the OCSP responses. "
+"The certificate with the given nickname must be availble in the systems NSS "
+"database."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:431
+msgid "This option must be used together with ocsp_default_responder."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:385
+msgid ""
+"With this parameter the certificate verification can be tuned with a comma "
+"separated list of options. Supported options are: <placeholder type="
+"\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:438
+msgid "Unknown options are reported but ignored."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:441
+#, fuzzy
+#| msgid "Default: not set, i.e. service discovery is disabled"
+msgid "Default: not set, i.e. do not restrict certificate vertification"
+msgstr "初期値: 設定されていません、つまりサービス検索が無効にされています"
+
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:130
+#: sssd.conf.5.xml:143
msgid ""
"Individual pieces of SSSD functionality are provided by special SSSD "
"services that are started and stopped together with SSSD. The services are "
@@ -650,12 +756,12 @@ msgstr ""
"<placeholder type=\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:375
+#: sssd.conf.5.xml:453
msgid "SERVICES SECTIONS"
msgstr "サービスセクション"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:377
+#: sssd.conf.5.xml:455
msgid ""
"Settings that can be used to configure different services are described in "
"this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -667,22 +773,22 @@ msgstr ""
"ば、NSS サービスは <quote>[nss]</quote> セクションです"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:384
+#: sssd.conf.5.xml:462
msgid "General service configuration options"
msgstr "サービス設定の全体オプション"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:386
+#: sssd.conf.5.xml:464
msgid "These options can be used to configure any service."
msgstr "これらのオプションはすべてのサービスを設定するために使用できます。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:403
+#: sssd.conf.5.xml:481
msgid "fd_limit"
msgstr "fd_limit"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:406
+#: sssd.conf.5.xml:484
msgid ""
"This option specifies the maximum number of file descriptors that may be "
"opened at one time by this SSSD process. On systems where SSSD is granted "
@@ -692,17 +798,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:415
+#: sssd.conf.5.xml:493
msgid "Default: 8192 (or limits.conf \"hard\" limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:420
+#: sssd.conf.5.xml:498
msgid "client_idle_timeout"
msgstr "client_idle_timeout"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:423
+#: sssd.conf.5.xml:501
msgid ""
"This option specifies the number of seconds that a client of an SSSD process "
"can hold onto a file descriptor without communicating on it. This value is "
@@ -713,19 +819,19 @@ msgstr ""
"避けるために制限されます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:430 sssd.conf.5.xml:446 sssd.conf.5.xml:478
-#: sssd.conf.5.xml:736 sssd.conf.5.xml:922 sssd.conf.5.xml:1289
-#: sssd-ldap.5.xml:1219
+#: sssd.conf.5.xml:508 sssd.conf.5.xml:524 sssd.conf.5.xml:556
+#: sssd.conf.5.xml:803 sssd.conf.5.xml:995 sssd.conf.5.xml:1428
+#: sssd-ldap.5.xml:1237
msgid "Default: 60"
msgstr "初期値: 60"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:435 sssd.conf.5.xml:1278
+#: sssd.conf.5.xml:513 sssd.conf.5.xml:1417
msgid "force_timeout (integer)"
msgstr "force_timeout (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:438 sssd.conf.5.xml:1281
+#: sssd.conf.5.xml:516 sssd.conf.5.xml:1420
msgid ""
"If a service is not responding to ping checks (see the <quote>timeout</"
"quote> option), it is first sent the SIGTERM signal that instructs it to "
@@ -735,12 +841,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:451
+#: sssd.conf.5.xml:529
msgid "offline_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:454
+#: sssd.conf.5.xml:532
msgid ""
"When SSSD switches to offline mode the amount of time before it tries to go "
"back online will increase based upon the time spent disconnected. This "
@@ -748,89 +854,37 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:461
+#: sssd.conf.5.xml:539
msgid "offline_timeout + random_offset"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:464
+#: sssd.conf.5.xml:542
msgid ""
"The random offset can increment up to 30 seconds. After each unsuccessful "
"attempt to go online, the new interval is recalculated by the following:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:469
+#: sssd.conf.5.xml:547
msgid "new_interval = old_interval*2 + random_offset"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:472
+#: sssd.conf.5.xml:550
msgid ""
"Note that the maximum length of each interval is currently limited to one "
"hour. If the calculated length of new_interval is greater than an hour, it "
"will be forced to one hour."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:483
-msgid "subdomain_inherit (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:486
-msgid ""
-"Specifies a list of configuration parameters that should be inherited by a "
-"subdomain. Please note that only selected parameters can be inherited. "
-"Currently the following options can be inherited:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:492
-msgid "ignore_group_members"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:495
-msgid "ldap_purge_cache_timeout"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:498 sssd-ldap.5.xml:1036
-msgid "ldap_use_tokengroups"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:501
-msgid "ldap_user_principal"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:506
-#, no-wrap
-msgid ""
-"subdomain_inherit = ldap_purge_cache_timeout\n"
-" "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:504
-msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:510 sssd.conf.5.xml:966 sssd.conf.5.xml:987
-#: sssd.conf.5.xml:1272 sssd-ldap.5.xml:1775
-msgid "Default: none"
-msgstr "初期値: none"
-
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:518
+#: sssd.conf.5.xml:564
msgid "NSS configuration options"
msgstr "NSS 設定オプション"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:520
+#: sssd.conf.5.xml:566
msgid ""
"These options can be used to configure the Name Service Switch (NSS) service."
msgstr ""
@@ -838,12 +892,12 @@ msgstr ""
"きます。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:525
+#: sssd.conf.5.xml:571
msgid "enum_cache_timeout (integer)"
msgstr "enum_cache_timeout (整数)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:528
+#: sssd.conf.5.xml:574
msgid ""
"How many seconds should nss_sss cache enumerations (requests for info about "
"all users)"
@@ -852,17 +906,17 @@ msgstr ""
"要求)。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:532
+#: sssd.conf.5.xml:578
msgid "Default: 120"
msgstr "初期値: 120"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:537
+#: sssd.conf.5.xml:583
msgid "entry_cache_nowait_percentage (integer)"
msgstr "entry_cache_nowait_percentage (整数)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
+#: sssd.conf.5.xml:586
msgid ""
"The entry cache can be set to automatically update entries in the background "
"if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -873,7 +927,7 @@ msgstr ""
"す。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:546
+#: sssd.conf.5.xml:592
msgid ""
"For example, if the domain's entry_cache_timeout is set to 30s and "
"entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -888,7 +942,7 @@ msgstr ""
"とをブロックする必要がありません。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:556
+#: sssd.conf.5.xml:602
msgid ""
"Valid values for this option are 0-99 and represent a percentage of the "
"entry_cache_timeout for each domain. For performance reasons, this "
@@ -901,17 +955,17 @@ msgstr ""
"(0 はこの機能を無効にします)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:564
+#: sssd.conf.5.xml:610
msgid "Default: 50"
msgstr "初期値: 50"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:569
+#: sssd.conf.5.xml:615
msgid "entry_negative_timeout (integer)"
msgstr "entry_negative_timeout (整数)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:572
+#: sssd.conf.5.xml:618
msgid ""
"Specifies for how many seconds nss_sss should cache negative cache hits "
"(that is, queries for invalid database entries, like nonexistent ones) "
@@ -922,22 +976,55 @@ msgstr ""
"せ)をキャッシュする秒数を指定します。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:578 sssd.conf.5.xml:1059
+#: sssd.conf.5.xml:624 sssd.conf.5.xml:1185
msgid "Default: 15"
msgstr "初期値: 15"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:583
+#: sssd.conf.5.xml:629
+#, fuzzy
+#| msgid "autofs_negative_timeout (integer)"
+msgid "local_negative_timeout (integer)"
+msgstr "autofs_negative_timeout (整数)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:632
+#, fuzzy
+#| msgid ""
+#| "Specifies for how many seconds nss_sss should cache negative cache hits "
+#| "(that is, queries for invalid database entries, like nonexistent ones) "
+#| "before asking the back end again."
+msgid ""
+"Specifies for how many seconds nss_sss should keep local users and groups in "
+"negative cache before trying to look it up in the back end again."
+msgstr ""
+"nss_sss が再びバックエンドに問い合わせる前にネガティブキャッシュヒット(つま"
+"り、存在しないドメインのように、無効なデータベースエントリーに対する問い合わ"
+"せ)をキャッシュする秒数を指定します。"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:637 sssd.conf.5.xml:983 sssd.conf.5.xml:2406 sssd.8.xml:79
+msgid "Default: 0"
+msgstr "初期値: 0"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:642
msgid "filter_users, filter_groups (string)"
msgstr "filter_users, filter_groups (文字列)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:586
+#: sssd.conf.5.xml:645
+#, fuzzy
+#| msgid ""
+#| "Exclude certain users from being fetched from the sss NSS database. This "
+#| "is particularly useful for system accounts. This option can also be set "
+#| "per-domain or include fully-qualified names to filter only users from the "
+#| "particular domain."
msgid ""
-"Exclude certain users from being fetched from the sss NSS database. This is "
-"particularly useful for system accounts. This option can also be set per-"
-"domain or include fully-qualified names to filter only users from the "
-"particular domain."
+"Exclude certain users or groups from being fetched from the sss NSS "
+"database. This is particularly useful for system accounts. This option can "
+"also be set per-domain or include fully-qualified names to filter only users "
+"from the particular domain."
msgstr ""
"sss NSS データベースから取り出されたものから特定のユーザーを除外します。これ"
"はとくにシステムアカウントに対して有効です。このオプションはドメインごとに設"
@@ -945,17 +1032,26 @@ msgstr ""
"飾名を含めることができます。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:593
+#: sssd.conf.5.xml:652
+msgid ""
+"NOTE: The filter_groups option doesn't affect inheritance of nested group "
+"members, since filtering happens after they are propagated for returning via "
+"NSS. E.g. a group having a member group filtered out will still have the "
+"member users of the latter listed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:660
msgid "Default: root"
msgstr "初期値: root"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:598
+#: sssd.conf.5.xml:665
msgid "filter_users_in_groups (bool)"
msgstr "filter_users_in_groups (論理値)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:601
+#: sssd.conf.5.xml:668
msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
@@ -963,12 +1059,12 @@ msgstr ""
"ションを偽に設定します。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:612
+#: sssd.conf.5.xml:679
msgid "fallback_homedir (string)"
msgstr "fallback_homedir (文字列)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:615
+#: sssd.conf.5.xml:682
msgid ""
"Set a default template for a user's home directory if one is not specified "
"explicitly by the domain's data provider."
@@ -977,7 +1073,7 @@ msgstr ""
"ホームディレクトリーの標準テンプレートを設定します。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:620
+#: sssd.conf.5.xml:687
msgid ""
"The available values for this option are the same as for override_homedir."
msgstr ""
@@ -985,7 +1081,7 @@ msgstr ""
"同じです。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:626
+#: sssd.conf.5.xml:693
#, no-wrap
msgid ""
"fallback_homedir = /home/%u\n"
@@ -995,23 +1091,23 @@ msgstr ""
" "
#. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:624 sssd.conf.5.xml:981 sssd-krb5.5.xml:533
-#: include/override_homedir.xml:55
+#: sssd.conf.5.xml:691 sssd.conf.5.xml:1062 sssd.conf.5.xml:1081
+#: sssd-krb5.5.xml:533 include/override_homedir.xml:55
msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
msgstr "例: <placeholder type=\"programlisting\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:630
+#: sssd.conf.5.xml:697
msgid "Default: not set (no substitution for unset home directories)"
msgstr "初期値: 設定なし (ホームディレクトリーの設定がない場合は代替なし)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:636
+#: sssd.conf.5.xml:703
msgid "override_shell (string)"
msgstr "override_shell (文字列)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:639
+#: sssd.conf.5.xml:706
msgid ""
"Override the login shell for all users. This option supersedes any other "
"shell options if it takes effect and can be set either in the [nss] section "
@@ -1019,17 +1115,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:645
+#: sssd.conf.5.xml:712
msgid "Default: not set (SSSD will use the value retrieved from LDAP)"
msgstr "初期値: 設定なし (SSSD は LDAP から取得された値を使用します)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:651
+#: sssd.conf.5.xml:718
msgid "allowed_shells (string)"
msgstr "allowed_shells (文字列)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:654
+#: sssd.conf.5.xml:721
msgid ""
"Restrict user shell to one of the listed values. The order of evaluation is:"
msgstr ""
@@ -1037,13 +1133,13 @@ msgstr ""
"す:"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:657
+#: sssd.conf.5.xml:724
msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
msgstr ""
"1. シェルが <quote>/etc/shells</quote> に存在すると、それが使用されます。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:661
+#: sssd.conf.5.xml:728
msgid ""
"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
"quote>, use the value of the shell_fallback parameter."
@@ -1052,7 +1148,7 @@ msgstr ""
"ば、shell_fallback パラメーターの値を使用します。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:666
+#: sssd.conf.5.xml:733
msgid ""
"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
"shells</quote>, a nologin shell is used."
@@ -1061,12 +1157,12 @@ msgstr ""
"ば、nologin シェルが使用されます。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:671
+#: sssd.conf.5.xml:738
msgid "The wildcard (*) can be used to allow any shell."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:674
+#: sssd.conf.5.xml:741
msgid ""
"The (*) is useful if you want to use shell_fallback in case that user's "
"shell is not in <quote>/etc/shells</quote> and maintaining list of all "
@@ -1074,12 +1170,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:681
+#: sssd.conf.5.xml:748
msgid "An empty string for shell is passed as-is to libc."
msgstr "シェルの空文字列は libc にそのまま渡されます。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:684
+#: sssd.conf.5.xml:751
msgid ""
"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
"that a restart of the SSSD is required in case a new shell is installed."
@@ -1089,27 +1185,27 @@ msgstr ""
"ます。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:688
+#: sssd.conf.5.xml:755
msgid "Default: Not set. The user shell is automatically used."
msgstr "初期値: 設定されません。ユーザーシェルが自動的に使用されます。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:693
+#: sssd.conf.5.xml:760
msgid "vetoed_shells (string)"
msgstr "vetoed_shells (文字列)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:696
+#: sssd.conf.5.xml:763
msgid "Replace any instance of these shells with the shell_fallback"
msgstr "これらのシェルのインスタンスをすべて shell_fallback に置き換えます"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:701
+#: sssd.conf.5.xml:768
msgid "shell_fallback (string)"
msgstr "shell_fallback (文字列)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:704
+#: sssd.conf.5.xml:771
msgid ""
"The default shell to use if an allowed shell is not installed on the machine."
msgstr ""
@@ -1117,65 +1213,72 @@ msgstr ""
"す。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:708
+#: sssd.conf.5.xml:775
msgid "Default: /bin/sh"
msgstr "初期値: /bin/sh"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:713
+#: sssd.conf.5.xml:780
msgid "default_shell"
msgstr "default_shell"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:716
+#: sssd.conf.5.xml:783
msgid ""
"The default shell to use if the provider does not return one during lookup. "
"This option can be specified globally in the [nss] section or per-domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:722
+#: sssd.conf.5.xml:789
msgid ""
"Default: not set (Return NULL if no shell is specified and rely on libc to "
"substitute something sensible when necessary, usually /bin/sh)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:729 sssd.conf.5.xml:915
+#: sssd.conf.5.xml:796 sssd.conf.5.xml:988
msgid "get_domains_timeout (int)"
msgstr "get_domains_timeout (整数)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:732 sssd.conf.5.xml:918
+#: sssd.conf.5.xml:799 sssd.conf.5.xml:991
msgid ""
"Specifies time in seconds for which the list of subdomains will be "
"considered valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:741
+#: sssd.conf.5.xml:808
msgid "memcache_timeout (int)"
msgstr "memcache_timeout (整数)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:744
+#: sssd.conf.5.xml:811
msgid ""
"Specifies time in seconds for which records in the in-memory cache will be "
-"valid"
+"valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:748 sssd-ldap.5.xml:706
+#: sssd.conf.5.xml:815 sssd.conf.5.xml:1299 sssd-ldap.5.xml:706
msgid "Default: 300"
msgstr "初期値: 300"
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:818
+msgid ""
+"NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", "
+"client applications will not use the fast in-memory cache."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:753 sssd-ifp.5.xml:74
+#: sssd.conf.5.xml:826 sssd-ifp.5.xml:74
msgid "user_attributes (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:829
msgid ""
"Some of the additional NSS responder requests can return more attributes "
"than just the POSIX ones defined by the NSS interface. The list of "
@@ -1186,24 +1289,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:769
+#: sssd.conf.5.xml:842
msgid ""
"To make configuration more easy the NSS responder will check the InfoPipe "
"option if it is not set for the NSS responder."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:774
+#: sssd.conf.5.xml:847
msgid "Default: not set, fallback to InfoPipe option"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:781
+#: sssd.conf.5.xml:854
msgid "PAM configuration options"
msgstr "PAM 設定オプション"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:856
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
@@ -1212,12 +1315,12 @@ msgstr ""
"ために使用できます。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:788
+#: sssd.conf.5.xml:861
msgid "offline_credentials_expiration (integer)"
msgstr "offline_credentials_expiration (整数)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:791
+#: sssd.conf.5.xml:864
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
@@ -1226,17 +1329,17 @@ msgstr ""
"ラインログインの最終成功からの日数)です。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:796 sssd.conf.5.xml:809
+#: sssd.conf.5.xml:869 sssd.conf.5.xml:882
msgid "Default: 0 (No limit)"
msgstr "初期値: 0 (無制限)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:802
+#: sssd.conf.5.xml:875
msgid "offline_failed_login_attempts (integer)"
msgstr "offline_failed_login_attempts (整数)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:805
+#: sssd.conf.5.xml:878
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
@@ -1244,12 +1347,12 @@ msgstr ""
"認証プロバイダーがオフラインの場合、ログイン試行の失敗が許容される回数です。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:815
+#: sssd.conf.5.xml:888
msgid "offline_failed_login_delay (integer)"
msgstr "offline_failed_login_delay (整数)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:818
+#: sssd.conf.5.xml:891
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
@@ -1258,7 +1361,7 @@ msgstr ""
"渡される分単位の時間です。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:823
+#: sssd.conf.5.xml:896
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -1269,17 +1372,17 @@ msgstr ""
"効にできます。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:829 sssd.conf.5.xml:882
+#: sssd.conf.5.xml:902 sssd.conf.5.xml:955
msgid "Default: 5"
msgstr "初期値: 5"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:835
+#: sssd.conf.5.xml:908
msgid "pam_verbosity (integer)"
msgstr "pam_verbosity (整数)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:838
+#: sssd.conf.5.xml:911
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
@@ -1288,42 +1391,42 @@ msgstr ""
"きいほどメッセージが表示されます。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:843
+#: sssd.conf.5.xml:916
msgid "Currently sssd supports the following values:"
msgstr "現在 sssd は以下の値をサポートします:"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:846
+#: sssd.conf.5.xml:919
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr "<emphasis>0</emphasis>: 何もメッセージを表示しない"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:849
+#: sssd.conf.5.xml:922
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr "<emphasis>1</emphasis>: 重要なメッセージのみを表示する"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:853
+#: sssd.conf.5.xml:926
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr "<emphasis>2</emphasis>: 情報レベルのメッセージを表示する"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:856
+#: sssd.conf.5.xml:929
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr "<emphasis>3</emphasis>: すべてのメッセージとデバッグ情報を表示する"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:860 sssd.8.xml:63
+#: sssd.conf.5.xml:933 sssd.8.xml:63
msgid "Default: 1"
msgstr "初期値: 1"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:865
+#: sssd.conf.5.xml:938
msgid "pam_id_timeout (integer)"
msgstr "pam_id_timeout (整数)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:941
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -1333,7 +1436,7 @@ msgstr ""
"されるよう、SSSD は直ちにキャッシュされた識別情報を更新しようとします。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:874
+#: sssd.conf.5.xml:947
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
@@ -1346,17 +1449,17 @@ msgstr ""
"アプリケーションごとに)制御します。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:888
+#: sssd.conf.5.xml:961
msgid "pam_pwd_expiration_warning (integer)"
msgstr "pam_pwd_expiration_warning (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:891 sssd.conf.5.xml:1492
+#: sssd.conf.5.xml:964 sssd.conf.5.xml:1631
msgid "Display a warning N days before the password expires."
msgstr "パスワードの期限が切れる前に N 日間警告を表示します。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:894
+#: sssd.conf.5.xml:967
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -1366,119 +1469,191 @@ msgstr ""
"ことに注意してください。この情報がなければ、sssd は警告を表示します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:900 sssd.conf.5.xml:1495
+#: sssd.conf.5.xml:973 sssd.conf.5.xml:1634
msgid ""
"If zero is set, then this filter is not applied, i.e. if the expiration "
"warning was received from backend server, it will automatically be displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:905
+#: sssd.conf.5.xml:978
msgid ""
"This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
"emphasis> for a particular domain."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:910 sssd.conf.5.xml:2224 sssd.8.xml:79
-msgid "Default: 0"
-msgstr "初期値: 0"
-
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:927
+#: sssd.conf.5.xml:1000
msgid "pam_trusted_users (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:930
+#: sssd.conf.5.xml:1003
msgid ""
"Specifies the comma-separated list of UID values or user names that are "
-"allowed to access the PAM responder. User names are resolved to UIDs at "
+"allowed to run PAM conversations against trusted domains. Users not "
+"included in this list can only access domains marked as public with "
+"<quote>pam_public_domains</quote>. User names are resolved to UIDs at "
"startup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:936
-msgid "Default: all (All users are allowed to access the PAM responder)"
+#: sssd.conf.5.xml:1013
+msgid "Default: All users are considered trusted by default"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940
+#: sssd.conf.5.xml:1017
msgid ""
"Please note that UID 0 is always allowed to access the PAM responder even in "
"case it is not in the pam_trusted_users list."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:947
+#: sssd.conf.5.xml:1024
msgid "pam_public_domains (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:950
+#: sssd.conf.5.xml:1027
msgid ""
"Specifies the comma-separated list of domain names that are accessible even "
"to untrusted users."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:954
+#: sssd.conf.5.xml:1031
msgid "Two special values for pam_public_domains option are defined:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:958
+#: sssd.conf.5.xml:1035
msgid ""
"all (Untrusted users are allowed to access all domains in PAM responder.)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:962
+#: sssd.conf.5.xml:1039
msgid ""
"none (Untrusted users are not allowed to access any domains PAM in "
"responder.)"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1043 sssd.conf.5.xml:1068 sssd.conf.5.xml:1087
+#: sssd.conf.5.xml:1411 sssd.conf.5.xml:2342 sssd-ldap.5.xml:1793
+msgid "Default: none"
+msgstr "初期値: none"
+
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:971
+#: sssd.conf.5.xml:1048
msgid "pam_account_expired_message (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:974
+#: sssd.conf.5.xml:1051
+msgid ""
+"Allows a custom expiration message to be set, replacing the default "
+"'Permission denied' message."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1056
+msgid ""
+"Note: Please be aware that message is only printed for the SSH service "
+"unless pam_verbostiy is set to 3 (show all messages and debug information)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd.conf.5.xml:1064
+#, no-wrap
+msgid ""
+"pam_account_expired_message = Account expired, please contact help desk.\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1073
+#, fuzzy
+#| msgid "ldap_ns_account_lock (string)"
+msgid "pam_account_locked_message (string)"
+msgstr "ldap_ns_account_lock (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1076
msgid ""
-"If user is authenticating using SSH keys and account is expired then by "
-"default 'Permission denied' is output. This output will be changed to "
-"content of this variable if it is set."
+"Allows a custom lockout message to be set, replacing the default 'Permission "
+"denied' message."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:983
+#: sssd.conf.5.xml:1083
#, no-wrap
msgid ""
-"pam_account_expired_message = Account expired, please call help desk.\n"
+"pam_account_locked_message = Account locked, please contact help desk.\n"
" "
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:992
+#: sssd.conf.5.xml:1092
+#, fuzzy
+#| msgid "enumerate (bool)"
+msgid "pam_cert_auth (bool)"
+msgstr "enumerate (論理値)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1095
+msgid ""
+"Enable certificate based Smartcard authentication. Since this requires "
+"additional communication with the Smartcard which will delay the "
+"authentication process this option is disabled by default."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1101 sssd-ldap.5.xml:1021 sssd-ldap.5.xml:1048
+#: sssd-ldap.5.xml:1339 sssd-ldap.5.xml:1360 sssd-ldap.5.xml:1866
+#: include/ldap_id_mapping.xml:244
+msgid "Default: False"
+msgstr "初期値: 偽"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1106
+#, fuzzy
+#| msgid "ipa_hbac_search_base (string)"
+msgid "pam_cert_db_path (string)"
+msgstr "ipa_hbac_search_base (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1109
+msgid ""
+"The path to the certificate database which contain the PKCS#11 modules to "
+"access the Smartcard."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1113
+msgid "Default: /etc/pki/nssdb (NSS version)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1118
#, fuzzy
#| msgid "pam_id_timeout (integer)"
msgid "p11_child_timeout (integer)"
msgstr "pam_id_timeout (整数)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:995
+#: sssd.conf.5.xml:1121
msgid "How many seconds will pam_sss wait for p11_child to finish."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1008
+#: sssd.conf.5.xml:1134
msgid "SUDO configuration options"
msgstr "SUDO 設定オプション"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1010
+#: sssd.conf.5.xml:1136
msgid ""
"These options can be used to configure the sudo service. The detailed "
"instructions for configuration of <citerefentry> <refentrytitle>sudo</"
@@ -1489,12 +1664,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1027
+#: sssd.conf.5.xml:1153
msgid "sudo_timed (bool)"
msgstr "sudo_timed (論理値)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1030
+#: sssd.conf.5.xml:1156
msgid ""
"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
"that implement time-dependent sudoers entries."
@@ -1503,22 +1678,22 @@ msgstr ""
"を評価するかしないかです。"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1043
+#: sssd.conf.5.xml:1169
msgid "AUTOFS configuration options"
msgstr "Autofs 設定オプション"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1045
+#: sssd.conf.5.xml:1171
msgid "These options can be used to configure the autofs service."
msgstr "これらのオプションが autofs サービスを設定するために使用されます。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1049
+#: sssd.conf.5.xml:1175
msgid "autofs_negative_timeout (integer)"
msgstr "autofs_negative_timeout (整数)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1052
+#: sssd.conf.5.xml:1178
msgid ""
"Specifies for how many seconds should the autofs responder negative cache "
"hits (that is, queries for invalid map entries, like nonexistent ones) "
@@ -1529,72 +1704,72 @@ msgstr ""
"ヒットする秒数を指定します。"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1068
+#: sssd.conf.5.xml:1194
msgid "SSH configuration options"
msgstr "SSH 設定オプション"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1070
+#: sssd.conf.5.xml:1196
msgid "These options can be used to configure the SSH service."
msgstr "これらのオプションは SSH サービスを設定するために使用されます。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1074
+#: sssd.conf.5.xml:1200
msgid "ssh_hash_known_hosts (bool)"
msgstr "ssh_hash_known_hosts (論理値)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1077
+#: sssd.conf.5.xml:1203
msgid ""
"Whether or not to hash host names and addresses in the managed known_hosts "
"file."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1086
+#: sssd.conf.5.xml:1212
msgid "ssh_known_hosts_timeout (integer)"
msgstr "ssh_known_hosts_timeout (整数)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1089
+#: sssd.conf.5.xml:1215
msgid ""
"How many seconds to keep a host in the managed known_hosts file after its "
"host keys were requested."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1093
+#: sssd.conf.5.xml:1219
msgid "Default: 180"
msgstr "初期値: 180"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1098
+#: sssd.conf.5.xml:1224
#, fuzzy
#| msgid "mail_dir (string)"
msgid "ca_db (string)"
msgstr "mail_dir (文字列)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1101
+#: sssd.conf.5.xml:1227
msgid ""
"Path to a storage of trusted CA certificates. The option is used to validate "
"user certificates before deriving public ssh keys from them."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1106
+#: sssd.conf.5.xml:1232
#, fuzzy
#| msgid "Default: /etc/krb5.keytab"
msgid "Default: /etc/pki/nssdb"
msgstr "初期値: /etc/krb5.keytab"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1114
+#: sssd.conf.5.xml:1240
msgid "PAC responder configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1116
+#: sssd.conf.5.xml:1242
msgid ""
"The PAC responder works together with the authorization data plugin for MIT "
"Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the "
@@ -1606,7 +1781,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1125
+#: sssd.conf.5.xml:1251
msgid ""
"If the remote user does not exist in the cache, it is created. The uid is "
"determined with the help of the SID, trusted domains will have UPGs and the "
@@ -1617,24 +1792,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1133
+#: sssd.conf.5.xml:1259
msgid ""
"If there are SIDs of groups from domains sssd knows about, the user will be "
"added to those groups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1139
+#: sssd.conf.5.xml:1265
msgid "These options can be used to configure the PAC responder."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1143 sssd-ifp.5.xml:50
+#: sssd.conf.5.xml:1269 sssd-ifp.5.xml:50
msgid "allowed_uids (string)"
msgstr "allowed_uids (文字列)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1146
+#: sssd.conf.5.xml:1272
msgid ""
"Specifies the comma-separated list of UID values or user names that are "
"allowed to access the PAC responder. User names are resolved to UIDs at "
@@ -1642,12 +1817,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1152
+#: sssd.conf.5.xml:1278
msgid "Default: 0 (only the root user is allowed to access the PAC responder)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1156
+#: sssd.conf.5.xml:1282
msgid ""
"Please note that although the UID 0 is used as the default it will be "
"overwritten with this option. If you still want to allow the root user to "
@@ -1655,18 +1830,32 @@ msgid ""
"to the list of allowed UIDs as well."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1291
+#, fuzzy
+#| msgid "pam_id_timeout (integer)"
+msgid "pac_lifetime (integer)"
+msgstr "pam_id_timeout (整数)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1294
+msgid ""
+"Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC "
+"data can be used to determine the group memberships of a user."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1170
+#: sssd.conf.5.xml:1309
msgid "DOMAIN SECTIONS"
msgstr "ドメインセクション"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1177
+#: sssd.conf.5.xml:1316
msgid "min_id,max_id (integer)"
msgstr "min_id,max_id (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1180
+#: sssd.conf.5.xml:1319
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
@@ -1675,7 +1864,7 @@ msgstr ""
"トリーを含む場合、それは無視されます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1185
+#: sssd.conf.5.xml:1324
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -1687,24 +1876,24 @@ msgstr ""
"バーに対して、範囲内にあるものは予期されたものとして報告されます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1192
+#: sssd.conf.5.xml:1331
msgid ""
"These ID limits affect even saving entries to cache, not only returning them "
"by name or ID."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1196
+#: sssd.conf.5.xml:1335
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr "初期値: min_id は 1, max_id は 0 (無制限)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1202
+#: sssd.conf.5.xml:1341
msgid "enumerate (bool)"
msgstr "enumerate (論理値)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1205
+#: sssd.conf.5.xml:1344
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
@@ -1713,22 +1902,22 @@ msgstr ""
"必要があります:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1209
+#: sssd.conf.5.xml:1348
msgid "TRUE = Users and groups are enumerated"
msgstr "TRUE = ユーザーとグループが列挙されます"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1212
+#: sssd.conf.5.xml:1351
msgid "FALSE = No enumerations for this domain"
msgstr "FALSE = このドメインに対して列挙しません"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1215 sssd.conf.5.xml:1447 sssd.conf.5.xml:1614
+#: sssd.conf.5.xml:1354 sssd.conf.5.xml:1586 sssd.conf.5.xml:1753
msgid "Default: FALSE"
msgstr "初期値: FALSE"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1218
+#: sssd.conf.5.xml:1357
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -1740,7 +1929,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1231
+#: sssd.conf.5.xml:1370
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
@@ -1749,7 +1938,7 @@ msgstr ""
"れが完了するまで結果を返しません。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1236
+#: sssd.conf.5.xml:1375
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -1762,39 +1951,39 @@ msgstr ""
"てください。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1244
+#: sssd.conf.5.xml:1383
msgid ""
"For the reasons cited above, enabling enumeration is not recommended, "
"especially in large environments."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1252
+#: sssd.conf.5.xml:1391
msgid "subdomain_enumerate (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1259
+#: sssd.conf.5.xml:1398
msgid "all"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1260
+#: sssd.conf.5.xml:1399
msgid "All discovered trusted domains will be enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1263
+#: sssd.conf.5.xml:1402
msgid "none"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1264
+#: sssd.conf.5.xml:1403
msgid "No discovered trusted domains will be enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1255
+#: sssd.conf.5.xml:1394
msgid ""
"Whether any of autodetected trusted domains should be enumerated. The "
"supported values are: <placeholder type=\"variablelist\" id=\"0\"/> "
@@ -1803,12 +1992,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1295
+#: sssd.conf.5.xml:1434
msgid "entry_cache_timeout (integer)"
msgstr "entry_cache_timeout (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1298
+#: sssd.conf.5.xml:1437
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
@@ -1817,7 +2006,7 @@ msgstr ""
"数です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1302
+#: sssd.conf.5.xml:1441
msgid ""
"The cache expiration timestamps are stored as attributes of individual "
"objects in the cache. Therefore, changing the cache timeout only has effect "
@@ -1828,17 +2017,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1315
+#: sssd.conf.5.xml:1454
msgid "Default: 5400"
msgstr "初期値: 5400"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1321
+#: sssd.conf.5.xml:1460
msgid "entry_cache_user_timeout (integer)"
msgstr "entry_cache_user_timeout (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1324
+#: sssd.conf.5.xml:1463
msgid ""
"How many seconds should nss_sss consider user entries valid before asking "
"the backend again"
@@ -1847,19 +2036,19 @@ msgstr ""
"考える秒数です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1328 sssd.conf.5.xml:1341 sssd.conf.5.xml:1354
-#: sssd.conf.5.xml:1367 sssd.conf.5.xml:1380 sssd.conf.5.xml:1394
-#: sssd.conf.5.xml:1408
+#: sssd.conf.5.xml:1467 sssd.conf.5.xml:1480 sssd.conf.5.xml:1493
+#: sssd.conf.5.xml:1506 sssd.conf.5.xml:1519 sssd.conf.5.xml:1533
+#: sssd.conf.5.xml:1547
msgid "Default: entry_cache_timeout"
msgstr "初期値: entry_cache_timeout"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1334
+#: sssd.conf.5.xml:1473
msgid "entry_cache_group_timeout (integer)"
msgstr "entry_cache_group_timeout (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1337
+#: sssd.conf.5.xml:1476
msgid ""
"How many seconds should nss_sss consider group entries valid before asking "
"the backend again"
@@ -1868,12 +2057,12 @@ msgstr ""
"考える秒数です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1347
+#: sssd.conf.5.xml:1486
msgid "entry_cache_netgroup_timeout (integer)"
msgstr "entry_cache_netgroup_timeout (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1350
+#: sssd.conf.5.xml:1489
msgid ""
"How many seconds should nss_sss consider netgroup entries valid before "
"asking the backend again"
@@ -1882,12 +2071,12 @@ msgstr ""
"有効であると考える秒数です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1360
+#: sssd.conf.5.xml:1499
msgid "entry_cache_service_timeout (integer)"
msgstr "entry_cache_service_timeout (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1363
+#: sssd.conf.5.xml:1502
msgid ""
"How many seconds should nss_sss consider service entries valid before asking "
"the backend again"
@@ -1896,94 +2085,94 @@ msgstr ""
"考える秒数です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1373
+#: sssd.conf.5.xml:1512
msgid "entry_cache_sudo_timeout (integer)"
msgstr "entry_cache_sudo_timeout (integer)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1376
+#: sssd.conf.5.xml:1515
msgid ""
"How many seconds should sudo consider rules valid before asking the backend "
"again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1386
+#: sssd.conf.5.xml:1525
msgid "entry_cache_autofs_timeout (integer)"
msgstr "entry_cache_autofs_timeout (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1389
+#: sssd.conf.5.xml:1528
msgid ""
"How many seconds should the autofs service consider automounter maps valid "
"before asking the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1400
+#: sssd.conf.5.xml:1539
msgid "entry_cache_ssh_host_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1403
+#: sssd.conf.5.xml:1542
msgid ""
"How many seconds to keep a host ssh key after refresh. IE how long to cache "
"the host key for."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1414
+#: sssd.conf.5.xml:1553
msgid "refresh_expired_interval (integer)"
msgstr "refresh_expired_interval (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1417
+#: sssd.conf.5.xml:1556
msgid ""
"Specifies how many seconds SSSD has to wait before triggering a background "
"refresh task which will refresh all expired or nearly expired records."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1422
+#: sssd.conf.5.xml:1561
msgid ""
"The background refresh will process users, groups and netgroups in the cache."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1426
+#: sssd.conf.5.xml:1565
msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1430 sssd-ldap.5.xml:730 sssd-ipa.5.xml:227
+#: sssd.conf.5.xml:1569 sssd-ldap.5.xml:730 sssd-ipa.5.xml:227
msgid "Default: 0 (disabled)"
msgstr "初期値: 0 (無効)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1436
+#: sssd.conf.5.xml:1575
msgid "cache_credentials (bool)"
msgstr "cache_credentials (論理値)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1439
+#: sssd.conf.5.xml:1578
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
"ユーザーのクレディンシャルがローカル LDB キャッシュにキャッシュされるかどうか"
"を決めます"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1443
+#: sssd.conf.5.xml:1582
msgid "User credentials are stored in a SHA512 hash, not in plaintext"
msgstr ""
"ユーザーのクレディンシャルが、平文ではなく SHA512 ハッシュで保存されます"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1453
+#: sssd.conf.5.xml:1592
msgid "cache_credentials_minimal_first_factor_length (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1456
+#: sssd.conf.5.xml:1595
msgid ""
"If 2-Factor-Authentication (2FA) is used and credentials should be saved "
"this value determines the minimal length the first authentication factor "
@@ -1991,24 +2180,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1463
+#: sssd.conf.5.xml:1602
msgid ""
"This should avoid that the short PINs of a PIN based 2FA scheme are saved in "
"the cache which would make them easy targets for brute-force attacks."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1468
+#: sssd.conf.5.xml:1607
msgid "Default: 8"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1474
+#: sssd.conf.5.xml:1613
msgid "account_cache_expiration (integer)"
msgstr "account_cache_expiration (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1477
+#: sssd.conf.5.xml:1616
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -2020,17 +2209,17 @@ msgstr ""
"offline_credentials_expiration と同等以上でなければいけません。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1484
+#: sssd.conf.5.xml:1623
msgid "Default: 0 (unlimited)"
msgstr "初期値: 0 (無制限)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1489
+#: sssd.conf.5.xml:1628
msgid "pwd_expiration_warning (integer)"
msgstr "pwd_expiration_warning (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1500
+#: sssd.conf.5.xml:1639
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -2039,17 +2228,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1507
+#: sssd.conf.5.xml:1646
msgid "Default: 7 (Kerberos), 0 (LDAP)"
msgstr "初期値: 7 (Kerberos), 0 (LDAP)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1513
+#: sssd.conf.5.xml:1652
msgid "id_provider (string)"
msgstr "id_provider (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1516
+#: sssd.conf.5.xml:1655
msgid ""
"The identification provider used for the domain. Supported ID providers are:"
msgstr ""
@@ -2057,17 +2246,17 @@ msgstr ""
"ダーは次のとおりです:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1520
+#: sssd.conf.5.xml:1659
msgid "<quote>proxy</quote>: Support a legacy NSS provider"
msgstr "<quote>proxy</quote>: レガシーな NSS プロバイダーのサポート"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1523 sssd.conf.5.xml:1660
+#: sssd.conf.5.xml:1662 sssd.conf.5.xml:1799
msgid "<quote>local</quote>: SSSD internal provider for local users"
msgstr "<quote>local</quote>: ローカルユーザー向け SSSD 内部プロバイダー"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1527
+#: sssd.conf.5.xml:1666
msgid ""
"<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-"
"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
@@ -2078,8 +2267,8 @@ msgstr ""
"manvolnum> </citerefentry> を参照してください。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1535 sssd.conf.5.xml:1640 sssd.conf.5.xml:1695
-#: sssd.conf.5.xml:1748
+#: sssd.conf.5.xml:1674 sssd.conf.5.xml:1779 sssd.conf.5.xml:1834
+#: sssd.conf.5.xml:1897
msgid ""
"<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management "
"provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
@@ -2092,8 +2281,8 @@ msgstr ""
"い。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1544 sssd.conf.5.xml:1649 sssd.conf.5.xml:1704
-#: sssd.conf.5.xml:1757
+#: sssd.conf.5.xml:1683 sssd.conf.5.xml:1788 sssd.conf.5.xml:1843
+#: sssd.conf.5.xml:1906
msgid ""
"<quote>ad</quote>: Active Directory provider. See <citerefentry> "
"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2104,12 +2293,12 @@ msgstr ""
"<manvolnum>5</manvolnum> </citerefentry> を参照してください。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1555
+#: sssd.conf.5.xml:1694
msgid "use_fully_qualified_names (bool)"
msgstr "use_fully_qualified_names (論理値)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1558
+#: sssd.conf.5.xml:1697
msgid ""
"Use the full name and domain (as formatted by the domain's full_name_format) "
"as the user's login name reported to NSS."
@@ -2118,7 +2307,7 @@ msgstr ""
"名形式により整形されたように) を使用します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1563
+#: sssd.conf.5.xml:1702
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -2131,7 +2320,7 @@ msgstr ""
"んが、<command>getent passwd test@LOCAL</command> は見つけられます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1571
+#: sssd.conf.5.xml:1710
msgid ""
"NOTE: This option has no effect on netgroup lookups due to their tendency to "
"include nested netgroups without qualified names. For netgroups, all domains "
@@ -2139,22 +2328,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1578
+#: sssd.conf.5.xml:1717
msgid "Default: FALSE (TRUE if default_domain_suffix is used)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1584
+#: sssd.conf.5.xml:1723
msgid "ignore_group_members (bool)"
msgstr "ignore_group_members (論理値)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1587
+#: sssd.conf.5.xml:1726
msgid "Do not return group members for group lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1590
+#: sssd.conf.5.xml:1729
msgid ""
"If set to TRUE, the group membership attribute is not requested from the "
"ldap server, and group members are not returned when processing group lookup "
@@ -2166,7 +2355,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1608
+#: sssd.conf.5.xml:1747
msgid ""
"Enabling this option can also make access provider checks for group "
"membership significantly faster, especially for groups containing many "
@@ -2174,12 +2363,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1619
+#: sssd.conf.5.xml:1758
msgid "auth_provider (string)"
msgstr "auth_provider (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1622
+#: sssd.conf.5.xml:1761
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
@@ -2188,7 +2377,7 @@ msgstr ""
"ダーは次のとおりです:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1626 sssd.conf.5.xml:1688
+#: sssd.conf.5.xml:1765 sssd.conf.5.xml:1827
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2199,7 +2388,7 @@ msgstr ""
"manvolnum> </citerefentry> を参照してください。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1633
+#: sssd.conf.5.xml:1772
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2210,19 +2399,19 @@ msgstr ""
"manvolnum> </citerefentry> を参照してください。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1657
+#: sssd.conf.5.xml:1796
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
"<quote>proxy</quote> はいくつかの他の PAM ターゲットに認証を中継します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1664
+#: sssd.conf.5.xml:1803
msgid "<quote>none</quote> disables authentication explicitly."
msgstr "<quote>none</quote> は明示的に認証を無効化します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1667
+#: sssd.conf.5.xml:1806
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
@@ -2231,12 +2420,12 @@ msgstr ""
"ならば、それが使用されます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1673
+#: sssd.conf.5.xml:1812
msgid "access_provider (string)"
msgstr "access_provider (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1676
+#: sssd.conf.5.xml:1815
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -2247,7 +2436,7 @@ msgstr ""
"えます)。内部の特別プロバイダーは次のとおりです:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1682
+#: sssd.conf.5.xml:1821
msgid ""
"<quote>permit</quote> always allow access. It's the only permitted access "
"provider for a local domain."
@@ -2256,12 +2445,12 @@ msgstr ""
"ロバイダーのみアクセスが許可されます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1685
+#: sssd.conf.5.xml:1824
msgid "<quote>deny</quote> always deny access."
msgstr "<quote>deny</quote> は常にアクセスを拒否します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1712
+#: sssd.conf.5.xml:1851
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -2274,17 +2463,44 @@ msgstr ""
"citerefentry> を参照してください。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1719
+#: sssd.conf.5.xml:1858
+#, fuzzy
+#| msgid ""
+#| "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
+#| "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
+#| "citerefentry> for more information on configuring Kerberos."
+msgid ""
+"<quote>krb5</quote>: .k5login based access control. See <citerefentry> "
+"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></"
+"citerefentry> for more information on configuring Kerberos."
+msgstr ""
+"<quote>krb5</quote> は Kerberos 認証向けです。Kerberos の設定に関する詳細は "
+"<citerefentry> <refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> を参照してください。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1865
+#, fuzzy
+#| msgid ""
+#| "<quote>proxy</quote> for relaying password changes to some other PAM "
+#| "target."
+msgid "<quote>proxy</quote> for relaying access control to another PAM module."
+msgstr ""
+"<quote>proxy</quote> はいくつかの他の PAM ターゲットにパスワードの変更を中継"
+"します。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1868
msgid "Default: <quote>permit</quote>"
msgstr "初期値: <quote>permit</quote>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1724
+#: sssd.conf.5.xml:1873
msgid "chpass_provider (string)"
msgstr "chpass_provider (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1727
+#: sssd.conf.5.xml:1876
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
@@ -2293,7 +2509,7 @@ msgstr ""
"パスワード変更プロバイダーは次のとおりです:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1732
+#: sssd.conf.5.xml:1881
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -2304,7 +2520,7 @@ msgstr ""
"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> を参照してください。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1740
+#: sssd.conf.5.xml:1889
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2315,7 +2531,7 @@ msgstr ""
"<manvolnum>5</manvolnum> </citerefentry> を参照してください。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1765
+#: sssd.conf.5.xml:1914
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
@@ -2323,12 +2539,12 @@ msgstr ""
"します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1769
+#: sssd.conf.5.xml:1918
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr "<quote>none</quote> は明示的にパスワードの変更を無効化します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1772
+#: sssd.conf.5.xml:1921
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
@@ -2337,19 +2553,19 @@ msgstr ""
"うことができるならば、それが使用されます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1779
+#: sssd.conf.5.xml:1928
msgid "sudo_provider (string)"
msgstr "sudo_provider (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1782
+#: sssd.conf.5.xml:1931
msgid "The SUDO provider used for the domain. Supported SUDO providers are:"
msgstr ""
"ドメインに使用される SUDO プロバイダーです。サポートされる SUDO プロバイダー"
"は次のとおりです:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1786
+#: sssd.conf.5.xml:1935
msgid ""
"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2360,33 +2576,33 @@ msgstr ""
"<manvolnum>5</manvolnum> </citerefentry> を参照します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1794
+#: sssd.conf.5.xml:1943
msgid ""
"<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default "
"settings."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1798
+#: sssd.conf.5.xml:1947
msgid ""
"<quote>ad</quote> the same as <quote>ldap</quote> but with AD default "
"settings."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1802
+#: sssd.conf.5.xml:1951
msgid "<quote>none</quote> disables SUDO explicitly."
msgstr "<quote>none</quote> は SUDO を明示的に無効化します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1805 sssd.conf.5.xml:1883 sssd.conf.5.xml:1915
-#: sssd.conf.5.xml:1940
+#: sssd.conf.5.xml:1954 sssd.conf.5.xml:2032 sssd.conf.5.xml:2073
+#: sssd.conf.5.xml:2098
msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
msgstr ""
"初期値: <quote>id_provider</quote> の値が設定されていると使用されます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1809
+#: sssd.conf.5.xml:1958
msgid ""
"The detailed instructions for configuration of sudo_provider are in the "
"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -2397,12 +2613,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1826
+#: sssd.conf.5.xml:1975
msgid "selinux_provider (string)"
msgstr "selinux_provider (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1829
+#: sssd.conf.5.xml:1978
msgid ""
"The provider which should handle loading of selinux settings. Note that this "
"provider will be called right after access provider ends. Supported selinux "
@@ -2410,7 +2626,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1835
+#: sssd.conf.5.xml:1984
msgid ""
"<quote>ipa</quote> to load selinux settings from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2418,31 +2634,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1843
+#: sssd.conf.5.xml:1992
msgid "<quote>none</quote> disallows fetching selinux settings explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1846
+#: sssd.conf.5.xml:1995
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"selinux loading requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1852
+#: sssd.conf.5.xml:2001
msgid "subdomains_provider (string)"
msgstr "subdomains_provider (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1855
+#: sssd.conf.5.xml:2004
msgid ""
"The provider which should handle fetching of subdomains. This value should "
"be always the same as id_provider. Supported subdomain providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1861
+#: sssd.conf.5.xml:2010
msgid ""
"<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2450,7 +2666,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1870
+#: sssd.conf.5.xml:2019
msgid ""
"<quote>ad</quote> to load a list of subdomains from an Active Directory "
"server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> "
@@ -2459,17 +2675,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1879
+#: sssd.conf.5.xml:2028
msgid "<quote>none</quote> disallows fetching subdomains explicitly."
msgstr "<quote>none</quote> はサブドメインの取り出しを明示的に無効化します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1890
+#: sssd.conf.5.xml:2039
msgid "autofs_provider (string)"
msgstr "autofs_provider (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1893
+#: sssd.conf.5.xml:2042
msgid ""
"The autofs provider used for the domain. Supported autofs providers are:"
msgstr ""
@@ -2477,7 +2693,7 @@ msgstr ""
"プロバイダーは次のとおりです:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1897
+#: sssd.conf.5.xml:2046
msgid ""
"<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2488,7 +2704,7 @@ msgstr ""
"<manvolnum>5</manvolnum> </citerefentry> を参照してください。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1904
+#: sssd.conf.5.xml:2053
msgid ""
"<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2499,17 +2715,33 @@ msgstr ""
"<manvolnum>5</manvolnum> </citerefentry> を参照してください。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1912
+#: sssd.conf.5.xml:2061
+#, fuzzy
+#| msgid ""
+#| "<quote>ipa</quote> to load maps stored in an IPA server. See "
+#| "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
+#| "manvolnum> </citerefentry> for more information on configuring IPA."
+msgid ""
+"<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> "
+"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> for more information on configuring the AD provider."
+msgstr ""
+"<quote>ipa</quote> は IPA サーバーに保存されているマップを読み込みます。IPA "
+"の設定に関する詳細は <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry> を参照してください。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2070
msgid "<quote>none</quote> disables autofs explicitly."
msgstr "<quote>none</quote> は明示的に autofs を無効にします。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1922
+#: sssd.conf.5.xml:2080
msgid "hostid_provider (string)"
msgstr "hostid_provider (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1925
+#: sssd.conf.5.xml:2083
msgid ""
"The provider used for retrieving host identity information. Supported "
"hostid providers are:"
@@ -2518,7 +2750,7 @@ msgstr ""
"hostid プロバイダーは次のとおりです:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1929
+#: sssd.conf.5.xml:2087
msgid ""
"<quote>ipa</quote> to load host identity stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2529,12 +2761,12 @@ msgstr ""
"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> を参照してください。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1937
+#: sssd.conf.5.xml:2095
msgid "<quote>none</quote> disables hostid explicitly."
msgstr "<quote>none</quote> は明示的に hostid を無効にします。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1950
+#: sssd.conf.5.xml:2108
msgid ""
"Regular expression for this domain that describes how to parse the string "
"containing user name and domain into these components. The \"domain\" can "
@@ -2544,7 +2776,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1959
+#: sssd.conf.5.xml:2117
msgid ""
"Default for the AD and IPA provider: <quote>(((?P&lt;domain&gt;[^\\\\]+)\\"
"\\(?P&lt;name&gt;.+$))|((?P&lt;name&gt;[^@]+)@(?P&lt;domain&gt;.+$))|(^(?"
@@ -2553,29 +2785,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1964
+#: sssd.conf.5.xml:2122
msgid "username"
msgstr "username"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1967
+#: sssd.conf.5.xml:2125
msgid "username@domain.name"
msgstr "username@domain.name"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1970
+#: sssd.conf.5.xml:2128
msgid "domain\\username"
msgstr "domain\\username"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1973
+#: sssd.conf.5.xml:2131
msgid ""
"While the first two correspond to the general default the third one is "
"introduced to allow easy integration of users from Windows domains."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1978
+#: sssd.conf.5.xml:2136
msgid ""
"Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
"which translates to \"the name is everything up to the <quote>@</quote> "
@@ -2586,7 +2818,7 @@ msgstr ""
"everything after that\" に解釈されます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1984
+#: sssd.conf.5.xml:2142
msgid ""
"PLEASE NOTE: the support for non-unique named subpatterns is not available "
"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
@@ -2594,7 +2826,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1991
+#: sssd.conf.5.xml:2149
msgid ""
"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
"P&lt;name&gt;) to label subpatterns."
@@ -2603,17 +2835,17 @@ msgstr ""
"Python 構文 (?P&lt;name&gt;) のみをサポートします。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2038
+#: sssd.conf.5.xml:2196
msgid "Default: <quote>%1$s@%2$s</quote>."
msgstr "初期値: <quote>%1$s@%2$s</quote>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2044
+#: sssd.conf.5.xml:2202
msgid "lookup_family_order (string)"
msgstr "lookup_family_order (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2047
+#: sssd.conf.5.xml:2205
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
@@ -2622,46 +2854,46 @@ msgstr ""
"します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2051
+#: sssd.conf.5.xml:2209
msgid "Supported values:"
msgstr "サポートする値:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2054
+#: sssd.conf.5.xml:2212
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
"ipv4_first: IPv4 アドレスの検索を試行します。失敗すると IPv6 を試行します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2057
+#: sssd.conf.5.xml:2215
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr ""
"ipv4_only: ホスト名を IPv4 アドレスに名前解決することのみを試行します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2060
+#: sssd.conf.5.xml:2218
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
"ipv6_first: IPv6 アドレスの検索を試行します。失敗すると IPv4 を試行します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2063
+#: sssd.conf.5.xml:2221
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr ""
"ipv6_only: ホスト名を IPv6 アドレスに名前解決することのみを試行します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2066
+#: sssd.conf.5.xml:2224
msgid "Default: ipv4_first"
msgstr "初期値: ipv4_first"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2072
+#: sssd.conf.5.xml:2230
msgid "dns_resolver_timeout (integer)"
msgstr "dns_resolver_timeout (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2075
+#: sssd.conf.5.xml:2233
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -2672,18 +2904,18 @@ msgstr ""
"ドにて操作を継続します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2081 sssd-ldap.5.xml:1203 sssd-ldap.5.xml:1245
-#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:248
+#: sssd.conf.5.xml:2239 sssd-ldap.5.xml:1221 sssd-ldap.5.xml:1263
+#: sssd-ldap.5.xml:1281 sssd-krb5.5.xml:248
msgid "Default: 6"
msgstr "初期値: 6"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2087
+#: sssd.conf.5.xml:2245
msgid "dns_discovery_domain (string)"
msgstr "dns_discovery_domain (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2090
+#: sssd.conf.5.xml:2248
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
@@ -2692,52 +2924,52 @@ msgstr ""
"イン部分を指定します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2094
+#: sssd.conf.5.xml:2252
msgid "Default: Use the domain part of machine's hostname"
msgstr "初期値: マシンのホスト名のドメイン部分を使用します"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2100
+#: sssd.conf.5.xml:2258
msgid "override_gid (integer)"
msgstr "override_gid (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2103
+#: sssd.conf.5.xml:2261
msgid "Override the primary GID value with the one specified."
msgstr "プライマリー GID の値を指定されたもので上書きします。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2109
+#: sssd.conf.5.xml:2267
msgid "case_sensitive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2117
+#: sssd.conf.5.xml:2275
msgid "True"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2120
+#: sssd.conf.5.xml:2278
msgid "Case sensitive. This value is invalid for AD provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2126
+#: sssd.conf.5.xml:2284
msgid "False"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2128
+#: sssd.conf.5.xml:2286
msgid "Case insensitive."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2132
+#: sssd.conf.5.xml:2290
msgid "Preserving"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2135
+#: sssd.conf.5.xml:2293
msgid ""
"Same as False (case insensitive), but does not lowercase names in the result "
"of NSS operations. Note that name aliases (and in case of services also "
@@ -2745,7 +2977,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2112
+#: sssd.conf.5.xml:2270
msgid ""
"Treat user and group names as case sensitive. At the moment, this option is "
"not supported in the local provider. Possible option values are: "
@@ -2753,41 +2985,87 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2147
+#: sssd.conf.5.xml:2305
msgid "Default: True (False for AD provider)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2153
-msgid "proxy_fast_alias (boolean)"
-msgstr "proxy_fast_alias (論理値)"
+#: sssd.conf.5.xml:2311
+msgid "subdomain_inherit (string)"
+msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2156
+#: sssd.conf.5.xml:2314
msgid ""
-"When a user or group is looked up by name in the proxy provider, a second "
-"lookup by ID is performed to \"canonicalize\" the name in case the requested "
-"name was an alias. Setting this option to true would cause the SSSD to "
-"perform the ID lookup from cache for performance reasons."
+"Specifies a list of configuration parameters that should be inherited by a "
+"subdomain. Please note that only selected parameters can be inherited. "
+"Currently the following options can be inherited:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2320
+msgid "ignore_group_members"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2323
+msgid "ldap_purge_cache_timeout"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2326 sssd-ldap.5.xml:1054
+msgid "ldap_use_tokengroups"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2329
+msgid "ldap_user_principal"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2332
+msgid ""
+"ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab "
+"is not set explicitly)"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd.conf.5.xml:2338
+#, no-wrap
+msgid ""
+"subdomain_inherit = ldap_purge_cache_timeout\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2336
+msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2345
+#, fuzzy
+#| msgid "This option is not available in IPA provider."
+msgid "Note: This option only works with the IPA and AD provider."
+msgstr "このオプションは IPA プロバイダーにおいて利用可能ではありません。"
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2170
+#: sssd.conf.5.xml:2352
msgid "subdomain_homedir (string)"
msgstr "subdomain_homedir (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2181
+#: sssd.conf.5.xml:2363
msgid "%F"
msgstr "%F"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2182
+#: sssd.conf.5.xml:2364
msgid "flat (NetBIOS) name of a subdomain."
msgstr "サブドメインのフラット (NetBIOS) 名。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2173
+#: sssd.conf.5.xml:2355
msgid ""
"Use this homedir as default value for all subdomains within this domain in "
"IPA AD trust. See <emphasis>override_homedir</emphasis> for info about "
@@ -2797,37 +3075,37 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2187
+#: sssd.conf.5.xml:2369
msgid ""
"The value can be overridden by <emphasis>override_homedir</emphasis> option."
msgstr ""
"値は <emphasis>override_homedir</emphasis> オプションにより上書きできます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2191
+#: sssd.conf.5.xml:2373
msgid "Default: <filename>/home/%d/%u</filename>"
msgstr "初期値: <filename>/home/%d/%u</filename>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2196
+#: sssd.conf.5.xml:2378
msgid "realmd_tags (string)"
msgstr "realmd_tags (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2199
+#: sssd.conf.5.xml:2381
msgid ""
"Various tags stored by the realmd configuration service for this domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2205
+#: sssd.conf.5.xml:2387
#, fuzzy
#| msgid "memcache_timeout (int)"
msgid "cached_auth_timeout (int)"
msgstr "memcache_timeout (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2208
+#: sssd.conf.5.xml:2390
msgid ""
"Specifies time in seconds since last successful online authentication for "
"which user will be authenticated using cached credentials while SSSD is in "
@@ -2835,12 +3113,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2214
+#: sssd.conf.5.xml:2396
msgid "Special value 0 implies that this feature is disabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2218
+#: sssd.conf.5.xml:2400
msgid ""
"Please note that if <quote>cached_auth_timeout</quote> is longer than "
"<quote>pam_id_timeout</quote> then the back end could be called to handle "
@@ -2848,7 +3126,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1172
+#: sssd.conf.5.xml:1311
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -2859,17 +3137,17 @@ msgstr ""
"\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2236
+#: sssd.conf.5.xml:2418
msgid "proxy_pam_target (string)"
msgstr "proxy_pam_target (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2239
+#: sssd.conf.5.xml:2421
msgid "The proxy target PAM proxies to."
msgstr "中継するプロキシターゲット PAM です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2242
+#: sssd.conf.5.xml:2424
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
@@ -2878,12 +3156,12 @@ msgstr ""
"をここに追加する必要があります。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2250
+#: sssd.conf.5.xml:2432
msgid "proxy_lib_name (string)"
msgstr "proxy_lib_name (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2253
+#: sssd.conf.5.xml:2435
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -2893,8 +3171,22 @@ msgstr ""
"おいて検索する NSS 関数は _nss_$(libName)_$(function) の形式です。たとえば "
"_nss_files_getpwent です。"
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2445
+msgid "proxy_fast_alias (boolean)"
+msgstr "proxy_fast_alias (論理値)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2448
+msgid ""
+"When a user or group is looked up by name in the proxy provider, a second "
+"lookup by ID is performed to \"canonicalize\" the name in case the requested "
+"name was an alias. Setting this option to true would cause the SSSD to "
+"perform the ID lookup from cache for performance reasons."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2232
+#: sssd.conf.5.xml:2414
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
@@ -2903,12 +3195,12 @@ msgstr ""
"\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2265
+#: sssd.conf.5.xml:2465
msgid "The local domain section"
msgstr "ローカルドメインのセクション"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2267
+#: sssd.conf.5.xml:2467
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -2919,27 +3211,27 @@ msgstr ""
"メインに対する設定を含みます。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2274
+#: sssd.conf.5.xml:2474
msgid "default_shell (string)"
msgstr "default_shell (文字列)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2277
+#: sssd.conf.5.xml:2477
msgid "The default shell for users created with SSSD userspace tools."
msgstr "SSSD ユーザー空間ツールを用いて作成されたユーザーの初期シェルです。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2281
+#: sssd.conf.5.xml:2481
msgid "Default: <filename>/bin/bash</filename>"
msgstr "初期値: <filename>/bin/bash</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2286
+#: sssd.conf.5.xml:2486
msgid "base_directory (string)"
msgstr "base_directory (文字列)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2289
+#: sssd.conf.5.xml:2489
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
@@ -2948,17 +3240,17 @@ msgstr ""
"ホームディレクトリーとして使用します。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2294
+#: sssd.conf.5.xml:2494
msgid "Default: <filename>/home</filename>"
msgstr "初期値: <filename>/home</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2299
+#: sssd.conf.5.xml:2499
msgid "create_homedir (bool)"
msgstr "create_homedir (論理値)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2302
+#: sssd.conf.5.xml:2502
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
@@ -2967,17 +3259,17 @@ msgstr ""
"す。コマンドラインにおいて上書きできます。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2306 sssd.conf.5.xml:2318
+#: sssd.conf.5.xml:2506 sssd.conf.5.xml:2518
msgid "Default: TRUE"
msgstr "初期値: TRUE"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2311
+#: sssd.conf.5.xml:2511
msgid "remove_homedir (bool)"
msgstr "remove_homedir (論理値)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2314
+#: sssd.conf.5.xml:2514
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
@@ -2986,12 +3278,12 @@ msgstr ""
"す。コマンドラインにおいて上書きできます。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2323
+#: sssd.conf.5.xml:2523
msgid "homedir_umask (integer)"
msgstr "homedir_umask (整数)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2326
+#: sssd.conf.5.xml:2526
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -3002,17 +3294,17 @@ msgstr ""
"manvolnum> </citerefentry> により使用されます。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2334
+#: sssd.conf.5.xml:2534
msgid "Default: 077"
msgstr "初期値: 077"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2339
+#: sssd.conf.5.xml:2539
msgid "skel_dir (string)"
msgstr "skel_dir (文字列)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2342
+#: sssd.conf.5.xml:2542
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -3025,17 +3317,17 @@ msgstr ""
"を含む、スケルトンディレクトリーです。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2352
+#: sssd.conf.5.xml:2552
msgid "Default: <filename>/etc/skel</filename>"
msgstr "初期値: <filename>/etc/skel</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2357
+#: sssd.conf.5.xml:2557
msgid "mail_dir (string)"
msgstr "mail_dir (文字列)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2360
+#: sssd.conf.5.xml:2560
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -3046,17 +3338,17 @@ msgstr ""
"が使用されます。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2367
+#: sssd.conf.5.xml:2567
msgid "Default: <filename>/var/mail</filename>"
msgstr "初期値: <filename>/var/mail</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2372
+#: sssd.conf.5.xml:2572
msgid "userdel_cmd (string)"
msgstr "userdel_cmd (文字列)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2375
+#: sssd.conf.5.xml:2575
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -3067,19 +3359,19 @@ msgstr ""
"せん。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2381
+#: sssd.conf.5.xml:2581
msgid "Default: None, no command is run"
msgstr "初期値: なし、コマンドを実行しません"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:2391 sssd-ldap.5.xml:2611 sssd-simple.5.xml:131
-#: sssd-ipa.5.xml:717 sssd-ad.5.xml:889 sssd-krb5.5.xml:564
+#: sssd.conf.5.xml:2591 sssd-ldap.5.xml:2629 sssd-simple.5.xml:131
+#: sssd-ipa.5.xml:717 sssd-ad.5.xml:965 sssd-krb5.5.xml:564
#: sss_rpcidmapd.5.xml:98
msgid "EXAMPLE"
msgstr "例"
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:2397
+#: sssd.conf.5.xml:2597
#, no-wrap
msgid ""
"[sssd]\n"
@@ -3133,7 +3425,7 @@ msgstr ""
"enumerate = False\n"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2393
+#: sssd.conf.5.xml:2593
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -3194,7 +3486,7 @@ msgstr ""
"オプションを参照してください。"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:88
+#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:89
#: sssd-krb5.5.xml:63 sssd-ifp.5.xml:44
msgid "CONFIGURATION OPTIONS"
msgstr "設定オプション"
@@ -3301,8 +3593,8 @@ msgstr ""
"な LDAP 検索フィルターである必要があります。"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:646 sssd-ad.5.xml:212
-#: sss_override.8.xml:99 sss_override.8.xml:167
+#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:646 sssd-ad.5.xml:220
+#: sss_override.8.xml:137 sss_override.8.xml:234
msgid "Examples:"
msgstr "例:"
@@ -3599,14 +3891,14 @@ msgid "ldap_user_modify_timestamp (string)"
msgstr "ldap_user_modify_timestamp (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:373 sssd-ldap.5.xml:914 sssd-ldap.5.xml:1119
+#: sssd-ldap.5.xml:373 sssd-ldap.5.xml:914 sssd-ldap.5.xml:1137
msgid ""
"The LDAP attribute that contains timestamp of the last modification of the "
"parent object."
msgstr "親オブジェクトの最終変更のタイムスタンプを含む LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:377 sssd-ldap.5.xml:918 sssd-ldap.5.xml:1126
+#: sssd-ldap.5.xml:377 sssd-ldap.5.xml:918 sssd-ldap.5.xml:1144
msgid "Default: modifyTimestamp"
msgstr "初期値: modifyTimestamp"
@@ -4048,8 +4340,8 @@ msgid "The LDAP attribute that corresponds to the user's full name."
msgstr "ユーザーの完全名に対応する LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:743 sssd-ldap.5.xml:850 sssd-ldap.5.xml:1077
-#: sssd-ldap.5.xml:1151 sssd-ldap.5.xml:2192 sssd-ipa.5.xml:590
+#: sssd-ldap.5.xml:743 sssd-ldap.5.xml:850 sssd-ldap.5.xml:1095
+#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:2210 sssd-ipa.5.xml:590
msgid "Default: cn"
msgstr "初期値: cn"
@@ -4265,11 +4557,30 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:945
+#, fuzzy
+#| msgid "ldap_group_member (string)"
+msgid "ldap_group_external_member (string)"
+msgstr "ldap_group_member (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:948
+msgid ""
+"The LDAP attribute that references group members that are defined in an "
+"external domain. At the moment, only IPA's external members are supported."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:954
+msgid "Default: ipaExternalMember in the IPA provider, otherwise unset."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:961
msgid "ldap_group_nesting_level (integer)"
msgstr "ldap_group_nesting_level (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:948
+#: sssd-ldap.5.xml:964
msgid ""
"If ldap_schema is set to a schema format that supports nested groups (e.g. "
"RFC2307bis), then this option controls how many levels of nesting SSSD will "
@@ -4280,7 +4591,7 @@ msgstr ""
"のオプションは RFC2307 スキーマにおいて効果がありません。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:955
+#: sssd-ldap.5.xml:971
msgid ""
"Note: This option specifies the guaranteed level of nested groups to be "
"processed for any lookup. However, nested groups beyond this limit "
@@ -4290,26 +4601,27 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:964
+#: sssd-ldap.5.xml:980
msgid ""
"If ldap_group_nesting_level is set to 0 then no nested groups are processed "
-"at all. However, when connected to Active-Directory Server 2008 and later it "
-"is furthermore required to disable usage of Token-Groups by setting "
-"ldap_use_tokengroups to false."
+"at all. However, when connected to Active-Directory Server 2008 and later "
+"using <quote>id_provider=ad</quote> it is furthermore required to disable "
+"usage of Token-Groups by setting ldap_use_tokengroups to false in order to "
+"restrict group nesting."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:971
+#: sssd-ldap.5.xml:989
msgid "Default: 2"
msgstr "初期値: 2"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:977
+#: sssd-ldap.5.xml:995
msgid "ldap_groups_use_matching_rule_in_chain"
msgstr "ldap_groups_use_matching_rule_in_chain"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:980
+#: sssd-ldap.5.xml:998
msgid ""
"This option tells SSSD to take advantage of an Active Directory-specific "
"feature which may speed up group lookup operations on deployments with "
@@ -4317,14 +4629,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:986
+#: sssd-ldap.5.xml:1004
msgid ""
"In most common cases, it is best to leave this option disabled. It generally "
"only provides a performance increase on very complex nestings."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:991 sssd-ldap.5.xml:1018
+#: sssd-ldap.5.xml:1009 sssd-ldap.5.xml:1036
msgid ""
"If this option is enabled, SSSD will use it if it detects that the server "
"supports it during initial connection. So \"True\" here essentially means "
@@ -4332,7 +4644,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:997 sssd-ldap.5.xml:1024
+#: sssd-ldap.5.xml:1015 sssd-ldap.5.xml:1042
msgid ""
"Note: This feature is currently known to work only with Active Directory "
"2008 R1 and later. See <ulink url=\"http://msdn.microsoft.com/en-us/library/"
@@ -4340,19 +4652,13 @@ msgid ""
"for more details."
msgstr ""
-#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1003 sssd-ldap.5.xml:1030 sssd-ldap.5.xml:1321
-#: sssd-ldap.5.xml:1342 sssd-ldap.5.xml:1848 include/ldap_id_mapping.xml:242
-msgid "Default: False"
-msgstr "初期値: 偽"
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1009
+#: sssd-ldap.5.xml:1027
msgid "ldap_initgroups_use_matching_rule_in_chain"
msgstr "ldap_initgroups_use_matching_rule_in_chain"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1012
+#: sssd-ldap.5.xml:1030
msgid ""
"This option tells SSSD to take advantage of an Active Directory-specific "
"feature which might speed up initgroups operations (most notably when "
@@ -4360,81 +4666,81 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1039
+#: sssd-ldap.5.xml:1057
msgid ""
"This options enables or disables use of Token-Groups attribute when "
"performing initgroup for users from Active Directory Server 2008 and later."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1044
+#: sssd-ldap.5.xml:1062
msgid "Default: True for AD and IPA otherwise False."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1050
+#: sssd-ldap.5.xml:1068
msgid "ldap_netgroup_object_class (string)"
msgstr "ldap_netgroup_object_class (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1053
+#: sssd-ldap.5.xml:1071
msgid "The object class of a netgroup entry in LDAP."
msgstr "LDAP にあるネットワークグループエントリーのオブジェクトクラスです。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1056
+#: sssd-ldap.5.xml:1074
msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
msgstr ""
"IPA プロバイダーにおいては ipa_netgroup_object_class が代わりに使用されます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1060
+#: sssd-ldap.5.xml:1078
msgid "Default: nisNetgroup"
msgstr "初期値: nisNetgroup"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1066
+#: sssd-ldap.5.xml:1084
msgid "ldap_netgroup_name (string)"
msgstr "ldap_netgroup_name (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1069
+#: sssd-ldap.5.xml:1087
msgid "The LDAP attribute that corresponds to the netgroup name."
msgstr "ネットワークグループ名に対応する LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1073
+#: sssd-ldap.5.xml:1091
msgid "In IPA provider, ipa_netgroup_name should be used instead."
msgstr "IPA プロバイダーにおいては ipa_netgroup_name が代わりに使用されます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1083
+#: sssd-ldap.5.xml:1101
msgid "ldap_netgroup_member (string)"
msgstr "ldap_netgroup_member (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1086
+#: sssd-ldap.5.xml:1104
msgid "The LDAP attribute that contains the names of the netgroup's members."
msgstr "ネットワークグループのメンバーの名前を含む LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1090
+#: sssd-ldap.5.xml:1108
msgid "In IPA provider, ipa_netgroup_member should be used instead."
msgstr ""
"IPA プロバイダーにおいては ipa_netgroup_member が代わりに使用されます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1094
+#: sssd-ldap.5.xml:1112
msgid "Default: memberNisNetgroup"
msgstr "初期値: memberNisNetgroup"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1100
+#: sssd-ldap.5.xml:1118
msgid "ldap_netgroup_triple (string)"
msgstr "ldap_netgroup_triple (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1103
+#: sssd-ldap.5.xml:1121
msgid ""
"The LDAP attribute that contains the (host, user, domain) netgroup triples."
msgstr ""
@@ -4442,90 +4748,90 @@ msgstr ""
"す。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1107 sssd-ldap.5.xml:1123
+#: sssd-ldap.5.xml:1125 sssd-ldap.5.xml:1141
msgid "This option is not available in IPA provider."
msgstr "このオプションは IPA プロバイダーにおいて利用可能ではありません。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1110
+#: sssd-ldap.5.xml:1128
msgid "Default: nisNetgroupTriple"
msgstr "初期値: nisNetgroupTriple"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1116
+#: sssd-ldap.5.xml:1134
msgid "ldap_netgroup_modify_timestamp (string)"
msgstr "ldap_netgroup_modify_timestamp (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1132
+#: sssd-ldap.5.xml:1150
msgid "ldap_service_object_class (string)"
msgstr "ldap_service_object_class (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1135
+#: sssd-ldap.5.xml:1153
msgid "The object class of a service entry in LDAP."
msgstr "LDAP にあるサービスエントリーのオブジェクトクラスです。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1138
+#: sssd-ldap.5.xml:1156
msgid "Default: ipService"
msgstr "初期値: ipService"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1144
+#: sssd-ldap.5.xml:1162
msgid "ldap_service_name (string)"
msgstr "ldap_service_name (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1147
+#: sssd-ldap.5.xml:1165
msgid ""
"The LDAP attribute that contains the name of service attributes and their "
"aliases."
msgstr "サービス属性の名前とそのエイリアスを含む LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1157
+#: sssd-ldap.5.xml:1175
msgid "ldap_service_port (string)"
msgstr "ldap_service_port (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1160
+#: sssd-ldap.5.xml:1178
msgid "The LDAP attribute that contains the port managed by this service."
msgstr "このサービスにより管理されるポートを含む LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1164
+#: sssd-ldap.5.xml:1182
msgid "Default: ipServicePort"
msgstr "初期値: ipServicePort"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1170
+#: sssd-ldap.5.xml:1188
msgid "ldap_service_proto (string)"
msgstr "ldap_service_proto (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1173
+#: sssd-ldap.5.xml:1191
msgid ""
"The LDAP attribute that contains the protocols understood by this service."
msgstr "このサービスにより認識されるプロトコルを含む LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1177
+#: sssd-ldap.5.xml:1195
msgid "Default: ipServiceProtocol"
msgstr "初期値: ipServiceProtocol"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1183
+#: sssd-ldap.5.xml:1201
msgid "ldap_service_search_base (string)"
msgstr "ldap_service_search_base (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1188
+#: sssd-ldap.5.xml:1206
msgid "ldap_search_timeout (integer)"
msgstr "ldap_search_timeout (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1191
+#: sssd-ldap.5.xml:1209
msgid ""
"Specifies the timeout (in seconds) that ldap searches are allowed to run "
"before they are cancelled and cached results are returned (and offline mode "
@@ -4533,7 +4839,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1197
+#: sssd-ldap.5.xml:1215
msgid ""
"Note: this option is subject to change in future versions of the SSSD. It "
"will likely be replaced at some point by a series of timeouts for specific "
@@ -4544,12 +4850,12 @@ msgstr ""
"かもしれません。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1209
+#: sssd-ldap.5.xml:1227
msgid "ldap_enumeration_search_timeout (integer)"
msgstr "ldap_enumeration_search_timeout (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1212
+#: sssd-ldap.5.xml:1230
msgid ""
"Specifies the timeout (in seconds) that ldap searches for user and group "
"enumerations are allowed to run before they are cancelled and cached results "
@@ -4557,12 +4863,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1225
+#: sssd-ldap.5.xml:1243
msgid "ldap_network_timeout (integer)"
msgstr "ldap_network_timeout (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1228
+#: sssd-ldap.5.xml:1246
msgid ""
"Specifies the timeout (in seconds) after which the <citerefentry> "
"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
@@ -4578,12 +4884,12 @@ msgstr ""
"citerefentry> が未使用を返した後のタイムアウト(秒単位)を指定します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1251
+#: sssd-ldap.5.xml:1269
msgid "ldap_opt_timeout (integer)"
msgstr "ldap_opt_timeout (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1254
+#: sssd-ldap.5.xml:1272
msgid ""
"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
"will abort if no response is received. Also controls the timeout when "
@@ -4592,12 +4898,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1269
+#: sssd-ldap.5.xml:1287
msgid "ldap_connection_expire_timeout (integer)"
msgstr "ldap_connection_expire_timeout (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1272
+#: sssd-ldap.5.xml:1290
msgid ""
"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
"maintained. After this time, the connection will be re-established. If used "
@@ -4606,17 +4912,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1280 sssd-ldap.5.xml:2349
+#: sssd-ldap.5.xml:1298 sssd-ldap.5.xml:2367
msgid "Default: 900 (15 minutes)"
msgstr "初期値: 900 (15 分)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1286
+#: sssd-ldap.5.xml:1304
msgid "ldap_page_size (integer)"
msgstr "ldap_page_size (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1289
+#: sssd-ldap.5.xml:1307
msgid ""
"Specify the number of records to retrieve from LDAP in a single request. "
"Some LDAP servers enforce a maximum limit per-request."
@@ -4625,17 +4931,17 @@ msgstr ""
"バーは 1 要求あたりの最大数の制限を強制します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1294
+#: sssd-ldap.5.xml:1312
msgid "Default: 1000"
msgstr "初期値: 1000"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1300
+#: sssd-ldap.5.xml:1318
msgid "ldap_disable_paging (boolean)"
msgstr "ldap_disable_paging (論理値)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1303
+#: sssd-ldap.5.xml:1321
msgid ""
"Disable the LDAP paging control. This option should be used if the LDAP "
"server reports that it supports the LDAP paging control in its RootDSE but "
@@ -4646,7 +4952,7 @@ msgstr ""
"ことを報告する場合に、このオプションが使用されます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1309
+#: sssd-ldap.5.xml:1327
msgid ""
"Example: OpenLDAP servers with the paging control module installed on the "
"server but not enabled will report it in the RootDSE but be unable to use it."
@@ -4656,7 +4962,7 @@ msgstr ""
"す。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1315
+#: sssd-ldap.5.xml:1333
msgid ""
"Example: 389 DS has a bug where it can only support a one paging control at "
"a time on a single connection. On busy clients, this can result in some "
@@ -4667,17 +4973,17 @@ msgstr ""
"があります。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1327
+#: sssd-ldap.5.xml:1345
msgid "ldap_disable_range_retrieval (boolean)"
msgstr "ldap_disable_range_retrieval (論理値)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1330
+#: sssd-ldap.5.xml:1348
msgid "Disable Active Directory range retrieval."
msgstr "Active Directory の範囲の取得を無効化します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1333
+#: sssd-ldap.5.xml:1351
msgid ""
"Active Directory limits the number of members to be retrieved in a single "
"lookup using the MaxValRange policy (which defaults to 1500 members). If a "
@@ -4687,12 +4993,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1348
+#: sssd-ldap.5.xml:1366
msgid "ldap_sasl_minssf (integer)"
msgstr "ldap_sasl_minssf (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1351
+#: sssd-ldap.5.xml:1369
msgid ""
"When communicating with an LDAP server using SASL, specify the minimum "
"security level necessary to establish the connection. The values of this "
@@ -4700,17 +5006,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1357
+#: sssd-ldap.5.xml:1375
msgid "Default: Use the system default (usually specified by ldap.conf)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1364
+#: sssd-ldap.5.xml:1382
msgid "ldap_deref_threshold (integer)"
msgstr "ldap_deref_threshold (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1367
+#: sssd-ldap.5.xml:1385
msgid ""
"Specify the number of group members that must be missing from the internal "
"cache in order to trigger a dereference lookup. If less members are missing, "
@@ -4718,13 +5024,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1373
+#: sssd-ldap.5.xml:1391
msgid ""
"You can turn off dereference lookups completely by setting the value to 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1377
+#: sssd-ldap.5.xml:1395
msgid ""
"A dereference lookup is a means of fetching all group members in a single "
"LDAP call. Different LDAP servers may implement different dereference "
@@ -4733,7 +5039,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1385
+#: sssd-ldap.5.xml:1403
msgid ""
"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
"filter, then the dereference lookup performance enhancement will be disabled "
@@ -4741,12 +5047,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1398
+#: sssd-ldap.5.xml:1416
msgid "ldap_tls_reqcert (string)"
msgstr "ldap_tls_reqcert (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1401
+#: sssd-ldap.5.xml:1419
msgid ""
"Specifies what checks to perform on server certificates in a TLS session, if "
"any. It can be specified as one of the following values:"
@@ -4755,7 +5061,7 @@ msgstr ""
"クするものを指定します。以下の値のうち 1 つを指定できます:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1407
+#: sssd-ldap.5.xml:1425
msgid ""
"<emphasis>never</emphasis> = The client will not request or check any server "
"certificate."
@@ -4764,7 +5070,7 @@ msgstr ""
"確認しません。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1411
+#: sssd-ldap.5.xml:1429
msgid ""
"<emphasis>allow</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -4775,7 +5081,7 @@ msgstr ""
"無視され、セッションが通常通り進められます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1418
+#: sssd-ldap.5.xml:1436
msgid ""
"<emphasis>try</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -4786,7 +5092,7 @@ msgstr ""
"ンが直ちに終了します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1424
+#: sssd-ldap.5.xml:1442
msgid ""
"<emphasis>demand</emphasis> = The server certificate is requested. If no "
"certificate is provided, or a bad certificate is provided, the session is "
@@ -4796,22 +5102,22 @@ msgstr ""
"なければ、もしくは不正な証明書が提供されれば、セッションが直ちに終了します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1430
+#: sssd-ldap.5.xml:1448
msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
msgstr "<emphasis>hard</emphasis> = <quote>demand</quote> と同じです"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1434
+#: sssd-ldap.5.xml:1452
msgid "Default: hard"
msgstr "初期値: hard"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1440
+#: sssd-ldap.5.xml:1458
msgid "ldap_tls_cacert (string)"
msgstr "ldap_tls_cacert (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1443
+#: sssd-ldap.5.xml:1461
msgid ""
"Specifies the file that contains certificates for all of the Certificate "
"Authorities that <command>sssd</command> will recognize."
@@ -4821,7 +5127,7 @@ msgstr ""
"書を含むファイルを指定します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1448 sssd-ldap.5.xml:1466 sssd-ldap.5.xml:1507
+#: sssd-ldap.5.xml:1466 sssd-ldap.5.xml:1484 sssd-ldap.5.xml:1525
msgid ""
"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
"conf</filename>"
@@ -4830,12 +5136,12 @@ msgstr ""
"filename> にあります"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1455
+#: sssd-ldap.5.xml:1473
msgid "ldap_tls_cacertdir (string)"
msgstr "ldap_tls_cacertdir (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1458
+#: sssd-ldap.5.xml:1476
msgid ""
"Specifies the path of a directory that contains Certificate Authority "
"certificates in separate individual files. Typically the file names need to "
@@ -4848,32 +5154,32 @@ msgstr ""
"ます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1473
+#: sssd-ldap.5.xml:1491
msgid "ldap_tls_cert (string)"
msgstr "ldap_tls_cert (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1476
+#: sssd-ldap.5.xml:1494
msgid "Specifies the file that contains the certificate for the client's key."
msgstr "クライアントのキーに対する証明書を含むファイルを指定します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1486
+#: sssd-ldap.5.xml:1504
msgid "ldap_tls_key (string)"
msgstr "ldap_tls_key (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1489
+#: sssd-ldap.5.xml:1507
msgid "Specifies the file that contains the client's key."
msgstr "クライアントのキーを含むファイルを指定します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1498
+#: sssd-ldap.5.xml:1516
msgid "ldap_tls_cipher_suite (string)"
msgstr "ldap_tls_cipher_suite (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1501
+#: sssd-ldap.5.xml:1519
msgid ""
"Specifies acceptable cipher suites. Typically this is a colon separated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -4881,12 +5187,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1514
+#: sssd-ldap.5.xml:1532
msgid "ldap_id_use_start_tls (boolean)"
msgstr "ldap_id_use_start_tls (論理値)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1517
+#: sssd-ldap.5.xml:1535
msgid ""
"Specifies that the id_provider connection must also use <systemitem class="
"\"protocol\">tls</systemitem> to protect the channel."
@@ -4895,12 +5201,12 @@ msgstr ""
"用する必要がある id_provider 接続を指定します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1527
+#: sssd-ldap.5.xml:1545
msgid "ldap_id_mapping (boolean)"
msgstr "ldap_id_mapping (論理値)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1530
+#: sssd-ldap.5.xml:1548
msgid ""
"Specifies that SSSD should attempt to map user and group IDs from the "
"ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
@@ -4908,18 +5214,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1536
+#: sssd-ldap.5.xml:1554
msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
msgstr ""
"この機能は現在 ActiveDirectory objectSID マッピングのみサポートします。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1546
+#: sssd-ldap.5.xml:1564
msgid "ldap_min_id, ldap_max_id (interger)"
msgstr "ldap_min_id, ldap_max_id (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1549
+#: sssd-ldap.5.xml:1567
msgid ""
"In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
"set to true the allowed ID range for ldap_user_uid_number and "
@@ -4930,17 +5236,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1561
+#: sssd-ldap.5.xml:1579
msgid "Default: not set (both options are set to 0)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1567
+#: sssd-ldap.5.xml:1585
msgid "ldap_sasl_mech (string)"
msgstr "ldap_sasl_mech (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1570
+#: sssd-ldap.5.xml:1588
msgid ""
"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
"supported."
@@ -4949,12 +5255,12 @@ msgstr ""
"れます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1580
+#: sssd-ldap.5.xml:1598
msgid "ldap_sasl_authid (string)"
msgstr "ldap_sasl_authid (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1583
+#: sssd-ldap.5.xml:1601
msgid ""
"Specify the SASL authorization id to use. When GSSAPI is used, this "
"represents the Kerberos principal used for authentication to the directory. "
@@ -4963,17 +5269,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1591
+#: sssd-ldap.5.xml:1609
msgid "Default: host/hostname@REALM"
msgstr "初期値: host/hostname@REALM"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1597
+#: sssd-ldap.5.xml:1615
msgid "ldap_sasl_realm (string)"
msgstr "ldap_sasl_realm (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1600
+#: sssd-ldap.5.xml:1618
msgid ""
"Specify the SASL realm to use. When not specified, this option defaults to "
"the value of krb5_realm. If the ldap_sasl_authid contains the realm as "
@@ -4981,17 +5287,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1606
+#: sssd-ldap.5.xml:1624
msgid "Default: the value of krb5_realm."
msgstr "初期値: krb5_realm の値"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1612
+#: sssd-ldap.5.xml:1630
msgid "ldap_sasl_canonicalize (boolean)"
msgstr "ldap_sasl_canonicalize (論理値)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1615
+#: sssd-ldap.5.xml:1633
msgid ""
"If set to true, the LDAP library would perform a reverse lookup to "
"canonicalize the host name during a SASL bind."
@@ -5000,33 +5306,33 @@ msgstr ""
"するために逆引きを実行します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1620
+#: sssd-ldap.5.xml:1638
msgid "Default: false;"
msgstr "初期値: false;"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1626
+#: sssd-ldap.5.xml:1644
msgid "ldap_krb5_keytab (string)"
msgstr "ldap_krb5_keytab (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1629
+#: sssd-ldap.5.xml:1647
msgid "Specify the keytab to use when using SASL/GSSAPI."
msgstr "SASL/GSSAPI を使用するときに使用するキーテーブルを指定します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1632
+#: sssd-ldap.5.xml:1650
msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
msgstr ""
"初期値: システムのキーテーブル、通常 <filename>/etc/krb5.keytab</filename>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1638
+#: sssd-ldap.5.xml:1656
msgid "ldap_krb5_init_creds (boolean)"
msgstr "ldap_krb5_init_creds (論理値)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1641
+#: sssd-ldap.5.xml:1659
msgid ""
"Specifies that the id_provider should init Kerberos credentials (TGT). This "
"action is performed only if SASL is used and the mechanism selected is "
@@ -5037,27 +5343,27 @@ msgstr ""
"ます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1653
+#: sssd-ldap.5.xml:1671
msgid "ldap_krb5_ticket_lifetime (integer)"
msgstr "ldap_krb5_ticket_lifetime (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1656
+#: sssd-ldap.5.xml:1674
msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr "GSSAPI が使用されている場合、TGT の有効期間を秒単位で指定します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1660 sssd-ad.5.xml:783
+#: sssd-ldap.5.xml:1678 sssd-ad.5.xml:859
msgid "Default: 86400 (24 hours)"
msgstr "初期値: 86400 (24 時間)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1666 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1684 sssd-krb5.5.xml:74
msgid "krb5_server, krb5_backup_server (string)"
msgstr "krb5_server, krb5_backup_server (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1669
+#: sssd-ldap.5.xml:1687
msgid ""
"Specifies the comma-separated list of IP addresses or hostnames of the "
"Kerberos servers to which SSSD should connect in the order of preference. "
@@ -5069,7 +5375,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1681 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1699 sssd-krb5.5.xml:89
msgid ""
"When using service discovery for KDC or kpasswd servers, SSSD first searches "
"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -5080,7 +5386,7 @@ msgstr ""
"ば _tcp にフォールバックします。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1686 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1704 sssd-krb5.5.xml:94
msgid ""
"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
"While the legacy name is recognized for the time being, users are advised to "
@@ -5091,27 +5397,27 @@ msgstr ""
"quote> を使用するよう設定ファイルを移行することが推奨されます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1695 sssd-ipa.5.xml:415 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1713 sssd-ipa.5.xml:415 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr "krb5_realm (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1698
+#: sssd-ldap.5.xml:1716
msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
msgstr "(SASL/GSSAPI 認証向け) Kerberos レルムを指定します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1701
+#: sssd-ldap.5.xml:1719
msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
msgstr "初期値: システムの初期値、<filename>/etc/krb5.conf</filename> 参照。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1707 sssd-ipa.5.xml:430 sssd-krb5.5.xml:462
+#: sssd-ldap.5.xml:1725 sssd-ipa.5.xml:430 sssd-krb5.5.xml:462
msgid "krb5_canonicalize (boolean)"
msgstr "krb5_canonicalize (論理値)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1710
+#: sssd-ldap.5.xml:1728
msgid ""
"Specifies if the host principal should be canonicalized when connecting to "
"LDAP server. This feature is available with MIT Kerberos >= 1.7"
@@ -5120,12 +5426,12 @@ msgstr ""
"します。この機能は MIT Kerberos >= 1.7 で利用可能です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1722 sssd-krb5.5.xml:477
+#: sssd-ldap.5.xml:1740 sssd-krb5.5.xml:477
msgid "krb5_use_kdcinfo (boolean)"
msgstr "krb5_use_kdcinfo (論理値)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1725 sssd-krb5.5.xml:480
+#: sssd-ldap.5.xml:1743 sssd-krb5.5.xml:480
msgid ""
"Specifies if the SSSD should instruct the Kerberos libraries what realm and "
"which KDCs to use. This option is on by default, if you disable it, you need "
@@ -5135,7 +5441,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1736 sssd-krb5.5.xml:491
+#: sssd-ldap.5.xml:1754 sssd-krb5.5.xml:491
msgid ""
"See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
@@ -5146,12 +5452,12 @@ msgstr ""
"manvolnum> </citerefentry> マニュアルページを参照ください。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1750
+#: sssd-ldap.5.xml:1768
msgid "ldap_pwd_policy (string)"
msgstr "ldap_pwd_policy (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1753
+#: sssd-ldap.5.xml:1771
msgid ""
"Select the policy to evaluate the password expiration on the client side. "
"The following values are allowed:"
@@ -5160,7 +5466,7 @@ msgstr ""
"す。以下の値が許容されます:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1758
+#: sssd-ldap.5.xml:1776
msgid ""
"<emphasis>none</emphasis> - No evaluation on the client side. This option "
"cannot disable server-side password policies."
@@ -5169,7 +5475,7 @@ msgstr ""
"ンはサーバー側のパスワードポリシーを無効にできません。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1763
+#: sssd-ldap.5.xml:1781
msgid ""
"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -5180,7 +5486,7 @@ msgstr ""
"manvolnum></citerefentry> 形式の属性を使用します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1769
+#: sssd-ldap.5.xml:1787
msgid ""
"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
"to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -5191,24 +5497,24 @@ msgstr ""
"とき、これらの属性を更新するために chpass_provider=krb5 を使用します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1778
+#: sssd-ldap.5.xml:1796
msgid ""
"<emphasis>Note</emphasis>: if a password policy is configured on server "
"side, it always takes precedence over policy set with this option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1786
+#: sssd-ldap.5.xml:1804
msgid "ldap_referrals (boolean)"
msgstr "ldap_referrals (論理値)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1789
+#: sssd-ldap.5.xml:1807
msgid "Specifies whether automatic referral chasing should be enabled."
msgstr "自動参照追跡が有効化されるかを指定します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1793
+#: sssd-ldap.5.xml:1811
msgid ""
"Please note that sssd only supports referral chasing when it is compiled "
"with OpenLDAP version 2.4.13 or higher."
@@ -5217,7 +5523,7 @@ msgstr ""
"sssd のみが参照追跡をサポートすることに注意してください。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1798
+#: sssd-ldap.5.xml:1816
msgid ""
"Chasing referrals may incur a performance penalty in environments that use "
"them heavily, a notable example is Microsoft Active Directory. If your setup "
@@ -5226,28 +5532,28 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1812
+#: sssd-ldap.5.xml:1830
msgid "ldap_dns_service_name (string)"
msgstr "ldap_dns_service_name (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1815
+#: sssd-ldap.5.xml:1833
msgid "Specifies the service name to use when service discovery is enabled."
msgstr ""
"サービス検索が有効にされているときに使用するサービスの名前を指定します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1819
+#: sssd-ldap.5.xml:1837
msgid "Default: ldap"
msgstr "初期値: ldap"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1825
+#: sssd-ldap.5.xml:1843
msgid "ldap_chpass_dns_service_name (string)"
msgstr "ldap_chpass_dns_service_name (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1828
+#: sssd-ldap.5.xml:1846
msgid ""
"Specifies the service name to use to find an LDAP server which allows "
"password changes when service discovery is enabled."
@@ -5256,29 +5562,29 @@ msgstr ""
"を検索するために使用するサービスの名前を指定します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1833
+#: sssd-ldap.5.xml:1851
msgid "Default: not set, i.e. service discovery is disabled"
msgstr "初期値: 設定されていません、つまりサービス検索が無効にされています"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1839
+#: sssd-ldap.5.xml:1857
msgid "ldap_chpass_update_last_change (bool)"
msgstr "ldap_chpass_update_last_change (論理値)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1842
+#: sssd-ldap.5.xml:1860
msgid ""
"Specifies whether to update the ldap_user_shadow_last_change attribute with "
"days since the Epoch after a password change operation."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1854
+#: sssd-ldap.5.xml:1872
msgid "ldap_access_filter (string)"
msgstr "ldap_access_filter (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1857
+#: sssd-ldap.5.xml:1875
msgid ""
"If using access_provider = ldap and ldap_access_order = filter (default), "
"this option is mandatory. It specifies an LDAP search filter criteria that "
@@ -5294,12 +5600,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1877
+#: sssd-ldap.5.xml:1895
msgid "Example:"
msgstr "例:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1880
+#: sssd-ldap.5.xml:1898
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -5308,14 +5614,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1884
+#: sssd-ldap.5.xml:1902
msgid ""
"This example means that access to this host is restricted to users whose "
"employeeType attribute is set to \"admin\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1889
+#: sssd-ldap.5.xml:1907
msgid ""
"Offline caching for this feature is limited to determining whether the "
"user's last online login was granted access permission. If they were granted "
@@ -5328,17 +5634,17 @@ msgstr ""
"た同様です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1897 sssd-ldap.5.xml:1954
+#: sssd-ldap.5.xml:1915 sssd-ldap.5.xml:1972
msgid "Default: Empty"
msgstr "初期値: 空白"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1903
+#: sssd-ldap.5.xml:1921
msgid "ldap_account_expire_policy (string)"
msgstr "ldap_account_expire_policy (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1906
+#: sssd-ldap.5.xml:1924
msgid ""
"With this option a client side evaluation of access control attributes can "
"be enabled."
@@ -5347,7 +5653,7 @@ msgstr ""
"ます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1910
+#: sssd-ldap.5.xml:1928
msgid ""
"Please note that it is always recommended to use server side access control, "
"i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -5358,12 +5664,12 @@ msgstr ""
"否します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1917
+#: sssd-ldap.5.xml:1935
msgid "The following values are allowed:"
msgstr "以下の値が許可されます:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1920
+#: sssd-ldap.5.xml:1938
msgid ""
"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
"determine if the account is expired."
@@ -5372,7 +5678,7 @@ msgstr ""
"ldap_user_shadow_expire の値を使用します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1925
+#: sssd-ldap.5.xml:1943
msgid ""
"<emphasis>ad</emphasis>: use the value of the 32bit field "
"ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -5381,7 +5687,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1932
+#: sssd-ldap.5.xml:1950
msgid ""
"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
"emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -5392,7 +5698,7 @@ msgstr ""
"ldap_ns_account_lock の値を使用します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1938
+#: sssd-ldap.5.xml:1956
msgid ""
"<emphasis>nds</emphasis>: the values of "
"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -5405,7 +5711,7 @@ msgstr ""
"クセスが許可されます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1947
+#: sssd-ldap.5.xml:1965
msgid ""
"Please note that the ldap_access_order configuration option <emphasis>must</"
"emphasis> include <quote>expire</quote> in order for the "
@@ -5413,23 +5719,23 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1960
+#: sssd-ldap.5.xml:1978
msgid "ldap_access_order (string)"
msgstr "ldap_access_order (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1963
+#: sssd-ldap.5.xml:1981
msgid "Comma separated list of access control options. Allowed values are:"
msgstr ""
"アクセス制御オプションのカンマ区切り一覧です。許可される値は次のとおりです:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1967
+#: sssd-ldap.5.xml:1985
msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
msgstr "<emphasis>filter</emphasis>: ldap_access_filter を使用します"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1970
+#: sssd-ldap.5.xml:1988
msgid ""
"<emphasis>lockout</emphasis>: use account locking. If set, this option "
"denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -5439,14 +5745,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1980
+#: sssd-ldap.5.xml:1998
msgid ""
"<emphasis> Please note that this option is superseded by the <quote>ppolicy</"
"quote> option and might be removed in a future release. </emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1987
+#: sssd-ldap.5.xml:2005
msgid ""
"<emphasis>ppolicy</emphasis>: use account locking. If set, this option "
"denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -5459,12 +5765,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2004
+#: sssd-ldap.5.xml:2022
msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
msgstr "<emphasis>expire</emphasis>: ldap_account_expire_policy を使用します"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2008
+#: sssd-ldap.5.xml:2026
msgid ""
"<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, "
"pwd_expire_policy_renew: </emphasis> These options are useful if users are "
@@ -5474,7 +5780,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2018
+#: sssd-ldap.5.xml:2036
msgid ""
"The difference between these options is the action taken if user password is "
"expired: pwd_expire_policy_reject - user is denied to log in, "
@@ -5484,20 +5790,20 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2026
+#: sssd-ldap.5.xml:2044
msgid ""
"Note If user password is expired no explicit message is prompted by SSSD."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2030
+#: sssd-ldap.5.xml:2048
msgid ""
"Please note that 'access_provider = ldap' must be set for this feature to "
"work. Also 'ldap_pwd_policy' must be set to an appropriate password policy."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2035
+#: sssd-ldap.5.xml:2053
msgid ""
"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
"to determine access"
@@ -5506,30 +5812,30 @@ msgstr ""
"authorizedService 属性を使用します"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2040
+#: sssd-ldap.5.xml:2058
msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
msgstr ""
"<emphasis>host</emphasis>: アクセス権を決めるために host 属性を使用します"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2044
+#: sssd-ldap.5.xml:2062
msgid "Default: filter"
msgstr "初期値: filter"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2047
+#: sssd-ldap.5.xml:2065
msgid ""
"Please note that it is a configuration error if a value is used more than "
"once."
msgstr "値が複数使用されていると設定エラーになることに注意してください。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2054
+#: sssd-ldap.5.xml:2072
msgid "ldap_pwdlockout_dn (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2057
+#: sssd-ldap.5.xml:2075
msgid ""
"This option specifies the DN of password policy entry on LDAP server. Please "
"note that absence of this option in sssd.conf in case of enabled account "
@@ -5538,22 +5844,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2065
+#: sssd-ldap.5.xml:2083
msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2068
+#: sssd-ldap.5.xml:2086
msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2074
+#: sssd-ldap.5.xml:2092
msgid "ldap_deref (string)"
msgstr "ldap_deref (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2077
+#: sssd-ldap.5.xml:2095
msgid ""
"Specifies how alias dereferencing is done when performing a search. The "
"following options are allowed:"
@@ -5562,12 +5868,12 @@ msgstr ""
"ションが許容されます:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2082
+#: sssd-ldap.5.xml:2100
msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
msgstr "<emphasis>never</emphasis>: エイリアスが参照解決されません。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2086
+#: sssd-ldap.5.xml:2104
msgid ""
"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
"the base object, but not in locating the base object of the search."
@@ -5576,7 +5882,7 @@ msgstr ""
"決されますが、検索のベースオブジェクトの位置を探すときはされません。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2091
+#: sssd-ldap.5.xml:2109
msgid ""
"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
"the base object of the search."
@@ -5585,7 +5891,7 @@ msgstr ""
"すときのみ参照解決されます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2096
+#: sssd-ldap.5.xml:2114
msgid ""
"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
"in locating the base object of the search."
@@ -5594,7 +5900,7 @@ msgstr ""
"きも位置を検索するときも参照解決されます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2101
+#: sssd-ldap.5.xml:2119
msgid ""
"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
"client libraries)"
@@ -5603,19 +5909,19 @@ msgstr ""
"して取り扱われます)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2109
+#: sssd-ldap.5.xml:2127
msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
msgstr "ldap_rfc2307_fallback_to_local_users (論理値)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2112
+#: sssd-ldap.5.xml:2130
msgid ""
"Allows to retain local users as members of an LDAP group for servers that "
"use the RFC2307 schema."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2116
+#: sssd-ldap.5.xml:2134
msgid ""
"In some environments where the RFC2307 schema is used, local users are made "
"members of LDAP groups by adding their names to the memberUid attribute. "
@@ -5626,7 +5932,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2127
+#: sssd-ldap.5.xml:2145
msgid ""
"This option falls back to checking if local users are referenced, and caches "
"them so that later initgroups() calls will augment the local users with the "
@@ -5634,26 +5940,26 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2139 sssd-ifp.5.xml:136
+#: sssd-ldap.5.xml:2157 sssd-ifp.5.xml:136
#, fuzzy
#| msgid "ldap_opt_timeout (integer)"
msgid "wildcart_limit (integer)"
msgstr "ldap_opt_timeout (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2142
+#: sssd-ldap.5.xml:2160
msgid ""
"Specifies an upper limit on the number of entries that are downloaded during "
"a wildcard lookup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2146
+#: sssd-ldap.5.xml:2164
msgid "At the moment, only the InfoPipe responder supports wildcard lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2150
+#: sssd-ldap.5.xml:2168
msgid "Default: 1000 (often the size of one page)"
msgstr ""
@@ -5673,12 +5979,12 @@ msgstr ""
"\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2160
+#: sssd-ldap.5.xml:2178
msgid "SUDO OPTIONS"
msgstr "SUDO オプション"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2162
+#: sssd-ldap.5.xml:2180
msgid ""
"The detailed instructions for configuration of sudo_provider are in the "
"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -5686,52 +5992,52 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2173
+#: sssd-ldap.5.xml:2191
msgid "ldap_sudorule_object_class (string)"
msgstr "ldap_sudorule_object_class (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2176
+#: sssd-ldap.5.xml:2194
msgid "The object class of a sudo rule entry in LDAP."
msgstr "LDAP にある sudo ルールエントリーのオブジェクトクラスです。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2179
+#: sssd-ldap.5.xml:2197
msgid "Default: sudoRole"
msgstr "初期値: sudoRole"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2185
+#: sssd-ldap.5.xml:2203
msgid "ldap_sudorule_name (string)"
msgstr "ldap_sudorule_name (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2188
+#: sssd-ldap.5.xml:2206
msgid "The LDAP attribute that corresponds to the sudo rule name."
msgstr "sudo ルール名に対応する LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2198
+#: sssd-ldap.5.xml:2216
msgid "ldap_sudorule_command (string)"
msgstr "ldap_sudorule_command (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2201
+#: sssd-ldap.5.xml:2219
msgid "The LDAP attribute that corresponds to the command name."
msgstr "コマンド名に対応する LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2205
+#: sssd-ldap.5.xml:2223
msgid "Default: sudoCommand"
msgstr "初期値: sudoCommand"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2211
+#: sssd-ldap.5.xml:2229
msgid "ldap_sudorule_host (string)"
msgstr "ldap_sudorule_host (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2214
+#: sssd-ldap.5.xml:2232
msgid ""
"The LDAP attribute that corresponds to the host name (or host IP address, "
"host IP network, or host netgroup)"
@@ -5740,17 +6046,17 @@ msgstr ""
"クグループ)に対応する LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2219
+#: sssd-ldap.5.xml:2237
msgid "Default: sudoHost"
msgstr "初期値: sudoHost"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2225
+#: sssd-ldap.5.xml:2243
msgid "ldap_sudorule_user (string)"
msgstr "ldap_sudorule_user (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2228
+#: sssd-ldap.5.xml:2246
msgid ""
"The LDAP attribute that corresponds to the user name (or UID, group name or "
"user's netgroup)"
@@ -5759,49 +6065,49 @@ msgstr ""
"る LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2232
+#: sssd-ldap.5.xml:2250
msgid "Default: sudoUser"
msgstr "初期値: sudoUser"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2238
+#: sssd-ldap.5.xml:2256
msgid "ldap_sudorule_option (string)"
msgstr "ldap_sudorule_option (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2241
+#: sssd-ldap.5.xml:2259
msgid "The LDAP attribute that corresponds to the sudo options."
msgstr "sudo オプションに対応する LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2245
+#: sssd-ldap.5.xml:2263
msgid "Default: sudoOption"
msgstr "初期値: sudoOption"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2251
+#: sssd-ldap.5.xml:2269
msgid "ldap_sudorule_runasuser (string)"
msgstr "ldap_sudorule_runasuser (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2254
+#: sssd-ldap.5.xml:2272
msgid ""
"The LDAP attribute that corresponds to the user name that commands may be "
"run as."
msgstr "コマンドを実行するユーザー名に対応する LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2258
+#: sssd-ldap.5.xml:2276
msgid "Default: sudoRunAsUser"
msgstr "初期値: sudoRunAsUser"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2264
+#: sssd-ldap.5.xml:2282
msgid "ldap_sudorule_runasgroup (string)"
msgstr "ldap_sudorule_runasgroup (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2267
+#: sssd-ldap.5.xml:2285
msgid ""
"The LDAP attribute that corresponds to the group name or group GID that "
"commands may be run as."
@@ -5809,34 +6115,34 @@ msgstr ""
"コマンドを実行するグループ名またはグループの GID に対応する LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2271
+#: sssd-ldap.5.xml:2289
msgid "Default: sudoRunAsGroup"
msgstr "初期値: sudoRunAsGroup"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2277
+#: sssd-ldap.5.xml:2295
msgid "ldap_sudorule_notbefore (string)"
msgstr "ldap_sudorule_notbefore (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2280
+#: sssd-ldap.5.xml:2298
msgid ""
"The LDAP attribute that corresponds to the start date/time for when the sudo "
"rule is valid."
msgstr "sudo ルールが有効になる開始日時に対応する LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2284
+#: sssd-ldap.5.xml:2302
msgid "Default: sudoNotBefore"
msgstr "初期値: sudoNotBefore"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2290
+#: sssd-ldap.5.xml:2308
msgid "ldap_sudorule_notafter (string)"
msgstr "ldap_sudorule_notafter (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2293
+#: sssd-ldap.5.xml:2311
msgid ""
"The LDAP attribute that corresponds to the expiration date/time, after which "
"the sudo rule will no longer be valid."
@@ -5845,39 +6151,39 @@ msgstr ""
"す。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2298
+#: sssd-ldap.5.xml:2316
msgid "Default: sudoNotAfter"
msgstr "初期値: sudoNotAfter"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2304
+#: sssd-ldap.5.xml:2322
msgid "ldap_sudorule_order (string)"
msgstr "ldap_sudorule_order (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2307
+#: sssd-ldap.5.xml:2325
msgid "The LDAP attribute that corresponds to the ordering index of the rule."
msgstr "ルールの並び替えインデックスに対応する LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2311
+#: sssd-ldap.5.xml:2329
msgid "Default: sudoOrder"
msgstr "初期値: sudoOrder"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2317
+#: sssd-ldap.5.xml:2335
msgid "ldap_sudo_full_refresh_interval (integer)"
msgstr "ldap_sudo_full_refresh_interval (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2320
+#: sssd-ldap.5.xml:2338
msgid ""
"How many seconds SSSD will wait between executing a full refresh of sudo "
"rules (which downloads all rules that are stored on the server)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2325
+#: sssd-ldap.5.xml:2343
msgid ""
"The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
"emphasis>"
@@ -5886,17 +6192,17 @@ msgstr ""
"ります"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2330
+#: sssd-ldap.5.xml:2348
msgid "Default: 21600 (6 hours)"
msgstr "初期値: 21600 (6 時間)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2336
+#: sssd-ldap.5.xml:2354
msgid "ldap_sudo_smart_refresh_interval (integer)"
msgstr "ldap_sudo_smart_refresh_interval (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2339
+#: sssd-ldap.5.xml:2357
msgid ""
"How many seconds SSSD has to wait before executing a smart refresh of sudo "
"rules (which downloads all rules that have USN higher than the highest USN "
@@ -5904,31 +6210,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2345
+#: sssd-ldap.5.xml:2363
msgid ""
"If USN attributes are not supported by the server, the modifyTimestamp "
"attribute is used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2355
+#: sssd-ldap.5.xml:2373
msgid "ldap_sudo_use_host_filter (boolean)"
msgstr "ldap_sudo_use_host_filter (論理値)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2358
+#: sssd-ldap.5.xml:2376
msgid ""
"If true, SSSD will download only rules that are applicable to this machine "
"(using the IPv4 or IPv6 host/network addresses and hostnames)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2369
+#: sssd-ldap.5.xml:2387
msgid "ldap_sudo_hostnames (string)"
msgstr "ldap_sudo_hostnames (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2372
+#: sssd-ldap.5.xml:2390
msgid ""
"Space separated list of hostnames or fully qualified domain names that "
"should be used to filter the rules."
@@ -5937,15 +6243,15 @@ msgstr ""
"区切り一覧です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2377
+#: sssd-ldap.5.xml:2395
msgid ""
"If this option is empty, SSSD will try to discover the hostname and the "
"fully qualified domain name automatically."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2382 sssd-ldap.5.xml:2405 sssd-ldap.5.xml:2423
-#: sssd-ldap.5.xml:2441
+#: sssd-ldap.5.xml:2400 sssd-ldap.5.xml:2423 sssd-ldap.5.xml:2441
+#: sssd-ldap.5.xml:2459
msgid ""
"If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
"emphasis> then this option has no effect."
@@ -5954,17 +6260,17 @@ msgstr ""
"ならば、このオプションは効果を持ちません。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2387 sssd-ldap.5.xml:2410
+#: sssd-ldap.5.xml:2405 sssd-ldap.5.xml:2428
msgid "Default: not specified"
msgstr "初期値: 指定なし"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2393
+#: sssd-ldap.5.xml:2411
msgid "ldap_sudo_ip (string)"
msgstr "ldap_sudo_ip (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2396
+#: sssd-ldap.5.xml:2414
msgid ""
"Space separated list of IPv4 or IPv6 host/network addresses that should be "
"used to filter the rules."
@@ -5973,7 +6279,7 @@ msgstr ""
"アドレスの空白区切り一覧です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2401
+#: sssd-ldap.5.xml:2419
msgid ""
"If this option is empty, SSSD will try to discover the addresses "
"automatically."
@@ -5981,31 +6287,31 @@ msgstr ""
"このオプションが空白ならば、SSSD は自動的にアドレスを検索しようとします。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2416
+#: sssd-ldap.5.xml:2434
msgid "ldap_sudo_include_netgroups (boolean)"
msgstr "ldap_sudo_include_netgroups (論理値)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2419
+#: sssd-ldap.5.xml:2437
msgid ""
"If true then SSSD will download every rule that contains a netgroup in "
"sudoHost attribute."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2434
+#: sssd-ldap.5.xml:2452
msgid "ldap_sudo_include_regexp (boolean)"
msgstr "ldap_sudo_include_regexp (論理値)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2437
+#: sssd-ldap.5.xml:2455
msgid ""
"If true then SSSD will download every rule that contains a wildcard in "
"sudoHost attribute."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2453
+#: sssd-ldap.5.xml:2471
msgid ""
"This manual page only describes attribute name mapping. For detailed "
"explanation of sudo related attribute semantics, see <citerefentry> "
@@ -6017,71 +6323,71 @@ msgstr ""
"refentrytitle><manvolnum>5</manvolnum> </citerefentry> を参照してください"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2463
+#: sssd-ldap.5.xml:2481
msgid "AUTOFS OPTIONS"
msgstr "AUTOFS オプション"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2465
+#: sssd-ldap.5.xml:2483
msgid ""
"Some of the defaults for the parameters below are dependent on the LDAP "
"schema."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2471
+#: sssd-ldap.5.xml:2489
msgid "ldap_autofs_map_master_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2474
+#: sssd-ldap.5.xml:2492
msgid "The name of the automount master map in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2477
+#: sssd-ldap.5.xml:2495
msgid "Default: auto.master"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2484
+#: sssd-ldap.5.xml:2502
msgid "ldap_autofs_map_object_class (string)"
msgstr "ldap_autofs_map_object_class (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2487
+#: sssd-ldap.5.xml:2505
msgid "The object class of an automount map entry in LDAP."
msgstr "LDAP にある automount マップエントリーのオブジェクトクラスです。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2490
+#: sssd-ldap.5.xml:2508
msgid "Default: automountMap"
msgstr "初期値: automountMap"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2497
+#: sssd-ldap.5.xml:2515
msgid "ldap_autofs_map_name (string)"
msgstr "ldap_autofs_map_name (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2500
+#: sssd-ldap.5.xml:2518
msgid "The name of an automount map entry in LDAP."
msgstr "LDAP における automount のマップエントリーの名前です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2503
+#: sssd-ldap.5.xml:2521
#, fuzzy
#| msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
msgid "Default: ou (rfc2307), automountMapName (rfc2307bis, ipa, ad)"
msgstr "初期値: memberuid (rfc2307) / member (rfc2307bis)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2511
+#: sssd-ldap.5.xml:2529
msgid "ldap_autofs_entry_object_class (string)"
msgstr "ldap_autofs_entry_object_class (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2514
+#: sssd-ldap.5.xml:2532
#, fuzzy
#| msgid ""
#| "The key of an automount entry in LDAP. The entry usually corresponds to a "
@@ -6094,19 +6400,19 @@ msgstr ""
"ントと対応します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2519
+#: sssd-ldap.5.xml:2537
#, fuzzy
#| msgid "Default: automountMap"
msgid "Default: automount"
msgstr "初期値: automountMap"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2526
+#: sssd-ldap.5.xml:2544
msgid "ldap_autofs_entry_key (string)"
msgstr "ldap_autofs_entry_key (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2529 sssd-ldap.5.xml:2544
+#: sssd-ldap.5.xml:2547 sssd-ldap.5.xml:2562
msgid ""
"The key of an automount entry in LDAP. The entry usually corresponds to a "
"mount point."
@@ -6115,24 +6421,24 @@ msgstr ""
"ントと対応します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2533
+#: sssd-ldap.5.xml:2551
#, fuzzy
#| msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
msgid "Default: cn (rfc2307), automountKey (rfc2307bis, ipa, ad)"
msgstr "初期値: memberuid (rfc2307) / member (rfc2307bis)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2541
+#: sssd-ldap.5.xml:2559
msgid "ldap_autofs_entry_value (string)"
msgstr "ldap_autofs_entry_value (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2548
+#: sssd-ldap.5.xml:2566
msgid "Default: automountInformation"
msgstr "初期値: automountInformation"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2469
+#: sssd-ldap.5.xml:2487
msgid ""
"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
@@ -6141,32 +6447,32 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2558
+#: sssd-ldap.5.xml:2576
msgid "ADVANCED OPTIONS"
msgstr "高度なオプション"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2565
+#: sssd-ldap.5.xml:2583
msgid "ldap_netgroup_search_base (string)"
msgstr "ldap_netgroup_search_base (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2570
+#: sssd-ldap.5.xml:2588
msgid "ldap_user_search_base (string)"
msgstr "ldap_user_search_base (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2575
+#: sssd-ldap.5.xml:2593
msgid "ldap_group_search_base (string)"
msgstr "ldap_group_search_base (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><note>
-#: sssd-ldap.5.xml:2580
+#: sssd-ldap.5.xml:2598
msgid "<note>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para>
-#: sssd-ldap.5.xml:2582
+#: sssd-ldap.5.xml:2600
msgid ""
"If the option <quote>ldap_use_tokengroups</quote> is enabled. The searches "
"against Active Directory will not be restricted and return all groups "
@@ -6175,22 +6481,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist>
-#: sssd-ldap.5.xml:2589
+#: sssd-ldap.5.xml:2607
msgid "</note>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2591
+#: sssd-ldap.5.xml:2609
msgid "ldap_sudo_search_base (string)"
msgstr "ldap_sudo_search_base (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2596
+#: sssd-ldap.5.xml:2614
msgid "ldap_autofs_search_base (string)"
msgstr "ldap_autofs_search_base (文字列)"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2560
+#: sssd-ldap.5.xml:2578
msgid ""
"These options are supported by LDAP domains, but they should be used with "
"caution. Please include them in your configuration only if you know what you "
@@ -6199,7 +6505,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2613
+#: sssd-ldap.5.xml:2631
msgid ""
"The following example assumes that SSSD is correctly configured and LDAP is "
"set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -6210,7 +6516,7 @@ msgstr ""
"す。"
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2619
+#: sssd-ldap.5.xml:2637
#, no-wrap
msgid ""
"[domain/LDAP]\n"
@@ -6223,26 +6529,26 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: sssd-ldap.5.xml:2618 sssd-ldap.5.xml:2636 sssd-simple.5.xml:139
-#: sssd-ipa.5.xml:725 sssd-ad.5.xml:897 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98
+#: sssd-ldap.5.xml:2636 sssd-ldap.5.xml:2654 sssd-simple.5.xml:139
+#: sssd-ipa.5.xml:725 sssd-ad.5.xml:973 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98
#: sssd-krb5.5.xml:573 include/ldap_id_mapping.xml:105
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr "<placeholder type=\"programlisting\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2630
+#: sssd-ldap.5.xml:2648
msgid "LDAP ACCESS FILTER EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2632
+#: sssd-ldap.5.xml:2650
msgid ""
"The following example assumes that SSSD is correctly configured and to use "
"the ldap_access_order=lockout."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2637
+#: sssd-ldap.5.xml:2655
#, no-wrap
msgid ""
"[domain/LDAP]\n"
@@ -6258,13 +6564,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2652 sssd_krb5_locator_plugin.8.xml:61
-#: sssd-simple.5.xml:148 sssd-ad.5.xml:912 sssd.8.xml:195 sss_seed.8.xml:163
+#: sssd-ldap.5.xml:2670 sssd_krb5_locator_plugin.8.xml:61
+#: sssd-simple.5.xml:148 sssd-ad.5.xml:988 sssd.8.xml:195 sss_seed.8.xml:163
msgid "NOTES"
msgstr "注記"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2654
+#: sssd-ldap.5.xml:2672
msgid ""
"The descriptions of some of the configuration options in this manual page "
"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -6305,11 +6611,12 @@ msgid ""
"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </"
"arg> <arg choice='opt'> <replaceable>ignore_unknown_user</replaceable> </"
"arg> <arg choice='opt'> <replaceable>ignore_authinfo_unavail</replaceable> </"
-"arg> <arg choice='opt'> <replaceable>domains=X</replaceable> </arg>"
+"arg> <arg choice='opt'> <replaceable>domains=X</replaceable> </arg> <arg "
+"choice='opt'> <replaceable>allow_missing_name</replaceable> </arg>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:54
+#: pam_sss.8.xml:57
msgid ""
"<command>pam_sss.so</command> is the PAM interface to the System Security "
"Services daemon (SSSD). Errors and results are logged through "
@@ -6320,22 +6627,22 @@ msgstr ""
"て LOG_AUTHPRIV ファシリティでログ記録されます。"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:64
+#: pam_sss.8.xml:67
msgid "<option>quiet</option>"
msgstr "<option>quiet</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:67
+#: pam_sss.8.xml:70
msgid "Suppress log messages for unknown users."
msgstr "不明なユーザーのログメッセージを抑制します。"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:72
+#: pam_sss.8.xml:75
msgid "<option>forward_pass</option>"
msgstr "<option>forward_pass</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:75
+#: pam_sss.8.xml:78
msgid ""
"If <option>forward_pass</option> is set the entered password is put on the "
"stack for other PAM modules to use."
@@ -6344,12 +6651,12 @@ msgstr ""
"るために、入力されたパスワードがスタックに置かれます。"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:82
+#: pam_sss.8.xml:85
msgid "<option>use_first_pass</option>"
msgstr "<option>use_first_pass</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:85
+#: pam_sss.8.xml:88
msgid ""
"The argument use_first_pass forces the module to use a previous stacked "
"modules password and will never prompt the user - if no password is "
@@ -6360,12 +6667,12 @@ msgstr ""
"い、またはパスワードが適切でなければ、ユーザーがアクセスを拒否されます。"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:93
+#: pam_sss.8.xml:96
msgid "<option>use_authtok</option>"
msgstr "<option>use_authtok</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:96
+#: pam_sss.8.xml:99
msgid ""
"When password changing enforce the module to set the new password to the one "
"provided by a previously stacked password module."
@@ -6374,12 +6681,12 @@ msgstr ""
"クされたパスワードモジュールに設定します。"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:103
+#: pam_sss.8.xml:106
msgid "<option>retry=N</option>"
msgstr "<option>retry=N</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:106
+#: pam_sss.8.xml:109
msgid ""
"If specified the user is asked another N times for a password if "
"authentication fails. Default is 0."
@@ -6388,7 +6695,7 @@ msgstr ""
"せます。初期値は 0 です。"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:108
+#: pam_sss.8.xml:111
msgid ""
"Please note that this option might not work as expected if the application "
"calling PAM handles the user dialog on its own. A typical example is "
@@ -6400,36 +6707,36 @@ msgstr ""
"す。"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:117
+#: pam_sss.8.xml:120
msgid "<option>ignore_unknown_user</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:120
+#: pam_sss.8.xml:123
msgid ""
"If this option is specified and the user does not exist, the PAM module will "
"return PAM_IGNORE. This causes the PAM framework to ignore this module."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:127
+#: pam_sss.8.xml:130
msgid "<option>ignore_authinfo_unavail</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:131
+#: pam_sss.8.xml:134
msgid ""
"Specifies that the PAM module should return PAM_IGNORE if it cannot contact "
"the SSSD daemon. This causes the PAM framework to ignore this module."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:138
+#: pam_sss.8.xml:141
msgid "<option>domains</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:142
+#: pam_sss.8.xml:145
msgid ""
"Allows the administrator to restrict the domains a particular PAM service is "
"allowed to authenticate against. The format is a comma-separated list of "
@@ -6437,7 +6744,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:148
+#: pam_sss.8.xml:151
msgid ""
"NOTE: Must be used in conjunction with the <quote>pam_trusted_users</quote> "
"and <quote>pam_public_domains</quote> options. Please see the "
@@ -6446,13 +6753,46 @@ msgid ""
"responder options."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:165
+#, fuzzy
+#| msgid "<option>forward_pass</option>"
+msgid "<option>allow_missing_name</option>"
+msgstr "<option>forward_pass</option>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:169
+msgid ""
+"The main purpose of this option is to let SSSD determine the user name based "
+"on additional information, e.g. the certificate from a Smartcard."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
+#: pam_sss.8.xml:179
+#, no-wrap
+msgid ""
+" auth sufficient pam_sss.so allow_missing_name\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:174
+msgid ""
+"The current use case are login managers which can monitor a Smartcard reader "
+"for card events. In case a Smartcard is inserted the login manager will call "
+"a PAM stack which includes a line like <placeholder type=\"programlisting\" "
+"id=\"0\"/> In this case SSSD will try to determine the user name based on "
+"the content of the Smartcard, returns it to pam_sss which will finally put "
+"it on the PAM stack."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:164
+#: pam_sss.8.xml:191
msgid "MODULE TYPES PROVIDED"
msgstr "提供されるモジュール形式"
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:165
+#: pam_sss.8.xml:192
msgid ""
"All module types (<option>account</option>, <option>auth</option>, "
"<option>password</option> and <option>session</option>) are provided."
@@ -6461,12 +6801,12 @@ msgstr ""
"<option>password</option> および <option>session</option>) が提供されます。"
#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:171
+#: pam_sss.8.xml:198
msgid "FILES"
msgstr "ファイル"
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:172
+#: pam_sss.8.xml:199
msgid ""
"If a password reset by root fails, because the corresponding SSSD provider "
"does not support password resets, an individual message can be displayed. "
@@ -6477,7 +6817,7 @@ msgstr ""
"ば、このメッセージはパスワードをリセットする方法に関する説明があります。"
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:177
+#: pam_sss.8.xml:204
msgid ""
"The message is read from the file <filename>pam_sss_pw_reset_message.LOC</"
"filename> where LOC stands for a locale string returned by <citerefentry> "
@@ -6489,7 +6829,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:187
+#: pam_sss.8.xml:214
msgid ""
"These files are searched in the directory <filename>/etc/sssd/customize/"
"DOMAIN_NAME/</filename>. If no matching file is present a generic message is "
@@ -6681,7 +7021,7 @@ msgstr ""
"ンの中のグループのみに適用されます。ローカルグループは評価されません。"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:89
+#: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:90
msgid ""
"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -6862,7 +7202,7 @@ msgstr ""
"使用される完全修飾名を反映しないマシンにおいて設定されます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:116 sssd-ad.5.xml:714
+#: sssd-ipa.5.xml:116 sssd-ad.5.xml:790
msgid "dyndns_update (boolean)"
msgstr "dyndns_update (論理値)"
@@ -6870,14 +7210,14 @@ msgstr "dyndns_update (論理値)"
#: sssd-ipa.5.xml:119
msgid ""
"Optional. This option tells SSSD to automatically update the DNS server "
-"built into FreeIPA v2 with the IP address of this client. The update is "
-"secured using GSS-TSIG. The IP address of the IPA LDAP connection is used "
-"for the updates, if it is not otherwise specified by using the "
-"<quote>dyndns_iface</quote> option."
+"built into FreeIPA with the IP address of this client. The update is secured "
+"using GSS-TSIG. The IP address of the IPA LDAP connection is used for the "
+"updates, if it is not otherwise specified by using the <quote>dyndns_iface</"
+"quote> option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:128 sssd-ad.5.xml:728
+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:804
msgid ""
"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
"the default Kerberos realm must be set properly in /etc/krb5.conf"
@@ -6895,12 +7235,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:145 sssd-ad.5.xml:739
+#: sssd-ipa.5.xml:145 sssd-ad.5.xml:815
msgid "dyndns_ttl (integer)"
msgstr "dyndns_ttl (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:148 sssd-ad.5.xml:742
+#: sssd-ipa.5.xml:148 sssd-ad.5.xml:818
msgid ""
"The TTL to apply to the client DNS record when updating it. If "
"dyndns_update is false this has no effect. This will override the TTL "
@@ -6921,12 +7261,12 @@ msgid "Default: 1200 (seconds)"
msgstr "初期値: 1200 (秒)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:165 sssd-ad.5.xml:753
+#: sssd-ipa.5.xml:165 sssd-ad.5.xml:829
msgid "dyndns_iface (string)"
msgstr "dyndns_iface (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168 sssd-ad.5.xml:756
+#: sssd-ipa.5.xml:168 sssd-ad.5.xml:832
msgid ""
"Optional. Applicable only when dyndns_update is true. Choose the interface "
"or a list of interfaces whose IP addresses should be used for dynamic DNS "
@@ -6952,7 +7292,7 @@ msgid ""
msgstr "初期値: IPA LDAP 接続の IP アドレスを使用します"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:185 sssd-ad.5.xml:767
+#: sssd-ipa.5.xml:185 sssd-ad.5.xml:843
msgid "Example: dyndns_iface = em1, vnet1, vnet2"
msgstr ""
@@ -6962,7 +7302,7 @@ msgid "ipa_enable_dns_sites (boolean)"
msgstr "ipa_enable_dns_sites (論理値)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:194 sssd-ad.5.xml:152
+#: sssd-ipa.5.xml:194 sssd-ad.5.xml:160
msgid "Enables DNS sites - location based service discovery."
msgstr "DNS サイトの有効化 - 位置情報に基づいたサービス探索。"
@@ -6979,12 +7319,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:217 sssd-ad.5.xml:773
+#: sssd-ipa.5.xml:217 sssd-ad.5.xml:849
msgid "dyndns_refresh_interval (integer)"
msgstr "dyndns_refresh_interval (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:220 sssd-ad.5.xml:776
+#: sssd-ipa.5.xml:220 sssd-ad.5.xml:852
msgid ""
"How often should the back end perform periodic DNS update in addition to the "
"automatic update performed when the back end goes online. This option is "
@@ -6992,12 +7332,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:233 sssd-ad.5.xml:789
+#: sssd-ipa.5.xml:233 sssd-ad.5.xml:865
msgid "dyndns_update_ptr (bool)"
msgstr "dyndns_update_ptr (論理値)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:236 sssd-ad.5.xml:792
+#: sssd-ipa.5.xml:236 sssd-ad.5.xml:868
msgid ""
"Whether the PTR record should also be explicitly updated when updating the "
"client's DNS records. Applicable only when dyndns_update is true."
@@ -7016,12 +7356,12 @@ msgid "Default: False (disabled)"
msgstr "初期値: False (無効)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:253 sssd-ad.5.xml:803
+#: sssd-ipa.5.xml:253 sssd-ad.5.xml:879
msgid "dyndns_force_tcp (bool)"
msgstr "dyndns_force_tcp (論理値)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:256 sssd-ad.5.xml:806
+#: sssd-ipa.5.xml:256 sssd-ad.5.xml:882
msgid ""
"Whether the nsupdate utility should default to using TCP for communicating "
"with the DNS server."
@@ -7030,40 +7370,40 @@ msgstr ""
"どうか。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:260 sssd-ad.5.xml:810
+#: sssd-ipa.5.xml:260 sssd-ad.5.xml:886
msgid "Default: False (let nsupdate choose the protocol)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:266 sssd-ad.5.xml:816
+#: sssd-ipa.5.xml:266 sssd-ad.5.xml:892
#, fuzzy
#| msgid "dyndns_iface (string)"
msgid "dyndns_server (string)"
msgstr "dyndns_iface (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:269 sssd-ad.5.xml:819
+#: sssd-ipa.5.xml:269 sssd-ad.5.xml:895
msgid ""
"The DNS server to use when performing a DNS update. In most setups, it's "
"recommended to leave this option unset."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:274 sssd-ad.5.xml:824
+#: sssd-ipa.5.xml:274 sssd-ad.5.xml:900
msgid ""
"Setting this option makes sense for environments where the DNS server is "
"different from the identity server."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:279 sssd-ad.5.xml:829
+#: sssd-ipa.5.xml:279 sssd-ad.5.xml:905
msgid ""
"Please note that this option will be only used in fallback attempt when "
"previous attempt using autodetected settings failed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:284 sssd-ad.5.xml:834
+#: sssd-ipa.5.xml:284 sssd-ad.5.xml:910
msgid "Default: None (let nsupdate choose the server)"
msgstr ""
@@ -7184,7 +7524,7 @@ msgstr ""
"取得された TGT が改ざんされていないかを krb5_keytab の支援で確認します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:408 sssd-ad.5.xml:855
+#: sssd-ipa.5.xml:408 sssd-ad.5.xml:931
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
@@ -7273,26 +7613,26 @@ msgstr ""
"ンを使用すると設定エラーになります。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:480 sssd-ad.5.xml:862
+#: sssd-ipa.5.xml:480 sssd-ad.5.xml:938
msgid "krb5_confd_path (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:483 sssd-ad.5.xml:865
+#: sssd-ipa.5.xml:483 sssd-ad.5.xml:941
msgid ""
"Absolute path of a directory where SSSD should place Kerberos configuration "
"snippets."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:487 sssd-ad.5.xml:869
+#: sssd-ipa.5.xml:487 sssd-ad.5.xml:945
msgid ""
"To disable the creation of the configuration snippets set the parameter to "
"'none'."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:491 sssd-ad.5.xml:873
+#: sssd-ipa.5.xml:491 sssd-ad.5.xml:949
msgid ""
"Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
msgstr ""
@@ -7311,7 +7651,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:508 sssd-ipa.5.xml:524 sssd-ad.5.xml:347
+#: sssd-ipa.5.xml:508 sssd-ipa.5.xml:524 sssd-ad.5.xml:355
msgid "Default: 5 (seconds)"
msgstr "初期値: 5 (秒)"
@@ -7615,13 +7955,14 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ad.5.xml:45
msgid ""
-"The AD provider is able to provide identity information and authentication "
-"for entities from trusted domains as well. Currently only trusted domains in "
-"the same forest are recognized."
+"The AD provider can be used to get user information and authenticate users "
+"from trusted domains. Currently only trusted domains in the same forest are "
+"recognized. In addition servers from trusted domains are always auto-"
+"discovered."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:50
+#: sssd-ad.5.xml:51
msgid ""
"The AD provider accepts the same options used by the <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -7631,15 +7972,28 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:62
+#: sssd-ad.5.xml:63
+#, fuzzy
+#| msgid ""
+#| "However, it is neither necessary nor recommended to set these options. "
+#| "IPA provider can also be used as an access and chpass provider. As an "
+#| "access provider it uses HBAC (host-based access control) rules. Please "
+#| "refer to freeipa.org for more information about HBAC. No configuration of "
+#| "access provider is required on the client side."
msgid ""
"However, it is neither necessary nor recommended to set these options. The "
-"AD provider can also be used as an access, chpass and sudo provider. No "
-"configuration of the access provider is required on the client side."
+"AD provider can also be used as an access, chpass, sudo and autofs provider. "
+"No configuration of the access provider is required on the client side."
msgstr ""
+"しかし、これらのオプションを設定することは必要ありません、また推奨もされませ"
+"ん。IPA プロバイダーはアクセスプロバイダーおよびパスワード変更プロバイダーと"
+"しても使用できます。アクセスプロバイダーとしては、HBAC (ホストベースアクセス"
+"制御) ルールを使用します。HBAC の詳細は freeipa.org を参照してください。アク"
+"セスプロバイダーが設定されていなければ、クライアント側において必要になりま"
+"す。"
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:74
+#: sssd-ad.5.xml:75
#, no-wrap
msgid ""
"ldap_id_mapping = False\n"
@@ -7649,7 +8003,7 @@ msgstr ""
" "
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:68
+#: sssd-ad.5.xml:69
msgid ""
"By default, the AD provider will map UID and GID values from the objectSID "
"parameter in Active Directory. For details on this, see the <quote>ID "
@@ -7662,7 +8016,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:81
+#: sssd-ad.5.xml:82
msgid ""
"Users, groups and other entities served by SSSD are always treated as case-"
"insensitive in the AD provider for compatibility with Active Directory's "
@@ -7670,12 +8024,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:96
+#: sssd-ad.5.xml:97
msgid "ad_domain (string)"
msgstr "ad_domain (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:99
+#: sssd-ad.5.xml:100
msgid ""
"Specifies the name of the Active Directory domain. This is optional. If not "
"provided, the configuration domain name is used."
@@ -7684,7 +8038,7 @@ msgstr ""
"ければ、設定のドメイン名が使用されます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:104
+#: sssd-ad.5.xml:105
msgid ""
"For proper operation, this option should be specified as the lower-case "
"version of the long version of the Active Directory domain."
@@ -7693,25 +8047,30 @@ msgstr ""
"ンの小文字バージョンとして指定されます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:109
+#: sssd-ad.5.xml:110
msgid ""
"The short domain name (also known as the NetBIOS or the flat name) is "
"autodetected by the SSSD."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:116
+#: sssd-ad.5.xml:117
msgid "ad_server, ad_backup_server (string)"
msgstr "ad_server, ad_backup_server (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:119
+#: sssd-ad.5.xml:120
+#, fuzzy
+#| msgid ""
+#| "The comma-separated list of hostnames of the AD servers to which SSSD "
+#| "should connect in order of preference. For more information on failover "
+#| "and server redundancy, see the <quote>FAILOVER</quote> section. This is "
+#| "optional if autodiscovery is enabled. For more information on service "
+#| "discovery, refer to the <quote>SERVICE DISCOVERY</quote> section."
msgid ""
"The comma-separated list of hostnames of the AD servers to which SSSD should "
"connect in order of preference. For more information on failover and server "
-"redundancy, see the <quote>FAILOVER</quote> section. This is optional if "
-"autodiscovery is enabled. For more information on service discovery, refer "
-"to the <quote>SERVICE DISCOVERY</quote> section."
+"redundancy, see the <quote>FAILOVER</quote> section."
msgstr ""
"SSSD が接続したい AD サーバー(優先順)のホスト名のカンマ区切り一覧です。"
"フェールオーバーおよびサーバー冗長化に関する詳細は <quote>FAILOVER</quote> セ"
@@ -7719,13 +8078,27 @@ msgstr ""
"す。サービス探索の詳細は <quote>SERVICE DISCOVERY</quote> セクションを参照し"
"てください。"
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:127
+msgid ""
+"This is optional if autodiscovery is enabled. For more information on "
+"service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ad.5.xml:132
+msgid ""
+"Note: Trusted domains will always auto-discover servers even if the primary "
+"server is explicitly defined in the ad_server option."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:140
msgid "ad_hostname (string)"
msgstr "ad_hostname (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:135
+#: sssd-ad.5.xml:143
msgid ""
"Optional. May be set on machines where the hostname(5) does not reflect the "
"fully qualified name used in the Active Directory domain to identify this "
@@ -7735,7 +8108,7 @@ msgstr ""
"全修飾名を反映しないマシンにおいてマシンに設定されるかもしれません。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:141
+#: sssd-ad.5.xml:149
msgid ""
"This field is used to determine the host principal in use in the keytab. It "
"must match the hostname for which the keytab was issued."
@@ -7744,12 +8117,12 @@ msgstr ""
"されます。キーテーブルが発行されたホスト名と一致する必要があります。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:149
+#: sssd-ad.5.xml:157
msgid "ad_enable_dns_sites (boolean)"
msgstr "ad_enable_dns_sites (論理値)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:156
+#: sssd-ad.5.xml:164
msgid ""
"If true and service discovery (see Service Discovery paragraph at the bottom "
"of the man page) is enabled, the SSSD will first attempt to discover the "
@@ -7760,12 +8133,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:172
+#: sssd-ad.5.xml:180
msgid "ad_access_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:175
+#: sssd-ad.5.xml:183
msgid ""
"This option specifies LDAP access control filter that the user must match in "
"order to be allowed access. Please note that the <quote>access_provider</"
@@ -7774,7 +8147,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:183
+#: sssd-ad.5.xml:191
msgid ""
"The option also supports specifying different filters per domain or forest. "
"This extended filter would consist of: <quote>KEYWORD:NAME:FILTER</quote>. "
@@ -7783,7 +8156,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:191
+#: sssd-ad.5.xml:199
msgid ""
"If the keyword equals to <quote>DOM</quote> or is missing, then <quote>NAME</"
"quote> specifies the domain or subdomain the filter applies to. If the "
@@ -7792,14 +8165,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:199
+#: sssd-ad.5.xml:207
msgid ""
"Multiple filters can be separated with the <quote>?</quote> character, "
"similarly to how search bases work."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:204
+#: sssd-ad.5.xml:212
msgid ""
"The most specific match is always used. For example, if the option specified "
"filter for a domain the user is a member of and a global filter, the per-"
@@ -7808,7 +8181,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ad.5.xml:215
+#: sssd-ad.5.xml:223
#, no-wrap
msgid ""
"# apply filter on domain called dom1 only:\n"
@@ -7823,29 +8196,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:225 sssd-ad.5.xml:239
+#: sssd-ad.5.xml:233 sssd-ad.5.xml:247
msgid "Default: Not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:231
+#: sssd-ad.5.xml:239
msgid "ad_site (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:234
+#: sssd-ad.5.xml:242
msgid ""
"Specify AD site to which client should try to connect. If this option is "
"not provided, the AD site will be auto-discovered."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:245
+#: sssd-ad.5.xml:253
msgid "ad_enable_gc (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:248
+#: sssd-ad.5.xml:256
msgid ""
"By default, the SSSD connects to the Global Catalog first to retrieve users "
"from trusted domains and uses the LDAP port to retrieve group memberships or "
@@ -7854,7 +8227,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:256
+#: sssd-ad.5.xml:264
msgid ""
"Please note that disabling Global Catalog support does not disable "
"retrieving users from trusted domains. The SSSD would connect to the LDAP "
@@ -7863,12 +8236,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:270
+#: sssd-ad.5.xml:278
msgid "ad_gpo_access_control (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:273
+#: sssd-ad.5.xml:281
msgid ""
"This option specifies the operation mode for GPO-based access control "
"functionality: whether it operates in disabled mode, enforcing mode, or "
@@ -7878,14 +8251,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:282
+#: sssd-ad.5.xml:290
msgid ""
"GPO-based access control functionality uses GPO policy settings to determine "
"whether or not a particular user is allowed to logon to a particular host."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:288
+#: sssd-ad.5.xml:296
msgid ""
"NOTE: If the operation mode is set to enforcing, it is possible that users "
"that were previously allowed logon access will now be denied logon access "
@@ -7898,23 +8271,23 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:301
+#: sssd-ad.5.xml:309
msgid "There are three supported values for this option:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:305
+#: sssd-ad.5.xml:313
msgid ""
"disabled: GPO-based access control rules are neither evaluated nor enforced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:311
+#: sssd-ad.5.xml:319
msgid "enforcing: GPO-based access control rules are evaluated and enforced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:317
+#: sssd-ad.5.xml:325
msgid ""
"permissive: GPO-based access control rules are evaluated, but not enforced. "
"Instead, a syslog message will be emitted indicating that the user would "
@@ -7922,22 +8295,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:328
+#: sssd-ad.5.xml:336
msgid "Default: permissive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:331
+#: sssd-ad.5.xml:339
msgid "Default: enforcing"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:337
+#: sssd-ad.5.xml:345
msgid "ad_gpo_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:340
+#: sssd-ad.5.xml:348
msgid ""
"The amount of time between lookups of GPO policy files against the AD "
"server. This will reduce the latency and load on the AD server if there are "
@@ -7945,12 +8318,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:353
+#: sssd-ad.5.xml:361
msgid "ad_gpo_map_interactive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:356
+#: sssd-ad.5.xml:364
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the InteractiveLogonRight and "
@@ -7958,14 +8331,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:362
+#: sssd-ad.5.xml:370
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on locally\" and \"Deny log on locally\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:376
+#: sssd-ad.5.xml:384
#, no-wrap
msgid ""
"ad_gpo_map_interactive = +my_pam_service, -login\n"
@@ -7973,7 +8346,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:367
+#: sssd-ad.5.xml:375
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7985,53 +8358,78 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:380 sssd-ad.5.xml:451 sssd-ad.5.xml:492 sssd-ad.5.xml:537
-#: sssd-ad.5.xml:603
+#: sssd-ad.5.xml:388 sssd-ad.5.xml:484 sssd-ad.5.xml:530 sssd-ad.5.xml:575
+#: sssd-ad.5.xml:641
msgid "Default: the default set of PAM service names includes:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:384
+#: sssd-ad.5.xml:392
msgid "login"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:389
+#: sssd-ad.5.xml:397
msgid "su"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:394
+#: sssd-ad.5.xml:402
msgid "su-l"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:399
+#: sssd-ad.5.xml:407
msgid "gdm-fingerprint"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:404
+#: sssd-ad.5.xml:412
msgid "gdm-password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:409
+#: sssd-ad.5.xml:417
msgid "gdm-smartcard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:414
+#: sssd-ad.5.xml:422
msgid "kdm"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:427
+msgid "lightdm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:432
+msgid "lxdm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:437
+msgid "sddm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:442
+msgid "unity"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:447
+msgid "xdm"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:423
+#: sssd-ad.5.xml:456
msgid "ad_gpo_map_remote_interactive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:426
+#: sssd-ad.5.xml:459
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the RemoteInteractiveLogonRight and "
@@ -8039,7 +8437,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:432
+#: sssd-ad.5.xml:465
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on through Remote Desktop Services\" and \"Deny log on through Remote "
@@ -8047,7 +8445,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:447
+#: sssd-ad.5.xml:480
#, no-wrap
msgid ""
"ad_gpo_map_remote_interactive = +my_pam_service, -sshd\n"
@@ -8055,7 +8453,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:438
+#: sssd-ad.5.xml:471
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -8067,17 +8465,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:455
+#: sssd-ad.5.xml:488
msgid "sshd"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:493
+msgid "cockpit"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:464
+#: sssd-ad.5.xml:502
msgid "ad_gpo_map_network (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:467
+#: sssd-ad.5.xml:505
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the NetworkLogonRight and "
@@ -8085,7 +8488,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:473
+#: sssd-ad.5.xml:511
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Access "
"this computer from the network\" and \"Deny access to this computer from the "
@@ -8093,7 +8496,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:488
+#: sssd-ad.5.xml:526
#, no-wrap
msgid ""
"ad_gpo_map_network = +my_pam_service, -ftp\n"
@@ -8101,7 +8504,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:479
+#: sssd-ad.5.xml:517
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -8113,22 +8516,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:496
+#: sssd-ad.5.xml:534
msgid "ftp"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:501
+#: sssd-ad.5.xml:539
msgid "samba"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:510
+#: sssd-ad.5.xml:548
msgid "ad_gpo_map_batch (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:513
+#: sssd-ad.5.xml:551
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the BatchLogonRight and DenyBatchLogonRight "
@@ -8136,14 +8539,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:519
+#: sssd-ad.5.xml:557
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on as a batch job\" and \"Deny log on as a batch job\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:533
+#: sssd-ad.5.xml:571
#, no-wrap
msgid ""
"ad_gpo_map_batch = +my_pam_service, -crond\n"
@@ -8151,7 +8554,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:524
+#: sssd-ad.5.xml:562
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -8163,17 +8566,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:541
+#: sssd-ad.5.xml:579
msgid "crond"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:550
+#: sssd-ad.5.xml:588
msgid "ad_gpo_map_service (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:553
+#: sssd-ad.5.xml:591
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the ServiceLogonRight and "
@@ -8181,14 +8584,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:559
+#: sssd-ad.5.xml:597
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on as a service\" and \"Deny log on as a service\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:572
+#: sssd-ad.5.xml:610
#, no-wrap
msgid ""
"ad_gpo_map_service = +my_pam_service\n"
@@ -8196,7 +8599,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:564 sssd-ad.5.xml:634
+#: sssd-ad.5.xml:602 sssd-ad.5.xml:677
msgid ""
"It is possible to add a PAM service name to the default set by using <quote>"
"+service_name</quote>. Since the default set is empty, it is not possible "
@@ -8207,19 +8610,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:582
+#: sssd-ad.5.xml:620
msgid "ad_gpo_map_permit (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:585
+#: sssd-ad.5.xml:623
msgid ""
"A comma-separated list of PAM service names for which GPO-based access is "
"always granted, regardless of any GPO Logon Rights."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:599
+#: sssd-ad.5.xml:637
#, no-wrap
msgid ""
"ad_gpo_map_permit = +my_pam_service, -sudo\n"
@@ -8227,7 +8630,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:590
+#: sssd-ad.5.xml:628
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -8239,34 +8642,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:607
+#: sssd-ad.5.xml:645
+msgid "polkit-1"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:650
msgid "sudo"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:612
+#: sssd-ad.5.xml:655
msgid "sudo-i"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:617
+#: sssd-ad.5.xml:660
msgid "systemd-user"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:626
+#: sssd-ad.5.xml:669
msgid "ad_gpo_map_deny (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:629
+#: sssd-ad.5.xml:672
msgid ""
"A comma-separated list of PAM service names for which GPO-based access is "
"always denied, regardless of any GPO Logon Rights."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:642
+#: sssd-ad.5.xml:685
#, no-wrap
msgid ""
"ad_gpo_map_deny = +my_pam_service\n"
@@ -8274,12 +8682,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:652
+#: sssd-ad.5.xml:695
msgid "ad_gpo_default_right (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:655
+#: sssd-ad.5.xml:698
msgid ""
"This option defines how access control is evaluated for PAM service names "
"that are not explicitly listed in one of the ad_gpo_map_* options. This "
@@ -8292,52 +8700,94 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:668
+#: sssd-ad.5.xml:711
msgid "Supported values for this option include:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:672
+#: sssd-ad.5.xml:715
msgid "interactive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:677
+#: sssd-ad.5.xml:720
msgid "remote_interactive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:682
+#: sssd-ad.5.xml:725
msgid "network"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:687
+#: sssd-ad.5.xml:730
msgid "batch"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:692
+#: sssd-ad.5.xml:735
msgid "service"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:697
+#: sssd-ad.5.xml:740
msgid "permit"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:702
+#: sssd-ad.5.xml:745
msgid "deny"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:708
+#: sssd-ad.5.xml:751
msgid "Default: deny"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:757
+msgid "ad_maximum_machine_account_password_age (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:760
+msgid ""
+"SSSD will check once a day if the machine account password is older than the "
+"given age in days and try to renew it. A value of 0 will disable the renewal "
+"attempt."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:717
+#: sssd-ad.5.xml:766
+#, fuzzy
+#| msgid "Default: 300"
+msgid "Default: 30 days"
+msgstr "初期値: 300"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:772
+msgid "ad_machine_account_password_renewal_opts (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:775
+msgid ""
+"This option should only be used to test the machine account renewal task. "
+"The option expect 2 integers seperated by a colon (':'). The first integer "
+"defines the interval in seconds how often the task is run. The second "
+"specifies the inital timeout in seconds before the task is run for the first "
+"time after startup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:784
+#, fuzzy
+#| msgid "Default: 86400 (24 hours)"
+msgid "Default: 86400:750 (24h and 15m)"
+msgstr "初期値: 86400 (24 時間)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:793
msgid ""
"Optional. This option tells SSSD to automatically update the Active "
"Directory DNS server with the IP address of this client. The update is "
@@ -8348,12 +8798,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:747
+#: sssd-ad.5.xml:823
msgid "Default: 3600 (seconds)"
msgstr "初期値: 3600 (秒)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:763
+#: sssd-ad.5.xml:839
#, fuzzy
#| msgid "Default: Use the IP address of the AD LDAP connection"
msgid ""
@@ -8362,17 +8812,17 @@ msgid ""
msgstr "初期値: AD の LDAP 接続の IP アドレスを使用します"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:797 sss_rpcidmapd.5.xml:76
+#: sssd-ad.5.xml:873 sss_rpcidmapd.5.xml:76
msgid "Default: True"
msgstr "初期値: True"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:843 sssd-krb5.5.xml:505
+#: sssd-ad.5.xml:919 sssd-krb5.5.xml:505
msgid "krb5_use_enterprise_principal (boolean)"
msgstr "krb5_use_enterprise_principal (論理値)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:846 sssd-krb5.5.xml:508
+#: sssd-ad.5.xml:922 sssd-krb5.5.xml:508
msgid ""
"Specifies if the user principal should be treated as enterprise principal. "
"See section 5 of RFC 6806 for more details about enterprise principals."
@@ -8382,7 +8832,7 @@ msgstr ""
"してください。"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:891
+#: sssd-ad.5.xml:967
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -8393,7 +8843,7 @@ msgstr ""
"AD プロバイダー固有のオプションのみ示してします。"
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:898
+#: sssd-ad.5.xml:974
#, no-wrap
msgid ""
"[domain/EXAMPLE]\n"
@@ -8417,7 +8867,7 @@ msgstr ""
"ad_domain = example.com\n"
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:918
+#: sssd-ad.5.xml:994
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -8429,7 +8879,7 @@ msgstr ""
"ldap_account_expire_policy = ad\n"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:914
+#: sssd-ad.5.xml:990
msgid ""
"The AD access control provider checks if the account is expired. It has the "
"same effect as the following configuration of the LDAP provider: "
@@ -8437,7 +8887,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:924
+#: sssd-ad.5.xml:1000
msgid ""
"However, unless the <quote>ad</quote> access control provider is explicitly "
"configured, the default access provider is <quote>permit</quote>. Please "
@@ -8446,6 +8896,14 @@ msgid ""
"encryption details) manually."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ad.5.xml:1008
+msgid ""
+"When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema "
+"attribute mapping (nisMap, nisObject, ...) is used, because these attributes "
+"are included in the default Active Directory schema."
+msgstr ""
+
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16
msgid "sssd-sudo"
@@ -8955,7 +9413,7 @@ msgid "The password to obfuscate will be read from standard input."
msgstr "解読しにくくするパスワードが標準入力から読み込まれます。"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:80
+#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:70
#: sss_ssh_knownhostsproxy.1.xml:78
msgid ""
"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
@@ -9029,17 +9487,22 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_override.8.xml:37
msgid ""
-"Overrides data are stored in SSSD cache. If the cache is deleted all local "
-"overrides are lost."
+"Overrides data are stored in the SSSD cache. If the cache is deleted, all "
+"local overrides are lost. Please note that after the first override is "
+"created using any of the following <emphasis>user-add</emphasis>, "
+"<emphasis>group-add</emphasis>, <emphasis>user-import</emphasis> or "
+"<emphasis>group-import</emphasis> command. SSSD needs to be restarted to "
+"take effect. <emphasis>sss_override</emphasis> prints message when a "
+"restart is required."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_override.8.xml:43
+#: sss_override.8.xml:50
msgid "AVAILABLE COMMANDS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_override.8.xml:45
+#: sss_override.8.xml:52
msgid ""
"Argument <emphasis>NAME</emphasis> is the name of original object in all "
"commands. It is not possible to override <emphasis>uid</emphasis> or "
@@ -9047,50 +9510,86 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:52
+#: sss_override.8.xml:59
msgid ""
"<option>user-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--"
"name</option> NAME</optional> <optional><option>-u,--uid</option> UID</"
"optional> <optional><option>-g,--gid</option> GID</optional> "
"<optional><option>-h,--home</option> HOME</optional> <optional><option>-s,--"
"shell</option> SHELL</optional> <optional><option>-c,--gecos</option> GECOS</"
-"optional>"
+"optional> <optional><option>-x,--certificate</option> BASE64 ENCODED "
+"CERTIFICATE</optional>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:63
-msgid "Override attributes of an user."
+#: sss_override.8.xml:72
+msgid ""
+"Override attributes of an user. Please be aware that calling this command "
+"will replace any previous override for the (NAMEd) user."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:69
+#: sss_override.8.xml:80
msgid "<option>user-del</option> <emphasis>NAME</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:74
-msgid "Remove user overrides."
+#: sss_override.8.xml:85
+msgid ""
+"Remove user overrides. However be aware that overridden attributes might be "
+"returned from memory cache. Please see SSSD option "
+"<emphasis>memcache_timeout</emphasis> for more details."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:80
+#: sss_override.8.xml:94
+#, fuzzy
+#| msgid ""
+#| "<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
+#| "replaceable>"
+msgid ""
+"<option>user-find</option> <optional><option>-d,--domain</option> DOMAIN</"
+"optional>"
+msgstr ""
+"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
+"replaceable>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:99
+msgid ""
+"List all users with set overrides. If <emphasis>DOMAIN</emphasis> parameter "
+"is set, only users from the domain are listed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:107
+msgid "<option>user-show</option> <emphasis>NAME</emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:112
+msgid "Show user overrides."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:118
msgid "<option>user-import</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:85
+#: sss_override.8.xml:123
msgid ""
"Import user overrides from <emphasis>FILE</emphasis>. Data format is "
"similar to standard passwd file. The format is:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:90
-msgid "original_name:name:uid:gid:gecos:home:shell"
+#: sss_override.8.xml:128
+msgid "original_name:name:uid:gid:gecos:home:shell:base64_encoded_certificate"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:93
+#: sss_override.8.xml:131
msgid ""
"where original_name is original name of the user whose attributes should be "
"overridden. The rest of fields correspond to new values. You can omit a "
@@ -9098,29 +9597,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:102
+#: sss_override.8.xml:140
msgid "ckent:superman::::::"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:105
-msgid "ckent@krypton.com::501:501:Superman:/home/earth:/bin/bash"
+#: sss_override.8.xml:143
+msgid "ckent@krypton.com::501:501:Superman:/home/earth:/bin/bash:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:111
+#: sss_override.8.xml:149
msgid "<option>user-export</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:116
+#: sss_override.8.xml:154
msgid ""
"Export all overridden attributes and store them in <emphasis>FILE</"
"emphasis>. See <emphasis>user-import</emphasis> for data format."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:124
+#: sss_override.8.xml:162
msgid ""
"<option>group-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--"
"name</option> NAME</optional> <optional><option>-g,--gid</option> GID</"
@@ -9128,41 +9627,74 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:131
-#, fuzzy
-#| msgid "print properties of a group"
-msgid "Override attributes of a group."
-msgstr "グループのプロパティーを表示します"
+#: sss_override.8.xml:169
+msgid ""
+"Override attributes of a group. Please be aware that calling this command "
+"will replace any previous override for the (NAMEd) group."
+msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:137
+#: sss_override.8.xml:177
msgid "<option>group-del</option> <emphasis>NAME</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:142
-msgid "Remove group overrides."
+#: sss_override.8.xml:182
+msgid ""
+"Remove group overrides. However be aware that overridden attributes might be "
+"returned from memory cache. Please see SSSD option "
+"<emphasis>memcache_timeout</emphasis> for more details."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:191
+#, fuzzy
+#| msgid ""
+#| "<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
+#| "replaceable>"
+msgid ""
+"<option>group-find</option> <optional><option>-d,--domain</option> DOMAIN</"
+"optional>"
+msgstr ""
+"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
+"replaceable>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:196
+msgid ""
+"List all groups with set overrides. If <emphasis>DOMAIN</emphasis> "
+"parameter is set, only groups from the domain are listed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:204
+msgid "<option>group-show</option> <emphasis>NAME</emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:209
+msgid "Show group overrides."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:148
+#: sss_override.8.xml:215
msgid "<option>group-import</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:153
+#: sss_override.8.xml:220
msgid ""
"Import group overrides from <emphasis>FILE</emphasis>. Data format is "
"similar to standard group file. The format is:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:158
+#: sss_override.8.xml:225
msgid "original_name:name:gid"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:161
+#: sss_override.8.xml:228
msgid ""
"where original_name is original name of the group whose attributes should be "
"overridden. The rest of fields correspond to new values. You can omit a "
@@ -9170,43 +9702,43 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:170
+#: sss_override.8.xml:237
msgid "admins:administrators:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:173
+#: sss_override.8.xml:240
msgid "Domain Users:Users:501"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:179
+#: sss_override.8.xml:246
msgid "<option>group-export</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:184
+#: sss_override.8.xml:251
msgid ""
"Export all overridden attributes and store them in <emphasis>FILE</"
"emphasis>. See <emphasis>group-import</emphasis> for data format."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_override.8.xml:194
+#: sss_override.8.xml:261
#, fuzzy
#| msgid "SUDO OPTIONS"
msgid "COMMON OPTIONS"
msgstr "SUDO オプション"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_override.8.xml:196
+#: sss_override.8.xml:263
#, fuzzy
#| msgid "This option is not available in IPA provider."
msgid "Those options are available with all commands."
msgstr "このオプションは IPA プロバイダーにおいて利用可能ではありません。"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:201
+#: sss_override.8.xml:268
#, fuzzy
#| msgid "<option>--debug-timestamps=</option><replaceable>mode</replaceable>"
msgid "<option>--debug</option> <replaceable>LEVEL</replaceable>"
@@ -10519,6 +11051,45 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_cache.8.xml:185
+#, fuzzy
+#| msgid ""
+#| "<option>-g</option>,<option>--group</option> <replaceable>group</"
+#| "replaceable>"
+msgid ""
+"<option>-r</option>,<option>--sudo-rule</option> <replaceable>rule</"
+"replaceable>"
+msgstr ""
+"<option>-g</option>,<option>--group</option> <replaceable>group</replaceable>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:190
+#, fuzzy
+#| msgid "Invalidate all cached entries except for sudo rules."
+msgid "Invalidate particular sudo rule."
+msgstr "sudo ルール以外のすべてのキャッシュ項目を無効化します。"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:196
+#, fuzzy
+#| msgid "<option>-R</option>,<option>--no-remove</option>"
+msgid "<option>-R</option>,<option>--sudo-rules</option>"
+msgstr "<option>-R</option>,<option>--no-remove</option>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:200
+#, fuzzy
+#| msgid ""
+#| "Invalidate all user records. This option overrides invalidation of "
+#| "specific user if it was also set."
+msgid ""
+"Invalidate all cached sudo rules. This option overrides invalidation of "
+"specific sudo rule if it was also set."
+msgstr ""
+"すべてのユーザーレコードを無効にします。このオプションも設定されていると、こ"
+"れが特定のユーザーの無効化を上書きします。"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:208
msgid ""
"<option>-d</option>,<option>--domain</option> <replaceable>domain</"
"replaceable>"
@@ -10527,7 +11098,7 @@ msgstr ""
"replaceable>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_cache.8.xml:190
+#: sss_cache.8.xml:213
msgid "Restrict invalidation process only to a particular domain."
msgstr "無効化プロセスを特定のドメインのみに制限します。"
@@ -11029,13 +11600,22 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_ssh_authorizedkeys.1.xml:41
+#, fuzzy
+#| msgid ""
+#| "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</"
+#| "manvolnum></citerefentry> can be configured to use "
+#| "<command>sss_ssh_authorizedkeys</command> for public key user "
+#| "authentication if it is compiled with support for either "
+#| "<quote>AuthorizedKeysCommand</quote> or <quote>PubkeyAgent</quote> "
+#| "<citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</"
+#| "manvolnum></citerefentry> options."
msgid ""
"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
"citerefentry> can be configured to use <command>sss_ssh_authorizedkeys</"
"command> for public key user authentication if it is compiled with support "
-"for either <quote>AuthorizedKeysCommand</quote> or <quote>PubkeyAgent</"
-"quote> <citerefentry> <refentrytitle>sshd_config</refentrytitle> "
-"<manvolnum>5</manvolnum></citerefentry> options."
+"for <quote>AuthorizedKeysCommand</quote> option. Please refer to the "
+"<citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</"
+"manvolnum></citerefentry> man page for more details about this option."
msgstr ""
"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
"citerefentry> は、 <quote>AuthorizedKeysCommand</quote> または "
@@ -11045,7 +11625,7 @@ msgstr ""
"<command>sss_ssh_authorizedkeys</command> を使用するために設定できます。"
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sss_ssh_authorizedkeys.1.xml:58
+#: sss_ssh_authorizedkeys.1.xml:59
#, no-wrap
msgid ""
" AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n"
@@ -11053,7 +11633,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:51
+#: sss_ssh_authorizedkeys.1.xml:52
msgid ""
"If <quote>AuthorizedKeysCommand</quote> is supported, "
"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
@@ -11063,31 +11643,8 @@ msgid ""
"\" id=\"0\"/>"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sss_ssh_authorizedkeys.1.xml:70
-#, no-wrap
-msgid "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n"
-msgstr "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n"
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:63
-msgid ""
-"If <quote>PubkeyAgent</quote> is supported, "
-"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
-"citerefentry> can be configured to use it by using the following directive "
-"for <citerefentry> <refentrytitle>sshd</refentrytitle> <manvolnum>8</"
-"manvolnum></citerefentry> configuration: <placeholder type=\"programlisting"
-"\" id=\"0\"/>"
-msgstr ""
-"<quote>PubkeyAgent</quote> がサポートされていると、 "
-"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
-"citerefentry> は <citerefentry> <refentrytitle>sshd</refentrytitle> "
-"<manvolnum>8</manvolnum></citerefentry> 設定に以下のディレクティブを置くこと"
-"により、これを使用するために設定できます: <placeholder type=\"programlisting"
-"\" id=\"0\"/>"
-
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_ssh_authorizedkeys.1.xml:85
+#: sss_ssh_authorizedkeys.1.xml:75
msgid ""
"Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>."
msgstr ""
@@ -11095,12 +11652,12 @@ msgstr ""
"します。"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_ssh_authorizedkeys.1.xml:94 sss_ssh_knownhostsproxy.1.xml:92
+#: sss_ssh_authorizedkeys.1.xml:84 sss_ssh_knownhostsproxy.1.xml:92
msgid "EXIT STATUS"
msgstr "終了コード"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:96 sss_ssh_knownhostsproxy.1.xml:94
+#: sss_ssh_authorizedkeys.1.xml:86 sss_ssh_knownhostsproxy.1.xml:94
msgid ""
"In case of success, an exit value of 0 is returned. Otherwise, 1 is returned."
msgstr ""
@@ -11531,7 +12088,7 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:137 include/ldap_id_mapping.xml:189
+#: include/ldap_id_mapping.xml:137 include/ldap_id_mapping.xml:191
msgid "Default: 200000"
msgstr "初期値: 200000"
@@ -11592,11 +12149,12 @@ msgstr ""
msgid ""
"For example, if your most recently-added Active Directory user has "
"objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, "
-"<quote>ldap_idmap_range_size</quote> must be at least 1107."
+"<quote>ldap_idmap_range_size</quote> must be at least 1108 as range size is "
+"equal to maximal SID minus minimal SID plus one (e.g. 1108 = 1107 - 0 + 1)."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:184
+#: include/ldap_id_mapping.xml:186
msgid ""
"It is important to plan ahead for future expansion, as changing this value "
"will result in changing all of the ID mappings on the system, leading to "
@@ -11604,12 +12162,12 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:194
+#: include/ldap_id_mapping.xml:196
msgid "ldap_idmap_default_domain_sid (string)"
msgstr "ldap_idmap_default_domain_sid (文字列)"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:197
+#: include/ldap_id_mapping.xml:199
msgid ""
"Specify the domain SID of the default domain. This will guarantee that this "
"domain will always be assigned to slice zero in the ID map, bypassing the "
@@ -11617,22 +12175,22 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:208
+#: include/ldap_id_mapping.xml:210
msgid "ldap_idmap_default_domain (string)"
msgstr "ldap_idmap_default_domain (文字列)"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:211
+#: include/ldap_id_mapping.xml:213
msgid "Specify the name of the default domain."
msgstr "初期ドメインの名前を指定します。"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:219
+#: include/ldap_id_mapping.xml:221
msgid "ldap_idmap_autorid_compat (boolean)"
msgstr "ldap_idmap_autorid_compat (論理値)"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:222
+#: include/ldap_id_mapping.xml:224
msgid ""
"Changes the behavior of the ID-mapping algorithm to behave more similarly to "
"winbind's <quote>idmap_autorid</quote> algorithm."
@@ -11641,7 +12199,7 @@ msgstr ""
"ために ID マッピングのアルゴリズムの振る舞いを変更します。"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:227
+#: include/ldap_id_mapping.xml:229
msgid ""
"When this option is configured, domains will be allocated starting with "
"slice zero and increasing monatomically with each additional domain."
@@ -11650,7 +12208,7 @@ msgstr ""
"ンに単原子的に増加するよう割り当てられます。"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:232
+#: include/ldap_id_mapping.xml:234
msgid ""
"NOTE: This algorithm is non-deterministic (it depends on the order that "
"users and groups are requested). If this mode is required for compatibility "
@@ -11664,13 +12222,36 @@ msgstr ""
"<quote>ldap_idmap_default_domain_sid</quote> オプションも使用することが推奨さ"
"れます。"
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:249
+#, fuzzy
+#| msgid "ldap_idmap_range_size (integer)"
+msgid "ldap_idmap_helper_table_size (integer)"
+msgstr "ldap_idmap_range_size (整数)"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:252
+msgid ""
+"Maximal number of secondary slices that is tried when performing mapping "
+"from UNIX id to SID."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:256
+msgid ""
+"Note: Additional secondary slices might be generated when SID is being "
+"mapped to UNIX id and RID part of SID is out of range for secondary slices "
+"generated so far. If value of ldap_idmap_helper_table_size is equal to 0 "
+"then no additional secondary slices are generated."
+msgstr ""
+
#. type: Content of: <refsect1><refsect2><title>
-#: include/ldap_id_mapping.xml:251
+#: include/ldap_id_mapping.xml:273
msgid "Well-Known SIDs"
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:253
+#: include/ldap_id_mapping.xml:275
msgid ""
"SSSD supports to look up the names of Well-Known SIDs, i.e. SIDs with a "
"special hardcoded meaning. Since the generic users and groups related to "
@@ -11679,51 +12260,51 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:259
+#: include/ldap_id_mapping.xml:281
msgid ""
"The SID name space is organized in authorities which can be seen as "
"different domains. The authorities for the Well-Known SIDs are"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:262
+#: include/ldap_id_mapping.xml:284
msgid "Null Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:263
+#: include/ldap_id_mapping.xml:285
msgid "World Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:264
+#: include/ldap_id_mapping.xml:286
msgid "Local Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:265
+#: include/ldap_id_mapping.xml:287
msgid "Creator Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:266
+#: include/ldap_id_mapping.xml:288
msgid "NT Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:267
+#: include/ldap_id_mapping.xml:289
msgid "Built-in"
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:269
+#: include/ldap_id_mapping.xml:291
msgid ""
"The capitalized version of these names are used as domain names when "
"returning the fully qualified name of a Well-Known SID."
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:273
+#: include/ldap_id_mapping.xml:295
msgid ""
"Since some utilities allow to modify SID based access control information "
"with the help of a name instead of using the SID directly SSSD supports to "
@@ -12130,3 +12711,21 @@ msgstr ""
#~ msgid "Default: ou"
#~ msgstr "初期値: ou"
+
+#~ msgid "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n"
+#~ msgstr "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n"
+
+#~ msgid ""
+#~ "If <quote>PubkeyAgent</quote> is supported, "
+#~ "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</"
+#~ "manvolnum></citerefentry> can be configured to use it by using the "
+#~ "following directive for <citerefentry> <refentrytitle>sshd</"
+#~ "refentrytitle> <manvolnum>8</manvolnum></citerefentry> configuration: "
+#~ "<placeholder type=\"programlisting\" id=\"0\"/>"
+#~ msgstr ""
+#~ "<quote>PubkeyAgent</quote> がサポートされていると、 "
+#~ "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</"
+#~ "manvolnum></citerefentry> は <citerefentry> <refentrytitle>sshd</"
+#~ "refentrytitle> <manvolnum>8</manvolnum></citerefentry> 設定に以下のディレ"
+#~ "クティブを置くことにより、これを使用するために設定できます: <placeholder "
+#~ "type=\"programlisting\" id=\"0\"/>"
diff --git a/src/man/po/lv.po b/src/man/po/lv.po
index 561cc983a..db3e522ed 100644
--- a/src/man/po/lv.po
+++ b/src/man/po/lv.po
@@ -9,7 +9,7 @@ msgid ""
msgstr ""
"Project-Id-Version: sssd-docs 1.12.90\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2015-09-30 11:58+0200\n"
+"POT-Creation-Date: 2016-06-20 21:22+0200\n"
"PO-Revision-Date: 2014-06-04 02:04-0400\n"
"Last-Translator: jhrozek <jhrozek@redhat.com>\n"
"Language-Team: Latvian (http://www.transifex.com/projects/p/sssd/language/"
@@ -20,7 +20,7 @@ msgstr ""
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n != 0 ? 1 : "
"2);\n"
-"X-Generator: Zanata 3.7.2\n"
+"X-Generator: Zanata 3.8.4\n"
#. type: Content of: <reference><title>
#: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5
@@ -63,7 +63,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:53
+#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:56
#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21
#: sssd-ad.5.xml:21 sssd-sudo.5.xml:21 sssd.8.xml:29 sss_obfuscate.8.xml:30
#: sss_override.8.xml:30 sss_useradd.8.xml:30 sssd-krb5.5.xml:21
@@ -82,11 +82,11 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:39 pam_sss.8.xml:60 sssd.8.xml:42 sss_obfuscate.8.xml:58
+#: sss_groupmod.8.xml:39 pam_sss.8.xml:63 sssd.8.xml:42 sss_obfuscate.8.xml:58
#: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
#: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
#: sss_cache.8.xml:38 sss_debuglevel.8.xml:38 sss_seed.8.xml:42
-#: sss_ssh_authorizedkeys.1.xml:76 sss_ssh_knownhostsproxy.1.xml:62
+#: sss_ssh_authorizedkeys.1.xml:66 sss_ssh_knownhostsproxy.1.xml:62
msgid "OPTIONS"
msgstr "IESPĒJAS"
@@ -217,113 +217,130 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:73
+#, fuzzy
+#| msgid "timeout (integer)"
+msgid "debug (integer)"
+msgstr "noildze (vesels skaitlis)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:76
+msgid ""
+"SSSD 1.14 and later also includes the <replaceable>debug</replaceable> alias "
+"for <replaceable>debug_level</replaceable> as a convenience feature. If both "
+"are specified, the value of <replaceable>debug_level</replaceable> will be "
+"used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:86
msgid "debug_timestamps (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:76
+#: sssd.conf.5.xml:89
msgid ""
"Add a timestamp to the debug messages. If journald is enabled for SSSD "
"debug logging this option is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:81 sssd.conf.5.xml:605 sssd.conf.5.xml:1081
-#: sssd-ldap.5.xml:1647 sssd-ldap.5.xml:1744 sssd-ldap.5.xml:1806
-#: sssd-ldap.5.xml:2363 sssd-ldap.5.xml:2428 sssd-ldap.5.xml:2446
-#: sssd-ipa.5.xml:405 sssd-ipa.5.xml:440 sssd-ad.5.xml:166 sssd-ad.5.xml:264
-#: sssd-ad.5.xml:733 sssd-ad.5.xml:852 sssd-krb5.5.xml:499
+#: sssd.conf.5.xml:94 sssd.conf.5.xml:672 sssd.conf.5.xml:1207
+#: sssd-ldap.5.xml:1665 sssd-ldap.5.xml:1762 sssd-ldap.5.xml:1824
+#: sssd-ldap.5.xml:2381 sssd-ldap.5.xml:2446 sssd-ldap.5.xml:2464
+#: sssd-ipa.5.xml:405 sssd-ipa.5.xml:440 sssd-ad.5.xml:174 sssd-ad.5.xml:272
+#: sssd-ad.5.xml:809 sssd-ad.5.xml:928 sssd-krb5.5.xml:499
msgid "Default: true"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:86
+#: sssd.conf.5.xml:99
msgid "debug_microseconds (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:89
+#: sssd.conf.5.xml:102
msgid ""
"Add microseconds to the timestamp in debug messages. If journald is enabled "
"for SSSD debug logging this option is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:94 sssd.conf.5.xml:1035 sssd.conf.5.xml:2164
-#: sssd-ldap.5.xml:692 sssd-ldap.5.xml:1521 sssd-ldap.5.xml:1540
-#: sssd-ldap.5.xml:1716 sssd-ldap.5.xml:2133 sssd-ipa.5.xml:139
+#: sssd.conf.5.xml:107 sssd.conf.5.xml:1161 sssd.conf.5.xml:2456
+#: sssd-ldap.5.xml:692 sssd-ldap.5.xml:1539 sssd-ldap.5.xml:1558
+#: sssd-ldap.5.xml:1734 sssd-ldap.5.xml:2151 sssd-ipa.5.xml:139
#: sssd-ipa.5.xml:211 sssd-ipa.5.xml:542 sssd-krb5.5.xml:266
#: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471
msgid "Default: false"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:67 sssd.conf.5.xml:105 sssd-ldap.5.xml:2171
+#: sssd.conf.5.xml:67 sssd.conf.5.xml:118 sssd-ldap.5.xml:2189
msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:103
+#: sssd.conf.5.xml:116
msgid "Options usable in SERVICE and DOMAIN sections"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:107
+#: sssd.conf.5.xml:120
msgid "timeout (integer)"
msgstr "noildze (vesels skaitlis)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:110
+#: sssd.conf.5.xml:123
msgid ""
"Timeout in seconds between heartbeats for this service. This is used to "
"ensure that the process is alive and capable of answering requests."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:115 sssd.conf.5.xml:999 sssd-ldap.5.xml:1392
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:128 sssd.conf.5.xml:1125 sssd-ldap.5.xml:1410
+#: include/ldap_id_mapping.xml:264
msgid "Default: 10"
msgstr "Noklusējuma: 10"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:125
+#: sssd.conf.5.xml:138
msgid "SPECIAL SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:128
+#: sssd.conf.5.xml:141
msgid "The [sssd] section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:137 sssd.conf.5.xml:2272
+#: sssd.conf.5.xml:150 sssd.conf.5.xml:2472
msgid "Section parameters"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:139
+#: sssd.conf.5.xml:152
msgid "config_file_version (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:142
+#: sssd.conf.5.xml:155
msgid ""
"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use "
"version 2."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:148
+#: sssd.conf.5.xml:161
msgid "services"
msgstr "pakalpojumi"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:151
+#: sssd.conf.5.xml:164
msgid ""
"Comma separated list of services that are started when sssd itself starts."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:155
+#: sssd.conf.5.xml:168
msgid ""
"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> "
"<phrase condition=\"with_autofs\">, autofs</phrase> <phrase condition="
@@ -332,29 +349,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:165 sssd.conf.5.xml:390
+#: sssd.conf.5.xml:178 sssd.conf.5.xml:468
msgid "reconnection_retries (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:168 sssd.conf.5.xml:393
+#: sssd.conf.5.xml:181 sssd.conf.5.xml:471
msgid ""
"Number of times services should attempt to reconnect in the event of a Data "
"Provider crash or restart before they give up"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:173 sssd.conf.5.xml:398
+#: sssd.conf.5.xml:186 sssd.conf.5.xml:476
msgid "Default: 3"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:178
+#: sssd.conf.5.xml:191
msgid "domains"
msgstr "domēni"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:181
+#: sssd.conf.5.xml:194
msgid ""
"A domain is a database containing user information. SSSD can use more "
"domains at the same time, but at least one must be configured or SSSD won't "
@@ -364,19 +381,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:193 sssd.conf.5.xml:1947
+#: sssd.conf.5.xml:206 sssd.conf.5.xml:2105
msgid "re_expression (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:196
+#: sssd.conf.5.xml:209
msgid ""
"Default regular expression that describes how to parse the string containing "
"user name and domain into these components."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:201
+#: sssd.conf.5.xml:214
msgid ""
"Each domain can have an individual regular expression configured. For some "
"ID providers there are also default regular expressions. See DOMAIN "
@@ -384,12 +401,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:210 sssd.conf.5.xml:1998
+#: sssd.conf.5.xml:223 sssd.conf.5.xml:2156
msgid "full_name_format (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:213 sssd.conf.5.xml:2001
+#: sssd.conf.5.xml:226 sssd.conf.5.xml:2159
msgid ""
"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
"manvolnum> </citerefentry>-compatible format that describes how to compose a "
@@ -397,58 +414,58 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:224 sssd.conf.5.xml:2012
+#: sssd.conf.5.xml:237 sssd.conf.5.xml:2170
msgid "%1$s"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:225 sssd.conf.5.xml:2013
+#: sssd.conf.5.xml:238 sssd.conf.5.xml:2171
msgid "user name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:228 sssd.conf.5.xml:2016
+#: sssd.conf.5.xml:241 sssd.conf.5.xml:2174
msgid "%2$s"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:231 sssd.conf.5.xml:2019
+#: sssd.conf.5.xml:244 sssd.conf.5.xml:2177
msgid "domain name as specified in the SSSD config file."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:237 sssd.conf.5.xml:2025
+#: sssd.conf.5.xml:250 sssd.conf.5.xml:2183
msgid "%3$s"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:240 sssd.conf.5.xml:2028
+#: sssd.conf.5.xml:253 sssd.conf.5.xml:2186
msgid ""
"domain flat name. Mostly usable for Active Directory domains, both directly "
"configured or discovered via IPA trusts."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:221 sssd.conf.5.xml:2009
+#: sssd.conf.5.xml:234 sssd.conf.5.xml:2167
msgid ""
"The following expansions are supported: <placeholder type=\"variablelist\" "
"id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:250
+#: sssd.conf.5.xml:263
msgid ""
"Each domain can have an individual format string configured. see DOMAIN "
"SECTIONS for more info on this option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:256
+#: sssd.conf.5.xml:269
msgid "try_inotify (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:259
+#: sssd.conf.5.xml:272
msgid ""
"SSSD monitors the state of resolv.conf to identify when it needs to update "
"its internal DNS resolver. By default, we will attempt to use inotify for "
@@ -457,7 +474,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:267
+#: sssd.conf.5.xml:280
msgid ""
"There are some limited situations where it is preferred that we should skip "
"even trying to use inotify. In these rare cases, this option should be set "
@@ -465,69 +482,69 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:273
+#: sssd.conf.5.xml:286
msgid ""
"Default: true on platforms where inotify is supported. False on other "
"platforms."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:277
+#: sssd.conf.5.xml:290
msgid ""
"Note: this option will have no effect on platforms where inotify is "
"unavailable. On these platforms, polling will always be used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:284
+#: sssd.conf.5.xml:297
msgid "krb5_rcache_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:287
+#: sssd.conf.5.xml:300
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:291
+#: sssd.conf.5.xml:304
msgid ""
"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct "
"SSSD to let libkrb5 decide the appropriate location for the replay cache."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:297
+#: sssd.conf.5.xml:310
msgid ""
"Default: Distribution-specific and specified at build-time. "
"(__LIBKRB5_DEFAULTS__ if not configured)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:304
+#: sssd.conf.5.xml:317
msgid "user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:307
+#: sssd.conf.5.xml:320
msgid ""
"The user to drop the privileges to where appropriate to avoid running as the "
"root user."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:312
+#: sssd.conf.5.xml:325
msgid "Default: not set, process will run as root"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:317
+#: sssd.conf.5.xml:330
msgid "default_domain_suffix (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:320
+#: sssd.conf.5.xml:333
msgid ""
"This string will be used as a default domain name for all names without a "
"domain name component. The main use case is environments where the primary "
@@ -537,7 +554,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:330
+#: sssd.conf.5.xml:343
msgid ""
"Please note that if this option is set all users from the primary domain "
"have to use their fully qualified name, e.g. user@domain.name, to log in. "
@@ -547,20 +564,20 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:339 sssd-ldap.5.xml:663 sssd-ldap.5.xml:1480
-#: sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1574 sssd-ad.5.xml:576
-#: sssd-ad.5.xml:646 sssd-krb5.5.xml:410 sssd-krb5.5.xml:550
-#: include/ldap_id_mapping.xml:203 include/ldap_id_mapping.xml:214
+#: sssd.conf.5.xml:352 sssd-ldap.5.xml:663 sssd-ldap.5.xml:1498
+#: sssd-ldap.5.xml:1510 sssd-ldap.5.xml:1592 sssd-ad.5.xml:614
+#: sssd-ad.5.xml:689 sssd-krb5.5.xml:410 sssd-krb5.5.xml:550
+#: include/ldap_id_mapping.xml:205 include/ldap_id_mapping.xml:216
msgid "Default: not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:344
+#: sssd.conf.5.xml:357
msgid "override_space (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:347
+#: sssd.conf.5.xml:360
msgid ""
"This parameter will replace spaces (space bar) with the given character for "
"user and group names. e.g. (_). User name &quot;john doe&quot; will be "
@@ -570,7 +587,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:356
+#: sssd.conf.5.xml:369
msgid ""
"Please note it is a configuration error to use a replacement character that "
"might be used in user or group names. If a name contains the replacement "
@@ -579,12 +596,97 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:364
+#: sssd.conf.5.xml:377
msgid "Default: not set (spaces will not be replaced)"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:382
+msgid "certificate_verification (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:390
+msgid "no_ocsp"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:392
+msgid ""
+"Disables Online Certificate Status Protocol (OCSP) checks. This might be "
+"needed if the OCSP servers defined in the certificate are not reachable from "
+"the client."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:400
+msgid "no_verification"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:402
+msgid ""
+"Disables verification completely. This option should only be used for "
+"testing."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:408
+msgid "ocsp_default_responder=URL"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:410
+msgid ""
+"Sets the OCSP default responder which should be used instead of the one "
+"mentioned in the certificate. URL must be replaced with the URL of the OCSP "
+"default responder e.g. http://example.com:80/ocsp."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:416
+msgid ""
+"This option must be used together with ocsp_default_responder_signing_cert."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:424
+msgid "ocsp_default_responder_signing_cert=NAME"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:426
+msgid ""
+"The nickname of the cert to trust (expected) to sign the OCSP responses. "
+"The certificate with the given nickname must be availble in the systems NSS "
+"database."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:431
+msgid "This option must be used together with ocsp_default_responder."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:385
+msgid ""
+"With this parameter the certificate verification can be tuned with a comma "
+"separated list of options. Supported options are: <placeholder type="
+"\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:438
+msgid "Unknown options are reported but ignored."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:441
+msgid "Default: not set, i.e. do not restrict certificate vertification"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:130
+#: sssd.conf.5.xml:143
msgid ""
"Individual pieces of SSSD functionality are provided by special SSSD "
"services that are started and stopped together with SSSD. The services are "
@@ -595,12 +697,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:375
+#: sssd.conf.5.xml:453
msgid "SERVICES SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:377
+#: sssd.conf.5.xml:455
msgid ""
"Settings that can be used to configure different services are described in "
"this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -609,22 +711,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:384
+#: sssd.conf.5.xml:462
msgid "General service configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:386
+#: sssd.conf.5.xml:464
msgid "These options can be used to configure any service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:403
+#: sssd.conf.5.xml:481
msgid "fd_limit"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:406
+#: sssd.conf.5.xml:484
msgid ""
"This option specifies the maximum number of file descriptors that may be "
"opened at one time by this SSSD process. On systems where SSSD is granted "
@@ -634,17 +736,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:415
+#: sssd.conf.5.xml:493
msgid "Default: 8192 (or limits.conf \"hard\" limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:420
+#: sssd.conf.5.xml:498
msgid "client_idle_timeout"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:423
+#: sssd.conf.5.xml:501
msgid ""
"This option specifies the number of seconds that a client of an SSSD process "
"can hold onto a file descriptor without communicating on it. This value is "
@@ -652,19 +754,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:430 sssd.conf.5.xml:446 sssd.conf.5.xml:478
-#: sssd.conf.5.xml:736 sssd.conf.5.xml:922 sssd.conf.5.xml:1289
-#: sssd-ldap.5.xml:1219
+#: sssd.conf.5.xml:508 sssd.conf.5.xml:524 sssd.conf.5.xml:556
+#: sssd.conf.5.xml:803 sssd.conf.5.xml:995 sssd.conf.5.xml:1428
+#: sssd-ldap.5.xml:1237
msgid "Default: 60"
msgstr "Noklusējuma: 60"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:435 sssd.conf.5.xml:1278
+#: sssd.conf.5.xml:513 sssd.conf.5.xml:1417
msgid "force_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:438 sssd.conf.5.xml:1281
+#: sssd.conf.5.xml:516 sssd.conf.5.xml:1420
msgid ""
"If a service is not responding to ping checks (see the <quote>timeout</"
"quote> option), it is first sent the SIGTERM signal that instructs it to "
@@ -674,12 +776,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:451
+#: sssd.conf.5.xml:529
msgid "offline_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:454
+#: sssd.conf.5.xml:532
msgid ""
"When SSSD switches to offline mode the amount of time before it tries to go "
"back online will increase based upon the time spent disconnected. This "
@@ -687,117 +789,65 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:461
+#: sssd.conf.5.xml:539
msgid "offline_timeout + random_offset"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:464
+#: sssd.conf.5.xml:542
msgid ""
"The random offset can increment up to 30 seconds. After each unsuccessful "
"attempt to go online, the new interval is recalculated by the following:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:469
+#: sssd.conf.5.xml:547
msgid "new_interval = old_interval*2 + random_offset"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:472
+#: sssd.conf.5.xml:550
msgid ""
"Note that the maximum length of each interval is currently limited to one "
"hour. If the calculated length of new_interval is greater than an hour, it "
"will be forced to one hour."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:483
-msgid "subdomain_inherit (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:486
-msgid ""
-"Specifies a list of configuration parameters that should be inherited by a "
-"subdomain. Please note that only selected parameters can be inherited. "
-"Currently the following options can be inherited:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:492
-msgid "ignore_group_members"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:495
-msgid "ldap_purge_cache_timeout"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:498 sssd-ldap.5.xml:1036
-msgid "ldap_use_tokengroups"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:501
-msgid "ldap_user_principal"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:506
-#, no-wrap
-msgid ""
-"subdomain_inherit = ldap_purge_cache_timeout\n"
-" "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:504
-msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:510 sssd.conf.5.xml:966 sssd.conf.5.xml:987
-#: sssd.conf.5.xml:1272 sssd-ldap.5.xml:1775
-msgid "Default: none"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:518
+#: sssd.conf.5.xml:564
msgid "NSS configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:520
+#: sssd.conf.5.xml:566
msgid ""
"These options can be used to configure the Name Service Switch (NSS) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:525
+#: sssd.conf.5.xml:571
msgid "enum_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:528
+#: sssd.conf.5.xml:574
msgid ""
"How many seconds should nss_sss cache enumerations (requests for info about "
"all users)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:532
+#: sssd.conf.5.xml:578
msgid "Default: 120"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:537
+#: sssd.conf.5.xml:583
msgid "entry_cache_nowait_percentage (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
+#: sssd.conf.5.xml:586
msgid ""
"The entry cache can be set to automatically update entries in the background "
"if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -805,7 +855,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:546
+#: sssd.conf.5.xml:592
msgid ""
"For example, if the domain's entry_cache_timeout is set to 30s and "
"entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -815,7 +865,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:556
+#: sssd.conf.5.xml:602
msgid ""
"Valid values for this option are 0-99 and represent a percentage of the "
"entry_cache_timeout for each domain. For performance reasons, this "
@@ -824,17 +874,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:564
+#: sssd.conf.5.xml:610
msgid "Default: 50"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:569
+#: sssd.conf.5.xml:615
msgid "entry_negative_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:572
+#: sssd.conf.5.xml:618
msgid ""
"Specifies for how many seconds nss_sss should cache negative cache hits "
"(that is, queries for invalid database entries, like nonexistent ones) "
@@ -842,60 +892,88 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:578 sssd.conf.5.xml:1059
+#: sssd.conf.5.xml:624 sssd.conf.5.xml:1185
msgid "Default: 15"
msgstr "Noklusējuma: 15"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:583
+#: sssd.conf.5.xml:629
+#, fuzzy
+#| msgid "timeout (integer)"
+msgid "local_negative_timeout (integer)"
+msgstr "noildze (vesels skaitlis)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:632
+msgid ""
+"Specifies for how many seconds nss_sss should keep local users and groups in "
+"negative cache before trying to look it up in the back end again."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:637 sssd.conf.5.xml:983 sssd.conf.5.xml:2406 sssd.8.xml:79
+msgid "Default: 0"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:642
msgid "filter_users, filter_groups (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:586
+#: sssd.conf.5.xml:645
msgid ""
-"Exclude certain users from being fetched from the sss NSS database. This is "
-"particularly useful for system accounts. This option can also be set per-"
-"domain or include fully-qualified names to filter only users from the "
-"particular domain."
+"Exclude certain users or groups from being fetched from the sss NSS "
+"database. This is particularly useful for system accounts. This option can "
+"also be set per-domain or include fully-qualified names to filter only users "
+"from the particular domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:593
+#: sssd.conf.5.xml:652
+msgid ""
+"NOTE: The filter_groups option doesn't affect inheritance of nested group "
+"members, since filtering happens after they are propagated for returning via "
+"NSS. E.g. a group having a member group filtered out will still have the "
+"member users of the latter listed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:660
msgid "Default: root"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:598
+#: sssd.conf.5.xml:665
msgid "filter_users_in_groups (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:601
+#: sssd.conf.5.xml:668
msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:612
+#: sssd.conf.5.xml:679
msgid "fallback_homedir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:615
+#: sssd.conf.5.xml:682
msgid ""
"Set a default template for a user's home directory if one is not specified "
"explicitly by the domain's data provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:620
+#: sssd.conf.5.xml:687
msgid ""
"The available values for this option are the same as for override_homedir."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:626
+#: sssd.conf.5.xml:693
#, no-wrap
msgid ""
"fallback_homedir = /home/%u\n"
@@ -903,23 +981,23 @@ msgid ""
msgstr ""
#. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:624 sssd.conf.5.xml:981 sssd-krb5.5.xml:533
-#: include/override_homedir.xml:55
+#: sssd.conf.5.xml:691 sssd.conf.5.xml:1062 sssd.conf.5.xml:1081
+#: sssd-krb5.5.xml:533 include/override_homedir.xml:55
msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:630
+#: sssd.conf.5.xml:697
msgid "Default: not set (no substitution for unset home directories)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:636
+#: sssd.conf.5.xml:703
msgid "override_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:639
+#: sssd.conf.5.xml:706
msgid ""
"Override the login shell for all users. This option supersedes any other "
"shell options if it takes effect and can be set either in the [nss] section "
@@ -927,47 +1005,47 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:645
+#: sssd.conf.5.xml:712
msgid "Default: not set (SSSD will use the value retrieved from LDAP)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:651
+#: sssd.conf.5.xml:718
msgid "allowed_shells (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:654
+#: sssd.conf.5.xml:721
msgid ""
"Restrict user shell to one of the listed values. The order of evaluation is:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:657
+#: sssd.conf.5.xml:724
msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:661
+#: sssd.conf.5.xml:728
msgid ""
"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
"quote>, use the value of the shell_fallback parameter."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:666
+#: sssd.conf.5.xml:733
msgid ""
"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
"shells</quote>, a nologin shell is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:671
+#: sssd.conf.5.xml:738
msgid "The wildcard (*) can be used to allow any shell."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:674
+#: sssd.conf.5.xml:741
msgid ""
"The (*) is useful if you want to use shell_fallback in case that user's "
"shell is not in <quote>/etc/shells</quote> and maintaining list of all "
@@ -975,103 +1053,110 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:681
+#: sssd.conf.5.xml:748
msgid "An empty string for shell is passed as-is to libc."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:684
+#: sssd.conf.5.xml:751
msgid ""
"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
"that a restart of the SSSD is required in case a new shell is installed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:688
+#: sssd.conf.5.xml:755
msgid "Default: Not set. The user shell is automatically used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:693
+#: sssd.conf.5.xml:760
msgid "vetoed_shells (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:696
+#: sssd.conf.5.xml:763
msgid "Replace any instance of these shells with the shell_fallback"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:701
+#: sssd.conf.5.xml:768
msgid "shell_fallback (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:704
+#: sssd.conf.5.xml:771
msgid ""
"The default shell to use if an allowed shell is not installed on the machine."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:708
+#: sssd.conf.5.xml:775
msgid "Default: /bin/sh"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:713
+#: sssd.conf.5.xml:780
msgid "default_shell"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:716
+#: sssd.conf.5.xml:783
msgid ""
"The default shell to use if the provider does not return one during lookup. "
"This option can be specified globally in the [nss] section or per-domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:722
+#: sssd.conf.5.xml:789
msgid ""
"Default: not set (Return NULL if no shell is specified and rely on libc to "
"substitute something sensible when necessary, usually /bin/sh)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:729 sssd.conf.5.xml:915
+#: sssd.conf.5.xml:796 sssd.conf.5.xml:988
msgid "get_domains_timeout (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:732 sssd.conf.5.xml:918
+#: sssd.conf.5.xml:799 sssd.conf.5.xml:991
msgid ""
"Specifies time in seconds for which the list of subdomains will be "
"considered valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:741
+#: sssd.conf.5.xml:808
msgid "memcache_timeout (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:744
+#: sssd.conf.5.xml:811
msgid ""
"Specifies time in seconds for which records in the in-memory cache will be "
-"valid"
+"valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:748 sssd-ldap.5.xml:706
+#: sssd.conf.5.xml:815 sssd.conf.5.xml:1299 sssd-ldap.5.xml:706
msgid "Default: 300"
msgstr "Noklusējuma: 300"
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:818
+msgid ""
+"NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", "
+"client applications will not use the fast in-memory cache."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:753 sssd-ifp.5.xml:74
+#: sssd.conf.5.xml:826 sssd-ifp.5.xml:74
msgid "user_attributes (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:829
msgid ""
"Some of the additional NSS responder requests can return more attributes "
"than just the POSIX ones defined by the NSS interface. The list of "
@@ -1082,72 +1167,72 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:769
+#: sssd.conf.5.xml:842
msgid ""
"To make configuration more easy the NSS responder will check the InfoPipe "
"option if it is not set for the NSS responder."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:774
+#: sssd.conf.5.xml:847
msgid "Default: not set, fallback to InfoPipe option"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:781
+#: sssd.conf.5.xml:854
msgid "PAM configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:856
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:788
+#: sssd.conf.5.xml:861
msgid "offline_credentials_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:791
+#: sssd.conf.5.xml:864
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:796 sssd.conf.5.xml:809
+#: sssd.conf.5.xml:869 sssd.conf.5.xml:882
msgid "Default: 0 (No limit)"
msgstr "Noklusējuma: 0 (bez ierobežojuma)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:802
+#: sssd.conf.5.xml:875
msgid "offline_failed_login_attempts (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:805
+#: sssd.conf.5.xml:878
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:815
+#: sssd.conf.5.xml:888
msgid "offline_failed_login_delay (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:818
+#: sssd.conf.5.xml:891
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:823
+#: sssd.conf.5.xml:896
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -1155,59 +1240,59 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:829 sssd.conf.5.xml:882
+#: sssd.conf.5.xml:902 sssd.conf.5.xml:955
msgid "Default: 5"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:835
+#: sssd.conf.5.xml:908
msgid "pam_verbosity (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:838
+#: sssd.conf.5.xml:911
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:843
+#: sssd.conf.5.xml:916
msgid "Currently sssd supports the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:846
+#: sssd.conf.5.xml:919
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:849
+#: sssd.conf.5.xml:922
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:853
+#: sssd.conf.5.xml:926
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:856
+#: sssd.conf.5.xml:929
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:860 sssd.8.xml:63
+#: sssd.conf.5.xml:933 sssd.8.xml:63
msgid "Default: 1"
msgstr "Noklusējuma: 1"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:865
+#: sssd.conf.5.xml:938
msgid "pam_id_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:941
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -1215,7 +1300,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:874
+#: sssd.conf.5.xml:947
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
@@ -1224,17 +1309,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:888
+#: sssd.conf.5.xml:961
msgid "pam_pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:891 sssd.conf.5.xml:1492
+#: sssd.conf.5.xml:964 sssd.conf.5.xml:1631
msgid "Display a warning N days before the password expires."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:894
+#: sssd.conf.5.xml:967
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -1242,119 +1327,185 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:900 sssd.conf.5.xml:1495
+#: sssd.conf.5.xml:973 sssd.conf.5.xml:1634
msgid ""
"If zero is set, then this filter is not applied, i.e. if the expiration "
"warning was received from backend server, it will automatically be displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:905
+#: sssd.conf.5.xml:978
msgid ""
"This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
"emphasis> for a particular domain."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:910 sssd.conf.5.xml:2224 sssd.8.xml:79
-msgid "Default: 0"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:927
+#: sssd.conf.5.xml:1000
msgid "pam_trusted_users (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:930
+#: sssd.conf.5.xml:1003
msgid ""
"Specifies the comma-separated list of UID values or user names that are "
-"allowed to access the PAM responder. User names are resolved to UIDs at "
+"allowed to run PAM conversations against trusted domains. Users not "
+"included in this list can only access domains marked as public with "
+"<quote>pam_public_domains</quote>. User names are resolved to UIDs at "
"startup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:936
-msgid "Default: all (All users are allowed to access the PAM responder)"
+#: sssd.conf.5.xml:1013
+msgid "Default: All users are considered trusted by default"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940
+#: sssd.conf.5.xml:1017
msgid ""
"Please note that UID 0 is always allowed to access the PAM responder even in "
"case it is not in the pam_trusted_users list."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:947
+#: sssd.conf.5.xml:1024
msgid "pam_public_domains (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:950
+#: sssd.conf.5.xml:1027
msgid ""
"Specifies the comma-separated list of domain names that are accessible even "
"to untrusted users."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:954
+#: sssd.conf.5.xml:1031
msgid "Two special values for pam_public_domains option are defined:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:958
+#: sssd.conf.5.xml:1035
msgid ""
"all (Untrusted users are allowed to access all domains in PAM responder.)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:962
+#: sssd.conf.5.xml:1039
msgid ""
"none (Untrusted users are not allowed to access any domains PAM in "
"responder.)"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1043 sssd.conf.5.xml:1068 sssd.conf.5.xml:1087
+#: sssd.conf.5.xml:1411 sssd.conf.5.xml:2342 sssd-ldap.5.xml:1793
+msgid "Default: none"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:971
+#: sssd.conf.5.xml:1048
msgid "pam_account_expired_message (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:974
+#: sssd.conf.5.xml:1051
+msgid ""
+"Allows a custom expiration message to be set, replacing the default "
+"'Permission denied' message."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1056
+msgid ""
+"Note: Please be aware that message is only printed for the SSH service "
+"unless pam_verbostiy is set to 3 (show all messages and debug information)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd.conf.5.xml:1064
+#, no-wrap
+msgid ""
+"pam_account_expired_message = Account expired, please contact help desk.\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1073
+msgid "pam_account_locked_message (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1076
msgid ""
-"If user is authenticating using SSH keys and account is expired then by "
-"default 'Permission denied' is output. This output will be changed to "
-"content of this variable if it is set."
+"Allows a custom lockout message to be set, replacing the default 'Permission "
+"denied' message."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:983
+#: sssd.conf.5.xml:1083
#, no-wrap
msgid ""
-"pam_account_expired_message = Account expired, please call help desk.\n"
+"pam_account_locked_message = Account locked, please contact help desk.\n"
" "
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:992
+#: sssd.conf.5.xml:1092
+msgid "pam_cert_auth (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1095
+msgid ""
+"Enable certificate based Smartcard authentication. Since this requires "
+"additional communication with the Smartcard which will delay the "
+"authentication process this option is disabled by default."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1101 sssd-ldap.5.xml:1021 sssd-ldap.5.xml:1048
+#: sssd-ldap.5.xml:1339 sssd-ldap.5.xml:1360 sssd-ldap.5.xml:1866
+#: include/ldap_id_mapping.xml:244
+msgid "Default: False"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1106
+msgid "pam_cert_db_path (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1109
+msgid ""
+"The path to the certificate database which contain the PKCS#11 modules to "
+"access the Smartcard."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1113
+msgid "Default: /etc/pki/nssdb (NSS version)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1118
#, fuzzy
#| msgid "timeout (integer)"
msgid "p11_child_timeout (integer)"
msgstr "noildze (vesels skaitlis)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:995
+#: sssd.conf.5.xml:1121
msgid "How many seconds will pam_sss wait for p11_child to finish."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1008
+#: sssd.conf.5.xml:1134
msgid "SUDO configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1010
+#: sssd.conf.5.xml:1136
msgid ""
"These options can be used to configure the sudo service. The detailed "
"instructions for configuration of <citerefentry> <refentrytitle>sudo</"
@@ -1365,34 +1516,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1027
+#: sssd.conf.5.xml:1153
msgid "sudo_timed (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1030
+#: sssd.conf.5.xml:1156
msgid ""
"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
"that implement time-dependent sudoers entries."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1043
+#: sssd.conf.5.xml:1169
msgid "AUTOFS configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1045
+#: sssd.conf.5.xml:1171
msgid "These options can be used to configure the autofs service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1049
+#: sssd.conf.5.xml:1175
msgid "autofs_negative_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1052
+#: sssd.conf.5.xml:1178
msgid ""
"Specifies for how many seconds should the autofs responder negative cache "
"hits (that is, queries for invalid map entries, like nonexistent ones) "
@@ -1400,70 +1551,70 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1068
+#: sssd.conf.5.xml:1194
msgid "SSH configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1070
+#: sssd.conf.5.xml:1196
msgid "These options can be used to configure the SSH service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1074
+#: sssd.conf.5.xml:1200
msgid "ssh_hash_known_hosts (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1077
+#: sssd.conf.5.xml:1203
msgid ""
"Whether or not to hash host names and addresses in the managed known_hosts "
"file."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1086
+#: sssd.conf.5.xml:1212
msgid "ssh_known_hosts_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1089
+#: sssd.conf.5.xml:1215
msgid ""
"How many seconds to keep a host in the managed known_hosts file after its "
"host keys were requested."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1093
+#: sssd.conf.5.xml:1219
msgid "Default: 180"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1098
+#: sssd.conf.5.xml:1224
msgid "ca_db (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1101
+#: sssd.conf.5.xml:1227
msgid ""
"Path to a storage of trusted CA certificates. The option is used to validate "
"user certificates before deriving public ssh keys from them."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1106
+#: sssd.conf.5.xml:1232
#, fuzzy
#| msgid "Default: /etc/krb5.keytab"
msgid "Default: /etc/pki/nssdb"
msgstr "Noklusējuma: /etc/krb5.keytab"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1114
+#: sssd.conf.5.xml:1240
msgid "PAC responder configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1116
+#: sssd.conf.5.xml:1242
msgid ""
"The PAC responder works together with the authorization data plugin for MIT "
"Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the "
@@ -1475,7 +1626,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1125
+#: sssd.conf.5.xml:1251
msgid ""
"If the remote user does not exist in the cache, it is created. The uid is "
"determined with the help of the SID, trusted domains will have UPGs and the "
@@ -1486,24 +1637,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1133
+#: sssd.conf.5.xml:1259
msgid ""
"If there are SIDs of groups from domains sssd knows about, the user will be "
"added to those groups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1139
+#: sssd.conf.5.xml:1265
msgid "These options can be used to configure the PAC responder."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1143 sssd-ifp.5.xml:50
+#: sssd.conf.5.xml:1269 sssd-ifp.5.xml:50
msgid "allowed_uids (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1146
+#: sssd.conf.5.xml:1272
msgid ""
"Specifies the comma-separated list of UID values or user names that are "
"allowed to access the PAC responder. User names are resolved to UIDs at "
@@ -1511,12 +1662,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1152
+#: sssd.conf.5.xml:1278
msgid "Default: 0 (only the root user is allowed to access the PAC responder)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1156
+#: sssd.conf.5.xml:1282
msgid ""
"Please note that although the UID 0 is used as the default it will be "
"overwritten with this option. If you still want to allow the root user to "
@@ -1524,25 +1675,39 @@ msgid ""
"to the list of allowed UIDs as well."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1291
+#, fuzzy
+#| msgid "timeout (integer)"
+msgid "pac_lifetime (integer)"
+msgstr "noildze (vesels skaitlis)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1294
+msgid ""
+"Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC "
+"data can be used to determine the group memberships of a user."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1170
+#: sssd.conf.5.xml:1309
msgid "DOMAIN SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1177
+#: sssd.conf.5.xml:1316
msgid "min_id,max_id (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1180
+#: sssd.conf.5.xml:1319
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1185
+#: sssd.conf.5.xml:1324
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -1551,46 +1716,46 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1192
+#: sssd.conf.5.xml:1331
msgid ""
"These ID limits affect even saving entries to cache, not only returning them "
"by name or ID."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1196
+#: sssd.conf.5.xml:1335
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1202
+#: sssd.conf.5.xml:1341
msgid "enumerate (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1205
+#: sssd.conf.5.xml:1344
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1209
+#: sssd.conf.5.xml:1348
msgid "TRUE = Users and groups are enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1212
+#: sssd.conf.5.xml:1351
msgid "FALSE = No enumerations for this domain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1215 sssd.conf.5.xml:1447 sssd.conf.5.xml:1614
+#: sssd.conf.5.xml:1354 sssd.conf.5.xml:1586 sssd.conf.5.xml:1753
msgid "Default: FALSE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1218
+#: sssd.conf.5.xml:1357
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -1602,14 +1767,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1231
+#: sssd.conf.5.xml:1370
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1236
+#: sssd.conf.5.xml:1375
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -1618,39 +1783,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1244
+#: sssd.conf.5.xml:1383
msgid ""
"For the reasons cited above, enabling enumeration is not recommended, "
"especially in large environments."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1252
+#: sssd.conf.5.xml:1391
msgid "subdomain_enumerate (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1259
+#: sssd.conf.5.xml:1398
msgid "all"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1260
+#: sssd.conf.5.xml:1399
msgid "All discovered trusted domains will be enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1263
+#: sssd.conf.5.xml:1402
msgid "none"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1264
+#: sssd.conf.5.xml:1403
msgid "No discovered trusted domains will be enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1255
+#: sssd.conf.5.xml:1394
msgid ""
"Whether any of autodetected trusted domains should be enumerated. The "
"supported values are: <placeholder type=\"variablelist\" id=\"0\"/> "
@@ -1659,19 +1824,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1295
+#: sssd.conf.5.xml:1434
msgid "entry_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1298
+#: sssd.conf.5.xml:1437
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1302
+#: sssd.conf.5.xml:1441
msgid ""
"The cache expiration timestamps are stored as attributes of individual "
"objects in the cache. Therefore, changing the cache timeout only has effect "
@@ -1682,151 +1847,151 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1315
+#: sssd.conf.5.xml:1454
msgid "Default: 5400"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1321
+#: sssd.conf.5.xml:1460
msgid "entry_cache_user_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1324
+#: sssd.conf.5.xml:1463
msgid ""
"How many seconds should nss_sss consider user entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1328 sssd.conf.5.xml:1341 sssd.conf.5.xml:1354
-#: sssd.conf.5.xml:1367 sssd.conf.5.xml:1380 sssd.conf.5.xml:1394
-#: sssd.conf.5.xml:1408
+#: sssd.conf.5.xml:1467 sssd.conf.5.xml:1480 sssd.conf.5.xml:1493
+#: sssd.conf.5.xml:1506 sssd.conf.5.xml:1519 sssd.conf.5.xml:1533
+#: sssd.conf.5.xml:1547
msgid "Default: entry_cache_timeout"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1334
+#: sssd.conf.5.xml:1473
msgid "entry_cache_group_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1337
+#: sssd.conf.5.xml:1476
msgid ""
"How many seconds should nss_sss consider group entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1347
+#: sssd.conf.5.xml:1486
msgid "entry_cache_netgroup_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1350
+#: sssd.conf.5.xml:1489
msgid ""
"How many seconds should nss_sss consider netgroup entries valid before "
"asking the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1360
+#: sssd.conf.5.xml:1499
msgid "entry_cache_service_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1363
+#: sssd.conf.5.xml:1502
msgid ""
"How many seconds should nss_sss consider service entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1373
+#: sssd.conf.5.xml:1512
msgid "entry_cache_sudo_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1376
+#: sssd.conf.5.xml:1515
msgid ""
"How many seconds should sudo consider rules valid before asking the backend "
"again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1386
+#: sssd.conf.5.xml:1525
msgid "entry_cache_autofs_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1389
+#: sssd.conf.5.xml:1528
msgid ""
"How many seconds should the autofs service consider automounter maps valid "
"before asking the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1400
+#: sssd.conf.5.xml:1539
msgid "entry_cache_ssh_host_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1403
+#: sssd.conf.5.xml:1542
msgid ""
"How many seconds to keep a host ssh key after refresh. IE how long to cache "
"the host key for."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1414
+#: sssd.conf.5.xml:1553
msgid "refresh_expired_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1417
+#: sssd.conf.5.xml:1556
msgid ""
"Specifies how many seconds SSSD has to wait before triggering a background "
"refresh task which will refresh all expired or nearly expired records."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1422
+#: sssd.conf.5.xml:1561
msgid ""
"The background refresh will process users, groups and netgroups in the cache."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1426
+#: sssd.conf.5.xml:1565
msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1430 sssd-ldap.5.xml:730 sssd-ipa.5.xml:227
+#: sssd.conf.5.xml:1569 sssd-ldap.5.xml:730 sssd-ipa.5.xml:227
msgid "Default: 0 (disabled)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1436
+#: sssd.conf.5.xml:1575
msgid "cache_credentials (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1439
+#: sssd.conf.5.xml:1578
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1443
+#: sssd.conf.5.xml:1582
msgid "User credentials are stored in a SHA512 hash, not in plaintext"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1453
+#: sssd.conf.5.xml:1592
msgid "cache_credentials_minimal_first_factor_length (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1456
+#: sssd.conf.5.xml:1595
msgid ""
"If 2-Factor-Authentication (2FA) is used and credentials should be saved "
"this value determines the minimal length the first authentication factor "
@@ -1834,24 +1999,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1463
+#: sssd.conf.5.xml:1602
msgid ""
"This should avoid that the short PINs of a PIN based 2FA scheme are saved in "
"the cache which would make them easy targets for brute-force attacks."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1468
+#: sssd.conf.5.xml:1607
msgid "Default: 8"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1474
+#: sssd.conf.5.xml:1613
msgid "account_cache_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1477
+#: sssd.conf.5.xml:1616
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -1860,17 +2025,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1484
+#: sssd.conf.5.xml:1623
msgid "Default: 0 (unlimited)"
msgstr "Noklusējuma: 0 (neierobežots)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1489
+#: sssd.conf.5.xml:1628
msgid "pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1500
+#: sssd.conf.5.xml:1639
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -1879,33 +2044,33 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1507
+#: sssd.conf.5.xml:1646
msgid "Default: 7 (Kerberos), 0 (LDAP)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1513
+#: sssd.conf.5.xml:1652
msgid "id_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1516
+#: sssd.conf.5.xml:1655
msgid ""
"The identification provider used for the domain. Supported ID providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1520
+#: sssd.conf.5.xml:1659
msgid "<quote>proxy</quote>: Support a legacy NSS provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1523 sssd.conf.5.xml:1660
+#: sssd.conf.5.xml:1662 sssd.conf.5.xml:1799
msgid "<quote>local</quote>: SSSD internal provider for local users"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1527
+#: sssd.conf.5.xml:1666
msgid ""
"<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-"
"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
@@ -1913,8 +2078,8 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1535 sssd.conf.5.xml:1640 sssd.conf.5.xml:1695
-#: sssd.conf.5.xml:1748
+#: sssd.conf.5.xml:1674 sssd.conf.5.xml:1779 sssd.conf.5.xml:1834
+#: sssd.conf.5.xml:1897
msgid ""
"<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management "
"provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
@@ -1923,8 +2088,8 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1544 sssd.conf.5.xml:1649 sssd.conf.5.xml:1704
-#: sssd.conf.5.xml:1757
+#: sssd.conf.5.xml:1683 sssd.conf.5.xml:1788 sssd.conf.5.xml:1843
+#: sssd.conf.5.xml:1906
msgid ""
"<quote>ad</quote>: Active Directory provider. See <citerefentry> "
"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1932,19 +2097,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1555
+#: sssd.conf.5.xml:1694
msgid "use_fully_qualified_names (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1558
+#: sssd.conf.5.xml:1697
msgid ""
"Use the full name and domain (as formatted by the domain's full_name_format) "
"as the user's login name reported to NSS."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1563
+#: sssd.conf.5.xml:1702
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -1953,7 +2118,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1571
+#: sssd.conf.5.xml:1710
msgid ""
"NOTE: This option has no effect on netgroup lookups due to their tendency to "
"include nested netgroups without qualified names. For netgroups, all domains "
@@ -1961,22 +2126,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1578
+#: sssd.conf.5.xml:1717
msgid "Default: FALSE (TRUE if default_domain_suffix is used)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1584
+#: sssd.conf.5.xml:1723
msgid "ignore_group_members (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1587
+#: sssd.conf.5.xml:1726
msgid "Do not return group members for group lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1590
+#: sssd.conf.5.xml:1729
msgid ""
"If set to TRUE, the group membership attribute is not requested from the "
"ldap server, and group members are not returned when processing group lookup "
@@ -1988,7 +2153,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1608
+#: sssd.conf.5.xml:1747
msgid ""
"Enabling this option can also make access provider checks for group "
"membership significantly faster, especially for groups containing many "
@@ -1996,19 +2161,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1619
+#: sssd.conf.5.xml:1758
msgid "auth_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1622
+#: sssd.conf.5.xml:1761
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1626 sssd.conf.5.xml:1688
+#: sssd.conf.5.xml:1765 sssd.conf.5.xml:1827
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2016,7 +2181,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1633
+#: sssd.conf.5.xml:1772
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2024,30 +2189,30 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1657
+#: sssd.conf.5.xml:1796
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1664
+#: sssd.conf.5.xml:1803
msgid "<quote>none</quote> disables authentication explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1667
+#: sssd.conf.5.xml:1806
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1673
+#: sssd.conf.5.xml:1812
msgid "access_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1676
+#: sssd.conf.5.xml:1815
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -2055,19 +2220,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1682
+#: sssd.conf.5.xml:1821
msgid ""
"<quote>permit</quote> always allow access. It's the only permitted access "
"provider for a local domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1685
+#: sssd.conf.5.xml:1824
msgid "<quote>deny</quote> always deny access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1712
+#: sssd.conf.5.xml:1851
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -2076,24 +2241,37 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1719
+#: sssd.conf.5.xml:1858
+msgid ""
+"<quote>krb5</quote>: .k5login based access control. See <citerefentry> "
+"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></"
+"citerefentry> for more information on configuring Kerberos."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1865
+msgid "<quote>proxy</quote> for relaying access control to another PAM module."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1868
msgid "Default: <quote>permit</quote>"
msgstr "Noklusējuma: <quote>atļaut</quote>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1724
+#: sssd.conf.5.xml:1873
msgid "chpass_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1727
+#: sssd.conf.5.xml:1876
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1732
+#: sssd.conf.5.xml:1881
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -2101,7 +2279,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1740
+#: sssd.conf.5.xml:1889
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2109,35 +2287,35 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1765
+#: sssd.conf.5.xml:1914
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1769
+#: sssd.conf.5.xml:1918
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1772
+#: sssd.conf.5.xml:1921
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1779
+#: sssd.conf.5.xml:1928
msgid "sudo_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1782
+#: sssd.conf.5.xml:1931
msgid "The SUDO provider used for the domain. Supported SUDO providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1786
+#: sssd.conf.5.xml:1935
msgid ""
"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2145,32 +2323,32 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1794
+#: sssd.conf.5.xml:1943
msgid ""
"<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default "
"settings."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1798
+#: sssd.conf.5.xml:1947
msgid ""
"<quote>ad</quote> the same as <quote>ldap</quote> but with AD default "
"settings."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1802
+#: sssd.conf.5.xml:1951
msgid "<quote>none</quote> disables SUDO explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1805 sssd.conf.5.xml:1883 sssd.conf.5.xml:1915
-#: sssd.conf.5.xml:1940
+#: sssd.conf.5.xml:1954 sssd.conf.5.xml:2032 sssd.conf.5.xml:2073
+#: sssd.conf.5.xml:2098
msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1809
+#: sssd.conf.5.xml:1958
msgid ""
"The detailed instructions for configuration of sudo_provider are in the "
"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -2181,12 +2359,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1826
+#: sssd.conf.5.xml:1975
msgid "selinux_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1829
+#: sssd.conf.5.xml:1978
msgid ""
"The provider which should handle loading of selinux settings. Note that this "
"provider will be called right after access provider ends. Supported selinux "
@@ -2194,7 +2372,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1835
+#: sssd.conf.5.xml:1984
msgid ""
"<quote>ipa</quote> to load selinux settings from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2202,31 +2380,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1843
+#: sssd.conf.5.xml:1992
msgid "<quote>none</quote> disallows fetching selinux settings explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1846
+#: sssd.conf.5.xml:1995
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"selinux loading requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1852
+#: sssd.conf.5.xml:2001
msgid "subdomains_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1855
+#: sssd.conf.5.xml:2004
msgid ""
"The provider which should handle fetching of subdomains. This value should "
"be always the same as id_provider. Supported subdomain providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1861
+#: sssd.conf.5.xml:2010
msgid ""
"<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2234,7 +2412,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1870
+#: sssd.conf.5.xml:2019
msgid ""
"<quote>ad</quote> to load a list of subdomains from an Active Directory "
"server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> "
@@ -2243,23 +2421,23 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1879
+#: sssd.conf.5.xml:2028
msgid "<quote>none</quote> disallows fetching subdomains explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1890
+#: sssd.conf.5.xml:2039
msgid "autofs_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1893
+#: sssd.conf.5.xml:2042
msgid ""
"The autofs provider used for the domain. Supported autofs providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1897
+#: sssd.conf.5.xml:2046
msgid ""
"<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2267,7 +2445,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1904
+#: sssd.conf.5.xml:2053
msgid ""
"<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2275,24 +2453,32 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1912
+#: sssd.conf.5.xml:2061
+msgid ""
+"<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> "
+"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> for more information on configuring the AD provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2070
msgid "<quote>none</quote> disables autofs explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1922
+#: sssd.conf.5.xml:2080
msgid "hostid_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1925
+#: sssd.conf.5.xml:2083
msgid ""
"The provider used for retrieving host identity information. Supported "
"hostid providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1929
+#: sssd.conf.5.xml:2087
msgid ""
"<quote>ipa</quote> to load host identity stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2300,12 +2486,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1937
+#: sssd.conf.5.xml:2095
msgid "<quote>none</quote> disables hostid explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1950
+#: sssd.conf.5.xml:2108
msgid ""
"Regular expression for this domain that describes how to parse the string "
"containing user name and domain into these components. The \"domain\" can "
@@ -2315,7 +2501,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1959
+#: sssd.conf.5.xml:2117
msgid ""
"Default for the AD and IPA provider: <quote>(((?P&lt;domain&gt;[^\\\\]+)\\"
"\\(?P&lt;name&gt;.+$))|((?P&lt;name&gt;[^@]+)@(?P&lt;domain&gt;.+$))|(^(?"
@@ -2324,29 +2510,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1964
+#: sssd.conf.5.xml:2122
msgid "username"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1967
+#: sssd.conf.5.xml:2125
msgid "username@domain.name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1970
+#: sssd.conf.5.xml:2128
msgid "domain\\username"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1973
+#: sssd.conf.5.xml:2131
msgid ""
"While the first two correspond to the general default the third one is "
"introduced to allow easy integration of users from Windows domains."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1978
+#: sssd.conf.5.xml:2136
msgid ""
"Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
"which translates to \"the name is everything up to the <quote>@</quote> "
@@ -2354,7 +2540,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1984
+#: sssd.conf.5.xml:2142
msgid ""
"PLEASE NOTE: the support for non-unique named subpatterns is not available "
"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
@@ -2362,66 +2548,66 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1991
+#: sssd.conf.5.xml:2149
msgid ""
"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
"P&lt;name&gt;) to label subpatterns."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2038
+#: sssd.conf.5.xml:2196
msgid "Default: <quote>%1$s@%2$s</quote>."
msgstr "Noklusējuma: <quote>%1$s@%2$s</quote>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2044
+#: sssd.conf.5.xml:2202
msgid "lookup_family_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2047
+#: sssd.conf.5.xml:2205
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2051
+#: sssd.conf.5.xml:2209
msgid "Supported values:"
msgstr "Atbalstītās vērtības:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2054
+#: sssd.conf.5.xml:2212
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2057
+#: sssd.conf.5.xml:2215
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2060
+#: sssd.conf.5.xml:2218
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2063
+#: sssd.conf.5.xml:2221
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2066
+#: sssd.conf.5.xml:2224
msgid "Default: ipv4_first"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2072
+#: sssd.conf.5.xml:2230
msgid "dns_resolver_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2075
+#: sssd.conf.5.xml:2233
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -2429,70 +2615,70 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2081 sssd-ldap.5.xml:1203 sssd-ldap.5.xml:1245
-#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:248
+#: sssd.conf.5.xml:2239 sssd-ldap.5.xml:1221 sssd-ldap.5.xml:1263
+#: sssd-ldap.5.xml:1281 sssd-krb5.5.xml:248
msgid "Default: 6"
msgstr "Noklusējuma: 6"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2087
+#: sssd.conf.5.xml:2245
msgid "dns_discovery_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2090
+#: sssd.conf.5.xml:2248
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2094
+#: sssd.conf.5.xml:2252
msgid "Default: Use the domain part of machine's hostname"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2100
+#: sssd.conf.5.xml:2258
msgid "override_gid (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2103
+#: sssd.conf.5.xml:2261
msgid "Override the primary GID value with the one specified."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2109
+#: sssd.conf.5.xml:2267
msgid "case_sensitive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2117
+#: sssd.conf.5.xml:2275
msgid "True"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2120
+#: sssd.conf.5.xml:2278
msgid "Case sensitive. This value is invalid for AD provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2126
+#: sssd.conf.5.xml:2284
msgid "False"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2128
+#: sssd.conf.5.xml:2286
msgid "Case insensitive."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2132
+#: sssd.conf.5.xml:2290
msgid "Preserving"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2135
+#: sssd.conf.5.xml:2293
msgid ""
"Same as False (case insensitive), but does not lowercase names in the result "
"of NSS operations. Note that name aliases (and in case of services also "
@@ -2500,7 +2686,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2112
+#: sssd.conf.5.xml:2270
msgid ""
"Treat user and group names as case sensitive. At the moment, this option is "
"not supported in the local provider. Possible option values are: "
@@ -2508,41 +2694,85 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2147
+#: sssd.conf.5.xml:2305
msgid "Default: True (False for AD provider)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2153
-msgid "proxy_fast_alias (boolean)"
+#: sssd.conf.5.xml:2311
+msgid "subdomain_inherit (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2156
+#: sssd.conf.5.xml:2314
msgid ""
-"When a user or group is looked up by name in the proxy provider, a second "
-"lookup by ID is performed to \"canonicalize\" the name in case the requested "
-"name was an alias. Setting this option to true would cause the SSSD to "
-"perform the ID lookup from cache for performance reasons."
+"Specifies a list of configuration parameters that should be inherited by a "
+"subdomain. Please note that only selected parameters can be inherited. "
+"Currently the following options can be inherited:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2320
+msgid "ignore_group_members"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2323
+msgid "ldap_purge_cache_timeout"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2326 sssd-ldap.5.xml:1054
+msgid "ldap_use_tokengroups"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2329
+msgid "ldap_user_principal"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2332
+msgid ""
+"ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab "
+"is not set explicitly)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd.conf.5.xml:2338
+#, no-wrap
+msgid ""
+"subdomain_inherit = ldap_purge_cache_timeout\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2336
+msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2345
+msgid "Note: This option only works with the IPA and AD provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2170
+#: sssd.conf.5.xml:2352
msgid "subdomain_homedir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2181
+#: sssd.conf.5.xml:2363
msgid "%F"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2182
+#: sssd.conf.5.xml:2364
msgid "flat (NetBIOS) name of a subdomain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2173
+#: sssd.conf.5.xml:2355
msgid ""
"Use this homedir as default value for all subdomains within this domain in "
"IPA AD trust. See <emphasis>override_homedir</emphasis> for info about "
@@ -2552,36 +2782,36 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2187
+#: sssd.conf.5.xml:2369
msgid ""
"The value can be overridden by <emphasis>override_homedir</emphasis> option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2191
+#: sssd.conf.5.xml:2373
msgid "Default: <filename>/home/%d/%u</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2196
+#: sssd.conf.5.xml:2378
msgid "realmd_tags (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2199
+#: sssd.conf.5.xml:2381
msgid ""
"Various tags stored by the realmd configuration service for this domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2205
+#: sssd.conf.5.xml:2387
#, fuzzy
#| msgid "timeout (integer)"
msgid "cached_auth_timeout (int)"
msgstr "noildze (vesels skaitlis)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2208
+#: sssd.conf.5.xml:2390
msgid ""
"Specifies time in seconds since last successful online authentication for "
"which user will be authenticated using cached credentials while SSSD is in "
@@ -2589,12 +2819,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2214
+#: sssd.conf.5.xml:2396
msgid "Special value 0 implies that this feature is disabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2218
+#: sssd.conf.5.xml:2400
msgid ""
"Please note that if <quote>cached_auth_timeout</quote> is longer than "
"<quote>pam_id_timeout</quote> then the back end could be called to handle "
@@ -2602,7 +2832,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1172
+#: sssd.conf.5.xml:1311
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -2610,49 +2840,63 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2236
+#: sssd.conf.5.xml:2418
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2239
+#: sssd.conf.5.xml:2421
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2242
+#: sssd.conf.5.xml:2424
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2250
+#: sssd.conf.5.xml:2432
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2253
+#: sssd.conf.5.xml:2435
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
"for example _nss_files_getpwent."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2445
+msgid "proxy_fast_alias (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2448
+msgid ""
+"When a user or group is looked up by name in the proxy provider, a second "
+"lookup by ID is performed to \"canonicalize\" the name in case the requested "
+"name was an alias. Setting this option to true would cause the SSSD to "
+"perform the ID lookup from cache for performance reasons."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2232
+#: sssd.conf.5.xml:2414
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2265
+#: sssd.conf.5.xml:2465
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2267
+#: sssd.conf.5.xml:2467
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -2660,73 +2904,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2274
+#: sssd.conf.5.xml:2474
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2277
+#: sssd.conf.5.xml:2477
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2281
+#: sssd.conf.5.xml:2481
msgid "Default: <filename>/bin/bash</filename>"
msgstr "Noklusējuma: <filename>/bin/bash</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2286
+#: sssd.conf.5.xml:2486
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2289
+#: sssd.conf.5.xml:2489
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2294
+#: sssd.conf.5.xml:2494
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2299
+#: sssd.conf.5.xml:2499
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2302
+#: sssd.conf.5.xml:2502
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2306 sssd.conf.5.xml:2318
+#: sssd.conf.5.xml:2506 sssd.conf.5.xml:2518
msgid "Default: TRUE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2311
+#: sssd.conf.5.xml:2511
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2314
+#: sssd.conf.5.xml:2514
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2323
+#: sssd.conf.5.xml:2523
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2326
+#: sssd.conf.5.xml:2526
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -2734,17 +2978,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2334
+#: sssd.conf.5.xml:2534
msgid "Default: 077"
msgstr "Noklusējuma: 077"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2339
+#: sssd.conf.5.xml:2539
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2342
+#: sssd.conf.5.xml:2542
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -2753,17 +2997,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2352
+#: sssd.conf.5.xml:2552
msgid "Default: <filename>/etc/skel</filename>"
msgstr "Noklusējuma: <filename>/etc/skel</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2357
+#: sssd.conf.5.xml:2557
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2360
+#: sssd.conf.5.xml:2560
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -2771,17 +3015,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2367
+#: sssd.conf.5.xml:2567
msgid "Default: <filename>/var/mail</filename>"
msgstr "Noklusējuma: <filename>/var/mail</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2372
+#: sssd.conf.5.xml:2572
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2375
+#: sssd.conf.5.xml:2575
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -2789,19 +3033,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2381
+#: sssd.conf.5.xml:2581
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:2391 sssd-ldap.5.xml:2611 sssd-simple.5.xml:131
-#: sssd-ipa.5.xml:717 sssd-ad.5.xml:889 sssd-krb5.5.xml:564
+#: sssd.conf.5.xml:2591 sssd-ldap.5.xml:2629 sssd-simple.5.xml:131
+#: sssd-ipa.5.xml:717 sssd-ad.5.xml:965 sssd-krb5.5.xml:564
#: sss_rpcidmapd.5.xml:98
msgid "EXAMPLE"
msgstr "PIEMĒRS"
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:2397
+#: sssd.conf.5.xml:2597
#, no-wrap
msgid ""
"[sssd]\n"
@@ -2831,7 +3075,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2393
+#: sssd.conf.5.xml:2593
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -2877,7 +3121,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:88
+#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:89
#: sssd-krb5.5.xml:63 sssd-ifp.5.xml:44
msgid "CONFIGURATION OPTIONS"
msgstr "KONFIGURĒŠANAS IESPĒJAS"
@@ -2977,8 +3221,8 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:646 sssd-ad.5.xml:212
-#: sss_override.8.xml:99 sss_override.8.xml:167
+#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:646 sssd-ad.5.xml:220
+#: sss_override.8.xml:137 sss_override.8.xml:234
msgid "Examples:"
msgstr ""
@@ -3267,14 +3511,14 @@ msgid "ldap_user_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:373 sssd-ldap.5.xml:914 sssd-ldap.5.xml:1119
+#: sssd-ldap.5.xml:373 sssd-ldap.5.xml:914 sssd-ldap.5.xml:1137
msgid ""
"The LDAP attribute that contains timestamp of the last modification of the "
"parent object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:377 sssd-ldap.5.xml:918 sssd-ldap.5.xml:1126
+#: sssd-ldap.5.xml:377 sssd-ldap.5.xml:918 sssd-ldap.5.xml:1144
msgid "Default: modifyTimestamp"
msgstr ""
@@ -3669,8 +3913,8 @@ msgid "The LDAP attribute that corresponds to the user's full name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:743 sssd-ldap.5.xml:850 sssd-ldap.5.xml:1077
-#: sssd-ldap.5.xml:1151 sssd-ldap.5.xml:2192 sssd-ipa.5.xml:590
+#: sssd-ldap.5.xml:743 sssd-ldap.5.xml:850 sssd-ldap.5.xml:1095
+#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:2210 sssd-ipa.5.xml:590
msgid "Default: cn"
msgstr ""
@@ -3874,19 +4118,36 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:945
-msgid "ldap_group_nesting_level (integer)"
+msgid "ldap_group_external_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:948
msgid ""
+"The LDAP attribute that references group members that are defined in an "
+"external domain. At the moment, only IPA's external members are supported."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:954
+msgid "Default: ipaExternalMember in the IPA provider, otherwise unset."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:961
+msgid "ldap_group_nesting_level (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:964
+msgid ""
"If ldap_schema is set to a schema format that supports nested groups (e.g. "
"RFC2307bis), then this option controls how many levels of nesting SSSD will "
"follow. This option has no effect on the RFC2307 schema."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:955
+#: sssd-ldap.5.xml:971
msgid ""
"Note: This option specifies the guaranteed level of nested groups to be "
"processed for any lookup. However, nested groups beyond this limit "
@@ -3896,26 +4157,27 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:964
+#: sssd-ldap.5.xml:980
msgid ""
"If ldap_group_nesting_level is set to 0 then no nested groups are processed "
-"at all. However, when connected to Active-Directory Server 2008 and later it "
-"is furthermore required to disable usage of Token-Groups by setting "
-"ldap_use_tokengroups to false."
+"at all. However, when connected to Active-Directory Server 2008 and later "
+"using <quote>id_provider=ad</quote> it is furthermore required to disable "
+"usage of Token-Groups by setting ldap_use_tokengroups to false in order to "
+"restrict group nesting."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:971
+#: sssd-ldap.5.xml:989
msgid "Default: 2"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:977
+#: sssd-ldap.5.xml:995
msgid "ldap_groups_use_matching_rule_in_chain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:980
+#: sssd-ldap.5.xml:998
msgid ""
"This option tells SSSD to take advantage of an Active Directory-specific "
"feature which may speed up group lookup operations on deployments with "
@@ -3923,14 +4185,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:986
+#: sssd-ldap.5.xml:1004
msgid ""
"In most common cases, it is best to leave this option disabled. It generally "
"only provides a performance increase on very complex nestings."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:991 sssd-ldap.5.xml:1018
+#: sssd-ldap.5.xml:1009 sssd-ldap.5.xml:1036
msgid ""
"If this option is enabled, SSSD will use it if it detects that the server "
"supports it during initial connection. So \"True\" here essentially means "
@@ -3938,7 +4200,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:997 sssd-ldap.5.xml:1024
+#: sssd-ldap.5.xml:1015 sssd-ldap.5.xml:1042
msgid ""
"Note: This feature is currently known to work only with Active Directory "
"2008 R1 and later. See <ulink url=\"http://msdn.microsoft.com/en-us/library/"
@@ -3946,19 +4208,13 @@ msgid ""
"for more details."
msgstr ""
-#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1003 sssd-ldap.5.xml:1030 sssd-ldap.5.xml:1321
-#: sssd-ldap.5.xml:1342 sssd-ldap.5.xml:1848 include/ldap_id_mapping.xml:242
-msgid "Default: False"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1009
+#: sssd-ldap.5.xml:1027
msgid "ldap_initgroups_use_matching_rule_in_chain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1012
+#: sssd-ldap.5.xml:1030
msgid ""
"This option tells SSSD to take advantage of an Active Directory-specific "
"feature which might speed up initgroups operations (most notably when "
@@ -3966,168 +4222,168 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1039
+#: sssd-ldap.5.xml:1057
msgid ""
"This options enables or disables use of Token-Groups attribute when "
"performing initgroup for users from Active Directory Server 2008 and later."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1044
+#: sssd-ldap.5.xml:1062
msgid "Default: True for AD and IPA otherwise False."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1050
+#: sssd-ldap.5.xml:1068
msgid "ldap_netgroup_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1053
+#: sssd-ldap.5.xml:1071
msgid "The object class of a netgroup entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1056
+#: sssd-ldap.5.xml:1074
msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1060
+#: sssd-ldap.5.xml:1078
msgid "Default: nisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1066
+#: sssd-ldap.5.xml:1084
msgid "ldap_netgroup_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1069
+#: sssd-ldap.5.xml:1087
msgid "The LDAP attribute that corresponds to the netgroup name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1073
+#: sssd-ldap.5.xml:1091
msgid "In IPA provider, ipa_netgroup_name should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1083
+#: sssd-ldap.5.xml:1101
msgid "ldap_netgroup_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1086
+#: sssd-ldap.5.xml:1104
msgid "The LDAP attribute that contains the names of the netgroup's members."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1090
+#: sssd-ldap.5.xml:1108
msgid "In IPA provider, ipa_netgroup_member should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1094
+#: sssd-ldap.5.xml:1112
msgid "Default: memberNisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1100
+#: sssd-ldap.5.xml:1118
msgid "ldap_netgroup_triple (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1103
+#: sssd-ldap.5.xml:1121
msgid ""
"The LDAP attribute that contains the (host, user, domain) netgroup triples."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1107 sssd-ldap.5.xml:1123
+#: sssd-ldap.5.xml:1125 sssd-ldap.5.xml:1141
msgid "This option is not available in IPA provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1110
+#: sssd-ldap.5.xml:1128
msgid "Default: nisNetgroupTriple"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1116
+#: sssd-ldap.5.xml:1134
msgid "ldap_netgroup_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1132
+#: sssd-ldap.5.xml:1150
msgid "ldap_service_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1135
+#: sssd-ldap.5.xml:1153
msgid "The object class of a service entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1138
+#: sssd-ldap.5.xml:1156
msgid "Default: ipService"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1144
+#: sssd-ldap.5.xml:1162
msgid "ldap_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1147
+#: sssd-ldap.5.xml:1165
msgid ""
"The LDAP attribute that contains the name of service attributes and their "
"aliases."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1157
+#: sssd-ldap.5.xml:1175
msgid "ldap_service_port (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1160
+#: sssd-ldap.5.xml:1178
msgid "The LDAP attribute that contains the port managed by this service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1164
+#: sssd-ldap.5.xml:1182
msgid "Default: ipServicePort"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1170
+#: sssd-ldap.5.xml:1188
msgid "ldap_service_proto (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1173
+#: sssd-ldap.5.xml:1191
msgid ""
"The LDAP attribute that contains the protocols understood by this service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1177
+#: sssd-ldap.5.xml:1195
msgid "Default: ipServiceProtocol"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1183
+#: sssd-ldap.5.xml:1201
msgid "ldap_service_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1188
+#: sssd-ldap.5.xml:1206
msgid "ldap_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1191
+#: sssd-ldap.5.xml:1209
msgid ""
"Specifies the timeout (in seconds) that ldap searches are allowed to run "
"before they are cancelled and cached results are returned (and offline mode "
@@ -4135,7 +4391,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1197
+#: sssd-ldap.5.xml:1215
msgid ""
"Note: this option is subject to change in future versions of the SSSD. It "
"will likely be replaced at some point by a series of timeouts for specific "
@@ -4143,12 +4399,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1209
+#: sssd-ldap.5.xml:1227
msgid "ldap_enumeration_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1212
+#: sssd-ldap.5.xml:1230
msgid ""
"Specifies the timeout (in seconds) that ldap searches for user and group "
"enumerations are allowed to run before they are cancelled and cached results "
@@ -4156,12 +4412,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1225
+#: sssd-ldap.5.xml:1243
msgid "ldap_network_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1228
+#: sssd-ldap.5.xml:1246
msgid ""
"Specifies the timeout (in seconds) after which the <citerefentry> "
"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
@@ -4172,12 +4428,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1251
+#: sssd-ldap.5.xml:1269
msgid "ldap_opt_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1254
+#: sssd-ldap.5.xml:1272
msgid ""
"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
"will abort if no response is received. Also controls the timeout when "
@@ -4186,12 +4442,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1269
+#: sssd-ldap.5.xml:1287
msgid "ldap_connection_expire_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1272
+#: sssd-ldap.5.xml:1290
msgid ""
"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
"maintained. After this time, the connection will be re-established. If used "
@@ -4200,34 +4456,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1280 sssd-ldap.5.xml:2349
+#: sssd-ldap.5.xml:1298 sssd-ldap.5.xml:2367
msgid "Default: 900 (15 minutes)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1286
+#: sssd-ldap.5.xml:1304
msgid "ldap_page_size (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1289
+#: sssd-ldap.5.xml:1307
msgid ""
"Specify the number of records to retrieve from LDAP in a single request. "
"Some LDAP servers enforce a maximum limit per-request."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1294
+#: sssd-ldap.5.xml:1312
msgid "Default: 1000"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1300
+#: sssd-ldap.5.xml:1318
msgid "ldap_disable_paging (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1303
+#: sssd-ldap.5.xml:1321
msgid ""
"Disable the LDAP paging control. This option should be used if the LDAP "
"server reports that it supports the LDAP paging control in its RootDSE but "
@@ -4235,14 +4491,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1309
+#: sssd-ldap.5.xml:1327
msgid ""
"Example: OpenLDAP servers with the paging control module installed on the "
"server but not enabled will report it in the RootDSE but be unable to use it."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1315
+#: sssd-ldap.5.xml:1333
msgid ""
"Example: 389 DS has a bug where it can only support a one paging control at "
"a time on a single connection. On busy clients, this can result in some "
@@ -4250,17 +4506,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1327
+#: sssd-ldap.5.xml:1345
msgid "ldap_disable_range_retrieval (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1330
+#: sssd-ldap.5.xml:1348
msgid "Disable Active Directory range retrieval."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1333
+#: sssd-ldap.5.xml:1351
msgid ""
"Active Directory limits the number of members to be retrieved in a single "
"lookup using the MaxValRange policy (which defaults to 1500 members). If a "
@@ -4270,12 +4526,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1348
+#: sssd-ldap.5.xml:1366
msgid "ldap_sasl_minssf (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1351
+#: sssd-ldap.5.xml:1369
msgid ""
"When communicating with an LDAP server using SASL, specify the minimum "
"security level necessary to establish the connection. The values of this "
@@ -4283,17 +4539,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1357
+#: sssd-ldap.5.xml:1375
msgid "Default: Use the system default (usually specified by ldap.conf)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1364
+#: sssd-ldap.5.xml:1382
msgid "ldap_deref_threshold (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1367
+#: sssd-ldap.5.xml:1385
msgid ""
"Specify the number of group members that must be missing from the internal "
"cache in order to trigger a dereference lookup. If less members are missing, "
@@ -4301,13 +4557,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1373
+#: sssd-ldap.5.xml:1391
msgid ""
"You can turn off dereference lookups completely by setting the value to 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1377
+#: sssd-ldap.5.xml:1395
msgid ""
"A dereference lookup is a means of fetching all group members in a single "
"LDAP call. Different LDAP servers may implement different dereference "
@@ -4316,7 +4572,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1385
+#: sssd-ldap.5.xml:1403
msgid ""
"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
"filter, then the dereference lookup performance enhancement will be disabled "
@@ -4324,26 +4580,26 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1398
+#: sssd-ldap.5.xml:1416
msgid "ldap_tls_reqcert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1401
+#: sssd-ldap.5.xml:1419
msgid ""
"Specifies what checks to perform on server certificates in a TLS session, if "
"any. It can be specified as one of the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1407
+#: sssd-ldap.5.xml:1425
msgid ""
"<emphasis>never</emphasis> = The client will not request or check any server "
"certificate."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1411
+#: sssd-ldap.5.xml:1429
msgid ""
"<emphasis>allow</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -4351,7 +4607,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1418
+#: sssd-ldap.5.xml:1436
msgid ""
"<emphasis>try</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -4359,7 +4615,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1424
+#: sssd-ldap.5.xml:1442
msgid ""
"<emphasis>demand</emphasis> = The server certificate is requested. If no "
"certificate is provided, or a bad certificate is provided, the session is "
@@ -4367,41 +4623,41 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1430
+#: sssd-ldap.5.xml:1448
msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1434
+#: sssd-ldap.5.xml:1452
msgid "Default: hard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1440
+#: sssd-ldap.5.xml:1458
msgid "ldap_tls_cacert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1443
+#: sssd-ldap.5.xml:1461
msgid ""
"Specifies the file that contains certificates for all of the Certificate "
"Authorities that <command>sssd</command> will recognize."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1448 sssd-ldap.5.xml:1466 sssd-ldap.5.xml:1507
+#: sssd-ldap.5.xml:1466 sssd-ldap.5.xml:1484 sssd-ldap.5.xml:1525
msgid ""
"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
"conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1455
+#: sssd-ldap.5.xml:1473
msgid "ldap_tls_cacertdir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1458
+#: sssd-ldap.5.xml:1476
msgid ""
"Specifies the path of a directory that contains Certificate Authority "
"certificates in separate individual files. Typically the file names need to "
@@ -4410,32 +4666,32 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1473
+#: sssd-ldap.5.xml:1491
msgid "ldap_tls_cert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1476
+#: sssd-ldap.5.xml:1494
msgid "Specifies the file that contains the certificate for the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1486
+#: sssd-ldap.5.xml:1504
msgid "ldap_tls_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1489
+#: sssd-ldap.5.xml:1507
msgid "Specifies the file that contains the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1498
+#: sssd-ldap.5.xml:1516
msgid "ldap_tls_cipher_suite (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1501
+#: sssd-ldap.5.xml:1519
msgid ""
"Specifies acceptable cipher suites. Typically this is a colon separated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -4443,24 +4699,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1514
+#: sssd-ldap.5.xml:1532
msgid "ldap_id_use_start_tls (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1517
+#: sssd-ldap.5.xml:1535
msgid ""
"Specifies that the id_provider connection must also use <systemitem class="
"\"protocol\">tls</systemitem> to protect the channel."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1527
+#: sssd-ldap.5.xml:1545
msgid "ldap_id_mapping (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1530
+#: sssd-ldap.5.xml:1548
msgid ""
"Specifies that SSSD should attempt to map user and group IDs from the "
"ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
@@ -4468,17 +4724,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1536
+#: sssd-ldap.5.xml:1554
msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1546
+#: sssd-ldap.5.xml:1564
msgid "ldap_min_id, ldap_max_id (interger)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1549
+#: sssd-ldap.5.xml:1567
msgid ""
"In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
"set to true the allowed ID range for ldap_user_uid_number and "
@@ -4489,29 +4745,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1561
+#: sssd-ldap.5.xml:1579
msgid "Default: not set (both options are set to 0)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1567
+#: sssd-ldap.5.xml:1585
msgid "ldap_sasl_mech (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1570
+#: sssd-ldap.5.xml:1588
msgid ""
"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
"supported."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1580
+#: sssd-ldap.5.xml:1598
msgid "ldap_sasl_authid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1583
+#: sssd-ldap.5.xml:1601
msgid ""
"Specify the SASL authorization id to use. When GSSAPI is used, this "
"represents the Kerberos principal used for authentication to the directory. "
@@ -4520,17 +4776,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1591
+#: sssd-ldap.5.xml:1609
msgid "Default: host/hostname@REALM"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1597
+#: sssd-ldap.5.xml:1615
msgid "ldap_sasl_realm (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1600
+#: sssd-ldap.5.xml:1618
msgid ""
"Specify the SASL realm to use. When not specified, this option defaults to "
"the value of krb5_realm. If the ldap_sasl_authid contains the realm as "
@@ -4538,49 +4794,49 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1606
+#: sssd-ldap.5.xml:1624
msgid "Default: the value of krb5_realm."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1612
+#: sssd-ldap.5.xml:1630
msgid "ldap_sasl_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1615
+#: sssd-ldap.5.xml:1633
msgid ""
"If set to true, the LDAP library would perform a reverse lookup to "
"canonicalize the host name during a SASL bind."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1620
+#: sssd-ldap.5.xml:1638
msgid "Default: false;"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1626
+#: sssd-ldap.5.xml:1644
msgid "ldap_krb5_keytab (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1629
+#: sssd-ldap.5.xml:1647
msgid "Specify the keytab to use when using SASL/GSSAPI."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1632
+#: sssd-ldap.5.xml:1650
msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1638
+#: sssd-ldap.5.xml:1656
msgid "ldap_krb5_init_creds (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1641
+#: sssd-ldap.5.xml:1659
msgid ""
"Specifies that the id_provider should init Kerberos credentials (TGT). This "
"action is performed only if SASL is used and the mechanism selected is "
@@ -4588,27 +4844,27 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1653
+#: sssd-ldap.5.xml:1671
msgid "ldap_krb5_ticket_lifetime (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1656
+#: sssd-ldap.5.xml:1674
msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1660 sssd-ad.5.xml:783
+#: sssd-ldap.5.xml:1678 sssd-ad.5.xml:859
msgid "Default: 86400 (24 hours)"
msgstr "Noklusējuma: 86400 (24 stundas)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1666 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1684 sssd-krb5.5.xml:74
msgid "krb5_server, krb5_backup_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1669
+#: sssd-ldap.5.xml:1687
msgid ""
"Specifies the comma-separated list of IP addresses or hostnames of the "
"Kerberos servers to which SSSD should connect in the order of preference. "
@@ -4620,7 +4876,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1681 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1699 sssd-krb5.5.xml:89
msgid ""
"When using service discovery for KDC or kpasswd servers, SSSD first searches "
"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -4628,7 +4884,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1686 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1704 sssd-krb5.5.xml:94
msgid ""
"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
"While the legacy name is recognized for the time being, users are advised to "
@@ -4636,39 +4892,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1695 sssd-ipa.5.xml:415 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1713 sssd-ipa.5.xml:415 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1698
+#: sssd-ldap.5.xml:1716
msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1701
+#: sssd-ldap.5.xml:1719
msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1707 sssd-ipa.5.xml:430 sssd-krb5.5.xml:462
+#: sssd-ldap.5.xml:1725 sssd-ipa.5.xml:430 sssd-krb5.5.xml:462
msgid "krb5_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1710
+#: sssd-ldap.5.xml:1728
msgid ""
"Specifies if the host principal should be canonicalized when connecting to "
"LDAP server. This feature is available with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1722 sssd-krb5.5.xml:477
+#: sssd-ldap.5.xml:1740 sssd-krb5.5.xml:477
msgid "krb5_use_kdcinfo (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1725 sssd-krb5.5.xml:480
+#: sssd-ldap.5.xml:1743 sssd-krb5.5.xml:480
msgid ""
"Specifies if the SSSD should instruct the Kerberos libraries what realm and "
"which KDCs to use. This option is on by default, if you disable it, you need "
@@ -4678,7 +4934,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1736 sssd-krb5.5.xml:491
+#: sssd-ldap.5.xml:1754 sssd-krb5.5.xml:491
msgid ""
"See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
@@ -4686,26 +4942,26 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1750
+#: sssd-ldap.5.xml:1768
msgid "ldap_pwd_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1753
+#: sssd-ldap.5.xml:1771
msgid ""
"Select the policy to evaluate the password expiration on the client side. "
"The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1758
+#: sssd-ldap.5.xml:1776
msgid ""
"<emphasis>none</emphasis> - No evaluation on the client side. This option "
"cannot disable server-side password policies."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1763
+#: sssd-ldap.5.xml:1781
msgid ""
"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -4713,7 +4969,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1769
+#: sssd-ldap.5.xml:1787
msgid ""
"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
"to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -4721,31 +4977,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1778
+#: sssd-ldap.5.xml:1796
msgid ""
"<emphasis>Note</emphasis>: if a password policy is configured on server "
"side, it always takes precedence over policy set with this option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1786
+#: sssd-ldap.5.xml:1804
msgid "ldap_referrals (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1789
+#: sssd-ldap.5.xml:1807
msgid "Specifies whether automatic referral chasing should be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1793
+#: sssd-ldap.5.xml:1811
msgid ""
"Please note that sssd only supports referral chasing when it is compiled "
"with OpenLDAP version 2.4.13 or higher."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1798
+#: sssd-ldap.5.xml:1816
msgid ""
"Chasing referrals may incur a performance penalty in environments that use "
"them heavily, a notable example is Microsoft Active Directory. If your setup "
@@ -4754,56 +5010,56 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1812
+#: sssd-ldap.5.xml:1830
msgid "ldap_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1815
+#: sssd-ldap.5.xml:1833
msgid "Specifies the service name to use when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1819
+#: sssd-ldap.5.xml:1837
msgid "Default: ldap"
msgstr "Noklusējuma: ldap"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1825
+#: sssd-ldap.5.xml:1843
msgid "ldap_chpass_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1828
+#: sssd-ldap.5.xml:1846
msgid ""
"Specifies the service name to use to find an LDAP server which allows "
"password changes when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1833
+#: sssd-ldap.5.xml:1851
msgid "Default: not set, i.e. service discovery is disabled"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1839
+#: sssd-ldap.5.xml:1857
msgid "ldap_chpass_update_last_change (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1842
+#: sssd-ldap.5.xml:1860
msgid ""
"Specifies whether to update the ldap_user_shadow_last_change attribute with "
"days since the Epoch after a password change operation."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1854
+#: sssd-ldap.5.xml:1872
msgid "ldap_access_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1857
+#: sssd-ldap.5.xml:1875
msgid ""
"If using access_provider = ldap and ldap_access_order = filter (default), "
"this option is mandatory. It specifies an LDAP search filter criteria that "
@@ -4819,12 +5075,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1877
+#: sssd-ldap.5.xml:1895
msgid "Example:"
msgstr "Piemērs:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1880
+#: sssd-ldap.5.xml:1898
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -4833,14 +5089,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1884
+#: sssd-ldap.5.xml:1902
msgid ""
"This example means that access to this host is restricted to users whose "
"employeeType attribute is set to \"admin\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1889
+#: sssd-ldap.5.xml:1907
msgid ""
"Offline caching for this feature is limited to determining whether the "
"user's last online login was granted access permission. If they were granted "
@@ -4849,24 +5105,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1897 sssd-ldap.5.xml:1954
+#: sssd-ldap.5.xml:1915 sssd-ldap.5.xml:1972
msgid "Default: Empty"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1903
+#: sssd-ldap.5.xml:1921
msgid "ldap_account_expire_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1906
+#: sssd-ldap.5.xml:1924
msgid ""
"With this option a client side evaluation of access control attributes can "
"be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1910
+#: sssd-ldap.5.xml:1928
msgid ""
"Please note that it is always recommended to use server side access control, "
"i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -4874,19 +5130,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1917
+#: sssd-ldap.5.xml:1935
msgid "The following values are allowed:"
msgstr "Atļautas šādas vērtības:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1920
+#: sssd-ldap.5.xml:1938
msgid ""
"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
"determine if the account is expired."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1925
+#: sssd-ldap.5.xml:1943
msgid ""
"<emphasis>ad</emphasis>: use the value of the 32bit field "
"ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -4895,7 +5151,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1932
+#: sssd-ldap.5.xml:1950
msgid ""
"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
"emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -4903,7 +5159,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1938
+#: sssd-ldap.5.xml:1956
msgid ""
"<emphasis>nds</emphasis>: the values of "
"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -4912,7 +5168,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1947
+#: sssd-ldap.5.xml:1965
msgid ""
"Please note that the ldap_access_order configuration option <emphasis>must</"
"emphasis> include <quote>expire</quote> in order for the "
@@ -4920,22 +5176,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1960
+#: sssd-ldap.5.xml:1978
msgid "ldap_access_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1963
+#: sssd-ldap.5.xml:1981
msgid "Comma separated list of access control options. Allowed values are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1967
+#: sssd-ldap.5.xml:1985
msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1970
+#: sssd-ldap.5.xml:1988
msgid ""
"<emphasis>lockout</emphasis>: use account locking. If set, this option "
"denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -4945,14 +5201,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1980
+#: sssd-ldap.5.xml:1998
msgid ""
"<emphasis> Please note that this option is superseded by the <quote>ppolicy</"
"quote> option and might be removed in a future release. </emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1987
+#: sssd-ldap.5.xml:2005
msgid ""
"<emphasis>ppolicy</emphasis>: use account locking. If set, this option "
"denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -4965,12 +5221,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2004
+#: sssd-ldap.5.xml:2022
msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2008
+#: sssd-ldap.5.xml:2026
msgid ""
"<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, "
"pwd_expire_policy_renew: </emphasis> These options are useful if users are "
@@ -4980,7 +5236,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2018
+#: sssd-ldap.5.xml:2036
msgid ""
"The difference between these options is the action taken if user password is "
"expired: pwd_expire_policy_reject - user is denied to log in, "
@@ -4990,49 +5246,49 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2026
+#: sssd-ldap.5.xml:2044
msgid ""
"Note If user password is expired no explicit message is prompted by SSSD."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2030
+#: sssd-ldap.5.xml:2048
msgid ""
"Please note that 'access_provider = ldap' must be set for this feature to "
"work. Also 'ldap_pwd_policy' must be set to an appropriate password policy."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2035
+#: sssd-ldap.5.xml:2053
msgid ""
"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
"to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2040
+#: sssd-ldap.5.xml:2058
msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2044
+#: sssd-ldap.5.xml:2062
msgid "Default: filter"
msgstr "Noklusējuma: filtrēt"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2047
+#: sssd-ldap.5.xml:2065
msgid ""
"Please note that it is a configuration error if a value is used more than "
"once."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2054
+#: sssd-ldap.5.xml:2072
msgid "ldap_pwdlockout_dn (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2057
+#: sssd-ldap.5.xml:2075
msgid ""
"This option specifies the DN of password policy entry on LDAP server. Please "
"note that absence of this option in sssd.conf in case of enabled account "
@@ -5041,74 +5297,74 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2065
+#: sssd-ldap.5.xml:2083
msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2068
+#: sssd-ldap.5.xml:2086
msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2074
+#: sssd-ldap.5.xml:2092
msgid "ldap_deref (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2077
+#: sssd-ldap.5.xml:2095
msgid ""
"Specifies how alias dereferencing is done when performing a search. The "
"following options are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2082
+#: sssd-ldap.5.xml:2100
msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2086
+#: sssd-ldap.5.xml:2104
msgid ""
"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
"the base object, but not in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2091
+#: sssd-ldap.5.xml:2109
msgid ""
"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
"the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2096
+#: sssd-ldap.5.xml:2114
msgid ""
"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
"in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2101
+#: sssd-ldap.5.xml:2119
msgid ""
"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
"client libraries)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2109
+#: sssd-ldap.5.xml:2127
msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2112
+#: sssd-ldap.5.xml:2130
msgid ""
"Allows to retain local users as members of an LDAP group for servers that "
"use the RFC2307 schema."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2116
+#: sssd-ldap.5.xml:2134
msgid ""
"In some environments where the RFC2307 schema is used, local users are made "
"members of LDAP groups by adding their names to the memberUid attribute. "
@@ -5119,7 +5375,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2127
+#: sssd-ldap.5.xml:2145
msgid ""
"This option falls back to checking if local users are referenced, and caches "
"them so that later initgroups() calls will augment the local users with the "
@@ -5127,26 +5383,26 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2139 sssd-ifp.5.xml:136
+#: sssd-ldap.5.xml:2157 sssd-ifp.5.xml:136
#, fuzzy
#| msgid "timeout (integer)"
msgid "wildcart_limit (integer)"
msgstr "noildze (vesels skaitlis)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2142
+#: sssd-ldap.5.xml:2160
msgid ""
"Specifies an upper limit on the number of entries that are downloaded during "
"a wildcard lookup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2146
+#: sssd-ldap.5.xml:2164
msgid "At the moment, only the InfoPipe responder supports wildcard lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2150
+#: sssd-ldap.5.xml:2168
msgid "Default: 1000 (often the size of one page)"
msgstr ""
@@ -5161,12 +5417,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2160
+#: sssd-ldap.5.xml:2178
msgid "SUDO OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2162
+#: sssd-ldap.5.xml:2180
msgid ""
"The detailed instructions for configuration of sudo_provider are in the "
"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -5174,208 +5430,208 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2173
+#: sssd-ldap.5.xml:2191
msgid "ldap_sudorule_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2176
+#: sssd-ldap.5.xml:2194
msgid "The object class of a sudo rule entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2179
+#: sssd-ldap.5.xml:2197
msgid "Default: sudoRole"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2185
+#: sssd-ldap.5.xml:2203
msgid "ldap_sudorule_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2188
+#: sssd-ldap.5.xml:2206
msgid "The LDAP attribute that corresponds to the sudo rule name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2198
+#: sssd-ldap.5.xml:2216
msgid "ldap_sudorule_command (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2201
+#: sssd-ldap.5.xml:2219
msgid "The LDAP attribute that corresponds to the command name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2205
+#: sssd-ldap.5.xml:2223
msgid "Default: sudoCommand"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2211
+#: sssd-ldap.5.xml:2229
msgid "ldap_sudorule_host (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2214
+#: sssd-ldap.5.xml:2232
msgid ""
"The LDAP attribute that corresponds to the host name (or host IP address, "
"host IP network, or host netgroup)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2219
+#: sssd-ldap.5.xml:2237
msgid "Default: sudoHost"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2225
+#: sssd-ldap.5.xml:2243
msgid "ldap_sudorule_user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2228
+#: sssd-ldap.5.xml:2246
msgid ""
"The LDAP attribute that corresponds to the user name (or UID, group name or "
"user's netgroup)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2232
+#: sssd-ldap.5.xml:2250
msgid "Default: sudoUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2238
+#: sssd-ldap.5.xml:2256
msgid "ldap_sudorule_option (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2241
+#: sssd-ldap.5.xml:2259
msgid "The LDAP attribute that corresponds to the sudo options."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2245
+#: sssd-ldap.5.xml:2263
msgid "Default: sudoOption"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2251
+#: sssd-ldap.5.xml:2269
msgid "ldap_sudorule_runasuser (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2254
+#: sssd-ldap.5.xml:2272
msgid ""
"The LDAP attribute that corresponds to the user name that commands may be "
"run as."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2258
+#: sssd-ldap.5.xml:2276
msgid "Default: sudoRunAsUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2264
+#: sssd-ldap.5.xml:2282
msgid "ldap_sudorule_runasgroup (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2267
+#: sssd-ldap.5.xml:2285
msgid ""
"The LDAP attribute that corresponds to the group name or group GID that "
"commands may be run as."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2271
+#: sssd-ldap.5.xml:2289
msgid "Default: sudoRunAsGroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2277
+#: sssd-ldap.5.xml:2295
msgid "ldap_sudorule_notbefore (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2280
+#: sssd-ldap.5.xml:2298
msgid ""
"The LDAP attribute that corresponds to the start date/time for when the sudo "
"rule is valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2284
+#: sssd-ldap.5.xml:2302
msgid "Default: sudoNotBefore"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2290
+#: sssd-ldap.5.xml:2308
msgid "ldap_sudorule_notafter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2293
+#: sssd-ldap.5.xml:2311
msgid ""
"The LDAP attribute that corresponds to the expiration date/time, after which "
"the sudo rule will no longer be valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2298
+#: sssd-ldap.5.xml:2316
msgid "Default: sudoNotAfter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2304
+#: sssd-ldap.5.xml:2322
msgid "ldap_sudorule_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2307
+#: sssd-ldap.5.xml:2325
msgid "The LDAP attribute that corresponds to the ordering index of the rule."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2311
+#: sssd-ldap.5.xml:2329
msgid "Default: sudoOrder"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2317
+#: sssd-ldap.5.xml:2335
msgid "ldap_sudo_full_refresh_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2320
+#: sssd-ldap.5.xml:2338
msgid ""
"How many seconds SSSD will wait between executing a full refresh of sudo "
"rules (which downloads all rules that are stored on the server)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2325
+#: sssd-ldap.5.xml:2343
msgid ""
"The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
"emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2330
+#: sssd-ldap.5.xml:2348
msgid "Default: 21600 (6 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2336
+#: sssd-ldap.5.xml:2354
msgid "ldap_sudo_smart_refresh_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2339
+#: sssd-ldap.5.xml:2357
msgid ""
"How many seconds SSSD has to wait before executing a smart refresh of sudo "
"rules (which downloads all rules that have USN higher than the highest USN "
@@ -5383,101 +5639,101 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2345
+#: sssd-ldap.5.xml:2363
msgid ""
"If USN attributes are not supported by the server, the modifyTimestamp "
"attribute is used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2355
+#: sssd-ldap.5.xml:2373
msgid "ldap_sudo_use_host_filter (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2358
+#: sssd-ldap.5.xml:2376
msgid ""
"If true, SSSD will download only rules that are applicable to this machine "
"(using the IPv4 or IPv6 host/network addresses and hostnames)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2369
+#: sssd-ldap.5.xml:2387
msgid "ldap_sudo_hostnames (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2372
+#: sssd-ldap.5.xml:2390
msgid ""
"Space separated list of hostnames or fully qualified domain names that "
"should be used to filter the rules."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2377
+#: sssd-ldap.5.xml:2395
msgid ""
"If this option is empty, SSSD will try to discover the hostname and the "
"fully qualified domain name automatically."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2382 sssd-ldap.5.xml:2405 sssd-ldap.5.xml:2423
-#: sssd-ldap.5.xml:2441
+#: sssd-ldap.5.xml:2400 sssd-ldap.5.xml:2423 sssd-ldap.5.xml:2441
+#: sssd-ldap.5.xml:2459
msgid ""
"If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
"emphasis> then this option has no effect."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2387 sssd-ldap.5.xml:2410
+#: sssd-ldap.5.xml:2405 sssd-ldap.5.xml:2428
msgid "Default: not specified"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2393
+#: sssd-ldap.5.xml:2411
msgid "ldap_sudo_ip (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2396
+#: sssd-ldap.5.xml:2414
msgid ""
"Space separated list of IPv4 or IPv6 host/network addresses that should be "
"used to filter the rules."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2401
+#: sssd-ldap.5.xml:2419
msgid ""
"If this option is empty, SSSD will try to discover the addresses "
"automatically."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2416
+#: sssd-ldap.5.xml:2434
msgid "ldap_sudo_include_netgroups (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2419
+#: sssd-ldap.5.xml:2437
msgid ""
"If true then SSSD will download every rule that contains a netgroup in "
"sudoHost attribute."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2434
+#: sssd-ldap.5.xml:2452
msgid "ldap_sudo_include_regexp (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2437
+#: sssd-ldap.5.xml:2455
msgid ""
"If true then SSSD will download every rule that contains a wildcard in "
"sudoHost attribute."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2453
+#: sssd-ldap.5.xml:2471
msgid ""
"This manual page only describes attribute name mapping. For detailed "
"explanation of sudo related attribute semantics, see <citerefentry> "
@@ -5486,110 +5742,110 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2463
+#: sssd-ldap.5.xml:2481
msgid "AUTOFS OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2465
+#: sssd-ldap.5.xml:2483
msgid ""
"Some of the defaults for the parameters below are dependent on the LDAP "
"schema."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2471
+#: sssd-ldap.5.xml:2489
msgid "ldap_autofs_map_master_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2474
+#: sssd-ldap.5.xml:2492
msgid "The name of the automount master map in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2477
+#: sssd-ldap.5.xml:2495
msgid "Default: auto.master"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2484
+#: sssd-ldap.5.xml:2502
msgid "ldap_autofs_map_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2487
+#: sssd-ldap.5.xml:2505
msgid "The object class of an automount map entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2490
+#: sssd-ldap.5.xml:2508
msgid "Default: automountMap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2497
+#: sssd-ldap.5.xml:2515
msgid "ldap_autofs_map_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2500
+#: sssd-ldap.5.xml:2518
msgid "The name of an automount map entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2503
+#: sssd-ldap.5.xml:2521
msgid "Default: ou (rfc2307), automountMapName (rfc2307bis, ipa, ad)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2511
+#: sssd-ldap.5.xml:2529
msgid "ldap_autofs_entry_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2514
+#: sssd-ldap.5.xml:2532
msgid ""
"The object class of an automount entry in LDAP. The entry usually "
"corresponds to a mount point."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2519
+#: sssd-ldap.5.xml:2537
#, fuzzy
#| msgid "Default: posixAccount"
msgid "Default: automount"
msgstr "Noklusējuma: posixAccount"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2526
+#: sssd-ldap.5.xml:2544
msgid "ldap_autofs_entry_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2529 sssd-ldap.5.xml:2544
+#: sssd-ldap.5.xml:2547 sssd-ldap.5.xml:2562
msgid ""
"The key of an automount entry in LDAP. The entry usually corresponds to a "
"mount point."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2533
+#: sssd-ldap.5.xml:2551
msgid "Default: cn (rfc2307), automountKey (rfc2307bis, ipa, ad)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2541
+#: sssd-ldap.5.xml:2559
msgid "ldap_autofs_entry_value (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2548
+#: sssd-ldap.5.xml:2566
msgid "Default: automountInformation"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2469
+#: sssd-ldap.5.xml:2487
msgid ""
"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
@@ -5598,32 +5854,32 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2558
+#: sssd-ldap.5.xml:2576
msgid "ADVANCED OPTIONS"
msgstr "PAPLAŠINĀTĀS IESPĒJAS"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2565
+#: sssd-ldap.5.xml:2583
msgid "ldap_netgroup_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2570
+#: sssd-ldap.5.xml:2588
msgid "ldap_user_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2575
+#: sssd-ldap.5.xml:2593
msgid "ldap_group_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><note>
-#: sssd-ldap.5.xml:2580
+#: sssd-ldap.5.xml:2598
msgid "<note>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para>
-#: sssd-ldap.5.xml:2582
+#: sssd-ldap.5.xml:2600
msgid ""
"If the option <quote>ldap_use_tokengroups</quote> is enabled. The searches "
"against Active Directory will not be restricted and return all groups "
@@ -5632,22 +5888,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist>
-#: sssd-ldap.5.xml:2589
+#: sssd-ldap.5.xml:2607
msgid "</note>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2591
+#: sssd-ldap.5.xml:2609
msgid "ldap_sudo_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2596
+#: sssd-ldap.5.xml:2614
msgid "ldap_autofs_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2560
+#: sssd-ldap.5.xml:2578
msgid ""
"These options are supported by LDAP domains, but they should be used with "
"caution. Please include them in your configuration only if you know what you "
@@ -5656,7 +5912,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2613
+#: sssd-ldap.5.xml:2631
msgid ""
"The following example assumes that SSSD is correctly configured and LDAP is "
"set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -5664,7 +5920,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2619
+#: sssd-ldap.5.xml:2637
#, no-wrap
msgid ""
"[domain/LDAP]\n"
@@ -5677,26 +5933,26 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: sssd-ldap.5.xml:2618 sssd-ldap.5.xml:2636 sssd-simple.5.xml:139
-#: sssd-ipa.5.xml:725 sssd-ad.5.xml:897 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98
+#: sssd-ldap.5.xml:2636 sssd-ldap.5.xml:2654 sssd-simple.5.xml:139
+#: sssd-ipa.5.xml:725 sssd-ad.5.xml:973 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98
#: sssd-krb5.5.xml:573 include/ldap_id_mapping.xml:105
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2630
+#: sssd-ldap.5.xml:2648
msgid "LDAP ACCESS FILTER EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2632
+#: sssd-ldap.5.xml:2650
msgid ""
"The following example assumes that SSSD is correctly configured and to use "
"the ldap_access_order=lockout."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2637
+#: sssd-ldap.5.xml:2655
#, no-wrap
msgid ""
"[domain/LDAP]\n"
@@ -5712,13 +5968,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2652 sssd_krb5_locator_plugin.8.xml:61
-#: sssd-simple.5.xml:148 sssd-ad.5.xml:912 sssd.8.xml:195 sss_seed.8.xml:163
+#: sssd-ldap.5.xml:2670 sssd_krb5_locator_plugin.8.xml:61
+#: sssd-simple.5.xml:148 sssd-ad.5.xml:988 sssd.8.xml:195 sss_seed.8.xml:163
msgid "NOTES"
msgstr "PIEZĪMES"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2654
+#: sssd-ldap.5.xml:2672
msgid ""
"The descriptions of some of the configuration options in this manual page "
"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -5753,11 +6009,12 @@ msgid ""
"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </"
"arg> <arg choice='opt'> <replaceable>ignore_unknown_user</replaceable> </"
"arg> <arg choice='opt'> <replaceable>ignore_authinfo_unavail</replaceable> </"
-"arg> <arg choice='opt'> <replaceable>domains=X</replaceable> </arg>"
+"arg> <arg choice='opt'> <replaceable>domains=X</replaceable> </arg> <arg "
+"choice='opt'> <replaceable>allow_missing_name</replaceable> </arg>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:54
+#: pam_sss.8.xml:57
msgid ""
"<command>pam_sss.so</command> is the PAM interface to the System Security "
"Services daemon (SSSD). Errors and results are logged through "
@@ -5765,34 +6022,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:64
+#: pam_sss.8.xml:67
msgid "<option>quiet</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:67
+#: pam_sss.8.xml:70
msgid "Suppress log messages for unknown users."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:72
+#: pam_sss.8.xml:75
msgid "<option>forward_pass</option>"
msgstr "<option>forward_pass</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:75
+#: pam_sss.8.xml:78
msgid ""
"If <option>forward_pass</option> is set the entered password is put on the "
"stack for other PAM modules to use."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:82
+#: pam_sss.8.xml:85
msgid "<option>use_first_pass</option>"
msgstr "<option>use_first_pass</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:85
+#: pam_sss.8.xml:88
msgid ""
"The argument use_first_pass forces the module to use a previous stacked "
"modules password and will never prompt the user - if no password is "
@@ -5800,31 +6057,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:93
+#: pam_sss.8.xml:96
msgid "<option>use_authtok</option>"
msgstr "<option>use_authtok</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:96
+#: pam_sss.8.xml:99
msgid ""
"When password changing enforce the module to set the new password to the one "
"provided by a previously stacked password module."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:103
+#: pam_sss.8.xml:106
msgid "<option>retry=N</option>"
msgstr "<option>retry=N</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:106
+#: pam_sss.8.xml:109
msgid ""
"If specified the user is asked another N times for a password if "
"authentication fails. Default is 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:108
+#: pam_sss.8.xml:111
msgid ""
"Please note that this option might not work as expected if the application "
"calling PAM handles the user dialog on its own. A typical example is "
@@ -5832,36 +6089,36 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:117
+#: pam_sss.8.xml:120
msgid "<option>ignore_unknown_user</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:120
+#: pam_sss.8.xml:123
msgid ""
"If this option is specified and the user does not exist, the PAM module will "
"return PAM_IGNORE. This causes the PAM framework to ignore this module."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:127
+#: pam_sss.8.xml:130
msgid "<option>ignore_authinfo_unavail</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:131
+#: pam_sss.8.xml:134
msgid ""
"Specifies that the PAM module should return PAM_IGNORE if it cannot contact "
"the SSSD daemon. This causes the PAM framework to ignore this module."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:138
+#: pam_sss.8.xml:141
msgid "<option>domains</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:142
+#: pam_sss.8.xml:145
msgid ""
"Allows the administrator to restrict the domains a particular PAM service is "
"allowed to authenticate against. The format is a comma-separated list of "
@@ -5869,7 +6126,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:148
+#: pam_sss.8.xml:151
msgid ""
"NOTE: Must be used in conjunction with the <quote>pam_trusted_users</quote> "
"and <quote>pam_public_domains</quote> options. Please see the "
@@ -5878,25 +6135,58 @@ msgid ""
"responder options."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:165
+#, fuzzy
+#| msgid "<option>forward_pass</option>"
+msgid "<option>allow_missing_name</option>"
+msgstr "<option>forward_pass</option>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:169
+msgid ""
+"The main purpose of this option is to let SSSD determine the user name based "
+"on additional information, e.g. the certificate from a Smartcard."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
+#: pam_sss.8.xml:179
+#, no-wrap
+msgid ""
+" auth sufficient pam_sss.so allow_missing_name\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:174
+msgid ""
+"The current use case are login managers which can monitor a Smartcard reader "
+"for card events. In case a Smartcard is inserted the login manager will call "
+"a PAM stack which includes a line like <placeholder type=\"programlisting\" "
+"id=\"0\"/> In this case SSSD will try to determine the user name based on "
+"the content of the Smartcard, returns it to pam_sss which will finally put "
+"it on the PAM stack."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:164
+#: pam_sss.8.xml:191
msgid "MODULE TYPES PROVIDED"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:165
+#: pam_sss.8.xml:192
msgid ""
"All module types (<option>account</option>, <option>auth</option>, "
"<option>password</option> and <option>session</option>) are provided."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:171
+#: pam_sss.8.xml:198
msgid "FILES"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:172
+#: pam_sss.8.xml:199
msgid ""
"If a password reset by root fails, because the corresponding SSSD provider "
"does not support password resets, an individual message can be displayed. "
@@ -5904,7 +6194,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:177
+#: pam_sss.8.xml:204
msgid ""
"The message is read from the file <filename>pam_sss_pw_reset_message.LOC</"
"filename> where LOC stands for a locale string returned by <citerefentry> "
@@ -5916,7 +6206,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:187
+#: pam_sss.8.xml:214
msgid ""
"These files are searched in the directory <filename>/etc/sssd/customize/"
"DOMAIN_NAME/</filename>. If no matching file is present a generic message is "
@@ -6075,7 +6365,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:89
+#: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:90
msgid ""
"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -6223,7 +6513,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:116 sssd-ad.5.xml:714
+#: sssd-ipa.5.xml:116 sssd-ad.5.xml:790
msgid "dyndns_update (boolean)"
msgstr ""
@@ -6231,14 +6521,14 @@ msgstr ""
#: sssd-ipa.5.xml:119
msgid ""
"Optional. This option tells SSSD to automatically update the DNS server "
-"built into FreeIPA v2 with the IP address of this client. The update is "
-"secured using GSS-TSIG. The IP address of the IPA LDAP connection is used "
-"for the updates, if it is not otherwise specified by using the "
-"<quote>dyndns_iface</quote> option."
+"built into FreeIPA with the IP address of this client. The update is secured "
+"using GSS-TSIG. The IP address of the IPA LDAP connection is used for the "
+"updates, if it is not otherwise specified by using the <quote>dyndns_iface</"
+"quote> option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:128 sssd-ad.5.xml:728
+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:804
msgid ""
"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
"the default Kerberos realm must be set properly in /etc/krb5.conf"
@@ -6253,12 +6543,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:145 sssd-ad.5.xml:739
+#: sssd-ipa.5.xml:145 sssd-ad.5.xml:815
msgid "dyndns_ttl (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:148 sssd-ad.5.xml:742
+#: sssd-ipa.5.xml:148 sssd-ad.5.xml:818
msgid ""
"The TTL to apply to the client DNS record when updating it. If "
"dyndns_update is false this has no effect. This will override the TTL "
@@ -6279,12 +6569,12 @@ msgid "Default: 1200 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:165 sssd-ad.5.xml:753
+#: sssd-ipa.5.xml:165 sssd-ad.5.xml:829
msgid "dyndns_iface (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168 sssd-ad.5.xml:756
+#: sssd-ipa.5.xml:168 sssd-ad.5.xml:832
msgid ""
"Optional. Applicable only when dyndns_update is true. Choose the interface "
"or a list of interfaces whose IP addresses should be used for dynamic DNS "
@@ -6308,7 +6598,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:185 sssd-ad.5.xml:767
+#: sssd-ipa.5.xml:185 sssd-ad.5.xml:843
msgid "Example: dyndns_iface = em1, vnet1, vnet2"
msgstr ""
@@ -6318,7 +6608,7 @@ msgid "ipa_enable_dns_sites (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:194 sssd-ad.5.xml:152
+#: sssd-ipa.5.xml:194 sssd-ad.5.xml:160
msgid "Enables DNS sites - location based service discovery."
msgstr ""
@@ -6335,12 +6625,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:217 sssd-ad.5.xml:773
+#: sssd-ipa.5.xml:217 sssd-ad.5.xml:849
msgid "dyndns_refresh_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:220 sssd-ad.5.xml:776
+#: sssd-ipa.5.xml:220 sssd-ad.5.xml:852
msgid ""
"How often should the back end perform periodic DNS update in addition to the "
"automatic update performed when the back end goes online. This option is "
@@ -6348,12 +6638,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:233 sssd-ad.5.xml:789
+#: sssd-ipa.5.xml:233 sssd-ad.5.xml:865
msgid "dyndns_update_ptr (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:236 sssd-ad.5.xml:792
+#: sssd-ipa.5.xml:236 sssd-ad.5.xml:868
msgid ""
"Whether the PTR record should also be explicitly updated when updating the "
"client's DNS records. Applicable only when dyndns_update is true."
@@ -6372,50 +6662,50 @@ msgid "Default: False (disabled)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:253 sssd-ad.5.xml:803
+#: sssd-ipa.5.xml:253 sssd-ad.5.xml:879
msgid "dyndns_force_tcp (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:256 sssd-ad.5.xml:806
+#: sssd-ipa.5.xml:256 sssd-ad.5.xml:882
msgid ""
"Whether the nsupdate utility should default to using TCP for communicating "
"with the DNS server."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:260 sssd-ad.5.xml:810
+#: sssd-ipa.5.xml:260 sssd-ad.5.xml:886
msgid "Default: False (let nsupdate choose the protocol)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:266 sssd-ad.5.xml:816
+#: sssd-ipa.5.xml:266 sssd-ad.5.xml:892
msgid "dyndns_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:269 sssd-ad.5.xml:819
+#: sssd-ipa.5.xml:269 sssd-ad.5.xml:895
msgid ""
"The DNS server to use when performing a DNS update. In most setups, it's "
"recommended to leave this option unset."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:274 sssd-ad.5.xml:824
+#: sssd-ipa.5.xml:274 sssd-ad.5.xml:900
msgid ""
"Setting this option makes sense for environments where the DNS server is "
"different from the identity server."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:279 sssd-ad.5.xml:829
+#: sssd-ipa.5.xml:279 sssd-ad.5.xml:905
msgid ""
"Please note that this option will be only used in fallback attempt when "
"previous attempt using autodetected settings failed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:284 sssd-ad.5.xml:834
+#: sssd-ipa.5.xml:284 sssd-ad.5.xml:910
msgid "Default: None (let nsupdate choose the server)"
msgstr ""
@@ -6525,7 +6815,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:408 sssd-ad.5.xml:855
+#: sssd-ipa.5.xml:408 sssd-ad.5.xml:931
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
@@ -6599,26 +6889,26 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:480 sssd-ad.5.xml:862
+#: sssd-ipa.5.xml:480 sssd-ad.5.xml:938
msgid "krb5_confd_path (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:483 sssd-ad.5.xml:865
+#: sssd-ipa.5.xml:483 sssd-ad.5.xml:941
msgid ""
"Absolute path of a directory where SSSD should place Kerberos configuration "
"snippets."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:487 sssd-ad.5.xml:869
+#: sssd-ipa.5.xml:487 sssd-ad.5.xml:945
msgid ""
"To disable the creation of the configuration snippets set the parameter to "
"'none'."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:491 sssd-ad.5.xml:873
+#: sssd-ipa.5.xml:491 sssd-ad.5.xml:949
msgid ""
"Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
msgstr ""
@@ -6637,7 +6927,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:508 sssd-ipa.5.xml:524 sssd-ad.5.xml:347
+#: sssd-ipa.5.xml:508 sssd-ipa.5.xml:524 sssd-ad.5.xml:355
msgid "Default: 5 (seconds)"
msgstr ""
@@ -6935,13 +7225,14 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ad.5.xml:45
msgid ""
-"The AD provider is able to provide identity information and authentication "
-"for entities from trusted domains as well. Currently only trusted domains in "
-"the same forest are recognized."
+"The AD provider can be used to get user information and authenticate users "
+"from trusted domains. Currently only trusted domains in the same forest are "
+"recognized. In addition servers from trusted domains are always auto-"
+"discovered."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:50
+#: sssd-ad.5.xml:51
msgid ""
"The AD provider accepts the same options used by the <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -6951,15 +7242,15 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:62
+#: sssd-ad.5.xml:63
msgid ""
"However, it is neither necessary nor recommended to set these options. The "
-"AD provider can also be used as an access, chpass and sudo provider. No "
-"configuration of the access provider is required on the client side."
+"AD provider can also be used as an access, chpass, sudo and autofs provider. "
+"No configuration of the access provider is required on the client side."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:74
+#: sssd-ad.5.xml:75
#, no-wrap
msgid ""
"ldap_id_mapping = False\n"
@@ -6967,7 +7258,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:68
+#: sssd-ad.5.xml:69
msgid ""
"By default, the AD provider will map UID and GID values from the objectSID "
"parameter in Active Directory. For details on this, see the <quote>ID "
@@ -6980,7 +7271,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:81
+#: sssd-ad.5.xml:82
msgid ""
"Users, groups and other entities served by SSSD are always treated as case-"
"insensitive in the AD provider for compatibility with Active Directory's "
@@ -6988,53 +7279,65 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:96
+#: sssd-ad.5.xml:97
msgid "ad_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:99
+#: sssd-ad.5.xml:100
msgid ""
"Specifies the name of the Active Directory domain. This is optional. If not "
"provided, the configuration domain name is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:104
+#: sssd-ad.5.xml:105
msgid ""
"For proper operation, this option should be specified as the lower-case "
"version of the long version of the Active Directory domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:109
+#: sssd-ad.5.xml:110
msgid ""
"The short domain name (also known as the NetBIOS or the flat name) is "
"autodetected by the SSSD."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:116
+#: sssd-ad.5.xml:117
msgid "ad_server, ad_backup_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:119
+#: sssd-ad.5.xml:120
msgid ""
"The comma-separated list of hostnames of the AD servers to which SSSD should "
"connect in order of preference. For more information on failover and server "
-"redundancy, see the <quote>FAILOVER</quote> section. This is optional if "
-"autodiscovery is enabled. For more information on service discovery, refer "
-"to the <quote>SERVICE DISCOVERY</quote> section."
+"redundancy, see the <quote>FAILOVER</quote> section."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:127
+msgid ""
+"This is optional if autodiscovery is enabled. For more information on "
+"service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ad.5.xml:132
+msgid ""
+"Note: Trusted domains will always auto-discover servers even if the primary "
+"server is explicitly defined in the ad_server option."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:140
msgid "ad_hostname (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:135
+#: sssd-ad.5.xml:143
msgid ""
"Optional. May be set on machines where the hostname(5) does not reflect the "
"fully qualified name used in the Active Directory domain to identify this "
@@ -7042,19 +7345,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:141
+#: sssd-ad.5.xml:149
msgid ""
"This field is used to determine the host principal in use in the keytab. It "
"must match the hostname for which the keytab was issued."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:149
+#: sssd-ad.5.xml:157
msgid "ad_enable_dns_sites (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:156
+#: sssd-ad.5.xml:164
msgid ""
"If true and service discovery (see Service Discovery paragraph at the bottom "
"of the man page) is enabled, the SSSD will first attempt to discover the "
@@ -7065,12 +7368,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:172
+#: sssd-ad.5.xml:180
msgid "ad_access_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:175
+#: sssd-ad.5.xml:183
msgid ""
"This option specifies LDAP access control filter that the user must match in "
"order to be allowed access. Please note that the <quote>access_provider</"
@@ -7079,7 +7382,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:183
+#: sssd-ad.5.xml:191
msgid ""
"The option also supports specifying different filters per domain or forest. "
"This extended filter would consist of: <quote>KEYWORD:NAME:FILTER</quote>. "
@@ -7088,7 +7391,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:191
+#: sssd-ad.5.xml:199
msgid ""
"If the keyword equals to <quote>DOM</quote> or is missing, then <quote>NAME</"
"quote> specifies the domain or subdomain the filter applies to. If the "
@@ -7097,14 +7400,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:199
+#: sssd-ad.5.xml:207
msgid ""
"Multiple filters can be separated with the <quote>?</quote> character, "
"similarly to how search bases work."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:204
+#: sssd-ad.5.xml:212
msgid ""
"The most specific match is always used. For example, if the option specified "
"filter for a domain the user is a member of and a global filter, the per-"
@@ -7113,7 +7416,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ad.5.xml:215
+#: sssd-ad.5.xml:223
#, no-wrap
msgid ""
"# apply filter on domain called dom1 only:\n"
@@ -7128,29 +7431,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:225 sssd-ad.5.xml:239
+#: sssd-ad.5.xml:233 sssd-ad.5.xml:247
msgid "Default: Not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:231
+#: sssd-ad.5.xml:239
msgid "ad_site (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:234
+#: sssd-ad.5.xml:242
msgid ""
"Specify AD site to which client should try to connect. If this option is "
"not provided, the AD site will be auto-discovered."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:245
+#: sssd-ad.5.xml:253
msgid "ad_enable_gc (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:248
+#: sssd-ad.5.xml:256
msgid ""
"By default, the SSSD connects to the Global Catalog first to retrieve users "
"from trusted domains and uses the LDAP port to retrieve group memberships or "
@@ -7159,7 +7462,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:256
+#: sssd-ad.5.xml:264
msgid ""
"Please note that disabling Global Catalog support does not disable "
"retrieving users from trusted domains. The SSSD would connect to the LDAP "
@@ -7168,12 +7471,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:270
+#: sssd-ad.5.xml:278
msgid "ad_gpo_access_control (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:273
+#: sssd-ad.5.xml:281
msgid ""
"This option specifies the operation mode for GPO-based access control "
"functionality: whether it operates in disabled mode, enforcing mode, or "
@@ -7183,14 +7486,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:282
+#: sssd-ad.5.xml:290
msgid ""
"GPO-based access control functionality uses GPO policy settings to determine "
"whether or not a particular user is allowed to logon to a particular host."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:288
+#: sssd-ad.5.xml:296
msgid ""
"NOTE: If the operation mode is set to enforcing, it is possible that users "
"that were previously allowed logon access will now be denied logon access "
@@ -7203,23 +7506,23 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:301
+#: sssd-ad.5.xml:309
msgid "There are three supported values for this option:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:305
+#: sssd-ad.5.xml:313
msgid ""
"disabled: GPO-based access control rules are neither evaluated nor enforced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:311
+#: sssd-ad.5.xml:319
msgid "enforcing: GPO-based access control rules are evaluated and enforced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:317
+#: sssd-ad.5.xml:325
msgid ""
"permissive: GPO-based access control rules are evaluated, but not enforced. "
"Instead, a syslog message will be emitted indicating that the user would "
@@ -7227,22 +7530,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:328
+#: sssd-ad.5.xml:336
msgid "Default: permissive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:331
+#: sssd-ad.5.xml:339
msgid "Default: enforcing"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:337
+#: sssd-ad.5.xml:345
msgid "ad_gpo_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:340
+#: sssd-ad.5.xml:348
msgid ""
"The amount of time between lookups of GPO policy files against the AD "
"server. This will reduce the latency and load on the AD server if there are "
@@ -7250,12 +7553,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:353
+#: sssd-ad.5.xml:361
msgid "ad_gpo_map_interactive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:356
+#: sssd-ad.5.xml:364
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the InteractiveLogonRight and "
@@ -7263,14 +7566,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:362
+#: sssd-ad.5.xml:370
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on locally\" and \"Deny log on locally\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:376
+#: sssd-ad.5.xml:384
#, no-wrap
msgid ""
"ad_gpo_map_interactive = +my_pam_service, -login\n"
@@ -7278,7 +7581,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:367
+#: sssd-ad.5.xml:375
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7290,53 +7593,78 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:380 sssd-ad.5.xml:451 sssd-ad.5.xml:492 sssd-ad.5.xml:537
-#: sssd-ad.5.xml:603
+#: sssd-ad.5.xml:388 sssd-ad.5.xml:484 sssd-ad.5.xml:530 sssd-ad.5.xml:575
+#: sssd-ad.5.xml:641
msgid "Default: the default set of PAM service names includes:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:384
+#: sssd-ad.5.xml:392
msgid "login"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:389
+#: sssd-ad.5.xml:397
msgid "su"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:394
+#: sssd-ad.5.xml:402
msgid "su-l"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:399
+#: sssd-ad.5.xml:407
msgid "gdm-fingerprint"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:404
+#: sssd-ad.5.xml:412
msgid "gdm-password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:409
+#: sssd-ad.5.xml:417
msgid "gdm-smartcard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:414
+#: sssd-ad.5.xml:422
msgid "kdm"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:427
+msgid "lightdm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:432
+msgid "lxdm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:437
+msgid "sddm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:442
+msgid "unity"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:447
+msgid "xdm"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:423
+#: sssd-ad.5.xml:456
msgid "ad_gpo_map_remote_interactive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:426
+#: sssd-ad.5.xml:459
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the RemoteInteractiveLogonRight and "
@@ -7344,7 +7672,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:432
+#: sssd-ad.5.xml:465
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on through Remote Desktop Services\" and \"Deny log on through Remote "
@@ -7352,7 +7680,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:447
+#: sssd-ad.5.xml:480
#, no-wrap
msgid ""
"ad_gpo_map_remote_interactive = +my_pam_service, -sshd\n"
@@ -7360,7 +7688,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:438
+#: sssd-ad.5.xml:471
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7372,17 +7700,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:455
+#: sssd-ad.5.xml:488
msgid "sshd"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:493
+msgid "cockpit"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:464
+#: sssd-ad.5.xml:502
msgid "ad_gpo_map_network (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:467
+#: sssd-ad.5.xml:505
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the NetworkLogonRight and "
@@ -7390,7 +7723,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:473
+#: sssd-ad.5.xml:511
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Access "
"this computer from the network\" and \"Deny access to this computer from the "
@@ -7398,7 +7731,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:488
+#: sssd-ad.5.xml:526
#, no-wrap
msgid ""
"ad_gpo_map_network = +my_pam_service, -ftp\n"
@@ -7406,7 +7739,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:479
+#: sssd-ad.5.xml:517
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7418,22 +7751,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:496
+#: sssd-ad.5.xml:534
msgid "ftp"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:501
+#: sssd-ad.5.xml:539
msgid "samba"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:510
+#: sssd-ad.5.xml:548
msgid "ad_gpo_map_batch (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:513
+#: sssd-ad.5.xml:551
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the BatchLogonRight and DenyBatchLogonRight "
@@ -7441,14 +7774,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:519
+#: sssd-ad.5.xml:557
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on as a batch job\" and \"Deny log on as a batch job\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:533
+#: sssd-ad.5.xml:571
#, no-wrap
msgid ""
"ad_gpo_map_batch = +my_pam_service, -crond\n"
@@ -7456,7 +7789,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:524
+#: sssd-ad.5.xml:562
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7468,17 +7801,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:541
+#: sssd-ad.5.xml:579
msgid "crond"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:550
+#: sssd-ad.5.xml:588
msgid "ad_gpo_map_service (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:553
+#: sssd-ad.5.xml:591
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the ServiceLogonRight and "
@@ -7486,14 +7819,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:559
+#: sssd-ad.5.xml:597
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on as a service\" and \"Deny log on as a service\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:572
+#: sssd-ad.5.xml:610
#, no-wrap
msgid ""
"ad_gpo_map_service = +my_pam_service\n"
@@ -7501,7 +7834,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:564 sssd-ad.5.xml:634
+#: sssd-ad.5.xml:602 sssd-ad.5.xml:677
msgid ""
"It is possible to add a PAM service name to the default set by using <quote>"
"+service_name</quote>. Since the default set is empty, it is not possible "
@@ -7512,19 +7845,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:582
+#: sssd-ad.5.xml:620
msgid "ad_gpo_map_permit (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:585
+#: sssd-ad.5.xml:623
msgid ""
"A comma-separated list of PAM service names for which GPO-based access is "
"always granted, regardless of any GPO Logon Rights."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:599
+#: sssd-ad.5.xml:637
#, no-wrap
msgid ""
"ad_gpo_map_permit = +my_pam_service, -sudo\n"
@@ -7532,7 +7865,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:590
+#: sssd-ad.5.xml:628
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7544,34 +7877,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:607
+#: sssd-ad.5.xml:645
+msgid "polkit-1"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:650
msgid "sudo"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:612
+#: sssd-ad.5.xml:655
msgid "sudo-i"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:617
+#: sssd-ad.5.xml:660
msgid "systemd-user"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:626
+#: sssd-ad.5.xml:669
msgid "ad_gpo_map_deny (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:629
+#: sssd-ad.5.xml:672
msgid ""
"A comma-separated list of PAM service names for which GPO-based access is "
"always denied, regardless of any GPO Logon Rights."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:642
+#: sssd-ad.5.xml:685
#, no-wrap
msgid ""
"ad_gpo_map_deny = +my_pam_service\n"
@@ -7579,12 +7917,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:652
+#: sssd-ad.5.xml:695
msgid "ad_gpo_default_right (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:655
+#: sssd-ad.5.xml:698
msgid ""
"This option defines how access control is evaluated for PAM service names "
"that are not explicitly listed in one of the ad_gpo_map_* options. This "
@@ -7597,52 +7935,94 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:668
+#: sssd-ad.5.xml:711
msgid "Supported values for this option include:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:672
+#: sssd-ad.5.xml:715
msgid "interactive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:677
+#: sssd-ad.5.xml:720
msgid "remote_interactive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:682
+#: sssd-ad.5.xml:725
msgid "network"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:687
+#: sssd-ad.5.xml:730
msgid "batch"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:692
+#: sssd-ad.5.xml:735
msgid "service"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:697
+#: sssd-ad.5.xml:740
msgid "permit"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:702
+#: sssd-ad.5.xml:745
msgid "deny"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:708
+#: sssd-ad.5.xml:751
msgid "Default: deny"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:757
+msgid "ad_maximum_machine_account_password_age (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:760
+msgid ""
+"SSSD will check once a day if the machine account password is older than the "
+"given age in days and try to renew it. A value of 0 will disable the renewal "
+"attempt."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:766
+#, fuzzy
+#| msgid "Default: 300"
+msgid "Default: 30 days"
+msgstr "Noklusējuma: 300"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:772
+msgid "ad_machine_account_password_renewal_opts (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:775
+msgid ""
+"This option should only be used to test the machine account renewal task. "
+"The option expect 2 integers seperated by a colon (':'). The first integer "
+"defines the interval in seconds how often the task is run. The second "
+"specifies the inital timeout in seconds before the task is run for the first "
+"time after startup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:784
+#, fuzzy
+#| msgid "Default: 86400 (24 hours)"
+msgid "Default: 86400:750 (24h and 15m)"
+msgstr "Noklusējuma: 86400 (24 stundas)"
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:717
+#: sssd-ad.5.xml:793
msgid ""
"Optional. This option tells SSSD to automatically update the Active "
"Directory DNS server with the IP address of this client. The update is "
@@ -7653,36 +8033,36 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:747
+#: sssd-ad.5.xml:823
msgid "Default: 3600 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:763
+#: sssd-ad.5.xml:839
msgid ""
"Default: Use the IP addresses of the interface which is used for AD LDAP "
"connection"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:797 sss_rpcidmapd.5.xml:76
+#: sssd-ad.5.xml:873 sss_rpcidmapd.5.xml:76
msgid "Default: True"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:843 sssd-krb5.5.xml:505
+#: sssd-ad.5.xml:919 sssd-krb5.5.xml:505
msgid "krb5_use_enterprise_principal (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:846 sssd-krb5.5.xml:508
+#: sssd-ad.5.xml:922 sssd-krb5.5.xml:508
msgid ""
"Specifies if the user principal should be treated as enterprise principal. "
"See section 5 of RFC 6806 for more details about enterprise principals."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:891
+#: sssd-ad.5.xml:967
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -7690,7 +8070,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:898
+#: sssd-ad.5.xml:974
#, no-wrap
msgid ""
"[domain/EXAMPLE]\n"
@@ -7705,7 +8085,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:918
+#: sssd-ad.5.xml:994
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -7714,7 +8094,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:914
+#: sssd-ad.5.xml:990
msgid ""
"The AD access control provider checks if the account is expired. It has the "
"same effect as the following configuration of the LDAP provider: "
@@ -7722,7 +8102,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:924
+#: sssd-ad.5.xml:1000
msgid ""
"However, unless the <quote>ad</quote> access control provider is explicitly "
"configured, the default access provider is <quote>permit</quote>. Please "
@@ -7731,6 +8111,14 @@ msgid ""
"encryption details) manually."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ad.5.xml:1008
+msgid ""
+"When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema "
+"attribute mapping (nisMap, nisObject, ...) is used, because these attributes "
+"are included in the default Active Directory schema."
+msgstr ""
+
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16
msgid "sssd-sudo"
@@ -8189,7 +8577,7 @@ msgid "The password to obfuscate will be read from standard input."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:80
+#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:70
#: sss_ssh_knownhostsproxy.1.xml:78
msgid ""
"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
@@ -8250,17 +8638,22 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_override.8.xml:37
msgid ""
-"Overrides data are stored in SSSD cache. If the cache is deleted all local "
-"overrides are lost."
+"Overrides data are stored in the SSSD cache. If the cache is deleted, all "
+"local overrides are lost. Please note that after the first override is "
+"created using any of the following <emphasis>user-add</emphasis>, "
+"<emphasis>group-add</emphasis>, <emphasis>user-import</emphasis> or "
+"<emphasis>group-import</emphasis> command. SSSD needs to be restarted to "
+"take effect. <emphasis>sss_override</emphasis> prints message when a "
+"restart is required."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_override.8.xml:43
+#: sss_override.8.xml:50
msgid "AVAILABLE COMMANDS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_override.8.xml:45
+#: sss_override.8.xml:52
msgid ""
"Argument <emphasis>NAME</emphasis> is the name of original object in all "
"commands. It is not possible to override <emphasis>uid</emphasis> or "
@@ -8268,50 +8661,80 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:52
+#: sss_override.8.xml:59
msgid ""
"<option>user-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--"
"name</option> NAME</optional> <optional><option>-u,--uid</option> UID</"
"optional> <optional><option>-g,--gid</option> GID</optional> "
"<optional><option>-h,--home</option> HOME</optional> <optional><option>-s,--"
"shell</option> SHELL</optional> <optional><option>-c,--gecos</option> GECOS</"
-"optional>"
+"optional> <optional><option>-x,--certificate</option> BASE64 ENCODED "
+"CERTIFICATE</optional>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:63
-msgid "Override attributes of an user."
+#: sss_override.8.xml:72
+msgid ""
+"Override attributes of an user. Please be aware that calling this command "
+"will replace any previous override for the (NAMEd) user."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:69
+#: sss_override.8.xml:80
msgid "<option>user-del</option> <emphasis>NAME</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:74
-msgid "Remove user overrides."
+#: sss_override.8.xml:85
+msgid ""
+"Remove user overrides. However be aware that overridden attributes might be "
+"returned from memory cache. Please see SSSD option "
+"<emphasis>memcache_timeout</emphasis> for more details."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:94
+msgid ""
+"<option>user-find</option> <optional><option>-d,--domain</option> DOMAIN</"
+"optional>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:99
+msgid ""
+"List all users with set overrides. If <emphasis>DOMAIN</emphasis> parameter "
+"is set, only users from the domain are listed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:107
+msgid "<option>user-show</option> <emphasis>NAME</emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:112
+msgid "Show user overrides."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:80
+#: sss_override.8.xml:118
msgid "<option>user-import</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:85
+#: sss_override.8.xml:123
msgid ""
"Import user overrides from <emphasis>FILE</emphasis>. Data format is "
"similar to standard passwd file. The format is:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:90
-msgid "original_name:name:uid:gid:gecos:home:shell"
+#: sss_override.8.xml:128
+msgid "original_name:name:uid:gid:gecos:home:shell:base64_encoded_certificate"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:93
+#: sss_override.8.xml:131
msgid ""
"where original_name is original name of the user whose attributes should be "
"overridden. The rest of fields correspond to new values. You can omit a "
@@ -8319,29 +8742,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:102
+#: sss_override.8.xml:140
msgid "ckent:superman::::::"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:105
-msgid "ckent@krypton.com::501:501:Superman:/home/earth:/bin/bash"
+#: sss_override.8.xml:143
+msgid "ckent@krypton.com::501:501:Superman:/home/earth:/bin/bash:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:111
+#: sss_override.8.xml:149
msgid "<option>user-export</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:116
+#: sss_override.8.xml:154
msgid ""
"Export all overridden attributes and store them in <emphasis>FILE</"
"emphasis>. See <emphasis>user-import</emphasis> for data format."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:124
+#: sss_override.8.xml:162
msgid ""
"<option>group-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--"
"name</option> NAME</optional> <optional><option>-g,--gid</option> GID</"
@@ -8349,39 +8772,68 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:131
-msgid "Override attributes of a group."
+#: sss_override.8.xml:169
+msgid ""
+"Override attributes of a group. Please be aware that calling this command "
+"will replace any previous override for the (NAMEd) group."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:137
+#: sss_override.8.xml:177
msgid "<option>group-del</option> <emphasis>NAME</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:142
-msgid "Remove group overrides."
+#: sss_override.8.xml:182
+msgid ""
+"Remove group overrides. However be aware that overridden attributes might be "
+"returned from memory cache. Please see SSSD option "
+"<emphasis>memcache_timeout</emphasis> for more details."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:191
+msgid ""
+"<option>group-find</option> <optional><option>-d,--domain</option> DOMAIN</"
+"optional>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:196
+msgid ""
+"List all groups with set overrides. If <emphasis>DOMAIN</emphasis> "
+"parameter is set, only groups from the domain are listed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:204
+msgid "<option>group-show</option> <emphasis>NAME</emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:209
+msgid "Show group overrides."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:148
+#: sss_override.8.xml:215
msgid "<option>group-import</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:153
+#: sss_override.8.xml:220
msgid ""
"Import group overrides from <emphasis>FILE</emphasis>. Data format is "
"similar to standard group file. The format is:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:158
+#: sss_override.8.xml:225
msgid "original_name:name:gid"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:161
+#: sss_override.8.xml:228
msgid ""
"where original_name is original name of the group whose attributes should be "
"overridden. The rest of fields correspond to new values. You can omit a "
@@ -8389,41 +8841,41 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:170
+#: sss_override.8.xml:237
msgid "admins:administrators:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:173
+#: sss_override.8.xml:240
msgid "Domain Users:Users:501"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:179
+#: sss_override.8.xml:246
msgid "<option>group-export</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:184
+#: sss_override.8.xml:251
msgid ""
"Export all overridden attributes and store them in <emphasis>FILE</"
"emphasis>. See <emphasis>group-import</emphasis> for data format."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_override.8.xml:194
+#: sss_override.8.xml:261
#, fuzzy
#| msgid "CONFIGURATION OPTIONS"
msgid "COMMON OPTIONS"
msgstr "KONFIGURĒŠANAS IESPĒJAS"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_override.8.xml:196
+#: sss_override.8.xml:263
msgid "Those options are available with all commands."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:201
+#: sss_override.8.xml:268
msgid "<option>--debug</option> <replaceable>LEVEL</replaceable>"
msgstr ""
@@ -9565,12 +10017,36 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_cache.8.xml:185
msgid ""
-"<option>-d</option>,<option>--domain</option> <replaceable>domain</"
+"<option>-r</option>,<option>--sudo-rule</option> <replaceable>rule</"
"replaceable>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_cache.8.xml:190
+msgid "Invalidate particular sudo rule."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:196
+msgid "<option>-R</option>,<option>--sudo-rules</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:200
+msgid ""
+"Invalidate all cached sudo rules. This option overrides invalidation of "
+"specific sudo rule if it was also set."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:208
+msgid ""
+"<option>-d</option>,<option>--domain</option> <replaceable>domain</"
+"replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:213
msgid "Restrict invalidation process only to a particular domain."
msgstr ""
@@ -10050,13 +10526,13 @@ msgid ""
"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
"citerefentry> can be configured to use <command>sss_ssh_authorizedkeys</"
"command> for public key user authentication if it is compiled with support "
-"for either <quote>AuthorizedKeysCommand</quote> or <quote>PubkeyAgent</"
-"quote> <citerefentry> <refentrytitle>sshd_config</refentrytitle> "
-"<manvolnum>5</manvolnum></citerefentry> options."
+"for <quote>AuthorizedKeysCommand</quote> option. Please refer to the "
+"<citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</"
+"manvolnum></citerefentry> man page for more details about this option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sss_ssh_authorizedkeys.1.xml:58
+#: sss_ssh_authorizedkeys.1.xml:59
#, no-wrap
msgid ""
" AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n"
@@ -10064,7 +10540,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:51
+#: sss_ssh_authorizedkeys.1.xml:52
msgid ""
"If <quote>AuthorizedKeysCommand</quote> is supported, "
"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
@@ -10074,36 +10550,19 @@ msgid ""
"\" id=\"0\"/>"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sss_ssh_authorizedkeys.1.xml:70
-#, no-wrap
-msgid "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:63
-msgid ""
-"If <quote>PubkeyAgent</quote> is supported, "
-"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
-"citerefentry> can be configured to use it by using the following directive "
-"for <citerefentry> <refentrytitle>sshd</refentrytitle> <manvolnum>8</"
-"manvolnum></citerefentry> configuration: <placeholder type=\"programlisting"
-"\" id=\"0\"/>"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_ssh_authorizedkeys.1.xml:85
+#: sss_ssh_authorizedkeys.1.xml:75
msgid ""
"Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_ssh_authorizedkeys.1.xml:94 sss_ssh_knownhostsproxy.1.xml:92
+#: sss_ssh_authorizedkeys.1.xml:84 sss_ssh_knownhostsproxy.1.xml:92
msgid "EXIT STATUS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:96 sss_ssh_knownhostsproxy.1.xml:94
+#: sss_ssh_authorizedkeys.1.xml:86 sss_ssh_knownhostsproxy.1.xml:94
msgid ""
"In case of success, an exit value of 0 is returned. Otherwise, 1 is returned."
msgstr ""
@@ -10490,7 +10949,7 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:137 include/ldap_id_mapping.xml:189
+#: include/ldap_id_mapping.xml:137 include/ldap_id_mapping.xml:191
msgid "Default: 200000"
msgstr ""
@@ -10547,11 +11006,12 @@ msgstr ""
msgid ""
"For example, if your most recently-added Active Directory user has "
"objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, "
-"<quote>ldap_idmap_range_size</quote> must be at least 1107."
+"<quote>ldap_idmap_range_size</quote> must be at least 1108 as range size is "
+"equal to maximal SID minus minimal SID plus one (e.g. 1108 = 1107 - 0 + 1)."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:184
+#: include/ldap_id_mapping.xml:186
msgid ""
"It is important to plan ahead for future expansion, as changing this value "
"will result in changing all of the ID mappings on the system, leading to "
@@ -10559,12 +11019,12 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:194
+#: include/ldap_id_mapping.xml:196
msgid "ldap_idmap_default_domain_sid (string)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:197
+#: include/ldap_id_mapping.xml:199
msgid ""
"Specify the domain SID of the default domain. This will guarantee that this "
"domain will always be assigned to slice zero in the ID map, bypassing the "
@@ -10572,36 +11032,36 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:208
+#: include/ldap_id_mapping.xml:210
msgid "ldap_idmap_default_domain (string)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:211
+#: include/ldap_id_mapping.xml:213
msgid "Specify the name of the default domain."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:219
+#: include/ldap_id_mapping.xml:221
msgid "ldap_idmap_autorid_compat (boolean)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:222
+#: include/ldap_id_mapping.xml:224
msgid ""
"Changes the behavior of the ID-mapping algorithm to behave more similarly to "
"winbind's <quote>idmap_autorid</quote> algorithm."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:227
+#: include/ldap_id_mapping.xml:229
msgid ""
"When this option is configured, domains will be allocated starting with "
"slice zero and increasing monatomically with each additional domain."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:232
+#: include/ldap_id_mapping.xml:234
msgid ""
"NOTE: This algorithm is non-deterministic (it depends on the order that "
"users and groups are requested). If this mode is required for compatibility "
@@ -10610,13 +11070,34 @@ msgid ""
"least one domain is consistently allocated to slice zero."
msgstr ""
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:249
+msgid "ldap_idmap_helper_table_size (integer)"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:252
+msgid ""
+"Maximal number of secondary slices that is tried when performing mapping "
+"from UNIX id to SID."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:256
+msgid ""
+"Note: Additional secondary slices might be generated when SID is being "
+"mapped to UNIX id and RID part of SID is out of range for secondary slices "
+"generated so far. If value of ldap_idmap_helper_table_size is equal to 0 "
+"then no additional secondary slices are generated."
+msgstr ""
+
#. type: Content of: <refsect1><refsect2><title>
-#: include/ldap_id_mapping.xml:251
+#: include/ldap_id_mapping.xml:273
msgid "Well-Known SIDs"
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:253
+#: include/ldap_id_mapping.xml:275
msgid ""
"SSSD supports to look up the names of Well-Known SIDs, i.e. SIDs with a "
"special hardcoded meaning. Since the generic users and groups related to "
@@ -10625,51 +11106,51 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:259
+#: include/ldap_id_mapping.xml:281
msgid ""
"The SID name space is organized in authorities which can be seen as "
"different domains. The authorities for the Well-Known SIDs are"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:262
+#: include/ldap_id_mapping.xml:284
msgid "Null Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:263
+#: include/ldap_id_mapping.xml:285
msgid "World Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:264
+#: include/ldap_id_mapping.xml:286
msgid "Local Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:265
+#: include/ldap_id_mapping.xml:287
msgid "Creator Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:266
+#: include/ldap_id_mapping.xml:288
msgid "NT Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:267
+#: include/ldap_id_mapping.xml:289
msgid "Built-in"
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:269
+#: include/ldap_id_mapping.xml:291
msgid ""
"The capitalized version of these names are used as domain names when "
"returning the fully qualified name of a Well-Known SID."
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:273
+#: include/ldap_id_mapping.xml:295
msgid ""
"Since some utilities allow to modify SID based access control information "
"with the help of a name instead of using the SID directly SSSD supports to "
diff --git a/src/man/po/nl.po b/src/man/po/nl.po
index 05d32b43c..1c7fcf441 100644
--- a/src/man/po/nl.po
+++ b/src/man/po/nl.po
@@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: sssd-docs 1.12.90\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2015-09-30 11:58+0200\n"
+"POT-Creation-Date: 2016-06-20 21:22+0200\n"
"PO-Revision-Date: 2014-06-04 02:04-0400\n"
"Last-Translator: jhrozek <jhrozek@redhat.com>\n"
"Language-Team: Dutch (http://www.transifex.com/projects/p/sssd/language/"
@@ -18,7 +18,7 @@ msgstr ""
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=2; plural=(n != 1);\n"
-"X-Generator: Zanata 3.7.2\n"
+"X-Generator: Zanata 3.8.4\n"
#. type: Content of: <reference><title>
#: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5
@@ -64,7 +64,7 @@ msgstr ""
"arg>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:53
+#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:56
#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21
#: sssd-ad.5.xml:21 sssd-sudo.5.xml:21 sssd.8.xml:29 sss_obfuscate.8.xml:30
#: sss_override.8.xml:30 sss_useradd.8.xml:30 sssd-krb5.5.xml:21
@@ -85,11 +85,11 @@ msgstr ""
"die via de opdrachtregel ingegeven zijn."
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:39 pam_sss.8.xml:60 sssd.8.xml:42 sss_obfuscate.8.xml:58
+#: sss_groupmod.8.xml:39 pam_sss.8.xml:63 sssd.8.xml:42 sss_obfuscate.8.xml:58
#: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
#: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
#: sss_cache.8.xml:38 sss_debuglevel.8.xml:38 sss_seed.8.xml:42
-#: sss_ssh_authorizedkeys.1.xml:76 sss_ssh_knownhostsproxy.1.xml:62
+#: sss_ssh_authorizedkeys.1.xml:66 sss_ssh_knownhostsproxy.1.xml:62
msgid "OPTIONS"
msgstr "OPTIES"
@@ -240,95 +240,112 @@ msgstr "debug_level (numeriek)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:73
+#, fuzzy
+#| msgid "debug_level (integer)"
+msgid "debug (integer)"
+msgstr "debug_level (numeriek)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:76
+msgid ""
+"SSSD 1.14 and later also includes the <replaceable>debug</replaceable> alias "
+"for <replaceable>debug_level</replaceable> as a convenience feature. If both "
+"are specified, the value of <replaceable>debug_level</replaceable> will be "
+"used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:86
msgid "debug_timestamps (bool)"
msgstr "debug_timestamps (bool)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:76
+#: sssd.conf.5.xml:89
msgid ""
"Add a timestamp to the debug messages. If journald is enabled for SSSD "
"debug logging this option is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:81 sssd.conf.5.xml:605 sssd.conf.5.xml:1081
-#: sssd-ldap.5.xml:1647 sssd-ldap.5.xml:1744 sssd-ldap.5.xml:1806
-#: sssd-ldap.5.xml:2363 sssd-ldap.5.xml:2428 sssd-ldap.5.xml:2446
-#: sssd-ipa.5.xml:405 sssd-ipa.5.xml:440 sssd-ad.5.xml:166 sssd-ad.5.xml:264
-#: sssd-ad.5.xml:733 sssd-ad.5.xml:852 sssd-krb5.5.xml:499
+#: sssd.conf.5.xml:94 sssd.conf.5.xml:672 sssd.conf.5.xml:1207
+#: sssd-ldap.5.xml:1665 sssd-ldap.5.xml:1762 sssd-ldap.5.xml:1824
+#: sssd-ldap.5.xml:2381 sssd-ldap.5.xml:2446 sssd-ldap.5.xml:2464
+#: sssd-ipa.5.xml:405 sssd-ipa.5.xml:440 sssd-ad.5.xml:174 sssd-ad.5.xml:272
+#: sssd-ad.5.xml:809 sssd-ad.5.xml:928 sssd-krb5.5.xml:499
msgid "Default: true"
msgstr "Standaard: true"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:86
+#: sssd.conf.5.xml:99
msgid "debug_microseconds (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:89
+#: sssd.conf.5.xml:102
msgid ""
"Add microseconds to the timestamp in debug messages. If journald is enabled "
"for SSSD debug logging this option is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:94 sssd.conf.5.xml:1035 sssd.conf.5.xml:2164
-#: sssd-ldap.5.xml:692 sssd-ldap.5.xml:1521 sssd-ldap.5.xml:1540
-#: sssd-ldap.5.xml:1716 sssd-ldap.5.xml:2133 sssd-ipa.5.xml:139
+#: sssd.conf.5.xml:107 sssd.conf.5.xml:1161 sssd.conf.5.xml:2456
+#: sssd-ldap.5.xml:692 sssd-ldap.5.xml:1539 sssd-ldap.5.xml:1558
+#: sssd-ldap.5.xml:1734 sssd-ldap.5.xml:2151 sssd-ipa.5.xml:139
#: sssd-ipa.5.xml:211 sssd-ipa.5.xml:542 sssd-krb5.5.xml:266
#: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471
msgid "Default: false"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:67 sssd.conf.5.xml:105 sssd-ldap.5.xml:2171
+#: sssd.conf.5.xml:67 sssd.conf.5.xml:118 sssd-ldap.5.xml:2189
msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:103
+#: sssd.conf.5.xml:116
msgid "Options usable in SERVICE and DOMAIN sections"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:107
+#: sssd.conf.5.xml:120
msgid "timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:110
+#: sssd.conf.5.xml:123
msgid ""
"Timeout in seconds between heartbeats for this service. This is used to "
"ensure that the process is alive and capable of answering requests."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:115 sssd.conf.5.xml:999 sssd-ldap.5.xml:1392
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:128 sssd.conf.5.xml:1125 sssd-ldap.5.xml:1410
+#: include/ldap_id_mapping.xml:264
msgid "Default: 10"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:125
+#: sssd.conf.5.xml:138
msgid "SPECIAL SECTIONS"
msgstr "SPECIALE SECTIES"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:128
+#: sssd.conf.5.xml:141
msgid "The [sssd] section"
msgstr "De [sssd] sectie"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:137 sssd.conf.5.xml:2272
+#: sssd.conf.5.xml:150 sssd.conf.5.xml:2472
msgid "Section parameters"
msgstr "Sectie parameters"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:139
+#: sssd.conf.5.xml:152
msgid "config_file_version (integer)"
msgstr "config_file_version (numeriek)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:142
+#: sssd.conf.5.xml:155
msgid ""
"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use "
"version 2."
@@ -337,19 +354,19 @@ msgstr ""
"gebruiken versie 2."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:148
+#: sssd.conf.5.xml:161
msgid "services"
msgstr "diensten"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:151
+#: sssd.conf.5.xml:164
msgid ""
"Comma separated list of services that are started when sssd itself starts."
msgstr ""
"Kommagescheiden lijst van diensten die gestart worden als sssd zelf start."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:155
+#: sssd.conf.5.xml:168
msgid ""
"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> "
"<phrase condition=\"with_autofs\">, autofs</phrase> <phrase condition="
@@ -358,12 +375,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:165 sssd.conf.5.xml:390
+#: sssd.conf.5.xml:178 sssd.conf.5.xml:468
msgid "reconnection_retries (integer)"
msgstr "reconnection_retries (numeriek)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:168 sssd.conf.5.xml:393
+#: sssd.conf.5.xml:181 sssd.conf.5.xml:471
msgid ""
"Number of times services should attempt to reconnect in the event of a Data "
"Provider crash or restart before they give up"
@@ -372,17 +389,17 @@ msgstr ""
"Data Aanbieder crashed of opnieuw start voordat dit opgegeven wordt"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:173 sssd.conf.5.xml:398
+#: sssd.conf.5.xml:186 sssd.conf.5.xml:476
msgid "Default: 3"
msgstr "Standaard: 3"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:178
+#: sssd.conf.5.xml:191
msgid "domains"
msgstr "domeinen"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:181
+#: sssd.conf.5.xml:194
msgid ""
"A domain is a database containing user information. SSSD can use more "
"domains at the same time, but at least one must be configured or SSSD won't "
@@ -392,19 +409,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:193 sssd.conf.5.xml:1947
+#: sssd.conf.5.xml:206 sssd.conf.5.xml:2105
msgid "re_expression (string)"
msgstr "re_expression (tekst)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:196
+#: sssd.conf.5.xml:209
msgid ""
"Default regular expression that describes how to parse the string containing "
"user name and domain into these components."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:201
+#: sssd.conf.5.xml:214
msgid ""
"Each domain can have an individual regular expression configured. For some "
"ID providers there are also default regular expressions. See DOMAIN "
@@ -412,12 +429,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:210 sssd.conf.5.xml:1998
+#: sssd.conf.5.xml:223 sssd.conf.5.xml:2156
msgid "full_name_format (string)"
msgstr "full_name_format (tekst)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:213 sssd.conf.5.xml:2001
+#: sssd.conf.5.xml:226 sssd.conf.5.xml:2159
msgid ""
"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
"manvolnum> </citerefentry>-compatible format that describes how to compose a "
@@ -425,58 +442,58 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:224 sssd.conf.5.xml:2012
+#: sssd.conf.5.xml:237 sssd.conf.5.xml:2170
msgid "%1$s"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:225 sssd.conf.5.xml:2013
+#: sssd.conf.5.xml:238 sssd.conf.5.xml:2171
msgid "user name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:228 sssd.conf.5.xml:2016
+#: sssd.conf.5.xml:241 sssd.conf.5.xml:2174
msgid "%2$s"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:231 sssd.conf.5.xml:2019
+#: sssd.conf.5.xml:244 sssd.conf.5.xml:2177
msgid "domain name as specified in the SSSD config file."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:237 sssd.conf.5.xml:2025
+#: sssd.conf.5.xml:250 sssd.conf.5.xml:2183
msgid "%3$s"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:240 sssd.conf.5.xml:2028
+#: sssd.conf.5.xml:253 sssd.conf.5.xml:2186
msgid ""
"domain flat name. Mostly usable for Active Directory domains, both directly "
"configured or discovered via IPA trusts."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:221 sssd.conf.5.xml:2009
+#: sssd.conf.5.xml:234 sssd.conf.5.xml:2167
msgid ""
"The following expansions are supported: <placeholder type=\"variablelist\" "
"id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:250
+#: sssd.conf.5.xml:263
msgid ""
"Each domain can have an individual format string configured. see DOMAIN "
"SECTIONS for more info on this option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:256
+#: sssd.conf.5.xml:269
msgid "try_inotify (boolean)"
msgstr "try_inotify (bool)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:259
+#: sssd.conf.5.xml:272
msgid ""
"SSSD monitors the state of resolv.conf to identify when it needs to update "
"its internal DNS resolver. By default, we will attempt to use inotify for "
@@ -489,7 +506,7 @@ msgstr ""
"kijken of resolv.conf gewijzigd is als er geen inotify beschikbaar is."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:267
+#: sssd.conf.5.xml:280
msgid ""
"There are some limited situations where it is preferred that we should skip "
"even trying to use inotify. In these rare cases, this option should be set "
@@ -500,7 +517,7 @@ msgstr ""
"gezet worden"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:273
+#: sssd.conf.5.xml:286
msgid ""
"Default: true on platforms where inotify is supported. False on other "
"platforms."
@@ -509,7 +526,7 @@ msgstr ""
"systemen."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:277
+#: sssd.conf.5.xml:290
msgid ""
"Note: this option will have no effect on platforms where inotify is "
"unavailable. On these platforms, polling will always be used."
@@ -519,12 +536,12 @@ msgstr ""
"conf."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:284
+#: sssd.conf.5.xml:297
msgid "krb5_rcache_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:287
+#: sssd.conf.5.xml:300
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
@@ -533,43 +550,43 @@ msgstr ""
"opslaan."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:291
+#: sssd.conf.5.xml:304
msgid ""
"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct "
"SSSD to let libkrb5 decide the appropriate location for the replay cache."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:297
+#: sssd.conf.5.xml:310
msgid ""
"Default: Distribution-specific and specified at build-time. "
"(__LIBKRB5_DEFAULTS__ if not configured)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:304
+#: sssd.conf.5.xml:317
msgid "user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:307
+#: sssd.conf.5.xml:320
msgid ""
"The user to drop the privileges to where appropriate to avoid running as the "
"root user."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:312
+#: sssd.conf.5.xml:325
msgid "Default: not set, process will run as root"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:317
+#: sssd.conf.5.xml:330
msgid "default_domain_suffix (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:320
+#: sssd.conf.5.xml:333
msgid ""
"This string will be used as a default domain name for all names without a "
"domain name component. The main use case is environments where the primary "
@@ -579,7 +596,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:330
+#: sssd.conf.5.xml:343
msgid ""
"Please note that if this option is set all users from the primary domain "
"have to use their fully qualified name, e.g. user@domain.name, to log in. "
@@ -589,20 +606,20 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:339 sssd-ldap.5.xml:663 sssd-ldap.5.xml:1480
-#: sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1574 sssd-ad.5.xml:576
-#: sssd-ad.5.xml:646 sssd-krb5.5.xml:410 sssd-krb5.5.xml:550
-#: include/ldap_id_mapping.xml:203 include/ldap_id_mapping.xml:214
+#: sssd.conf.5.xml:352 sssd-ldap.5.xml:663 sssd-ldap.5.xml:1498
+#: sssd-ldap.5.xml:1510 sssd-ldap.5.xml:1592 sssd-ad.5.xml:614
+#: sssd-ad.5.xml:689 sssd-krb5.5.xml:410 sssd-krb5.5.xml:550
+#: include/ldap_id_mapping.xml:205 include/ldap_id_mapping.xml:216
msgid "Default: not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:344
+#: sssd.conf.5.xml:357
msgid "override_space (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:347
+#: sssd.conf.5.xml:360
msgid ""
"This parameter will replace spaces (space bar) with the given character for "
"user and group names. e.g. (_). User name &quot;john doe&quot; will be "
@@ -612,7 +629,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:356
+#: sssd.conf.5.xml:369
msgid ""
"Please note it is a configuration error to use a replacement character that "
"might be used in user or group names. If a name contains the replacement "
@@ -621,12 +638,99 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:364
+#: sssd.conf.5.xml:377
msgid "Default: not set (spaces will not be replaced)"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:382
+#, fuzzy
+#| msgid "re_expression (string)"
+msgid "certificate_verification (string)"
+msgstr "re_expression (tekst)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:390
+msgid "no_ocsp"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:392
+msgid ""
+"Disables Online Certificate Status Protocol (OCSP) checks. This might be "
+"needed if the OCSP servers defined in the certificate are not reachable from "
+"the client."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:400
+msgid "no_verification"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:402
+msgid ""
+"Disables verification completely. This option should only be used for "
+"testing."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:408
+msgid "ocsp_default_responder=URL"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:410
+msgid ""
+"Sets the OCSP default responder which should be used instead of the one "
+"mentioned in the certificate. URL must be replaced with the URL of the OCSP "
+"default responder e.g. http://example.com:80/ocsp."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:416
+msgid ""
+"This option must be used together with ocsp_default_responder_signing_cert."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:424
+msgid "ocsp_default_responder_signing_cert=NAME"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:426
+msgid ""
+"The nickname of the cert to trust (expected) to sign the OCSP responses. "
+"The certificate with the given nickname must be availble in the systems NSS "
+"database."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:431
+msgid "This option must be used together with ocsp_default_responder."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:385
+msgid ""
+"With this parameter the certificate verification can be tuned with a comma "
+"separated list of options. Supported options are: <placeholder type="
+"\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:438
+msgid "Unknown options are reported but ignored."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:441
+msgid "Default: not set, i.e. do not restrict certificate vertification"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:130
+#: sssd.conf.5.xml:143
msgid ""
"Individual pieces of SSSD functionality are provided by special SSSD "
"services that are started and stopped together with SSSD. The services are "
@@ -637,12 +741,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:375
+#: sssd.conf.5.xml:453
msgid "SERVICES SECTIONS"
msgstr "SERVICES SECTIE"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:377
+#: sssd.conf.5.xml:455
msgid ""
"Settings that can be used to configure different services are described in "
"this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -651,22 +755,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:384
+#: sssd.conf.5.xml:462
msgid "General service configuration options"
msgstr "Algemene service configuratie-opties"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:386
+#: sssd.conf.5.xml:464
msgid "These options can be used to configure any service."
msgstr "Deze opties kunnen gebruikt worden om services te configureren."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:403
+#: sssd.conf.5.xml:481
msgid "fd_limit"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:406
+#: sssd.conf.5.xml:484
msgid ""
"This option specifies the maximum number of file descriptors that may be "
"opened at one time by this SSSD process. On systems where SSSD is granted "
@@ -676,17 +780,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:415
+#: sssd.conf.5.xml:493
msgid "Default: 8192 (or limits.conf \"hard\" limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:420
+#: sssd.conf.5.xml:498
msgid "client_idle_timeout"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:423
+#: sssd.conf.5.xml:501
msgid ""
"This option specifies the number of seconds that a client of an SSSD process "
"can hold onto a file descriptor without communicating on it. This value is "
@@ -694,19 +798,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:430 sssd.conf.5.xml:446 sssd.conf.5.xml:478
-#: sssd.conf.5.xml:736 sssd.conf.5.xml:922 sssd.conf.5.xml:1289
-#: sssd-ldap.5.xml:1219
+#: sssd.conf.5.xml:508 sssd.conf.5.xml:524 sssd.conf.5.xml:556
+#: sssd.conf.5.xml:803 sssd.conf.5.xml:995 sssd.conf.5.xml:1428
+#: sssd-ldap.5.xml:1237
msgid "Default: 60"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:435 sssd.conf.5.xml:1278
+#: sssd.conf.5.xml:513 sssd.conf.5.xml:1417
msgid "force_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:438 sssd.conf.5.xml:1281
+#: sssd.conf.5.xml:516 sssd.conf.5.xml:1420
msgid ""
"If a service is not responding to ping checks (see the <quote>timeout</"
"quote> option), it is first sent the SIGTERM signal that instructs it to "
@@ -716,12 +820,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:451
+#: sssd.conf.5.xml:529
msgid "offline_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:454
+#: sssd.conf.5.xml:532
msgid ""
"When SSSD switches to offline mode the amount of time before it tries to go "
"back online will increase based upon the time spent disconnected. This "
@@ -729,89 +833,37 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:461
+#: sssd.conf.5.xml:539
msgid "offline_timeout + random_offset"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:464
+#: sssd.conf.5.xml:542
msgid ""
"The random offset can increment up to 30 seconds. After each unsuccessful "
"attempt to go online, the new interval is recalculated by the following:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:469
+#: sssd.conf.5.xml:547
msgid "new_interval = old_interval*2 + random_offset"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:472
+#: sssd.conf.5.xml:550
msgid ""
"Note that the maximum length of each interval is currently limited to one "
"hour. If the calculated length of new_interval is greater than an hour, it "
"will be forced to one hour."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:483
-msgid "subdomain_inherit (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:486
-msgid ""
-"Specifies a list of configuration parameters that should be inherited by a "
-"subdomain. Please note that only selected parameters can be inherited. "
-"Currently the following options can be inherited:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:492
-msgid "ignore_group_members"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:495
-msgid "ldap_purge_cache_timeout"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:498 sssd-ldap.5.xml:1036
-msgid "ldap_use_tokengroups"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:501
-msgid "ldap_user_principal"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:506
-#, no-wrap
-msgid ""
-"subdomain_inherit = ldap_purge_cache_timeout\n"
-" "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:504
-msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:510 sssd.conf.5.xml:966 sssd.conf.5.xml:987
-#: sssd.conf.5.xml:1272 sssd-ldap.5.xml:1775
-msgid "Default: none"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:518
+#: sssd.conf.5.xml:564
msgid "NSS configuration options"
msgstr "NSS configuratie-opties"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:520
+#: sssd.conf.5.xml:566
msgid ""
"These options can be used to configure the Name Service Switch (NSS) service."
msgstr ""
@@ -819,12 +871,12 @@ msgstr ""
"configurere."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:525
+#: sssd.conf.5.xml:571
msgid "enum_cache_timeout (integer)"
msgstr "enum_cache_timeout (numeriek)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:528
+#: sssd.conf.5.xml:574
msgid ""
"How many seconds should nss_sss cache enumerations (requests for info about "
"all users)"
@@ -833,17 +885,17 @@ msgstr ""
"over alle gebruikers)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:532
+#: sssd.conf.5.xml:578
msgid "Default: 120"
msgstr "Standaard: 120"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:537
+#: sssd.conf.5.xml:583
msgid "entry_cache_nowait_percentage (integer)"
msgstr "entry_cache_nowait_percentage (numeriek)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
+#: sssd.conf.5.xml:586
msgid ""
"The entry cache can be set to automatically update entries in the background "
"if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -851,7 +903,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:546
+#: sssd.conf.5.xml:592
msgid ""
"For example, if the domain's entry_cache_timeout is set to 30s and "
"entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -861,7 +913,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:556
+#: sssd.conf.5.xml:602
msgid ""
"Valid values for this option are 0-99 and represent a percentage of the "
"entry_cache_timeout for each domain. For performance reasons, this "
@@ -870,17 +922,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:564
+#: sssd.conf.5.xml:610
msgid "Default: 50"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:569
+#: sssd.conf.5.xml:615
msgid "entry_negative_timeout (integer)"
msgstr "entry_negative_timeout (numeriek)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:572
+#: sssd.conf.5.xml:618
msgid ""
"Specifies for how many seconds nss_sss should cache negative cache hits "
"(that is, queries for invalid database entries, like nonexistent ones) "
@@ -888,60 +940,88 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:578 sssd.conf.5.xml:1059
+#: sssd.conf.5.xml:624 sssd.conf.5.xml:1185
msgid "Default: 15"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:583
+#: sssd.conf.5.xml:629
+#, fuzzy
+#| msgid "entry_negative_timeout (integer)"
+msgid "local_negative_timeout (integer)"
+msgstr "entry_negative_timeout (numeriek)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:632
+msgid ""
+"Specifies for how many seconds nss_sss should keep local users and groups in "
+"negative cache before trying to look it up in the back end again."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:637 sssd.conf.5.xml:983 sssd.conf.5.xml:2406 sssd.8.xml:79
+msgid "Default: 0"
+msgstr "Standaard: 0"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:642
msgid "filter_users, filter_groups (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:586
+#: sssd.conf.5.xml:645
+msgid ""
+"Exclude certain users or groups from being fetched from the sss NSS "
+"database. This is particularly useful for system accounts. This option can "
+"also be set per-domain or include fully-qualified names to filter only users "
+"from the particular domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:652
msgid ""
-"Exclude certain users from being fetched from the sss NSS database. This is "
-"particularly useful for system accounts. This option can also be set per-"
-"domain or include fully-qualified names to filter only users from the "
-"particular domain."
+"NOTE: The filter_groups option doesn't affect inheritance of nested group "
+"members, since filtering happens after they are propagated for returning via "
+"NSS. E.g. a group having a member group filtered out will still have the "
+"member users of the latter listed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:593
+#: sssd.conf.5.xml:660
msgid "Default: root"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:598
+#: sssd.conf.5.xml:665
msgid "filter_users_in_groups (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:601
+#: sssd.conf.5.xml:668
msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:612
+#: sssd.conf.5.xml:679
msgid "fallback_homedir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:615
+#: sssd.conf.5.xml:682
msgid ""
"Set a default template for a user's home directory if one is not specified "
"explicitly by the domain's data provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:620
+#: sssd.conf.5.xml:687
msgid ""
"The available values for this option are the same as for override_homedir."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:626
+#: sssd.conf.5.xml:693
#, no-wrap
msgid ""
"fallback_homedir = /home/%u\n"
@@ -949,23 +1029,23 @@ msgid ""
msgstr ""
#. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:624 sssd.conf.5.xml:981 sssd-krb5.5.xml:533
-#: include/override_homedir.xml:55
+#: sssd.conf.5.xml:691 sssd.conf.5.xml:1062 sssd.conf.5.xml:1081
+#: sssd-krb5.5.xml:533 include/override_homedir.xml:55
msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:630
+#: sssd.conf.5.xml:697
msgid "Default: not set (no substitution for unset home directories)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:636
+#: sssd.conf.5.xml:703
msgid "override_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:639
+#: sssd.conf.5.xml:706
msgid ""
"Override the login shell for all users. This option supersedes any other "
"shell options if it takes effect and can be set either in the [nss] section "
@@ -973,47 +1053,47 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:645
+#: sssd.conf.5.xml:712
msgid "Default: not set (SSSD will use the value retrieved from LDAP)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:651
+#: sssd.conf.5.xml:718
msgid "allowed_shells (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:654
+#: sssd.conf.5.xml:721
msgid ""
"Restrict user shell to one of the listed values. The order of evaluation is:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:657
+#: sssd.conf.5.xml:724
msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:661
+#: sssd.conf.5.xml:728
msgid ""
"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
"quote>, use the value of the shell_fallback parameter."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:666
+#: sssd.conf.5.xml:733
msgid ""
"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
"shells</quote>, a nologin shell is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:671
+#: sssd.conf.5.xml:738
msgid "The wildcard (*) can be used to allow any shell."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:674
+#: sssd.conf.5.xml:741
msgid ""
"The (*) is useful if you want to use shell_fallback in case that user's "
"shell is not in <quote>/etc/shells</quote> and maintaining list of all "
@@ -1021,103 +1101,110 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:681
+#: sssd.conf.5.xml:748
msgid "An empty string for shell is passed as-is to libc."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:684
+#: sssd.conf.5.xml:751
msgid ""
"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
"that a restart of the SSSD is required in case a new shell is installed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:688
+#: sssd.conf.5.xml:755
msgid "Default: Not set. The user shell is automatically used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:693
+#: sssd.conf.5.xml:760
msgid "vetoed_shells (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:696
+#: sssd.conf.5.xml:763
msgid "Replace any instance of these shells with the shell_fallback"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:701
+#: sssd.conf.5.xml:768
msgid "shell_fallback (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:704
+#: sssd.conf.5.xml:771
msgid ""
"The default shell to use if an allowed shell is not installed on the machine."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:708
+#: sssd.conf.5.xml:775
msgid "Default: /bin/sh"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:713
+#: sssd.conf.5.xml:780
msgid "default_shell"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:716
+#: sssd.conf.5.xml:783
msgid ""
"The default shell to use if the provider does not return one during lookup. "
"This option can be specified globally in the [nss] section or per-domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:722
+#: sssd.conf.5.xml:789
msgid ""
"Default: not set (Return NULL if no shell is specified and rely on libc to "
"substitute something sensible when necessary, usually /bin/sh)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:729 sssd.conf.5.xml:915
+#: sssd.conf.5.xml:796 sssd.conf.5.xml:988
msgid "get_domains_timeout (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:732 sssd.conf.5.xml:918
+#: sssd.conf.5.xml:799 sssd.conf.5.xml:991
msgid ""
"Specifies time in seconds for which the list of subdomains will be "
"considered valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:741
+#: sssd.conf.5.xml:808
msgid "memcache_timeout (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:744
+#: sssd.conf.5.xml:811
msgid ""
"Specifies time in seconds for which records in the in-memory cache will be "
-"valid"
+"valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:748 sssd-ldap.5.xml:706
+#: sssd.conf.5.xml:815 sssd.conf.5.xml:1299 sssd-ldap.5.xml:706
msgid "Default: 300"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:818
+msgid ""
+"NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", "
+"client applications will not use the fast in-memory cache."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:753 sssd-ifp.5.xml:74
+#: sssd.conf.5.xml:826 sssd-ifp.5.xml:74
msgid "user_attributes (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:829
msgid ""
"Some of the additional NSS responder requests can return more attributes "
"than just the POSIX ones defined by the NSS interface. The list of "
@@ -1128,72 +1215,72 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:769
+#: sssd.conf.5.xml:842
msgid ""
"To make configuration more easy the NSS responder will check the InfoPipe "
"option if it is not set for the NSS responder."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:774
+#: sssd.conf.5.xml:847
msgid "Default: not set, fallback to InfoPipe option"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:781
+#: sssd.conf.5.xml:854
msgid "PAM configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:856
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:788
+#: sssd.conf.5.xml:861
msgid "offline_credentials_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:791
+#: sssd.conf.5.xml:864
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:796 sssd.conf.5.xml:809
+#: sssd.conf.5.xml:869 sssd.conf.5.xml:882
msgid "Default: 0 (No limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:802
+#: sssd.conf.5.xml:875
msgid "offline_failed_login_attempts (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:805
+#: sssd.conf.5.xml:878
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:815
+#: sssd.conf.5.xml:888
msgid "offline_failed_login_delay (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:818
+#: sssd.conf.5.xml:891
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:823
+#: sssd.conf.5.xml:896
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -1201,59 +1288,59 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:829 sssd.conf.5.xml:882
+#: sssd.conf.5.xml:902 sssd.conf.5.xml:955
msgid "Default: 5"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:835
+#: sssd.conf.5.xml:908
msgid "pam_verbosity (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:838
+#: sssd.conf.5.xml:911
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:843
+#: sssd.conf.5.xml:916
msgid "Currently sssd supports the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:846
+#: sssd.conf.5.xml:919
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:849
+#: sssd.conf.5.xml:922
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:853
+#: sssd.conf.5.xml:926
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:856
+#: sssd.conf.5.xml:929
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:860 sssd.8.xml:63
+#: sssd.conf.5.xml:933 sssd.8.xml:63
msgid "Default: 1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:865
+#: sssd.conf.5.xml:938
msgid "pam_id_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:941
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -1261,7 +1348,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:874
+#: sssd.conf.5.xml:947
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
@@ -1270,17 +1357,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:888
+#: sssd.conf.5.xml:961
msgid "pam_pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:891 sssd.conf.5.xml:1492
+#: sssd.conf.5.xml:964 sssd.conf.5.xml:1631
msgid "Display a warning N days before the password expires."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:894
+#: sssd.conf.5.xml:967
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -1288,119 +1375,187 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:900 sssd.conf.5.xml:1495
+#: sssd.conf.5.xml:973 sssd.conf.5.xml:1634
msgid ""
"If zero is set, then this filter is not applied, i.e. if the expiration "
"warning was received from backend server, it will automatically be displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:905
+#: sssd.conf.5.xml:978
msgid ""
"This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
"emphasis> for a particular domain."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:910 sssd.conf.5.xml:2224 sssd.8.xml:79
-msgid "Default: 0"
-msgstr "Standaard: 0"
-
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:927
+#: sssd.conf.5.xml:1000
msgid "pam_trusted_users (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:930
+#: sssd.conf.5.xml:1003
msgid ""
"Specifies the comma-separated list of UID values or user names that are "
-"allowed to access the PAM responder. User names are resolved to UIDs at "
+"allowed to run PAM conversations against trusted domains. Users not "
+"included in this list can only access domains marked as public with "
+"<quote>pam_public_domains</quote>. User names are resolved to UIDs at "
"startup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:936
-msgid "Default: all (All users are allowed to access the PAM responder)"
+#: sssd.conf.5.xml:1013
+msgid "Default: All users are considered trusted by default"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940
+#: sssd.conf.5.xml:1017
msgid ""
"Please note that UID 0 is always allowed to access the PAM responder even in "
"case it is not in the pam_trusted_users list."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:947
+#: sssd.conf.5.xml:1024
msgid "pam_public_domains (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:950
+#: sssd.conf.5.xml:1027
msgid ""
"Specifies the comma-separated list of domain names that are accessible even "
"to untrusted users."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:954
+#: sssd.conf.5.xml:1031
msgid "Two special values for pam_public_domains option are defined:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:958
+#: sssd.conf.5.xml:1035
msgid ""
"all (Untrusted users are allowed to access all domains in PAM responder.)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:962
+#: sssd.conf.5.xml:1039
msgid ""
"none (Untrusted users are not allowed to access any domains PAM in "
"responder.)"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1043 sssd.conf.5.xml:1068 sssd.conf.5.xml:1087
+#: sssd.conf.5.xml:1411 sssd.conf.5.xml:2342 sssd-ldap.5.xml:1793
+msgid "Default: none"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:971
+#: sssd.conf.5.xml:1048
msgid "pam_account_expired_message (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:974
+#: sssd.conf.5.xml:1051
msgid ""
-"If user is authenticating using SSH keys and account is expired then by "
-"default 'Permission denied' is output. This output will be changed to "
-"content of this variable if it is set."
+"Allows a custom expiration message to be set, replacing the default "
+"'Permission denied' message."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1056
+msgid ""
+"Note: Please be aware that message is only printed for the SSH service "
+"unless pam_verbostiy is set to 3 (show all messages and debug information)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:983
+#: sssd.conf.5.xml:1064
#, no-wrap
msgid ""
-"pam_account_expired_message = Account expired, please call help desk.\n"
+"pam_account_expired_message = Account expired, please contact help desk.\n"
" "
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:992
+#: sssd.conf.5.xml:1073
+msgid "pam_account_locked_message (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1076
+msgid ""
+"Allows a custom lockout message to be set, replacing the default 'Permission "
+"denied' message."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd.conf.5.xml:1083
+#, no-wrap
+msgid ""
+"pam_account_locked_message = Account locked, please contact help desk.\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1092
+msgid "pam_cert_auth (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1095
+msgid ""
+"Enable certificate based Smartcard authentication. Since this requires "
+"additional communication with the Smartcard which will delay the "
+"authentication process this option is disabled by default."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1101 sssd-ldap.5.xml:1021 sssd-ldap.5.xml:1048
+#: sssd-ldap.5.xml:1339 sssd-ldap.5.xml:1360 sssd-ldap.5.xml:1866
+#: include/ldap_id_mapping.xml:244
+msgid "Default: False"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1106
+#, fuzzy
+#| msgid "full_name_format (string)"
+msgid "pam_cert_db_path (string)"
+msgstr "full_name_format (tekst)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1109
+msgid ""
+"The path to the certificate database which contain the PKCS#11 modules to "
+"access the Smartcard."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1113
+msgid "Default: /etc/pki/nssdb (NSS version)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1118
#, fuzzy
#| msgid "enum_cache_timeout (integer)"
msgid "p11_child_timeout (integer)"
msgstr "enum_cache_timeout (numeriek)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:995
+#: sssd.conf.5.xml:1121
msgid "How many seconds will pam_sss wait for p11_child to finish."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1008
+#: sssd.conf.5.xml:1134
msgid "SUDO configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1010
+#: sssd.conf.5.xml:1136
msgid ""
"These options can be used to configure the sudo service. The detailed "
"instructions for configuration of <citerefentry> <refentrytitle>sudo</"
@@ -1411,34 +1566,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1027
+#: sssd.conf.5.xml:1153
msgid "sudo_timed (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1030
+#: sssd.conf.5.xml:1156
msgid ""
"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
"that implement time-dependent sudoers entries."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1043
+#: sssd.conf.5.xml:1169
msgid "AUTOFS configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1045
+#: sssd.conf.5.xml:1171
msgid "These options can be used to configure the autofs service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1049
+#: sssd.conf.5.xml:1175
msgid "autofs_negative_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1052
+#: sssd.conf.5.xml:1178
msgid ""
"Specifies for how many seconds should the autofs responder negative cache "
"hits (that is, queries for invalid map entries, like nonexistent ones) "
@@ -1446,68 +1601,68 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1068
+#: sssd.conf.5.xml:1194
msgid "SSH configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1070
+#: sssd.conf.5.xml:1196
msgid "These options can be used to configure the SSH service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1074
+#: sssd.conf.5.xml:1200
msgid "ssh_hash_known_hosts (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1077
+#: sssd.conf.5.xml:1203
msgid ""
"Whether or not to hash host names and addresses in the managed known_hosts "
"file."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1086
+#: sssd.conf.5.xml:1212
msgid "ssh_known_hosts_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1089
+#: sssd.conf.5.xml:1215
msgid ""
"How many seconds to keep a host in the managed known_hosts file after its "
"host keys were requested."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1093
+#: sssd.conf.5.xml:1219
msgid "Default: 180"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1098
+#: sssd.conf.5.xml:1224
msgid "ca_db (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1101
+#: sssd.conf.5.xml:1227
msgid ""
"Path to a storage of trusted CA certificates. The option is used to validate "
"user certificates before deriving public ssh keys from them."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1106
+#: sssd.conf.5.xml:1232
msgid "Default: /etc/pki/nssdb"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1114
+#: sssd.conf.5.xml:1240
msgid "PAC responder configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1116
+#: sssd.conf.5.xml:1242
msgid ""
"The PAC responder works together with the authorization data plugin for MIT "
"Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the "
@@ -1519,7 +1674,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1125
+#: sssd.conf.5.xml:1251
msgid ""
"If the remote user does not exist in the cache, it is created. The uid is "
"determined with the help of the SID, trusted domains will have UPGs and the "
@@ -1530,24 +1685,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1133
+#: sssd.conf.5.xml:1259
msgid ""
"If there are SIDs of groups from domains sssd knows about, the user will be "
"added to those groups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1139
+#: sssd.conf.5.xml:1265
msgid "These options can be used to configure the PAC responder."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1143 sssd-ifp.5.xml:50
+#: sssd.conf.5.xml:1269 sssd-ifp.5.xml:50
msgid "allowed_uids (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1146
+#: sssd.conf.5.xml:1272
msgid ""
"Specifies the comma-separated list of UID values or user names that are "
"allowed to access the PAC responder. User names are resolved to UIDs at "
@@ -1555,12 +1710,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1152
+#: sssd.conf.5.xml:1278
msgid "Default: 0 (only the root user is allowed to access the PAC responder)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1156
+#: sssd.conf.5.xml:1282
msgid ""
"Please note that although the UID 0 is used as the default it will be "
"overwritten with this option. If you still want to allow the root user to "
@@ -1568,25 +1723,39 @@ msgid ""
"to the list of allowed UIDs as well."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1291
+#, fuzzy
+#| msgid "enum_cache_timeout (integer)"
+msgid "pac_lifetime (integer)"
+msgstr "enum_cache_timeout (numeriek)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1294
+msgid ""
+"Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC "
+"data can be used to determine the group memberships of a user."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1170
+#: sssd.conf.5.xml:1309
msgid "DOMAIN SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1177
+#: sssd.conf.5.xml:1316
msgid "min_id,max_id (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1180
+#: sssd.conf.5.xml:1319
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1185
+#: sssd.conf.5.xml:1324
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -1595,46 +1764,46 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1192
+#: sssd.conf.5.xml:1331
msgid ""
"These ID limits affect even saving entries to cache, not only returning them "
"by name or ID."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1196
+#: sssd.conf.5.xml:1335
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1202
+#: sssd.conf.5.xml:1341
msgid "enumerate (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1205
+#: sssd.conf.5.xml:1344
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1209
+#: sssd.conf.5.xml:1348
msgid "TRUE = Users and groups are enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1212
+#: sssd.conf.5.xml:1351
msgid "FALSE = No enumerations for this domain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1215 sssd.conf.5.xml:1447 sssd.conf.5.xml:1614
+#: sssd.conf.5.xml:1354 sssd.conf.5.xml:1586 sssd.conf.5.xml:1753
msgid "Default: FALSE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1218
+#: sssd.conf.5.xml:1357
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -1646,14 +1815,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1231
+#: sssd.conf.5.xml:1370
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1236
+#: sssd.conf.5.xml:1375
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -1662,39 +1831,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1244
+#: sssd.conf.5.xml:1383
msgid ""
"For the reasons cited above, enabling enumeration is not recommended, "
"especially in large environments."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1252
+#: sssd.conf.5.xml:1391
msgid "subdomain_enumerate (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1259
+#: sssd.conf.5.xml:1398
msgid "all"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1260
+#: sssd.conf.5.xml:1399
msgid "All discovered trusted domains will be enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1263
+#: sssd.conf.5.xml:1402
msgid "none"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1264
+#: sssd.conf.5.xml:1403
msgid "No discovered trusted domains will be enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1255
+#: sssd.conf.5.xml:1394
msgid ""
"Whether any of autodetected trusted domains should be enumerated. The "
"supported values are: <placeholder type=\"variablelist\" id=\"0\"/> "
@@ -1703,19 +1872,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1295
+#: sssd.conf.5.xml:1434
msgid "entry_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1298
+#: sssd.conf.5.xml:1437
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1302
+#: sssd.conf.5.xml:1441
msgid ""
"The cache expiration timestamps are stored as attributes of individual "
"objects in the cache. Therefore, changing the cache timeout only has effect "
@@ -1726,151 +1895,151 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1315
+#: sssd.conf.5.xml:1454
msgid "Default: 5400"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1321
+#: sssd.conf.5.xml:1460
msgid "entry_cache_user_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1324
+#: sssd.conf.5.xml:1463
msgid ""
"How many seconds should nss_sss consider user entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1328 sssd.conf.5.xml:1341 sssd.conf.5.xml:1354
-#: sssd.conf.5.xml:1367 sssd.conf.5.xml:1380 sssd.conf.5.xml:1394
-#: sssd.conf.5.xml:1408
+#: sssd.conf.5.xml:1467 sssd.conf.5.xml:1480 sssd.conf.5.xml:1493
+#: sssd.conf.5.xml:1506 sssd.conf.5.xml:1519 sssd.conf.5.xml:1533
+#: sssd.conf.5.xml:1547
msgid "Default: entry_cache_timeout"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1334
+#: sssd.conf.5.xml:1473
msgid "entry_cache_group_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1337
+#: sssd.conf.5.xml:1476
msgid ""
"How many seconds should nss_sss consider group entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1347
+#: sssd.conf.5.xml:1486
msgid "entry_cache_netgroup_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1350
+#: sssd.conf.5.xml:1489
msgid ""
"How many seconds should nss_sss consider netgroup entries valid before "
"asking the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1360
+#: sssd.conf.5.xml:1499
msgid "entry_cache_service_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1363
+#: sssd.conf.5.xml:1502
msgid ""
"How many seconds should nss_sss consider service entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1373
+#: sssd.conf.5.xml:1512
msgid "entry_cache_sudo_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1376
+#: sssd.conf.5.xml:1515
msgid ""
"How many seconds should sudo consider rules valid before asking the backend "
"again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1386
+#: sssd.conf.5.xml:1525
msgid "entry_cache_autofs_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1389
+#: sssd.conf.5.xml:1528
msgid ""
"How many seconds should the autofs service consider automounter maps valid "
"before asking the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1400
+#: sssd.conf.5.xml:1539
msgid "entry_cache_ssh_host_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1403
+#: sssd.conf.5.xml:1542
msgid ""
"How many seconds to keep a host ssh key after refresh. IE how long to cache "
"the host key for."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1414
+#: sssd.conf.5.xml:1553
msgid "refresh_expired_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1417
+#: sssd.conf.5.xml:1556
msgid ""
"Specifies how many seconds SSSD has to wait before triggering a background "
"refresh task which will refresh all expired or nearly expired records."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1422
+#: sssd.conf.5.xml:1561
msgid ""
"The background refresh will process users, groups and netgroups in the cache."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1426
+#: sssd.conf.5.xml:1565
msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1430 sssd-ldap.5.xml:730 sssd-ipa.5.xml:227
+#: sssd.conf.5.xml:1569 sssd-ldap.5.xml:730 sssd-ipa.5.xml:227
msgid "Default: 0 (disabled)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1436
+#: sssd.conf.5.xml:1575
msgid "cache_credentials (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1439
+#: sssd.conf.5.xml:1578
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1443
+#: sssd.conf.5.xml:1582
msgid "User credentials are stored in a SHA512 hash, not in plaintext"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1453
+#: sssd.conf.5.xml:1592
msgid "cache_credentials_minimal_first_factor_length (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1456
+#: sssd.conf.5.xml:1595
msgid ""
"If 2-Factor-Authentication (2FA) is used and credentials should be saved "
"this value determines the minimal length the first authentication factor "
@@ -1878,24 +2047,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1463
+#: sssd.conf.5.xml:1602
msgid ""
"This should avoid that the short PINs of a PIN based 2FA scheme are saved in "
"the cache which would make them easy targets for brute-force attacks."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1468
+#: sssd.conf.5.xml:1607
msgid "Default: 8"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1474
+#: sssd.conf.5.xml:1613
msgid "account_cache_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1477
+#: sssd.conf.5.xml:1616
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -1904,17 +2073,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1484
+#: sssd.conf.5.xml:1623
msgid "Default: 0 (unlimited)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1489
+#: sssd.conf.5.xml:1628
msgid "pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1500
+#: sssd.conf.5.xml:1639
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -1923,33 +2092,33 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1507
+#: sssd.conf.5.xml:1646
msgid "Default: 7 (Kerberos), 0 (LDAP)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1513
+#: sssd.conf.5.xml:1652
msgid "id_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1516
+#: sssd.conf.5.xml:1655
msgid ""
"The identification provider used for the domain. Supported ID providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1520
+#: sssd.conf.5.xml:1659
msgid "<quote>proxy</quote>: Support a legacy NSS provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1523 sssd.conf.5.xml:1660
+#: sssd.conf.5.xml:1662 sssd.conf.5.xml:1799
msgid "<quote>local</quote>: SSSD internal provider for local users"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1527
+#: sssd.conf.5.xml:1666
msgid ""
"<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-"
"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
@@ -1957,8 +2126,8 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1535 sssd.conf.5.xml:1640 sssd.conf.5.xml:1695
-#: sssd.conf.5.xml:1748
+#: sssd.conf.5.xml:1674 sssd.conf.5.xml:1779 sssd.conf.5.xml:1834
+#: sssd.conf.5.xml:1897
msgid ""
"<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management "
"provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
@@ -1967,8 +2136,8 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1544 sssd.conf.5.xml:1649 sssd.conf.5.xml:1704
-#: sssd.conf.5.xml:1757
+#: sssd.conf.5.xml:1683 sssd.conf.5.xml:1788 sssd.conf.5.xml:1843
+#: sssd.conf.5.xml:1906
msgid ""
"<quote>ad</quote>: Active Directory provider. See <citerefentry> "
"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1976,19 +2145,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1555
+#: sssd.conf.5.xml:1694
msgid "use_fully_qualified_names (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1558
+#: sssd.conf.5.xml:1697
msgid ""
"Use the full name and domain (as formatted by the domain's full_name_format) "
"as the user's login name reported to NSS."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1563
+#: sssd.conf.5.xml:1702
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -1997,7 +2166,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1571
+#: sssd.conf.5.xml:1710
msgid ""
"NOTE: This option has no effect on netgroup lookups due to their tendency to "
"include nested netgroups without qualified names. For netgroups, all domains "
@@ -2005,22 +2174,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1578
+#: sssd.conf.5.xml:1717
msgid "Default: FALSE (TRUE if default_domain_suffix is used)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1584
+#: sssd.conf.5.xml:1723
msgid "ignore_group_members (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1587
+#: sssd.conf.5.xml:1726
msgid "Do not return group members for group lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1590
+#: sssd.conf.5.xml:1729
msgid ""
"If set to TRUE, the group membership attribute is not requested from the "
"ldap server, and group members are not returned when processing group lookup "
@@ -2032,7 +2201,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1608
+#: sssd.conf.5.xml:1747
msgid ""
"Enabling this option can also make access provider checks for group "
"membership significantly faster, especially for groups containing many "
@@ -2040,19 +2209,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1619
+#: sssd.conf.5.xml:1758
msgid "auth_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1622
+#: sssd.conf.5.xml:1761
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1626 sssd.conf.5.xml:1688
+#: sssd.conf.5.xml:1765 sssd.conf.5.xml:1827
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2060,7 +2229,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1633
+#: sssd.conf.5.xml:1772
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2068,30 +2237,30 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1657
+#: sssd.conf.5.xml:1796
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1664
+#: sssd.conf.5.xml:1803
msgid "<quote>none</quote> disables authentication explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1667
+#: sssd.conf.5.xml:1806
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1673
+#: sssd.conf.5.xml:1812
msgid "access_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1676
+#: sssd.conf.5.xml:1815
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -2099,19 +2268,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1682
+#: sssd.conf.5.xml:1821
msgid ""
"<quote>permit</quote> always allow access. It's the only permitted access "
"provider for a local domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1685
+#: sssd.conf.5.xml:1824
msgid "<quote>deny</quote> always deny access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1712
+#: sssd.conf.5.xml:1851
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -2120,24 +2289,37 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1719
+#: sssd.conf.5.xml:1858
+msgid ""
+"<quote>krb5</quote>: .k5login based access control. See <citerefentry> "
+"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></"
+"citerefentry> for more information on configuring Kerberos."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1865
+msgid "<quote>proxy</quote> for relaying access control to another PAM module."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1868
msgid "Default: <quote>permit</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1724
+#: sssd.conf.5.xml:1873
msgid "chpass_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1727
+#: sssd.conf.5.xml:1876
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1732
+#: sssd.conf.5.xml:1881
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -2145,7 +2327,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1740
+#: sssd.conf.5.xml:1889
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2153,35 +2335,35 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1765
+#: sssd.conf.5.xml:1914
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1769
+#: sssd.conf.5.xml:1918
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1772
+#: sssd.conf.5.xml:1921
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1779
+#: sssd.conf.5.xml:1928
msgid "sudo_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1782
+#: sssd.conf.5.xml:1931
msgid "The SUDO provider used for the domain. Supported SUDO providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1786
+#: sssd.conf.5.xml:1935
msgid ""
"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2189,32 +2371,32 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1794
+#: sssd.conf.5.xml:1943
msgid ""
"<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default "
"settings."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1798
+#: sssd.conf.5.xml:1947
msgid ""
"<quote>ad</quote> the same as <quote>ldap</quote> but with AD default "
"settings."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1802
+#: sssd.conf.5.xml:1951
msgid "<quote>none</quote> disables SUDO explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1805 sssd.conf.5.xml:1883 sssd.conf.5.xml:1915
-#: sssd.conf.5.xml:1940
+#: sssd.conf.5.xml:1954 sssd.conf.5.xml:2032 sssd.conf.5.xml:2073
+#: sssd.conf.5.xml:2098
msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1809
+#: sssd.conf.5.xml:1958
msgid ""
"The detailed instructions for configuration of sudo_provider are in the "
"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -2225,12 +2407,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1826
+#: sssd.conf.5.xml:1975
msgid "selinux_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1829
+#: sssd.conf.5.xml:1978
msgid ""
"The provider which should handle loading of selinux settings. Note that this "
"provider will be called right after access provider ends. Supported selinux "
@@ -2238,7 +2420,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1835
+#: sssd.conf.5.xml:1984
msgid ""
"<quote>ipa</quote> to load selinux settings from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2246,31 +2428,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1843
+#: sssd.conf.5.xml:1992
msgid "<quote>none</quote> disallows fetching selinux settings explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1846
+#: sssd.conf.5.xml:1995
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"selinux loading requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1852
+#: sssd.conf.5.xml:2001
msgid "subdomains_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1855
+#: sssd.conf.5.xml:2004
msgid ""
"The provider which should handle fetching of subdomains. This value should "
"be always the same as id_provider. Supported subdomain providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1861
+#: sssd.conf.5.xml:2010
msgid ""
"<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2278,7 +2460,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1870
+#: sssd.conf.5.xml:2019
msgid ""
"<quote>ad</quote> to load a list of subdomains from an Active Directory "
"server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> "
@@ -2287,23 +2469,23 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1879
+#: sssd.conf.5.xml:2028
msgid "<quote>none</quote> disallows fetching subdomains explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1890
+#: sssd.conf.5.xml:2039
msgid "autofs_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1893
+#: sssd.conf.5.xml:2042
msgid ""
"The autofs provider used for the domain. Supported autofs providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1897
+#: sssd.conf.5.xml:2046
msgid ""
"<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2311,7 +2493,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1904
+#: sssd.conf.5.xml:2053
msgid ""
"<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2319,24 +2501,32 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1912
+#: sssd.conf.5.xml:2061
+msgid ""
+"<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> "
+"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> for more information on configuring the AD provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2070
msgid "<quote>none</quote> disables autofs explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1922
+#: sssd.conf.5.xml:2080
msgid "hostid_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1925
+#: sssd.conf.5.xml:2083
msgid ""
"The provider used for retrieving host identity information. Supported "
"hostid providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1929
+#: sssd.conf.5.xml:2087
msgid ""
"<quote>ipa</quote> to load host identity stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2344,12 +2534,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1937
+#: sssd.conf.5.xml:2095
msgid "<quote>none</quote> disables hostid explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1950
+#: sssd.conf.5.xml:2108
msgid ""
"Regular expression for this domain that describes how to parse the string "
"containing user name and domain into these components. The \"domain\" can "
@@ -2359,7 +2549,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1959
+#: sssd.conf.5.xml:2117
msgid ""
"Default for the AD and IPA provider: <quote>(((?P&lt;domain&gt;[^\\\\]+)\\"
"\\(?P&lt;name&gt;.+$))|((?P&lt;name&gt;[^@]+)@(?P&lt;domain&gt;.+$))|(^(?"
@@ -2368,29 +2558,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1964
+#: sssd.conf.5.xml:2122
msgid "username"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1967
+#: sssd.conf.5.xml:2125
msgid "username@domain.name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1970
+#: sssd.conf.5.xml:2128
msgid "domain\\username"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1973
+#: sssd.conf.5.xml:2131
msgid ""
"While the first two correspond to the general default the third one is "
"introduced to allow easy integration of users from Windows domains."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1978
+#: sssd.conf.5.xml:2136
msgid ""
"Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
"which translates to \"the name is everything up to the <quote>@</quote> "
@@ -2401,7 +2591,7 @@ msgstr ""
"het domein alles daarna\""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1984
+#: sssd.conf.5.xml:2142
msgid ""
"PLEASE NOTE: the support for non-unique named subpatterns is not available "
"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
@@ -2409,7 +2599,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1991
+#: sssd.conf.5.xml:2149
msgid ""
"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
"P&lt;name&gt;) to label subpatterns."
@@ -2418,59 +2608,59 @@ msgstr ""
"(?P&lt;name&gt;) om subpatronen aan te geven."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2038
+#: sssd.conf.5.xml:2196
msgid "Default: <quote>%1$s@%2$s</quote>."
msgstr "Standaard: <quote>%1$s@%2$s</quote>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2044
+#: sssd.conf.5.xml:2202
msgid "lookup_family_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2047
+#: sssd.conf.5.xml:2205
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2051
+#: sssd.conf.5.xml:2209
msgid "Supported values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2054
+#: sssd.conf.5.xml:2212
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2057
+#: sssd.conf.5.xml:2215
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2060
+#: sssd.conf.5.xml:2218
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2063
+#: sssd.conf.5.xml:2221
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2066
+#: sssd.conf.5.xml:2224
msgid "Default: ipv4_first"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2072
+#: sssd.conf.5.xml:2230
msgid "dns_resolver_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2075
+#: sssd.conf.5.xml:2233
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -2478,70 +2668,70 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2081 sssd-ldap.5.xml:1203 sssd-ldap.5.xml:1245
-#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:248
+#: sssd.conf.5.xml:2239 sssd-ldap.5.xml:1221 sssd-ldap.5.xml:1263
+#: sssd-ldap.5.xml:1281 sssd-krb5.5.xml:248
msgid "Default: 6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2087
+#: sssd.conf.5.xml:2245
msgid "dns_discovery_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2090
+#: sssd.conf.5.xml:2248
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2094
+#: sssd.conf.5.xml:2252
msgid "Default: Use the domain part of machine's hostname"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2100
+#: sssd.conf.5.xml:2258
msgid "override_gid (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2103
+#: sssd.conf.5.xml:2261
msgid "Override the primary GID value with the one specified."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2109
+#: sssd.conf.5.xml:2267
msgid "case_sensitive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2117
+#: sssd.conf.5.xml:2275
msgid "True"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2120
+#: sssd.conf.5.xml:2278
msgid "Case sensitive. This value is invalid for AD provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2126
+#: sssd.conf.5.xml:2284
msgid "False"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2128
+#: sssd.conf.5.xml:2286
msgid "Case insensitive."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2132
+#: sssd.conf.5.xml:2290
msgid "Preserving"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2135
+#: sssd.conf.5.xml:2293
msgid ""
"Same as False (case insensitive), but does not lowercase names in the result "
"of NSS operations. Note that name aliases (and in case of services also "
@@ -2549,7 +2739,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2112
+#: sssd.conf.5.xml:2270
msgid ""
"Treat user and group names as case sensitive. At the moment, this option is "
"not supported in the local provider. Possible option values are: "
@@ -2557,41 +2747,85 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2147
+#: sssd.conf.5.xml:2305
msgid "Default: True (False for AD provider)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2153
-msgid "proxy_fast_alias (boolean)"
+#: sssd.conf.5.xml:2311
+msgid "subdomain_inherit (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2156
+#: sssd.conf.5.xml:2314
msgid ""
-"When a user or group is looked up by name in the proxy provider, a second "
-"lookup by ID is performed to \"canonicalize\" the name in case the requested "
-"name was an alias. Setting this option to true would cause the SSSD to "
-"perform the ID lookup from cache for performance reasons."
+"Specifies a list of configuration parameters that should be inherited by a "
+"subdomain. Please note that only selected parameters can be inherited. "
+"Currently the following options can be inherited:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2320
+msgid "ignore_group_members"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2323
+msgid "ldap_purge_cache_timeout"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2326 sssd-ldap.5.xml:1054
+msgid "ldap_use_tokengroups"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2329
+msgid "ldap_user_principal"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2332
+msgid ""
+"ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab "
+"is not set explicitly)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd.conf.5.xml:2338
+#, no-wrap
+msgid ""
+"subdomain_inherit = ldap_purge_cache_timeout\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2336
+msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2345
+msgid "Note: This option only works with the IPA and AD provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2170
+#: sssd.conf.5.xml:2352
msgid "subdomain_homedir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2181
+#: sssd.conf.5.xml:2363
msgid "%F"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2182
+#: sssd.conf.5.xml:2364
msgid "flat (NetBIOS) name of a subdomain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2173
+#: sssd.conf.5.xml:2355
msgid ""
"Use this homedir as default value for all subdomains within this domain in "
"IPA AD trust. See <emphasis>override_homedir</emphasis> for info about "
@@ -2601,36 +2835,36 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2187
+#: sssd.conf.5.xml:2369
msgid ""
"The value can be overridden by <emphasis>override_homedir</emphasis> option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2191
+#: sssd.conf.5.xml:2373
msgid "Default: <filename>/home/%d/%u</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2196
+#: sssd.conf.5.xml:2378
msgid "realmd_tags (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2199
+#: sssd.conf.5.xml:2381
msgid ""
"Various tags stored by the realmd configuration service for this domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2205
+#: sssd.conf.5.xml:2387
#, fuzzy
#| msgid "enum_cache_timeout (integer)"
msgid "cached_auth_timeout (int)"
msgstr "enum_cache_timeout (numeriek)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2208
+#: sssd.conf.5.xml:2390
msgid ""
"Specifies time in seconds since last successful online authentication for "
"which user will be authenticated using cached credentials while SSSD is in "
@@ -2638,12 +2872,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2214
+#: sssd.conf.5.xml:2396
msgid "Special value 0 implies that this feature is disabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2218
+#: sssd.conf.5.xml:2400
msgid ""
"Please note that if <quote>cached_auth_timeout</quote> is longer than "
"<quote>pam_id_timeout</quote> then the back end could be called to handle "
@@ -2651,7 +2885,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1172
+#: sssd.conf.5.xml:1311
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -2659,49 +2893,63 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2236
+#: sssd.conf.5.xml:2418
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2239
+#: sssd.conf.5.xml:2421
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2242
+#: sssd.conf.5.xml:2424
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2250
+#: sssd.conf.5.xml:2432
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2253
+#: sssd.conf.5.xml:2435
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
"for example _nss_files_getpwent."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2445
+msgid "proxy_fast_alias (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2448
+msgid ""
+"When a user or group is looked up by name in the proxy provider, a second "
+"lookup by ID is performed to \"canonicalize\" the name in case the requested "
+"name was an alias. Setting this option to true would cause the SSSD to "
+"perform the ID lookup from cache for performance reasons."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2232
+#: sssd.conf.5.xml:2414
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2265
+#: sssd.conf.5.xml:2465
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2267
+#: sssd.conf.5.xml:2467
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -2709,73 +2957,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2274
+#: sssd.conf.5.xml:2474
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2277
+#: sssd.conf.5.xml:2477
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2281
+#: sssd.conf.5.xml:2481
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2286
+#: sssd.conf.5.xml:2486
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2289
+#: sssd.conf.5.xml:2489
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2294
+#: sssd.conf.5.xml:2494
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2299
+#: sssd.conf.5.xml:2499
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2302
+#: sssd.conf.5.xml:2502
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2306 sssd.conf.5.xml:2318
+#: sssd.conf.5.xml:2506 sssd.conf.5.xml:2518
msgid "Default: TRUE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2311
+#: sssd.conf.5.xml:2511
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2314
+#: sssd.conf.5.xml:2514
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2323
+#: sssd.conf.5.xml:2523
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2326
+#: sssd.conf.5.xml:2526
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -2783,17 +3031,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2334
+#: sssd.conf.5.xml:2534
msgid "Default: 077"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2339
+#: sssd.conf.5.xml:2539
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2342
+#: sssd.conf.5.xml:2542
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -2802,17 +3050,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2352
+#: sssd.conf.5.xml:2552
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2357
+#: sssd.conf.5.xml:2557
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2360
+#: sssd.conf.5.xml:2560
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -2820,17 +3068,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2367
+#: sssd.conf.5.xml:2567
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2372
+#: sssd.conf.5.xml:2572
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2375
+#: sssd.conf.5.xml:2575
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -2838,19 +3086,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2381
+#: sssd.conf.5.xml:2581
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:2391 sssd-ldap.5.xml:2611 sssd-simple.5.xml:131
-#: sssd-ipa.5.xml:717 sssd-ad.5.xml:889 sssd-krb5.5.xml:564
+#: sssd.conf.5.xml:2591 sssd-ldap.5.xml:2629 sssd-simple.5.xml:131
+#: sssd-ipa.5.xml:717 sssd-ad.5.xml:965 sssd-krb5.5.xml:564
#: sss_rpcidmapd.5.xml:98
msgid "EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:2397
+#: sssd.conf.5.xml:2597
#, no-wrap
msgid ""
"[sssd]\n"
@@ -2880,7 +3128,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2393
+#: sssd.conf.5.xml:2593
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -2926,7 +3174,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:88
+#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:89
#: sssd-krb5.5.xml:63 sssd-ifp.5.xml:44
msgid "CONFIGURATION OPTIONS"
msgstr ""
@@ -3026,8 +3274,8 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:646 sssd-ad.5.xml:212
-#: sss_override.8.xml:99 sss_override.8.xml:167
+#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:646 sssd-ad.5.xml:220
+#: sss_override.8.xml:137 sss_override.8.xml:234
msgid "Examples:"
msgstr ""
@@ -3316,14 +3564,14 @@ msgid "ldap_user_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:373 sssd-ldap.5.xml:914 sssd-ldap.5.xml:1119
+#: sssd-ldap.5.xml:373 sssd-ldap.5.xml:914 sssd-ldap.5.xml:1137
msgid ""
"The LDAP attribute that contains timestamp of the last modification of the "
"parent object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:377 sssd-ldap.5.xml:918 sssd-ldap.5.xml:1126
+#: sssd-ldap.5.xml:377 sssd-ldap.5.xml:918 sssd-ldap.5.xml:1144
msgid "Default: modifyTimestamp"
msgstr ""
@@ -3718,8 +3966,8 @@ msgid "The LDAP attribute that corresponds to the user's full name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:743 sssd-ldap.5.xml:850 sssd-ldap.5.xml:1077
-#: sssd-ldap.5.xml:1151 sssd-ldap.5.xml:2192 sssd-ipa.5.xml:590
+#: sssd-ldap.5.xml:743 sssd-ldap.5.xml:850 sssd-ldap.5.xml:1095
+#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:2210 sssd-ipa.5.xml:590
msgid "Default: cn"
msgstr ""
@@ -3923,19 +4171,36 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:945
-msgid "ldap_group_nesting_level (integer)"
+msgid "ldap_group_external_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:948
msgid ""
+"The LDAP attribute that references group members that are defined in an "
+"external domain. At the moment, only IPA's external members are supported."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:954
+msgid "Default: ipaExternalMember in the IPA provider, otherwise unset."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:961
+msgid "ldap_group_nesting_level (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:964
+msgid ""
"If ldap_schema is set to a schema format that supports nested groups (e.g. "
"RFC2307bis), then this option controls how many levels of nesting SSSD will "
"follow. This option has no effect on the RFC2307 schema."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:955
+#: sssd-ldap.5.xml:971
msgid ""
"Note: This option specifies the guaranteed level of nested groups to be "
"processed for any lookup. However, nested groups beyond this limit "
@@ -3945,26 +4210,27 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:964
+#: sssd-ldap.5.xml:980
msgid ""
"If ldap_group_nesting_level is set to 0 then no nested groups are processed "
-"at all. However, when connected to Active-Directory Server 2008 and later it "
-"is furthermore required to disable usage of Token-Groups by setting "
-"ldap_use_tokengroups to false."
+"at all. However, when connected to Active-Directory Server 2008 and later "
+"using <quote>id_provider=ad</quote> it is furthermore required to disable "
+"usage of Token-Groups by setting ldap_use_tokengroups to false in order to "
+"restrict group nesting."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:971
+#: sssd-ldap.5.xml:989
msgid "Default: 2"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:977
+#: sssd-ldap.5.xml:995
msgid "ldap_groups_use_matching_rule_in_chain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:980
+#: sssd-ldap.5.xml:998
msgid ""
"This option tells SSSD to take advantage of an Active Directory-specific "
"feature which may speed up group lookup operations on deployments with "
@@ -3972,14 +4238,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:986
+#: sssd-ldap.5.xml:1004
msgid ""
"In most common cases, it is best to leave this option disabled. It generally "
"only provides a performance increase on very complex nestings."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:991 sssd-ldap.5.xml:1018
+#: sssd-ldap.5.xml:1009 sssd-ldap.5.xml:1036
msgid ""
"If this option is enabled, SSSD will use it if it detects that the server "
"supports it during initial connection. So \"True\" here essentially means "
@@ -3987,7 +4253,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:997 sssd-ldap.5.xml:1024
+#: sssd-ldap.5.xml:1015 sssd-ldap.5.xml:1042
msgid ""
"Note: This feature is currently known to work only with Active Directory "
"2008 R1 and later. See <ulink url=\"http://msdn.microsoft.com/en-us/library/"
@@ -3995,19 +4261,13 @@ msgid ""
"for more details."
msgstr ""
-#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1003 sssd-ldap.5.xml:1030 sssd-ldap.5.xml:1321
-#: sssd-ldap.5.xml:1342 sssd-ldap.5.xml:1848 include/ldap_id_mapping.xml:242
-msgid "Default: False"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1009
+#: sssd-ldap.5.xml:1027
msgid "ldap_initgroups_use_matching_rule_in_chain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1012
+#: sssd-ldap.5.xml:1030
msgid ""
"This option tells SSSD to take advantage of an Active Directory-specific "
"feature which might speed up initgroups operations (most notably when "
@@ -4015,168 +4275,168 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1039
+#: sssd-ldap.5.xml:1057
msgid ""
"This options enables or disables use of Token-Groups attribute when "
"performing initgroup for users from Active Directory Server 2008 and later."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1044
+#: sssd-ldap.5.xml:1062
msgid "Default: True for AD and IPA otherwise False."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1050
+#: sssd-ldap.5.xml:1068
msgid "ldap_netgroup_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1053
+#: sssd-ldap.5.xml:1071
msgid "The object class of a netgroup entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1056
+#: sssd-ldap.5.xml:1074
msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1060
+#: sssd-ldap.5.xml:1078
msgid "Default: nisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1066
+#: sssd-ldap.5.xml:1084
msgid "ldap_netgroup_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1069
+#: sssd-ldap.5.xml:1087
msgid "The LDAP attribute that corresponds to the netgroup name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1073
+#: sssd-ldap.5.xml:1091
msgid "In IPA provider, ipa_netgroup_name should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1083
+#: sssd-ldap.5.xml:1101
msgid "ldap_netgroup_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1086
+#: sssd-ldap.5.xml:1104
msgid "The LDAP attribute that contains the names of the netgroup's members."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1090
+#: sssd-ldap.5.xml:1108
msgid "In IPA provider, ipa_netgroup_member should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1094
+#: sssd-ldap.5.xml:1112
msgid "Default: memberNisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1100
+#: sssd-ldap.5.xml:1118
msgid "ldap_netgroup_triple (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1103
+#: sssd-ldap.5.xml:1121
msgid ""
"The LDAP attribute that contains the (host, user, domain) netgroup triples."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1107 sssd-ldap.5.xml:1123
+#: sssd-ldap.5.xml:1125 sssd-ldap.5.xml:1141
msgid "This option is not available in IPA provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1110
+#: sssd-ldap.5.xml:1128
msgid "Default: nisNetgroupTriple"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1116
+#: sssd-ldap.5.xml:1134
msgid "ldap_netgroup_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1132
+#: sssd-ldap.5.xml:1150
msgid "ldap_service_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1135
+#: sssd-ldap.5.xml:1153
msgid "The object class of a service entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1138
+#: sssd-ldap.5.xml:1156
msgid "Default: ipService"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1144
+#: sssd-ldap.5.xml:1162
msgid "ldap_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1147
+#: sssd-ldap.5.xml:1165
msgid ""
"The LDAP attribute that contains the name of service attributes and their "
"aliases."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1157
+#: sssd-ldap.5.xml:1175
msgid "ldap_service_port (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1160
+#: sssd-ldap.5.xml:1178
msgid "The LDAP attribute that contains the port managed by this service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1164
+#: sssd-ldap.5.xml:1182
msgid "Default: ipServicePort"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1170
+#: sssd-ldap.5.xml:1188
msgid "ldap_service_proto (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1173
+#: sssd-ldap.5.xml:1191
msgid ""
"The LDAP attribute that contains the protocols understood by this service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1177
+#: sssd-ldap.5.xml:1195
msgid "Default: ipServiceProtocol"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1183
+#: sssd-ldap.5.xml:1201
msgid "ldap_service_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1188
+#: sssd-ldap.5.xml:1206
msgid "ldap_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1191
+#: sssd-ldap.5.xml:1209
msgid ""
"Specifies the timeout (in seconds) that ldap searches are allowed to run "
"before they are cancelled and cached results are returned (and offline mode "
@@ -4184,7 +4444,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1197
+#: sssd-ldap.5.xml:1215
msgid ""
"Note: this option is subject to change in future versions of the SSSD. It "
"will likely be replaced at some point by a series of timeouts for specific "
@@ -4192,12 +4452,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1209
+#: sssd-ldap.5.xml:1227
msgid "ldap_enumeration_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1212
+#: sssd-ldap.5.xml:1230
msgid ""
"Specifies the timeout (in seconds) that ldap searches for user and group "
"enumerations are allowed to run before they are cancelled and cached results "
@@ -4205,12 +4465,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1225
+#: sssd-ldap.5.xml:1243
msgid "ldap_network_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1228
+#: sssd-ldap.5.xml:1246
msgid ""
"Specifies the timeout (in seconds) after which the <citerefentry> "
"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
@@ -4221,12 +4481,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1251
+#: sssd-ldap.5.xml:1269
msgid "ldap_opt_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1254
+#: sssd-ldap.5.xml:1272
msgid ""
"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
"will abort if no response is received. Also controls the timeout when "
@@ -4235,12 +4495,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1269
+#: sssd-ldap.5.xml:1287
msgid "ldap_connection_expire_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1272
+#: sssd-ldap.5.xml:1290
msgid ""
"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
"maintained. After this time, the connection will be re-established. If used "
@@ -4249,34 +4509,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1280 sssd-ldap.5.xml:2349
+#: sssd-ldap.5.xml:1298 sssd-ldap.5.xml:2367
msgid "Default: 900 (15 minutes)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1286
+#: sssd-ldap.5.xml:1304
msgid "ldap_page_size (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1289
+#: sssd-ldap.5.xml:1307
msgid ""
"Specify the number of records to retrieve from LDAP in a single request. "
"Some LDAP servers enforce a maximum limit per-request."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1294
+#: sssd-ldap.5.xml:1312
msgid "Default: 1000"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1300
+#: sssd-ldap.5.xml:1318
msgid "ldap_disable_paging (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1303
+#: sssd-ldap.5.xml:1321
msgid ""
"Disable the LDAP paging control. This option should be used if the LDAP "
"server reports that it supports the LDAP paging control in its RootDSE but "
@@ -4284,14 +4544,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1309
+#: sssd-ldap.5.xml:1327
msgid ""
"Example: OpenLDAP servers with the paging control module installed on the "
"server but not enabled will report it in the RootDSE but be unable to use it."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1315
+#: sssd-ldap.5.xml:1333
msgid ""
"Example: 389 DS has a bug where it can only support a one paging control at "
"a time on a single connection. On busy clients, this can result in some "
@@ -4299,17 +4559,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1327
+#: sssd-ldap.5.xml:1345
msgid "ldap_disable_range_retrieval (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1330
+#: sssd-ldap.5.xml:1348
msgid "Disable Active Directory range retrieval."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1333
+#: sssd-ldap.5.xml:1351
msgid ""
"Active Directory limits the number of members to be retrieved in a single "
"lookup using the MaxValRange policy (which defaults to 1500 members). If a "
@@ -4319,12 +4579,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1348
+#: sssd-ldap.5.xml:1366
msgid "ldap_sasl_minssf (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1351
+#: sssd-ldap.5.xml:1369
msgid ""
"When communicating with an LDAP server using SASL, specify the minimum "
"security level necessary to establish the connection. The values of this "
@@ -4332,17 +4592,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1357
+#: sssd-ldap.5.xml:1375
msgid "Default: Use the system default (usually specified by ldap.conf)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1364
+#: sssd-ldap.5.xml:1382
msgid "ldap_deref_threshold (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1367
+#: sssd-ldap.5.xml:1385
msgid ""
"Specify the number of group members that must be missing from the internal "
"cache in order to trigger a dereference lookup. If less members are missing, "
@@ -4350,13 +4610,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1373
+#: sssd-ldap.5.xml:1391
msgid ""
"You can turn off dereference lookups completely by setting the value to 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1377
+#: sssd-ldap.5.xml:1395
msgid ""
"A dereference lookup is a means of fetching all group members in a single "
"LDAP call. Different LDAP servers may implement different dereference "
@@ -4365,7 +4625,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1385
+#: sssd-ldap.5.xml:1403
msgid ""
"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
"filter, then the dereference lookup performance enhancement will be disabled "
@@ -4373,26 +4633,26 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1398
+#: sssd-ldap.5.xml:1416
msgid "ldap_tls_reqcert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1401
+#: sssd-ldap.5.xml:1419
msgid ""
"Specifies what checks to perform on server certificates in a TLS session, if "
"any. It can be specified as one of the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1407
+#: sssd-ldap.5.xml:1425
msgid ""
"<emphasis>never</emphasis> = The client will not request or check any server "
"certificate."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1411
+#: sssd-ldap.5.xml:1429
msgid ""
"<emphasis>allow</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -4400,7 +4660,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1418
+#: sssd-ldap.5.xml:1436
msgid ""
"<emphasis>try</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -4408,7 +4668,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1424
+#: sssd-ldap.5.xml:1442
msgid ""
"<emphasis>demand</emphasis> = The server certificate is requested. If no "
"certificate is provided, or a bad certificate is provided, the session is "
@@ -4416,41 +4676,41 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1430
+#: sssd-ldap.5.xml:1448
msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1434
+#: sssd-ldap.5.xml:1452
msgid "Default: hard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1440
+#: sssd-ldap.5.xml:1458
msgid "ldap_tls_cacert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1443
+#: sssd-ldap.5.xml:1461
msgid ""
"Specifies the file that contains certificates for all of the Certificate "
"Authorities that <command>sssd</command> will recognize."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1448 sssd-ldap.5.xml:1466 sssd-ldap.5.xml:1507
+#: sssd-ldap.5.xml:1466 sssd-ldap.5.xml:1484 sssd-ldap.5.xml:1525
msgid ""
"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
"conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1455
+#: sssd-ldap.5.xml:1473
msgid "ldap_tls_cacertdir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1458
+#: sssd-ldap.5.xml:1476
msgid ""
"Specifies the path of a directory that contains Certificate Authority "
"certificates in separate individual files. Typically the file names need to "
@@ -4459,32 +4719,32 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1473
+#: sssd-ldap.5.xml:1491
msgid "ldap_tls_cert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1476
+#: sssd-ldap.5.xml:1494
msgid "Specifies the file that contains the certificate for the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1486
+#: sssd-ldap.5.xml:1504
msgid "ldap_tls_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1489
+#: sssd-ldap.5.xml:1507
msgid "Specifies the file that contains the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1498
+#: sssd-ldap.5.xml:1516
msgid "ldap_tls_cipher_suite (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1501
+#: sssd-ldap.5.xml:1519
msgid ""
"Specifies acceptable cipher suites. Typically this is a colon separated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -4492,24 +4752,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1514
+#: sssd-ldap.5.xml:1532
msgid "ldap_id_use_start_tls (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1517
+#: sssd-ldap.5.xml:1535
msgid ""
"Specifies that the id_provider connection must also use <systemitem class="
"\"protocol\">tls</systemitem> to protect the channel."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1527
+#: sssd-ldap.5.xml:1545
msgid "ldap_id_mapping (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1530
+#: sssd-ldap.5.xml:1548
msgid ""
"Specifies that SSSD should attempt to map user and group IDs from the "
"ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
@@ -4517,17 +4777,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1536
+#: sssd-ldap.5.xml:1554
msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1546
+#: sssd-ldap.5.xml:1564
msgid "ldap_min_id, ldap_max_id (interger)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1549
+#: sssd-ldap.5.xml:1567
msgid ""
"In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
"set to true the allowed ID range for ldap_user_uid_number and "
@@ -4538,29 +4798,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1561
+#: sssd-ldap.5.xml:1579
msgid "Default: not set (both options are set to 0)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1567
+#: sssd-ldap.5.xml:1585
msgid "ldap_sasl_mech (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1570
+#: sssd-ldap.5.xml:1588
msgid ""
"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
"supported."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1580
+#: sssd-ldap.5.xml:1598
msgid "ldap_sasl_authid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1583
+#: sssd-ldap.5.xml:1601
msgid ""
"Specify the SASL authorization id to use. When GSSAPI is used, this "
"represents the Kerberos principal used for authentication to the directory. "
@@ -4569,17 +4829,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1591
+#: sssd-ldap.5.xml:1609
msgid "Default: host/hostname@REALM"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1597
+#: sssd-ldap.5.xml:1615
msgid "ldap_sasl_realm (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1600
+#: sssd-ldap.5.xml:1618
msgid ""
"Specify the SASL realm to use. When not specified, this option defaults to "
"the value of krb5_realm. If the ldap_sasl_authid contains the realm as "
@@ -4587,49 +4847,49 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1606
+#: sssd-ldap.5.xml:1624
msgid "Default: the value of krb5_realm."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1612
+#: sssd-ldap.5.xml:1630
msgid "ldap_sasl_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1615
+#: sssd-ldap.5.xml:1633
msgid ""
"If set to true, the LDAP library would perform a reverse lookup to "
"canonicalize the host name during a SASL bind."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1620
+#: sssd-ldap.5.xml:1638
msgid "Default: false;"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1626
+#: sssd-ldap.5.xml:1644
msgid "ldap_krb5_keytab (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1629
+#: sssd-ldap.5.xml:1647
msgid "Specify the keytab to use when using SASL/GSSAPI."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1632
+#: sssd-ldap.5.xml:1650
msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1638
+#: sssd-ldap.5.xml:1656
msgid "ldap_krb5_init_creds (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1641
+#: sssd-ldap.5.xml:1659
msgid ""
"Specifies that the id_provider should init Kerberos credentials (TGT). This "
"action is performed only if SASL is used and the mechanism selected is "
@@ -4637,27 +4897,27 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1653
+#: sssd-ldap.5.xml:1671
msgid "ldap_krb5_ticket_lifetime (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1656
+#: sssd-ldap.5.xml:1674
msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1660 sssd-ad.5.xml:783
+#: sssd-ldap.5.xml:1678 sssd-ad.5.xml:859
msgid "Default: 86400 (24 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1666 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1684 sssd-krb5.5.xml:74
msgid "krb5_server, krb5_backup_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1669
+#: sssd-ldap.5.xml:1687
msgid ""
"Specifies the comma-separated list of IP addresses or hostnames of the "
"Kerberos servers to which SSSD should connect in the order of preference. "
@@ -4669,7 +4929,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1681 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1699 sssd-krb5.5.xml:89
msgid ""
"When using service discovery for KDC or kpasswd servers, SSSD first searches "
"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -4677,7 +4937,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1686 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1704 sssd-krb5.5.xml:94
msgid ""
"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
"While the legacy name is recognized for the time being, users are advised to "
@@ -4685,39 +4945,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1695 sssd-ipa.5.xml:415 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1713 sssd-ipa.5.xml:415 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1698
+#: sssd-ldap.5.xml:1716
msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1701
+#: sssd-ldap.5.xml:1719
msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1707 sssd-ipa.5.xml:430 sssd-krb5.5.xml:462
+#: sssd-ldap.5.xml:1725 sssd-ipa.5.xml:430 sssd-krb5.5.xml:462
msgid "krb5_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1710
+#: sssd-ldap.5.xml:1728
msgid ""
"Specifies if the host principal should be canonicalized when connecting to "
"LDAP server. This feature is available with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1722 sssd-krb5.5.xml:477
+#: sssd-ldap.5.xml:1740 sssd-krb5.5.xml:477
msgid "krb5_use_kdcinfo (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1725 sssd-krb5.5.xml:480
+#: sssd-ldap.5.xml:1743 sssd-krb5.5.xml:480
msgid ""
"Specifies if the SSSD should instruct the Kerberos libraries what realm and "
"which KDCs to use. This option is on by default, if you disable it, you need "
@@ -4727,7 +4987,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1736 sssd-krb5.5.xml:491
+#: sssd-ldap.5.xml:1754 sssd-krb5.5.xml:491
msgid ""
"See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
@@ -4735,26 +4995,26 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1750
+#: sssd-ldap.5.xml:1768
msgid "ldap_pwd_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1753
+#: sssd-ldap.5.xml:1771
msgid ""
"Select the policy to evaluate the password expiration on the client side. "
"The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1758
+#: sssd-ldap.5.xml:1776
msgid ""
"<emphasis>none</emphasis> - No evaluation on the client side. This option "
"cannot disable server-side password policies."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1763
+#: sssd-ldap.5.xml:1781
msgid ""
"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -4762,7 +5022,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1769
+#: sssd-ldap.5.xml:1787
msgid ""
"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
"to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -4770,31 +5030,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1778
+#: sssd-ldap.5.xml:1796
msgid ""
"<emphasis>Note</emphasis>: if a password policy is configured on server "
"side, it always takes precedence over policy set with this option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1786
+#: sssd-ldap.5.xml:1804
msgid "ldap_referrals (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1789
+#: sssd-ldap.5.xml:1807
msgid "Specifies whether automatic referral chasing should be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1793
+#: sssd-ldap.5.xml:1811
msgid ""
"Please note that sssd only supports referral chasing when it is compiled "
"with OpenLDAP version 2.4.13 or higher."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1798
+#: sssd-ldap.5.xml:1816
msgid ""
"Chasing referrals may incur a performance penalty in environments that use "
"them heavily, a notable example is Microsoft Active Directory. If your setup "
@@ -4803,56 +5063,56 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1812
+#: sssd-ldap.5.xml:1830
msgid "ldap_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1815
+#: sssd-ldap.5.xml:1833
msgid "Specifies the service name to use when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1819
+#: sssd-ldap.5.xml:1837
msgid "Default: ldap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1825
+#: sssd-ldap.5.xml:1843
msgid "ldap_chpass_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1828
+#: sssd-ldap.5.xml:1846
msgid ""
"Specifies the service name to use to find an LDAP server which allows "
"password changes when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1833
+#: sssd-ldap.5.xml:1851
msgid "Default: not set, i.e. service discovery is disabled"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1839
+#: sssd-ldap.5.xml:1857
msgid "ldap_chpass_update_last_change (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1842
+#: sssd-ldap.5.xml:1860
msgid ""
"Specifies whether to update the ldap_user_shadow_last_change attribute with "
"days since the Epoch after a password change operation."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1854
+#: sssd-ldap.5.xml:1872
msgid "ldap_access_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1857
+#: sssd-ldap.5.xml:1875
msgid ""
"If using access_provider = ldap and ldap_access_order = filter (default), "
"this option is mandatory. It specifies an LDAP search filter criteria that "
@@ -4868,12 +5128,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1877
+#: sssd-ldap.5.xml:1895
msgid "Example:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1880
+#: sssd-ldap.5.xml:1898
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -4882,14 +5142,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1884
+#: sssd-ldap.5.xml:1902
msgid ""
"This example means that access to this host is restricted to users whose "
"employeeType attribute is set to \"admin\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1889
+#: sssd-ldap.5.xml:1907
msgid ""
"Offline caching for this feature is limited to determining whether the "
"user's last online login was granted access permission. If they were granted "
@@ -4898,24 +5158,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1897 sssd-ldap.5.xml:1954
+#: sssd-ldap.5.xml:1915 sssd-ldap.5.xml:1972
msgid "Default: Empty"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1903
+#: sssd-ldap.5.xml:1921
msgid "ldap_account_expire_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1906
+#: sssd-ldap.5.xml:1924
msgid ""
"With this option a client side evaluation of access control attributes can "
"be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1910
+#: sssd-ldap.5.xml:1928
msgid ""
"Please note that it is always recommended to use server side access control, "
"i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -4923,19 +5183,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1917
+#: sssd-ldap.5.xml:1935
msgid "The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1920
+#: sssd-ldap.5.xml:1938
msgid ""
"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
"determine if the account is expired."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1925
+#: sssd-ldap.5.xml:1943
msgid ""
"<emphasis>ad</emphasis>: use the value of the 32bit field "
"ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -4944,7 +5204,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1932
+#: sssd-ldap.5.xml:1950
msgid ""
"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
"emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -4952,7 +5212,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1938
+#: sssd-ldap.5.xml:1956
msgid ""
"<emphasis>nds</emphasis>: the values of "
"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -4961,7 +5221,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1947
+#: sssd-ldap.5.xml:1965
msgid ""
"Please note that the ldap_access_order configuration option <emphasis>must</"
"emphasis> include <quote>expire</quote> in order for the "
@@ -4969,22 +5229,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1960
+#: sssd-ldap.5.xml:1978
msgid "ldap_access_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1963
+#: sssd-ldap.5.xml:1981
msgid "Comma separated list of access control options. Allowed values are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1967
+#: sssd-ldap.5.xml:1985
msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1970
+#: sssd-ldap.5.xml:1988
msgid ""
"<emphasis>lockout</emphasis>: use account locking. If set, this option "
"denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -4994,14 +5254,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1980
+#: sssd-ldap.5.xml:1998
msgid ""
"<emphasis> Please note that this option is superseded by the <quote>ppolicy</"
"quote> option and might be removed in a future release. </emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1987
+#: sssd-ldap.5.xml:2005
msgid ""
"<emphasis>ppolicy</emphasis>: use account locking. If set, this option "
"denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -5014,12 +5274,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2004
+#: sssd-ldap.5.xml:2022
msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2008
+#: sssd-ldap.5.xml:2026
msgid ""
"<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, "
"pwd_expire_policy_renew: </emphasis> These options are useful if users are "
@@ -5029,7 +5289,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2018
+#: sssd-ldap.5.xml:2036
msgid ""
"The difference between these options is the action taken if user password is "
"expired: pwd_expire_policy_reject - user is denied to log in, "
@@ -5039,49 +5299,49 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2026
+#: sssd-ldap.5.xml:2044
msgid ""
"Note If user password is expired no explicit message is prompted by SSSD."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2030
+#: sssd-ldap.5.xml:2048
msgid ""
"Please note that 'access_provider = ldap' must be set for this feature to "
"work. Also 'ldap_pwd_policy' must be set to an appropriate password policy."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2035
+#: sssd-ldap.5.xml:2053
msgid ""
"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
"to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2040
+#: sssd-ldap.5.xml:2058
msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2044
+#: sssd-ldap.5.xml:2062
msgid "Default: filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2047
+#: sssd-ldap.5.xml:2065
msgid ""
"Please note that it is a configuration error if a value is used more than "
"once."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2054
+#: sssd-ldap.5.xml:2072
msgid "ldap_pwdlockout_dn (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2057
+#: sssd-ldap.5.xml:2075
msgid ""
"This option specifies the DN of password policy entry on LDAP server. Please "
"note that absence of this option in sssd.conf in case of enabled account "
@@ -5090,74 +5350,74 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2065
+#: sssd-ldap.5.xml:2083
msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2068
+#: sssd-ldap.5.xml:2086
msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2074
+#: sssd-ldap.5.xml:2092
msgid "ldap_deref (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2077
+#: sssd-ldap.5.xml:2095
msgid ""
"Specifies how alias dereferencing is done when performing a search. The "
"following options are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2082
+#: sssd-ldap.5.xml:2100
msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2086
+#: sssd-ldap.5.xml:2104
msgid ""
"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
"the base object, but not in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2091
+#: sssd-ldap.5.xml:2109
msgid ""
"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
"the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2096
+#: sssd-ldap.5.xml:2114
msgid ""
"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
"in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2101
+#: sssd-ldap.5.xml:2119
msgid ""
"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
"client libraries)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2109
+#: sssd-ldap.5.xml:2127
msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2112
+#: sssd-ldap.5.xml:2130
msgid ""
"Allows to retain local users as members of an LDAP group for servers that "
"use the RFC2307 schema."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2116
+#: sssd-ldap.5.xml:2134
msgid ""
"In some environments where the RFC2307 schema is used, local users are made "
"members of LDAP groups by adding their names to the memberUid attribute. "
@@ -5168,7 +5428,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2127
+#: sssd-ldap.5.xml:2145
msgid ""
"This option falls back to checking if local users are referenced, and caches "
"them so that later initgroups() calls will augment the local users with the "
@@ -5176,26 +5436,26 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2139 sssd-ifp.5.xml:136
+#: sssd-ldap.5.xml:2157 sssd-ifp.5.xml:136
#, fuzzy
#| msgid "enum_cache_timeout (integer)"
msgid "wildcart_limit (integer)"
msgstr "enum_cache_timeout (numeriek)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2142
+#: sssd-ldap.5.xml:2160
msgid ""
"Specifies an upper limit on the number of entries that are downloaded during "
"a wildcard lookup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2146
+#: sssd-ldap.5.xml:2164
msgid "At the moment, only the InfoPipe responder supports wildcard lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2150
+#: sssd-ldap.5.xml:2168
msgid "Default: 1000 (often the size of one page)"
msgstr ""
@@ -5210,12 +5470,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2160
+#: sssd-ldap.5.xml:2178
msgid "SUDO OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2162
+#: sssd-ldap.5.xml:2180
msgid ""
"The detailed instructions for configuration of sudo_provider are in the "
"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -5223,208 +5483,208 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2173
+#: sssd-ldap.5.xml:2191
msgid "ldap_sudorule_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2176
+#: sssd-ldap.5.xml:2194
msgid "The object class of a sudo rule entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2179
+#: sssd-ldap.5.xml:2197
msgid "Default: sudoRole"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2185
+#: sssd-ldap.5.xml:2203
msgid "ldap_sudorule_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2188
+#: sssd-ldap.5.xml:2206
msgid "The LDAP attribute that corresponds to the sudo rule name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2198
+#: sssd-ldap.5.xml:2216
msgid "ldap_sudorule_command (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2201
+#: sssd-ldap.5.xml:2219
msgid "The LDAP attribute that corresponds to the command name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2205
+#: sssd-ldap.5.xml:2223
msgid "Default: sudoCommand"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2211
+#: sssd-ldap.5.xml:2229
msgid "ldap_sudorule_host (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2214
+#: sssd-ldap.5.xml:2232
msgid ""
"The LDAP attribute that corresponds to the host name (or host IP address, "
"host IP network, or host netgroup)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2219
+#: sssd-ldap.5.xml:2237
msgid "Default: sudoHost"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2225
+#: sssd-ldap.5.xml:2243
msgid "ldap_sudorule_user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2228
+#: sssd-ldap.5.xml:2246
msgid ""
"The LDAP attribute that corresponds to the user name (or UID, group name or "
"user's netgroup)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2232
+#: sssd-ldap.5.xml:2250
msgid "Default: sudoUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2238
+#: sssd-ldap.5.xml:2256
msgid "ldap_sudorule_option (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2241
+#: sssd-ldap.5.xml:2259
msgid "The LDAP attribute that corresponds to the sudo options."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2245
+#: sssd-ldap.5.xml:2263
msgid "Default: sudoOption"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2251
+#: sssd-ldap.5.xml:2269
msgid "ldap_sudorule_runasuser (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2254
+#: sssd-ldap.5.xml:2272
msgid ""
"The LDAP attribute that corresponds to the user name that commands may be "
"run as."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2258
+#: sssd-ldap.5.xml:2276
msgid "Default: sudoRunAsUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2264
+#: sssd-ldap.5.xml:2282
msgid "ldap_sudorule_runasgroup (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2267
+#: sssd-ldap.5.xml:2285
msgid ""
"The LDAP attribute that corresponds to the group name or group GID that "
"commands may be run as."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2271
+#: sssd-ldap.5.xml:2289
msgid "Default: sudoRunAsGroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2277
+#: sssd-ldap.5.xml:2295
msgid "ldap_sudorule_notbefore (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2280
+#: sssd-ldap.5.xml:2298
msgid ""
"The LDAP attribute that corresponds to the start date/time for when the sudo "
"rule is valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2284
+#: sssd-ldap.5.xml:2302
msgid "Default: sudoNotBefore"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2290
+#: sssd-ldap.5.xml:2308
msgid "ldap_sudorule_notafter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2293
+#: sssd-ldap.5.xml:2311
msgid ""
"The LDAP attribute that corresponds to the expiration date/time, after which "
"the sudo rule will no longer be valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2298
+#: sssd-ldap.5.xml:2316
msgid "Default: sudoNotAfter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2304
+#: sssd-ldap.5.xml:2322
msgid "ldap_sudorule_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2307
+#: sssd-ldap.5.xml:2325
msgid "The LDAP attribute that corresponds to the ordering index of the rule."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2311
+#: sssd-ldap.5.xml:2329
msgid "Default: sudoOrder"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2317
+#: sssd-ldap.5.xml:2335
msgid "ldap_sudo_full_refresh_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2320
+#: sssd-ldap.5.xml:2338
msgid ""
"How many seconds SSSD will wait between executing a full refresh of sudo "
"rules (which downloads all rules that are stored on the server)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2325
+#: sssd-ldap.5.xml:2343
msgid ""
"The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
"emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2330
+#: sssd-ldap.5.xml:2348
msgid "Default: 21600 (6 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2336
+#: sssd-ldap.5.xml:2354
msgid "ldap_sudo_smart_refresh_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2339
+#: sssd-ldap.5.xml:2357
msgid ""
"How many seconds SSSD has to wait before executing a smart refresh of sudo "
"rules (which downloads all rules that have USN higher than the highest USN "
@@ -5432,101 +5692,101 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2345
+#: sssd-ldap.5.xml:2363
msgid ""
"If USN attributes are not supported by the server, the modifyTimestamp "
"attribute is used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2355
+#: sssd-ldap.5.xml:2373
msgid "ldap_sudo_use_host_filter (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2358
+#: sssd-ldap.5.xml:2376
msgid ""
"If true, SSSD will download only rules that are applicable to this machine "
"(using the IPv4 or IPv6 host/network addresses and hostnames)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2369
+#: sssd-ldap.5.xml:2387
msgid "ldap_sudo_hostnames (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2372
+#: sssd-ldap.5.xml:2390
msgid ""
"Space separated list of hostnames or fully qualified domain names that "
"should be used to filter the rules."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2377
+#: sssd-ldap.5.xml:2395
msgid ""
"If this option is empty, SSSD will try to discover the hostname and the "
"fully qualified domain name automatically."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2382 sssd-ldap.5.xml:2405 sssd-ldap.5.xml:2423
-#: sssd-ldap.5.xml:2441
+#: sssd-ldap.5.xml:2400 sssd-ldap.5.xml:2423 sssd-ldap.5.xml:2441
+#: sssd-ldap.5.xml:2459
msgid ""
"If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
"emphasis> then this option has no effect."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2387 sssd-ldap.5.xml:2410
+#: sssd-ldap.5.xml:2405 sssd-ldap.5.xml:2428
msgid "Default: not specified"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2393
+#: sssd-ldap.5.xml:2411
msgid "ldap_sudo_ip (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2396
+#: sssd-ldap.5.xml:2414
msgid ""
"Space separated list of IPv4 or IPv6 host/network addresses that should be "
"used to filter the rules."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2401
+#: sssd-ldap.5.xml:2419
msgid ""
"If this option is empty, SSSD will try to discover the addresses "
"automatically."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2416
+#: sssd-ldap.5.xml:2434
msgid "ldap_sudo_include_netgroups (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2419
+#: sssd-ldap.5.xml:2437
msgid ""
"If true then SSSD will download every rule that contains a netgroup in "
"sudoHost attribute."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2434
+#: sssd-ldap.5.xml:2452
msgid "ldap_sudo_include_regexp (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2437
+#: sssd-ldap.5.xml:2455
msgid ""
"If true then SSSD will download every rule that contains a wildcard in "
"sudoHost attribute."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2453
+#: sssd-ldap.5.xml:2471
msgid ""
"This manual page only describes attribute name mapping. For detailed "
"explanation of sudo related attribute semantics, see <citerefentry> "
@@ -5535,110 +5795,110 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2463
+#: sssd-ldap.5.xml:2481
msgid "AUTOFS OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2465
+#: sssd-ldap.5.xml:2483
msgid ""
"Some of the defaults for the parameters below are dependent on the LDAP "
"schema."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2471
+#: sssd-ldap.5.xml:2489
msgid "ldap_autofs_map_master_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2474
+#: sssd-ldap.5.xml:2492
msgid "The name of the automount master map in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2477
+#: sssd-ldap.5.xml:2495
msgid "Default: auto.master"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2484
+#: sssd-ldap.5.xml:2502
msgid "ldap_autofs_map_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2487
+#: sssd-ldap.5.xml:2505
msgid "The object class of an automount map entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2490
+#: sssd-ldap.5.xml:2508
msgid "Default: automountMap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2497
+#: sssd-ldap.5.xml:2515
msgid "ldap_autofs_map_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2500
+#: sssd-ldap.5.xml:2518
msgid "The name of an automount map entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2503
+#: sssd-ldap.5.xml:2521
msgid "Default: ou (rfc2307), automountMapName (rfc2307bis, ipa, ad)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2511
+#: sssd-ldap.5.xml:2529
msgid "ldap_autofs_entry_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2514
+#: sssd-ldap.5.xml:2532
msgid ""
"The object class of an automount entry in LDAP. The entry usually "
"corresponds to a mount point."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2519
+#: sssd-ldap.5.xml:2537
#, fuzzy
#| msgid "Default: true"
msgid "Default: automount"
msgstr "Standaard: true"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2526
+#: sssd-ldap.5.xml:2544
msgid "ldap_autofs_entry_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2529 sssd-ldap.5.xml:2544
+#: sssd-ldap.5.xml:2547 sssd-ldap.5.xml:2562
msgid ""
"The key of an automount entry in LDAP. The entry usually corresponds to a "
"mount point."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2533
+#: sssd-ldap.5.xml:2551
msgid "Default: cn (rfc2307), automountKey (rfc2307bis, ipa, ad)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2541
+#: sssd-ldap.5.xml:2559
msgid "ldap_autofs_entry_value (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2548
+#: sssd-ldap.5.xml:2566
msgid "Default: automountInformation"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2469
+#: sssd-ldap.5.xml:2487
msgid ""
"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
@@ -5647,32 +5907,32 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2558
+#: sssd-ldap.5.xml:2576
msgid "ADVANCED OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2565
+#: sssd-ldap.5.xml:2583
msgid "ldap_netgroup_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2570
+#: sssd-ldap.5.xml:2588
msgid "ldap_user_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2575
+#: sssd-ldap.5.xml:2593
msgid "ldap_group_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><note>
-#: sssd-ldap.5.xml:2580
+#: sssd-ldap.5.xml:2598
msgid "<note>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para>
-#: sssd-ldap.5.xml:2582
+#: sssd-ldap.5.xml:2600
msgid ""
"If the option <quote>ldap_use_tokengroups</quote> is enabled. The searches "
"against Active Directory will not be restricted and return all groups "
@@ -5681,22 +5941,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist>
-#: sssd-ldap.5.xml:2589
+#: sssd-ldap.5.xml:2607
msgid "</note>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2591
+#: sssd-ldap.5.xml:2609
msgid "ldap_sudo_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2596
+#: sssd-ldap.5.xml:2614
msgid "ldap_autofs_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2560
+#: sssd-ldap.5.xml:2578
msgid ""
"These options are supported by LDAP domains, but they should be used with "
"caution. Please include them in your configuration only if you know what you "
@@ -5705,7 +5965,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2613
+#: sssd-ldap.5.xml:2631
msgid ""
"The following example assumes that SSSD is correctly configured and LDAP is "
"set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -5713,7 +5973,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2619
+#: sssd-ldap.5.xml:2637
#, no-wrap
msgid ""
"[domain/LDAP]\n"
@@ -5726,26 +5986,26 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: sssd-ldap.5.xml:2618 sssd-ldap.5.xml:2636 sssd-simple.5.xml:139
-#: sssd-ipa.5.xml:725 sssd-ad.5.xml:897 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98
+#: sssd-ldap.5.xml:2636 sssd-ldap.5.xml:2654 sssd-simple.5.xml:139
+#: sssd-ipa.5.xml:725 sssd-ad.5.xml:973 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98
#: sssd-krb5.5.xml:573 include/ldap_id_mapping.xml:105
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2630
+#: sssd-ldap.5.xml:2648
msgid "LDAP ACCESS FILTER EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2632
+#: sssd-ldap.5.xml:2650
msgid ""
"The following example assumes that SSSD is correctly configured and to use "
"the ldap_access_order=lockout."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2637
+#: sssd-ldap.5.xml:2655
#, no-wrap
msgid ""
"[domain/LDAP]\n"
@@ -5761,13 +6021,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2652 sssd_krb5_locator_plugin.8.xml:61
-#: sssd-simple.5.xml:148 sssd-ad.5.xml:912 sssd.8.xml:195 sss_seed.8.xml:163
+#: sssd-ldap.5.xml:2670 sssd_krb5_locator_plugin.8.xml:61
+#: sssd-simple.5.xml:148 sssd-ad.5.xml:988 sssd.8.xml:195 sss_seed.8.xml:163
msgid "NOTES"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2654
+#: sssd-ldap.5.xml:2672
msgid ""
"The descriptions of some of the configuration options in this manual page "
"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -5802,11 +6062,12 @@ msgid ""
"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </"
"arg> <arg choice='opt'> <replaceable>ignore_unknown_user</replaceable> </"
"arg> <arg choice='opt'> <replaceable>ignore_authinfo_unavail</replaceable> </"
-"arg> <arg choice='opt'> <replaceable>domains=X</replaceable> </arg>"
+"arg> <arg choice='opt'> <replaceable>domains=X</replaceable> </arg> <arg "
+"choice='opt'> <replaceable>allow_missing_name</replaceable> </arg>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:54
+#: pam_sss.8.xml:57
msgid ""
"<command>pam_sss.so</command> is the PAM interface to the System Security "
"Services daemon (SSSD). Errors and results are logged through "
@@ -5814,34 +6075,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:64
+#: pam_sss.8.xml:67
msgid "<option>quiet</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:67
+#: pam_sss.8.xml:70
msgid "Suppress log messages for unknown users."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:72
+#: pam_sss.8.xml:75
msgid "<option>forward_pass</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:75
+#: pam_sss.8.xml:78
msgid ""
"If <option>forward_pass</option> is set the entered password is put on the "
"stack for other PAM modules to use."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:82
+#: pam_sss.8.xml:85
msgid "<option>use_first_pass</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:85
+#: pam_sss.8.xml:88
msgid ""
"The argument use_first_pass forces the module to use a previous stacked "
"modules password and will never prompt the user - if no password is "
@@ -5849,31 +6110,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:93
+#: pam_sss.8.xml:96
msgid "<option>use_authtok</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:96
+#: pam_sss.8.xml:99
msgid ""
"When password changing enforce the module to set the new password to the one "
"provided by a previously stacked password module."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:103
+#: pam_sss.8.xml:106
msgid "<option>retry=N</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:106
+#: pam_sss.8.xml:109
msgid ""
"If specified the user is asked another N times for a password if "
"authentication fails. Default is 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:108
+#: pam_sss.8.xml:111
msgid ""
"Please note that this option might not work as expected if the application "
"calling PAM handles the user dialog on its own. A typical example is "
@@ -5881,36 +6142,36 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:117
+#: pam_sss.8.xml:120
msgid "<option>ignore_unknown_user</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:120
+#: pam_sss.8.xml:123
msgid ""
"If this option is specified and the user does not exist, the PAM module will "
"return PAM_IGNORE. This causes the PAM framework to ignore this module."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:127
+#: pam_sss.8.xml:130
msgid "<option>ignore_authinfo_unavail</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:131
+#: pam_sss.8.xml:134
msgid ""
"Specifies that the PAM module should return PAM_IGNORE if it cannot contact "
"the SSSD daemon. This causes the PAM framework to ignore this module."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:138
+#: pam_sss.8.xml:141
msgid "<option>domains</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:142
+#: pam_sss.8.xml:145
msgid ""
"Allows the administrator to restrict the domains a particular PAM service is "
"allowed to authenticate against. The format is a comma-separated list of "
@@ -5918,7 +6179,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:148
+#: pam_sss.8.xml:151
msgid ""
"NOTE: Must be used in conjunction with the <quote>pam_trusted_users</quote> "
"and <quote>pam_public_domains</quote> options. Please see the "
@@ -5927,25 +6188,56 @@ msgid ""
"responder options."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:165
+msgid "<option>allow_missing_name</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:169
+msgid ""
+"The main purpose of this option is to let SSSD determine the user name based "
+"on additional information, e.g. the certificate from a Smartcard."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
+#: pam_sss.8.xml:179
+#, no-wrap
+msgid ""
+" auth sufficient pam_sss.so allow_missing_name\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:174
+msgid ""
+"The current use case are login managers which can monitor a Smartcard reader "
+"for card events. In case a Smartcard is inserted the login manager will call "
+"a PAM stack which includes a line like <placeholder type=\"programlisting\" "
+"id=\"0\"/> In this case SSSD will try to determine the user name based on "
+"the content of the Smartcard, returns it to pam_sss which will finally put "
+"it on the PAM stack."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:164
+#: pam_sss.8.xml:191
msgid "MODULE TYPES PROVIDED"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:165
+#: pam_sss.8.xml:192
msgid ""
"All module types (<option>account</option>, <option>auth</option>, "
"<option>password</option> and <option>session</option>) are provided."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:171
+#: pam_sss.8.xml:198
msgid "FILES"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:172
+#: pam_sss.8.xml:199
msgid ""
"If a password reset by root fails, because the corresponding SSSD provider "
"does not support password resets, an individual message can be displayed. "
@@ -5953,7 +6245,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:177
+#: pam_sss.8.xml:204
msgid ""
"The message is read from the file <filename>pam_sss_pw_reset_message.LOC</"
"filename> where LOC stands for a locale string returned by <citerefentry> "
@@ -5965,7 +6257,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:187
+#: pam_sss.8.xml:214
msgid ""
"These files are searched in the directory <filename>/etc/sssd/customize/"
"DOMAIN_NAME/</filename>. If no matching file is present a generic message is "
@@ -6124,7 +6416,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:89
+#: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:90
msgid ""
"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -6272,7 +6564,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:116 sssd-ad.5.xml:714
+#: sssd-ipa.5.xml:116 sssd-ad.5.xml:790
msgid "dyndns_update (boolean)"
msgstr ""
@@ -6280,14 +6572,14 @@ msgstr ""
#: sssd-ipa.5.xml:119
msgid ""
"Optional. This option tells SSSD to automatically update the DNS server "
-"built into FreeIPA v2 with the IP address of this client. The update is "
-"secured using GSS-TSIG. The IP address of the IPA LDAP connection is used "
-"for the updates, if it is not otherwise specified by using the "
-"<quote>dyndns_iface</quote> option."
+"built into FreeIPA with the IP address of this client. The update is secured "
+"using GSS-TSIG. The IP address of the IPA LDAP connection is used for the "
+"updates, if it is not otherwise specified by using the <quote>dyndns_iface</"
+"quote> option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:128 sssd-ad.5.xml:728
+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:804
msgid ""
"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
"the default Kerberos realm must be set properly in /etc/krb5.conf"
@@ -6302,12 +6594,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:145 sssd-ad.5.xml:739
+#: sssd-ipa.5.xml:145 sssd-ad.5.xml:815
msgid "dyndns_ttl (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:148 sssd-ad.5.xml:742
+#: sssd-ipa.5.xml:148 sssd-ad.5.xml:818
msgid ""
"The TTL to apply to the client DNS record when updating it. If "
"dyndns_update is false this has no effect. This will override the TTL "
@@ -6328,12 +6620,12 @@ msgid "Default: 1200 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:165 sssd-ad.5.xml:753
+#: sssd-ipa.5.xml:165 sssd-ad.5.xml:829
msgid "dyndns_iface (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168 sssd-ad.5.xml:756
+#: sssd-ipa.5.xml:168 sssd-ad.5.xml:832
msgid ""
"Optional. Applicable only when dyndns_update is true. Choose the interface "
"or a list of interfaces whose IP addresses should be used for dynamic DNS "
@@ -6357,7 +6649,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:185 sssd-ad.5.xml:767
+#: sssd-ipa.5.xml:185 sssd-ad.5.xml:843
msgid "Example: dyndns_iface = em1, vnet1, vnet2"
msgstr ""
@@ -6367,7 +6659,7 @@ msgid "ipa_enable_dns_sites (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:194 sssd-ad.5.xml:152
+#: sssd-ipa.5.xml:194 sssd-ad.5.xml:160
msgid "Enables DNS sites - location based service discovery."
msgstr ""
@@ -6384,12 +6676,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:217 sssd-ad.5.xml:773
+#: sssd-ipa.5.xml:217 sssd-ad.5.xml:849
msgid "dyndns_refresh_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:220 sssd-ad.5.xml:776
+#: sssd-ipa.5.xml:220 sssd-ad.5.xml:852
msgid ""
"How often should the back end perform periodic DNS update in addition to the "
"automatic update performed when the back end goes online. This option is "
@@ -6397,12 +6689,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:233 sssd-ad.5.xml:789
+#: sssd-ipa.5.xml:233 sssd-ad.5.xml:865
msgid "dyndns_update_ptr (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:236 sssd-ad.5.xml:792
+#: sssd-ipa.5.xml:236 sssd-ad.5.xml:868
msgid ""
"Whether the PTR record should also be explicitly updated when updating the "
"client's DNS records. Applicable only when dyndns_update is true."
@@ -6421,50 +6713,50 @@ msgid "Default: False (disabled)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:253 sssd-ad.5.xml:803
+#: sssd-ipa.5.xml:253 sssd-ad.5.xml:879
msgid "dyndns_force_tcp (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:256 sssd-ad.5.xml:806
+#: sssd-ipa.5.xml:256 sssd-ad.5.xml:882
msgid ""
"Whether the nsupdate utility should default to using TCP for communicating "
"with the DNS server."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:260 sssd-ad.5.xml:810
+#: sssd-ipa.5.xml:260 sssd-ad.5.xml:886
msgid "Default: False (let nsupdate choose the protocol)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:266 sssd-ad.5.xml:816
+#: sssd-ipa.5.xml:266 sssd-ad.5.xml:892
msgid "dyndns_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:269 sssd-ad.5.xml:819
+#: sssd-ipa.5.xml:269 sssd-ad.5.xml:895
msgid ""
"The DNS server to use when performing a DNS update. In most setups, it's "
"recommended to leave this option unset."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:274 sssd-ad.5.xml:824
+#: sssd-ipa.5.xml:274 sssd-ad.5.xml:900
msgid ""
"Setting this option makes sense for environments where the DNS server is "
"different from the identity server."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:279 sssd-ad.5.xml:829
+#: sssd-ipa.5.xml:279 sssd-ad.5.xml:905
msgid ""
"Please note that this option will be only used in fallback attempt when "
"previous attempt using autodetected settings failed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:284 sssd-ad.5.xml:834
+#: sssd-ipa.5.xml:284 sssd-ad.5.xml:910
msgid "Default: None (let nsupdate choose the server)"
msgstr ""
@@ -6574,7 +6866,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:408 sssd-ad.5.xml:855
+#: sssd-ipa.5.xml:408 sssd-ad.5.xml:931
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
@@ -6648,26 +6940,26 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:480 sssd-ad.5.xml:862
+#: sssd-ipa.5.xml:480 sssd-ad.5.xml:938
msgid "krb5_confd_path (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:483 sssd-ad.5.xml:865
+#: sssd-ipa.5.xml:483 sssd-ad.5.xml:941
msgid ""
"Absolute path of a directory where SSSD should place Kerberos configuration "
"snippets."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:487 sssd-ad.5.xml:869
+#: sssd-ipa.5.xml:487 sssd-ad.5.xml:945
msgid ""
"To disable the creation of the configuration snippets set the parameter to "
"'none'."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:491 sssd-ad.5.xml:873
+#: sssd-ipa.5.xml:491 sssd-ad.5.xml:949
msgid ""
"Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
msgstr ""
@@ -6686,7 +6978,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:508 sssd-ipa.5.xml:524 sssd-ad.5.xml:347
+#: sssd-ipa.5.xml:508 sssd-ipa.5.xml:524 sssd-ad.5.xml:355
msgid "Default: 5 (seconds)"
msgstr ""
@@ -6984,13 +7276,14 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ad.5.xml:45
msgid ""
-"The AD provider is able to provide identity information and authentication "
-"for entities from trusted domains as well. Currently only trusted domains in "
-"the same forest are recognized."
+"The AD provider can be used to get user information and authenticate users "
+"from trusted domains. Currently only trusted domains in the same forest are "
+"recognized. In addition servers from trusted domains are always auto-"
+"discovered."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:50
+#: sssd-ad.5.xml:51
msgid ""
"The AD provider accepts the same options used by the <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -7000,15 +7293,15 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:62
+#: sssd-ad.5.xml:63
msgid ""
"However, it is neither necessary nor recommended to set these options. The "
-"AD provider can also be used as an access, chpass and sudo provider. No "
-"configuration of the access provider is required on the client side."
+"AD provider can also be used as an access, chpass, sudo and autofs provider. "
+"No configuration of the access provider is required on the client side."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:74
+#: sssd-ad.5.xml:75
#, no-wrap
msgid ""
"ldap_id_mapping = False\n"
@@ -7016,7 +7309,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:68
+#: sssd-ad.5.xml:69
msgid ""
"By default, the AD provider will map UID and GID values from the objectSID "
"parameter in Active Directory. For details on this, see the <quote>ID "
@@ -7029,7 +7322,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:81
+#: sssd-ad.5.xml:82
msgid ""
"Users, groups and other entities served by SSSD are always treated as case-"
"insensitive in the AD provider for compatibility with Active Directory's "
@@ -7037,53 +7330,65 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:96
+#: sssd-ad.5.xml:97
msgid "ad_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:99
+#: sssd-ad.5.xml:100
msgid ""
"Specifies the name of the Active Directory domain. This is optional. If not "
"provided, the configuration domain name is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:104
+#: sssd-ad.5.xml:105
msgid ""
"For proper operation, this option should be specified as the lower-case "
"version of the long version of the Active Directory domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:109
+#: sssd-ad.5.xml:110
msgid ""
"The short domain name (also known as the NetBIOS or the flat name) is "
"autodetected by the SSSD."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:116
+#: sssd-ad.5.xml:117
msgid "ad_server, ad_backup_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:119
+#: sssd-ad.5.xml:120
msgid ""
"The comma-separated list of hostnames of the AD servers to which SSSD should "
"connect in order of preference. For more information on failover and server "
-"redundancy, see the <quote>FAILOVER</quote> section. This is optional if "
-"autodiscovery is enabled. For more information on service discovery, refer "
-"to the <quote>SERVICE DISCOVERY</quote> section."
+"redundancy, see the <quote>FAILOVER</quote> section."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:127
+msgid ""
+"This is optional if autodiscovery is enabled. For more information on "
+"service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ad.5.xml:132
+msgid ""
+"Note: Trusted domains will always auto-discover servers even if the primary "
+"server is explicitly defined in the ad_server option."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:140
msgid "ad_hostname (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:135
+#: sssd-ad.5.xml:143
msgid ""
"Optional. May be set on machines where the hostname(5) does not reflect the "
"fully qualified name used in the Active Directory domain to identify this "
@@ -7091,19 +7396,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:141
+#: sssd-ad.5.xml:149
msgid ""
"This field is used to determine the host principal in use in the keytab. It "
"must match the hostname for which the keytab was issued."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:149
+#: sssd-ad.5.xml:157
msgid "ad_enable_dns_sites (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:156
+#: sssd-ad.5.xml:164
msgid ""
"If true and service discovery (see Service Discovery paragraph at the bottom "
"of the man page) is enabled, the SSSD will first attempt to discover the "
@@ -7114,12 +7419,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:172
+#: sssd-ad.5.xml:180
msgid "ad_access_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:175
+#: sssd-ad.5.xml:183
msgid ""
"This option specifies LDAP access control filter that the user must match in "
"order to be allowed access. Please note that the <quote>access_provider</"
@@ -7128,7 +7433,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:183
+#: sssd-ad.5.xml:191
msgid ""
"The option also supports specifying different filters per domain or forest. "
"This extended filter would consist of: <quote>KEYWORD:NAME:FILTER</quote>. "
@@ -7137,7 +7442,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:191
+#: sssd-ad.5.xml:199
msgid ""
"If the keyword equals to <quote>DOM</quote> or is missing, then <quote>NAME</"
"quote> specifies the domain or subdomain the filter applies to. If the "
@@ -7146,14 +7451,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:199
+#: sssd-ad.5.xml:207
msgid ""
"Multiple filters can be separated with the <quote>?</quote> character, "
"similarly to how search bases work."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:204
+#: sssd-ad.5.xml:212
msgid ""
"The most specific match is always used. For example, if the option specified "
"filter for a domain the user is a member of and a global filter, the per-"
@@ -7162,7 +7467,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ad.5.xml:215
+#: sssd-ad.5.xml:223
#, no-wrap
msgid ""
"# apply filter on domain called dom1 only:\n"
@@ -7177,29 +7482,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:225 sssd-ad.5.xml:239
+#: sssd-ad.5.xml:233 sssd-ad.5.xml:247
msgid "Default: Not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:231
+#: sssd-ad.5.xml:239
msgid "ad_site (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:234
+#: sssd-ad.5.xml:242
msgid ""
"Specify AD site to which client should try to connect. If this option is "
"not provided, the AD site will be auto-discovered."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:245
+#: sssd-ad.5.xml:253
msgid "ad_enable_gc (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:248
+#: sssd-ad.5.xml:256
msgid ""
"By default, the SSSD connects to the Global Catalog first to retrieve users "
"from trusted domains and uses the LDAP port to retrieve group memberships or "
@@ -7208,7 +7513,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:256
+#: sssd-ad.5.xml:264
msgid ""
"Please note that disabling Global Catalog support does not disable "
"retrieving users from trusted domains. The SSSD would connect to the LDAP "
@@ -7217,12 +7522,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:270
+#: sssd-ad.5.xml:278
msgid "ad_gpo_access_control (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:273
+#: sssd-ad.5.xml:281
msgid ""
"This option specifies the operation mode for GPO-based access control "
"functionality: whether it operates in disabled mode, enforcing mode, or "
@@ -7232,14 +7537,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:282
+#: sssd-ad.5.xml:290
msgid ""
"GPO-based access control functionality uses GPO policy settings to determine "
"whether or not a particular user is allowed to logon to a particular host."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:288
+#: sssd-ad.5.xml:296
msgid ""
"NOTE: If the operation mode is set to enforcing, it is possible that users "
"that were previously allowed logon access will now be denied logon access "
@@ -7252,23 +7557,23 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:301
+#: sssd-ad.5.xml:309
msgid "There are three supported values for this option:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:305
+#: sssd-ad.5.xml:313
msgid ""
"disabled: GPO-based access control rules are neither evaluated nor enforced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:311
+#: sssd-ad.5.xml:319
msgid "enforcing: GPO-based access control rules are evaluated and enforced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:317
+#: sssd-ad.5.xml:325
msgid ""
"permissive: GPO-based access control rules are evaluated, but not enforced. "
"Instead, a syslog message will be emitted indicating that the user would "
@@ -7276,22 +7581,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:328
+#: sssd-ad.5.xml:336
msgid "Default: permissive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:331
+#: sssd-ad.5.xml:339
msgid "Default: enforcing"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:337
+#: sssd-ad.5.xml:345
msgid "ad_gpo_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:340
+#: sssd-ad.5.xml:348
msgid ""
"The amount of time between lookups of GPO policy files against the AD "
"server. This will reduce the latency and load on the AD server if there are "
@@ -7299,12 +7604,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:353
+#: sssd-ad.5.xml:361
msgid "ad_gpo_map_interactive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:356
+#: sssd-ad.5.xml:364
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the InteractiveLogonRight and "
@@ -7312,14 +7617,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:362
+#: sssd-ad.5.xml:370
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on locally\" and \"Deny log on locally\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:376
+#: sssd-ad.5.xml:384
#, no-wrap
msgid ""
"ad_gpo_map_interactive = +my_pam_service, -login\n"
@@ -7327,7 +7632,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:367
+#: sssd-ad.5.xml:375
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7339,53 +7644,78 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:380 sssd-ad.5.xml:451 sssd-ad.5.xml:492 sssd-ad.5.xml:537
-#: sssd-ad.5.xml:603
+#: sssd-ad.5.xml:388 sssd-ad.5.xml:484 sssd-ad.5.xml:530 sssd-ad.5.xml:575
+#: sssd-ad.5.xml:641
msgid "Default: the default set of PAM service names includes:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:384
+#: sssd-ad.5.xml:392
msgid "login"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:389
+#: sssd-ad.5.xml:397
msgid "su"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:394
+#: sssd-ad.5.xml:402
msgid "su-l"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:399
+#: sssd-ad.5.xml:407
msgid "gdm-fingerprint"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:404
+#: sssd-ad.5.xml:412
msgid "gdm-password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:409
+#: sssd-ad.5.xml:417
msgid "gdm-smartcard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:414
+#: sssd-ad.5.xml:422
msgid "kdm"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:427
+msgid "lightdm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:432
+msgid "lxdm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:437
+msgid "sddm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:442
+msgid "unity"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:447
+msgid "xdm"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:423
+#: sssd-ad.5.xml:456
msgid "ad_gpo_map_remote_interactive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:426
+#: sssd-ad.5.xml:459
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the RemoteInteractiveLogonRight and "
@@ -7393,7 +7723,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:432
+#: sssd-ad.5.xml:465
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on through Remote Desktop Services\" and \"Deny log on through Remote "
@@ -7401,7 +7731,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:447
+#: sssd-ad.5.xml:480
#, no-wrap
msgid ""
"ad_gpo_map_remote_interactive = +my_pam_service, -sshd\n"
@@ -7409,7 +7739,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:438
+#: sssd-ad.5.xml:471
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7421,17 +7751,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:455
+#: sssd-ad.5.xml:488
msgid "sshd"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:493
+msgid "cockpit"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:464
+#: sssd-ad.5.xml:502
msgid "ad_gpo_map_network (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:467
+#: sssd-ad.5.xml:505
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the NetworkLogonRight and "
@@ -7439,7 +7774,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:473
+#: sssd-ad.5.xml:511
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Access "
"this computer from the network\" and \"Deny access to this computer from the "
@@ -7447,7 +7782,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:488
+#: sssd-ad.5.xml:526
#, no-wrap
msgid ""
"ad_gpo_map_network = +my_pam_service, -ftp\n"
@@ -7455,7 +7790,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:479
+#: sssd-ad.5.xml:517
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7467,22 +7802,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:496
+#: sssd-ad.5.xml:534
msgid "ftp"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:501
+#: sssd-ad.5.xml:539
msgid "samba"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:510
+#: sssd-ad.5.xml:548
msgid "ad_gpo_map_batch (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:513
+#: sssd-ad.5.xml:551
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the BatchLogonRight and DenyBatchLogonRight "
@@ -7490,14 +7825,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:519
+#: sssd-ad.5.xml:557
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on as a batch job\" and \"Deny log on as a batch job\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:533
+#: sssd-ad.5.xml:571
#, no-wrap
msgid ""
"ad_gpo_map_batch = +my_pam_service, -crond\n"
@@ -7505,7 +7840,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:524
+#: sssd-ad.5.xml:562
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7517,17 +7852,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:541
+#: sssd-ad.5.xml:579
msgid "crond"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:550
+#: sssd-ad.5.xml:588
msgid "ad_gpo_map_service (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:553
+#: sssd-ad.5.xml:591
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the ServiceLogonRight and "
@@ -7535,14 +7870,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:559
+#: sssd-ad.5.xml:597
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on as a service\" and \"Deny log on as a service\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:572
+#: sssd-ad.5.xml:610
#, no-wrap
msgid ""
"ad_gpo_map_service = +my_pam_service\n"
@@ -7550,7 +7885,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:564 sssd-ad.5.xml:634
+#: sssd-ad.5.xml:602 sssd-ad.5.xml:677
msgid ""
"It is possible to add a PAM service name to the default set by using <quote>"
"+service_name</quote>. Since the default set is empty, it is not possible "
@@ -7561,19 +7896,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:582
+#: sssd-ad.5.xml:620
msgid "ad_gpo_map_permit (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:585
+#: sssd-ad.5.xml:623
msgid ""
"A comma-separated list of PAM service names for which GPO-based access is "
"always granted, regardless of any GPO Logon Rights."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:599
+#: sssd-ad.5.xml:637
#, no-wrap
msgid ""
"ad_gpo_map_permit = +my_pam_service, -sudo\n"
@@ -7581,7 +7916,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:590
+#: sssd-ad.5.xml:628
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7593,34 +7928,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:607
+#: sssd-ad.5.xml:645
+msgid "polkit-1"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:650
msgid "sudo"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:612
+#: sssd-ad.5.xml:655
msgid "sudo-i"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:617
+#: sssd-ad.5.xml:660
msgid "systemd-user"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:626
+#: sssd-ad.5.xml:669
msgid "ad_gpo_map_deny (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:629
+#: sssd-ad.5.xml:672
msgid ""
"A comma-separated list of PAM service names for which GPO-based access is "
"always denied, regardless of any GPO Logon Rights."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:642
+#: sssd-ad.5.xml:685
#, no-wrap
msgid ""
"ad_gpo_map_deny = +my_pam_service\n"
@@ -7628,12 +7968,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:652
+#: sssd-ad.5.xml:695
msgid "ad_gpo_default_right (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:655
+#: sssd-ad.5.xml:698
msgid ""
"This option defines how access control is evaluated for PAM service names "
"that are not explicitly listed in one of the ad_gpo_map_* options. This "
@@ -7646,52 +7986,92 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:668
+#: sssd-ad.5.xml:711
msgid "Supported values for this option include:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:672
+#: sssd-ad.5.xml:715
msgid "interactive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:677
+#: sssd-ad.5.xml:720
msgid "remote_interactive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:682
+#: sssd-ad.5.xml:725
msgid "network"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:687
+#: sssd-ad.5.xml:730
msgid "batch"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:692
+#: sssd-ad.5.xml:735
msgid "service"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:697
+#: sssd-ad.5.xml:740
msgid "permit"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:702
+#: sssd-ad.5.xml:745
msgid "deny"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:708
+#: sssd-ad.5.xml:751
msgid "Default: deny"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:757
+msgid "ad_maximum_machine_account_password_age (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:760
+msgid ""
+"SSSD will check once a day if the machine account password is older than the "
+"given age in days and try to renew it. A value of 0 will disable the renewal "
+"attempt."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:766
+#, fuzzy
+#| msgid "Default: 3"
+msgid "Default: 30 days"
+msgstr "Standaard: 3"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:772
+msgid "ad_machine_account_password_renewal_opts (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:775
+msgid ""
+"This option should only be used to test the machine account renewal task. "
+"The option expect 2 integers seperated by a colon (':'). The first integer "
+"defines the interval in seconds how often the task is run. The second "
+"specifies the inital timeout in seconds before the task is run for the first "
+"time after startup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:784
+msgid "Default: 86400:750 (24h and 15m)"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:717
+#: sssd-ad.5.xml:793
msgid ""
"Optional. This option tells SSSD to automatically update the Active "
"Directory DNS server with the IP address of this client. The update is "
@@ -7702,36 +8082,36 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:747
+#: sssd-ad.5.xml:823
msgid "Default: 3600 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:763
+#: sssd-ad.5.xml:839
msgid ""
"Default: Use the IP addresses of the interface which is used for AD LDAP "
"connection"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:797 sss_rpcidmapd.5.xml:76
+#: sssd-ad.5.xml:873 sss_rpcidmapd.5.xml:76
msgid "Default: True"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:843 sssd-krb5.5.xml:505
+#: sssd-ad.5.xml:919 sssd-krb5.5.xml:505
msgid "krb5_use_enterprise_principal (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:846 sssd-krb5.5.xml:508
+#: sssd-ad.5.xml:922 sssd-krb5.5.xml:508
msgid ""
"Specifies if the user principal should be treated as enterprise principal. "
"See section 5 of RFC 6806 for more details about enterprise principals."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:891
+#: sssd-ad.5.xml:967
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -7739,7 +8119,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:898
+#: sssd-ad.5.xml:974
#, no-wrap
msgid ""
"[domain/EXAMPLE]\n"
@@ -7754,7 +8134,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:918
+#: sssd-ad.5.xml:994
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -7763,7 +8143,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:914
+#: sssd-ad.5.xml:990
msgid ""
"The AD access control provider checks if the account is expired. It has the "
"same effect as the following configuration of the LDAP provider: "
@@ -7771,7 +8151,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:924
+#: sssd-ad.5.xml:1000
msgid ""
"However, unless the <quote>ad</quote> access control provider is explicitly "
"configured, the default access provider is <quote>permit</quote>. Please "
@@ -7780,6 +8160,14 @@ msgid ""
"encryption details) manually."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ad.5.xml:1008
+msgid ""
+"When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema "
+"attribute mapping (nisMap, nisObject, ...) is used, because these attributes "
+"are included in the default Active Directory schema."
+msgstr ""
+
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16
msgid "sssd-sudo"
@@ -8238,7 +8626,7 @@ msgid "The password to obfuscate will be read from standard input."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:80
+#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:70
#: sss_ssh_knownhostsproxy.1.xml:78
msgid ""
"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
@@ -8305,17 +8693,22 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_override.8.xml:37
msgid ""
-"Overrides data are stored in SSSD cache. If the cache is deleted all local "
-"overrides are lost."
+"Overrides data are stored in the SSSD cache. If the cache is deleted, all "
+"local overrides are lost. Please note that after the first override is "
+"created using any of the following <emphasis>user-add</emphasis>, "
+"<emphasis>group-add</emphasis>, <emphasis>user-import</emphasis> or "
+"<emphasis>group-import</emphasis> command. SSSD needs to be restarted to "
+"take effect. <emphasis>sss_override</emphasis> prints message when a "
+"restart is required."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_override.8.xml:43
+#: sss_override.8.xml:50
msgid "AVAILABLE COMMANDS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_override.8.xml:45
+#: sss_override.8.xml:52
msgid ""
"Argument <emphasis>NAME</emphasis> is the name of original object in all "
"commands. It is not possible to override <emphasis>uid</emphasis> or "
@@ -8323,50 +8716,80 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:52
+#: sss_override.8.xml:59
msgid ""
"<option>user-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--"
"name</option> NAME</optional> <optional><option>-u,--uid</option> UID</"
"optional> <optional><option>-g,--gid</option> GID</optional> "
"<optional><option>-h,--home</option> HOME</optional> <optional><option>-s,--"
"shell</option> SHELL</optional> <optional><option>-c,--gecos</option> GECOS</"
-"optional>"
+"optional> <optional><option>-x,--certificate</option> BASE64 ENCODED "
+"CERTIFICATE</optional>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:63
-msgid "Override attributes of an user."
+#: sss_override.8.xml:72
+msgid ""
+"Override attributes of an user. Please be aware that calling this command "
+"will replace any previous override for the (NAMEd) user."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:69
+#: sss_override.8.xml:80
msgid "<option>user-del</option> <emphasis>NAME</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:74
-msgid "Remove user overrides."
+#: sss_override.8.xml:85
+msgid ""
+"Remove user overrides. However be aware that overridden attributes might be "
+"returned from memory cache. Please see SSSD option "
+"<emphasis>memcache_timeout</emphasis> for more details."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:80
+#: sss_override.8.xml:94
+msgid ""
+"<option>user-find</option> <optional><option>-d,--domain</option> DOMAIN</"
+"optional>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:99
+msgid ""
+"List all users with set overrides. If <emphasis>DOMAIN</emphasis> parameter "
+"is set, only users from the domain are listed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:107
+msgid "<option>user-show</option> <emphasis>NAME</emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:112
+msgid "Show user overrides."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:118
msgid "<option>user-import</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:85
+#: sss_override.8.xml:123
msgid ""
"Import user overrides from <emphasis>FILE</emphasis>. Data format is "
"similar to standard passwd file. The format is:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:90
-msgid "original_name:name:uid:gid:gecos:home:shell"
+#: sss_override.8.xml:128
+msgid "original_name:name:uid:gid:gecos:home:shell:base64_encoded_certificate"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:93
+#: sss_override.8.xml:131
msgid ""
"where original_name is original name of the user whose attributes should be "
"overridden. The rest of fields correspond to new values. You can omit a "
@@ -8374,29 +8797,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:102
+#: sss_override.8.xml:140
msgid "ckent:superman::::::"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:105
-msgid "ckent@krypton.com::501:501:Superman:/home/earth:/bin/bash"
+#: sss_override.8.xml:143
+msgid "ckent@krypton.com::501:501:Superman:/home/earth:/bin/bash:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:111
+#: sss_override.8.xml:149
msgid "<option>user-export</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:116
+#: sss_override.8.xml:154
msgid ""
"Export all overridden attributes and store them in <emphasis>FILE</"
"emphasis>. See <emphasis>user-import</emphasis> for data format."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:124
+#: sss_override.8.xml:162
msgid ""
"<option>group-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--"
"name</option> NAME</optional> <optional><option>-g,--gid</option> GID</"
@@ -8404,39 +8827,68 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:131
-msgid "Override attributes of a group."
+#: sss_override.8.xml:169
+msgid ""
+"Override attributes of a group. Please be aware that calling this command "
+"will replace any previous override for the (NAMEd) group."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:137
+#: sss_override.8.xml:177
msgid "<option>group-del</option> <emphasis>NAME</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:142
-msgid "Remove group overrides."
+#: sss_override.8.xml:182
+msgid ""
+"Remove group overrides. However be aware that overridden attributes might be "
+"returned from memory cache. Please see SSSD option "
+"<emphasis>memcache_timeout</emphasis> for more details."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:148
+#: sss_override.8.xml:191
+msgid ""
+"<option>group-find</option> <optional><option>-d,--domain</option> DOMAIN</"
+"optional>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:196
+msgid ""
+"List all groups with set overrides. If <emphasis>DOMAIN</emphasis> "
+"parameter is set, only groups from the domain are listed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:204
+msgid "<option>group-show</option> <emphasis>NAME</emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:209
+msgid "Show group overrides."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:215
msgid "<option>group-import</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:153
+#: sss_override.8.xml:220
msgid ""
"Import group overrides from <emphasis>FILE</emphasis>. Data format is "
"similar to standard group file. The format is:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:158
+#: sss_override.8.xml:225
msgid "original_name:name:gid"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:161
+#: sss_override.8.xml:228
msgid ""
"where original_name is original name of the group whose attributes should be "
"overridden. The rest of fields correspond to new values. You can omit a "
@@ -8444,41 +8896,41 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:170
+#: sss_override.8.xml:237
msgid "admins:administrators:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:173
+#: sss_override.8.xml:240
msgid "Domain Users:Users:501"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:179
+#: sss_override.8.xml:246
msgid "<option>group-export</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:184
+#: sss_override.8.xml:251
msgid ""
"Export all overridden attributes and store them in <emphasis>FILE</"
"emphasis>. See <emphasis>group-import</emphasis> for data format."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_override.8.xml:194
+#: sss_override.8.xml:261
#, fuzzy
#| msgid "OPTIONS"
msgid "COMMON OPTIONS"
msgstr "OPTIES"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_override.8.xml:196
+#: sss_override.8.xml:263
msgid "Those options are available with all commands."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:201
+#: sss_override.8.xml:268
#, fuzzy
#| msgid ""
#| "<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</"
@@ -9625,13 +10077,49 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_cache.8.xml:185
+#, fuzzy
+#| msgid ""
+#| "<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</"
+#| "replaceable>"
msgid ""
-"<option>-d</option>,<option>--domain</option> <replaceable>domain</"
+"<option>-r</option>,<option>--sudo-rule</option> <replaceable>rule</"
"replaceable>"
msgstr ""
+"<option>-r</option>,<option>--remove-group</option> <replaceable>GROEPEN</"
+"replaceable>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_cache.8.xml:190
+msgid "Invalidate particular sudo rule."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:196
+#, fuzzy
+#| msgid ""
+#| "<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</"
+#| "replaceable>"
+msgid "<option>-R</option>,<option>--sudo-rules</option>"
+msgstr ""
+"<option>-a</option>,<option>--append-group</option> <replaceable>GROEPEN</"
+"replaceable>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:200
+msgid ""
+"Invalidate all cached sudo rules. This option overrides invalidation of "
+"specific sudo rule if it was also set."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:208
+msgid ""
+"<option>-d</option>,<option>--domain</option> <replaceable>domain</"
+"replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:213
msgid "Restrict invalidation process only to a particular domain."
msgstr ""
@@ -10111,13 +10599,13 @@ msgid ""
"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
"citerefentry> can be configured to use <command>sss_ssh_authorizedkeys</"
"command> for public key user authentication if it is compiled with support "
-"for either <quote>AuthorizedKeysCommand</quote> or <quote>PubkeyAgent</"
-"quote> <citerefentry> <refentrytitle>sshd_config</refentrytitle> "
-"<manvolnum>5</manvolnum></citerefentry> options."
+"for <quote>AuthorizedKeysCommand</quote> option. Please refer to the "
+"<citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</"
+"manvolnum></citerefentry> man page for more details about this option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sss_ssh_authorizedkeys.1.xml:58
+#: sss_ssh_authorizedkeys.1.xml:59
#, no-wrap
msgid ""
" AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n"
@@ -10125,7 +10613,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:51
+#: sss_ssh_authorizedkeys.1.xml:52
msgid ""
"If <quote>AuthorizedKeysCommand</quote> is supported, "
"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
@@ -10135,36 +10623,19 @@ msgid ""
"\" id=\"0\"/>"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sss_ssh_authorizedkeys.1.xml:70
-#, no-wrap
-msgid "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:63
-msgid ""
-"If <quote>PubkeyAgent</quote> is supported, "
-"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
-"citerefentry> can be configured to use it by using the following directive "
-"for <citerefentry> <refentrytitle>sshd</refentrytitle> <manvolnum>8</"
-"manvolnum></citerefentry> configuration: <placeholder type=\"programlisting"
-"\" id=\"0\"/>"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_ssh_authorizedkeys.1.xml:85
+#: sss_ssh_authorizedkeys.1.xml:75
msgid ""
"Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_ssh_authorizedkeys.1.xml:94 sss_ssh_knownhostsproxy.1.xml:92
+#: sss_ssh_authorizedkeys.1.xml:84 sss_ssh_knownhostsproxy.1.xml:92
msgid "EXIT STATUS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:96 sss_ssh_knownhostsproxy.1.xml:94
+#: sss_ssh_authorizedkeys.1.xml:86 sss_ssh_knownhostsproxy.1.xml:94
msgid ""
"In case of success, an exit value of 0 is returned. Otherwise, 1 is returned."
msgstr ""
@@ -10551,7 +11022,7 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:137 include/ldap_id_mapping.xml:189
+#: include/ldap_id_mapping.xml:137 include/ldap_id_mapping.xml:191
msgid "Default: 200000"
msgstr ""
@@ -10608,11 +11079,12 @@ msgstr ""
msgid ""
"For example, if your most recently-added Active Directory user has "
"objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, "
-"<quote>ldap_idmap_range_size</quote> must be at least 1107."
+"<quote>ldap_idmap_range_size</quote> must be at least 1108 as range size is "
+"equal to maximal SID minus minimal SID plus one (e.g. 1108 = 1107 - 0 + 1)."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:184
+#: include/ldap_id_mapping.xml:186
msgid ""
"It is important to plan ahead for future expansion, as changing this value "
"will result in changing all of the ID mappings on the system, leading to "
@@ -10620,12 +11092,12 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:194
+#: include/ldap_id_mapping.xml:196
msgid "ldap_idmap_default_domain_sid (string)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:197
+#: include/ldap_id_mapping.xml:199
msgid ""
"Specify the domain SID of the default domain. This will guarantee that this "
"domain will always be assigned to slice zero in the ID map, bypassing the "
@@ -10633,36 +11105,36 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:208
+#: include/ldap_id_mapping.xml:210
msgid "ldap_idmap_default_domain (string)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:211
+#: include/ldap_id_mapping.xml:213
msgid "Specify the name of the default domain."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:219
+#: include/ldap_id_mapping.xml:221
msgid "ldap_idmap_autorid_compat (boolean)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:222
+#: include/ldap_id_mapping.xml:224
msgid ""
"Changes the behavior of the ID-mapping algorithm to behave more similarly to "
"winbind's <quote>idmap_autorid</quote> algorithm."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:227
+#: include/ldap_id_mapping.xml:229
msgid ""
"When this option is configured, domains will be allocated starting with "
"slice zero and increasing monatomically with each additional domain."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:232
+#: include/ldap_id_mapping.xml:234
msgid ""
"NOTE: This algorithm is non-deterministic (it depends on the order that "
"users and groups are requested). If this mode is required for compatibility "
@@ -10671,13 +11143,34 @@ msgid ""
"least one domain is consistently allocated to slice zero."
msgstr ""
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:249
+msgid "ldap_idmap_helper_table_size (integer)"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:252
+msgid ""
+"Maximal number of secondary slices that is tried when performing mapping "
+"from UNIX id to SID."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:256
+msgid ""
+"Note: Additional secondary slices might be generated when SID is being "
+"mapped to UNIX id and RID part of SID is out of range for secondary slices "
+"generated so far. If value of ldap_idmap_helper_table_size is equal to 0 "
+"then no additional secondary slices are generated."
+msgstr ""
+
#. type: Content of: <refsect1><refsect2><title>
-#: include/ldap_id_mapping.xml:251
+#: include/ldap_id_mapping.xml:273
msgid "Well-Known SIDs"
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:253
+#: include/ldap_id_mapping.xml:275
msgid ""
"SSSD supports to look up the names of Well-Known SIDs, i.e. SIDs with a "
"special hardcoded meaning. Since the generic users and groups related to "
@@ -10686,51 +11179,51 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:259
+#: include/ldap_id_mapping.xml:281
msgid ""
"The SID name space is organized in authorities which can be seen as "
"different domains. The authorities for the Well-Known SIDs are"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:262
+#: include/ldap_id_mapping.xml:284
msgid "Null Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:263
+#: include/ldap_id_mapping.xml:285
msgid "World Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:264
+#: include/ldap_id_mapping.xml:286
msgid "Local Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:265
+#: include/ldap_id_mapping.xml:287
msgid "Creator Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:266
+#: include/ldap_id_mapping.xml:288
msgid "NT Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:267
+#: include/ldap_id_mapping.xml:289
msgid "Built-in"
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:269
+#: include/ldap_id_mapping.xml:291
msgid ""
"The capitalized version of these names are used as domain names when "
"returning the fully qualified name of a Well-Known SID."
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:273
+#: include/ldap_id_mapping.xml:295
msgid ""
"Since some utilities allow to modify SID based access control information "
"with the help of a name instead of using the SID directly SSSD supports to "
diff --git a/src/man/po/po4a.cfg b/src/man/po/po4a.cfg
index 67e87ba70..6dbf11906 100644
--- a/src/man/po/po4a.cfg
+++ b/src/man/po/po4a.cfg
@@ -1,4 +1,4 @@
-[po4a_langs] br ca cs de eu es fr ja lv nl pt ru tg uk zh_CN
+[po4a_langs] br ca cs de eu es fr ja lv nl pt pt_BR ru tg uk zh_CN
[po4a_paths] po/sssd-docs.pot $lang:po/$lang.po
[type:docbook] sss_groupmod.8.xml $lang:$(builddir)/$lang/sss_groupmod.8.xml
[type:docbook] sssd.conf.5.xml $lang:$(builddir)/$lang/sssd.conf.5.xml
diff --git a/src/man/po/pt.po b/src/man/po/pt.po
index bf0d7f11a..9722f7c8f 100644
--- a/src/man/po/pt.po
+++ b/src/man/po/pt.po
@@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: sssd-docs 1.12.90\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2015-09-30 11:58+0200\n"
+"POT-Creation-Date: 2016-06-20 21:22+0200\n"
"PO-Revision-Date: 2014-06-04 02:04-0400\n"
"Last-Translator: jhrozek <jhrozek@redhat.com>\n"
"Language-Team: Portuguese (http://www.transifex.com/projects/p/sssd/language/"
@@ -18,7 +18,7 @@ msgstr ""
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=2; plural=(n != 1);\n"
-"X-Generator: Zanata 3.7.2\n"
+"X-Generator: Zanata 3.8.4\n"
#. type: Content of: <reference><title>
#: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5
@@ -64,7 +64,7 @@ msgstr ""
"arg>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:53
+#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:56
#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21
#: sssd-ad.5.xml:21 sssd-sudo.5.xml:21 sssd.8.xml:29 sss_obfuscate.8.xml:30
#: sss_override.8.xml:30 sss_useradd.8.xml:30 sssd-krb5.5.xml:21
@@ -85,11 +85,11 @@ msgstr ""
"que são especificadas na linha de comando."
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:39 pam_sss.8.xml:60 sssd.8.xml:42 sss_obfuscate.8.xml:58
+#: sss_groupmod.8.xml:39 pam_sss.8.xml:63 sssd.8.xml:42 sss_obfuscate.8.xml:58
#: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
#: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
#: sss_cache.8.xml:38 sss_debuglevel.8.xml:38 sss_seed.8.xml:42
-#: sss_ssh_authorizedkeys.1.xml:76 sss_ssh_knownhostsproxy.1.xml:62
+#: sss_ssh_authorizedkeys.1.xml:66 sss_ssh_knownhostsproxy.1.xml:62
msgid "OPTIONS"
msgstr "Opções"
@@ -235,95 +235,112 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:73
+#, fuzzy
+#| msgid "timeout (integer)"
+msgid "debug (integer)"
+msgstr "timeout (integer)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:76
+msgid ""
+"SSSD 1.14 and later also includes the <replaceable>debug</replaceable> alias "
+"for <replaceable>debug_level</replaceable> as a convenience feature. If both "
+"are specified, the value of <replaceable>debug_level</replaceable> will be "
+"used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:86
msgid "debug_timestamps (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:76
+#: sssd.conf.5.xml:89
msgid ""
"Add a timestamp to the debug messages. If journald is enabled for SSSD "
"debug logging this option is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:81 sssd.conf.5.xml:605 sssd.conf.5.xml:1081
-#: sssd-ldap.5.xml:1647 sssd-ldap.5.xml:1744 sssd-ldap.5.xml:1806
-#: sssd-ldap.5.xml:2363 sssd-ldap.5.xml:2428 sssd-ldap.5.xml:2446
-#: sssd-ipa.5.xml:405 sssd-ipa.5.xml:440 sssd-ad.5.xml:166 sssd-ad.5.xml:264
-#: sssd-ad.5.xml:733 sssd-ad.5.xml:852 sssd-krb5.5.xml:499
+#: sssd.conf.5.xml:94 sssd.conf.5.xml:672 sssd.conf.5.xml:1207
+#: sssd-ldap.5.xml:1665 sssd-ldap.5.xml:1762 sssd-ldap.5.xml:1824
+#: sssd-ldap.5.xml:2381 sssd-ldap.5.xml:2446 sssd-ldap.5.xml:2464
+#: sssd-ipa.5.xml:405 sssd-ipa.5.xml:440 sssd-ad.5.xml:174 sssd-ad.5.xml:272
+#: sssd-ad.5.xml:809 sssd-ad.5.xml:928 sssd-krb5.5.xml:499
msgid "Default: true"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:86
+#: sssd.conf.5.xml:99
msgid "debug_microseconds (bool)"
msgstr "debug_microseconds (bool)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:89
+#: sssd.conf.5.xml:102
msgid ""
"Add microseconds to the timestamp in debug messages. If journald is enabled "
"for SSSD debug logging this option is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:94 sssd.conf.5.xml:1035 sssd.conf.5.xml:2164
-#: sssd-ldap.5.xml:692 sssd-ldap.5.xml:1521 sssd-ldap.5.xml:1540
-#: sssd-ldap.5.xml:1716 sssd-ldap.5.xml:2133 sssd-ipa.5.xml:139
+#: sssd.conf.5.xml:107 sssd.conf.5.xml:1161 sssd.conf.5.xml:2456
+#: sssd-ldap.5.xml:692 sssd-ldap.5.xml:1539 sssd-ldap.5.xml:1558
+#: sssd-ldap.5.xml:1734 sssd-ldap.5.xml:2151 sssd-ipa.5.xml:139
#: sssd-ipa.5.xml:211 sssd-ipa.5.xml:542 sssd-krb5.5.xml:266
#: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471
msgid "Default: false"
msgstr "Padrão: false"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:67 sssd.conf.5.xml:105 sssd-ldap.5.xml:2171
+#: sssd.conf.5.xml:67 sssd.conf.5.xml:118 sssd-ldap.5.xml:2189
msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:103
+#: sssd.conf.5.xml:116
msgid "Options usable in SERVICE and DOMAIN sections"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:107
+#: sssd.conf.5.xml:120
msgid "timeout (integer)"
msgstr "timeout (integer)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:110
+#: sssd.conf.5.xml:123
msgid ""
"Timeout in seconds between heartbeats for this service. This is used to "
"ensure that the process is alive and capable of answering requests."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:115 sssd.conf.5.xml:999 sssd-ldap.5.xml:1392
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:128 sssd.conf.5.xml:1125 sssd-ldap.5.xml:1410
+#: include/ldap_id_mapping.xml:264
msgid "Default: 10"
msgstr "Padrão: 10"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:125
+#: sssd.conf.5.xml:138
msgid "SPECIAL SECTIONS"
msgstr "SECÇÕES ESPECIAIS"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:128
+#: sssd.conf.5.xml:141
msgid "The [sssd] section"
msgstr "A seção [SSSD]"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:137 sssd.conf.5.xml:2272
+#: sssd.conf.5.xml:150 sssd.conf.5.xml:2472
msgid "Section parameters"
msgstr "Parâmetros de secção"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:139
+#: sssd.conf.5.xml:152
msgid "config_file_version (integer)"
msgstr "config_file_version (integer)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:142
+#: sssd.conf.5.xml:155
msgid ""
"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use "
"version 2."
@@ -332,12 +349,12 @@ msgstr ""
"versão 2."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:148
+#: sssd.conf.5.xml:161
msgid "services"
msgstr "serviços"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:151
+#: sssd.conf.5.xml:164
msgid ""
"Comma separated list of services that are started when sssd itself starts."
msgstr ""
@@ -345,7 +362,7 @@ msgstr ""
"separados por vírgulas."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:155
+#: sssd.conf.5.xml:168
msgid ""
"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> "
"<phrase condition=\"with_autofs\">, autofs</phrase> <phrase condition="
@@ -354,12 +371,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:165 sssd.conf.5.xml:390
+#: sssd.conf.5.xml:178 sssd.conf.5.xml:468
msgid "reconnection_retries (integer)"
msgstr "reconnection_retries (integer)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:168 sssd.conf.5.xml:393
+#: sssd.conf.5.xml:181 sssd.conf.5.xml:471
msgid ""
"Number of times services should attempt to reconnect in the event of a Data "
"Provider crash or restart before they give up"
@@ -368,17 +385,17 @@ msgstr ""
"falha do provedor de dados ou reiniciar antes de eles desistirem"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:173 sssd.conf.5.xml:398
+#: sssd.conf.5.xml:186 sssd.conf.5.xml:476
msgid "Default: 3"
msgstr "Padrão: 3"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:178
+#: sssd.conf.5.xml:191
msgid "domains"
msgstr "domínios"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:181
+#: sssd.conf.5.xml:194
msgid ""
"A domain is a database containing user information. SSSD can use more "
"domains at the same time, but at least one must be configured or SSSD won't "
@@ -388,19 +405,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:193 sssd.conf.5.xml:1947
+#: sssd.conf.5.xml:206 sssd.conf.5.xml:2105
msgid "re_expression (string)"
msgstr "re_expression (string)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:196
+#: sssd.conf.5.xml:209
msgid ""
"Default regular expression that describes how to parse the string containing "
"user name and domain into these components."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:201
+#: sssd.conf.5.xml:214
msgid ""
"Each domain can have an individual regular expression configured. For some "
"ID providers there are also default regular expressions. See DOMAIN "
@@ -408,12 +425,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:210 sssd.conf.5.xml:1998
+#: sssd.conf.5.xml:223 sssd.conf.5.xml:2156
msgid "full_name_format (string)"
msgstr "full_name_format (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:213 sssd.conf.5.xml:2001
+#: sssd.conf.5.xml:226 sssd.conf.5.xml:2159
msgid ""
"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
"manvolnum> </citerefentry>-compatible format that describes how to compose a "
@@ -421,58 +438,58 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:224 sssd.conf.5.xml:2012
+#: sssd.conf.5.xml:237 sssd.conf.5.xml:2170
msgid "%1$s"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:225 sssd.conf.5.xml:2013
+#: sssd.conf.5.xml:238 sssd.conf.5.xml:2171
msgid "user name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:228 sssd.conf.5.xml:2016
+#: sssd.conf.5.xml:241 sssd.conf.5.xml:2174
msgid "%2$s"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:231 sssd.conf.5.xml:2019
+#: sssd.conf.5.xml:244 sssd.conf.5.xml:2177
msgid "domain name as specified in the SSSD config file."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:237 sssd.conf.5.xml:2025
+#: sssd.conf.5.xml:250 sssd.conf.5.xml:2183
msgid "%3$s"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:240 sssd.conf.5.xml:2028
+#: sssd.conf.5.xml:253 sssd.conf.5.xml:2186
msgid ""
"domain flat name. Mostly usable for Active Directory domains, both directly "
"configured or discovered via IPA trusts."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:221 sssd.conf.5.xml:2009
+#: sssd.conf.5.xml:234 sssd.conf.5.xml:2167
msgid ""
"The following expansions are supported: <placeholder type=\"variablelist\" "
"id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:250
+#: sssd.conf.5.xml:263
msgid ""
"Each domain can have an individual format string configured. see DOMAIN "
"SECTIONS for more info on this option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:256
+#: sssd.conf.5.xml:269
msgid "try_inotify (boolean)"
msgstr "try_inotify (boolean)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:259
+#: sssd.conf.5.xml:272
msgid ""
"SSSD monitors the state of resolv.conf to identify when it needs to update "
"its internal DNS resolver. By default, we will attempt to use inotify for "
@@ -481,7 +498,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:267
+#: sssd.conf.5.xml:280
msgid ""
"There are some limited situations where it is preferred that we should skip "
"even trying to use inotify. In these rare cases, this option should be set "
@@ -489,69 +506,69 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:273
+#: sssd.conf.5.xml:286
msgid ""
"Default: true on platforms where inotify is supported. False on other "
"platforms."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:277
+#: sssd.conf.5.xml:290
msgid ""
"Note: this option will have no effect on platforms where inotify is "
"unavailable. On these platforms, polling will always be used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:284
+#: sssd.conf.5.xml:297
msgid "krb5_rcache_dir (string)"
msgstr "krb5_rcache_dir (string)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:287
+#: sssd.conf.5.xml:300
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:291
+#: sssd.conf.5.xml:304
msgid ""
"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct "
"SSSD to let libkrb5 decide the appropriate location for the replay cache."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:297
+#: sssd.conf.5.xml:310
msgid ""
"Default: Distribution-specific and specified at build-time. "
"(__LIBKRB5_DEFAULTS__ if not configured)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:304
+#: sssd.conf.5.xml:317
msgid "user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:307
+#: sssd.conf.5.xml:320
msgid ""
"The user to drop the privileges to where appropriate to avoid running as the "
"root user."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:312
+#: sssd.conf.5.xml:325
msgid "Default: not set, process will run as root"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:317
+#: sssd.conf.5.xml:330
msgid "default_domain_suffix (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:320
+#: sssd.conf.5.xml:333
msgid ""
"This string will be used as a default domain name for all names without a "
"domain name component. The main use case is environments where the primary "
@@ -561,7 +578,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:330
+#: sssd.conf.5.xml:343
msgid ""
"Please note that if this option is set all users from the primary domain "
"have to use their fully qualified name, e.g. user@domain.name, to log in. "
@@ -571,20 +588,20 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:339 sssd-ldap.5.xml:663 sssd-ldap.5.xml:1480
-#: sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1574 sssd-ad.5.xml:576
-#: sssd-ad.5.xml:646 sssd-krb5.5.xml:410 sssd-krb5.5.xml:550
-#: include/ldap_id_mapping.xml:203 include/ldap_id_mapping.xml:214
+#: sssd.conf.5.xml:352 sssd-ldap.5.xml:663 sssd-ldap.5.xml:1498
+#: sssd-ldap.5.xml:1510 sssd-ldap.5.xml:1592 sssd-ad.5.xml:614
+#: sssd-ad.5.xml:689 sssd-krb5.5.xml:410 sssd-krb5.5.xml:550
+#: include/ldap_id_mapping.xml:205 include/ldap_id_mapping.xml:216
msgid "Default: not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:344
+#: sssd.conf.5.xml:357
msgid "override_space (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:347
+#: sssd.conf.5.xml:360
msgid ""
"This parameter will replace spaces (space bar) with the given character for "
"user and group names. e.g. (_). User name &quot;john doe&quot; will be "
@@ -594,7 +611,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:356
+#: sssd.conf.5.xml:369
msgid ""
"Please note it is a configuration error to use a replacement character that "
"might be used in user or group names. If a name contains the replacement "
@@ -603,12 +620,99 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:364
+#: sssd.conf.5.xml:377
msgid "Default: not set (spaces will not be replaced)"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:382
+#, fuzzy
+#| msgid "re_expression (string)"
+msgid "certificate_verification (string)"
+msgstr "re_expression (string)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:390
+msgid "no_ocsp"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:392
+msgid ""
+"Disables Online Certificate Status Protocol (OCSP) checks. This might be "
+"needed if the OCSP servers defined in the certificate are not reachable from "
+"the client."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:400
+msgid "no_verification"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:402
+msgid ""
+"Disables verification completely. This option should only be used for "
+"testing."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:408
+msgid "ocsp_default_responder=URL"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:410
+msgid ""
+"Sets the OCSP default responder which should be used instead of the one "
+"mentioned in the certificate. URL must be replaced with the URL of the OCSP "
+"default responder e.g. http://example.com:80/ocsp."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:416
+msgid ""
+"This option must be used together with ocsp_default_responder_signing_cert."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:424
+msgid "ocsp_default_responder_signing_cert=NAME"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:426
+msgid ""
+"The nickname of the cert to trust (expected) to sign the OCSP responses. "
+"The certificate with the given nickname must be availble in the systems NSS "
+"database."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:431
+msgid "This option must be used together with ocsp_default_responder."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:385
+msgid ""
+"With this parameter the certificate verification can be tuned with a comma "
+"separated list of options. Supported options are: <placeholder type="
+"\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:438
+msgid "Unknown options are reported but ignored."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:441
+msgid "Default: not set, i.e. do not restrict certificate vertification"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:130
+#: sssd.conf.5.xml:143
msgid ""
"Individual pieces of SSSD functionality are provided by special SSSD "
"services that are started and stopped together with SSSD. The services are "
@@ -619,12 +723,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:375
+#: sssd.conf.5.xml:453
msgid "SERVICES SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:377
+#: sssd.conf.5.xml:455
msgid ""
"Settings that can be used to configure different services are described in "
"this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -633,22 +737,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:384
+#: sssd.conf.5.xml:462
msgid "General service configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:386
+#: sssd.conf.5.xml:464
msgid "These options can be used to configure any service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:403
+#: sssd.conf.5.xml:481
msgid "fd_limit"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:406
+#: sssd.conf.5.xml:484
msgid ""
"This option specifies the maximum number of file descriptors that may be "
"opened at one time by this SSSD process. On systems where SSSD is granted "
@@ -658,17 +762,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:415
+#: sssd.conf.5.xml:493
msgid "Default: 8192 (or limits.conf \"hard\" limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:420
+#: sssd.conf.5.xml:498
msgid "client_idle_timeout"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:423
+#: sssd.conf.5.xml:501
msgid ""
"This option specifies the number of seconds that a client of an SSSD process "
"can hold onto a file descriptor without communicating on it. This value is "
@@ -676,19 +780,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:430 sssd.conf.5.xml:446 sssd.conf.5.xml:478
-#: sssd.conf.5.xml:736 sssd.conf.5.xml:922 sssd.conf.5.xml:1289
-#: sssd-ldap.5.xml:1219
+#: sssd.conf.5.xml:508 sssd.conf.5.xml:524 sssd.conf.5.xml:556
+#: sssd.conf.5.xml:803 sssd.conf.5.xml:995 sssd.conf.5.xml:1428
+#: sssd-ldap.5.xml:1237
msgid "Default: 60"
msgstr "Padrão: 60"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:435 sssd.conf.5.xml:1278
+#: sssd.conf.5.xml:513 sssd.conf.5.xml:1417
msgid "force_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:438 sssd.conf.5.xml:1281
+#: sssd.conf.5.xml:516 sssd.conf.5.xml:1420
msgid ""
"If a service is not responding to ping checks (see the <quote>timeout</"
"quote> option), it is first sent the SIGTERM signal that instructs it to "
@@ -698,12 +802,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:451
+#: sssd.conf.5.xml:529
msgid "offline_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:454
+#: sssd.conf.5.xml:532
msgid ""
"When SSSD switches to offline mode the amount of time before it tries to go "
"back online will increase based upon the time spent disconnected. This "
@@ -711,117 +815,65 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:461
+#: sssd.conf.5.xml:539
msgid "offline_timeout + random_offset"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:464
+#: sssd.conf.5.xml:542
msgid ""
"The random offset can increment up to 30 seconds. After each unsuccessful "
"attempt to go online, the new interval is recalculated by the following:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:469
+#: sssd.conf.5.xml:547
msgid "new_interval = old_interval*2 + random_offset"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:472
+#: sssd.conf.5.xml:550
msgid ""
"Note that the maximum length of each interval is currently limited to one "
"hour. If the calculated length of new_interval is greater than an hour, it "
"will be forced to one hour."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:483
-msgid "subdomain_inherit (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:486
-msgid ""
-"Specifies a list of configuration parameters that should be inherited by a "
-"subdomain. Please note that only selected parameters can be inherited. "
-"Currently the following options can be inherited:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:492
-msgid "ignore_group_members"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:495
-msgid "ldap_purge_cache_timeout"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:498 sssd-ldap.5.xml:1036
-msgid "ldap_use_tokengroups"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:501
-msgid "ldap_user_principal"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:506
-#, no-wrap
-msgid ""
-"subdomain_inherit = ldap_purge_cache_timeout\n"
-" "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:504
-msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:510 sssd.conf.5.xml:966 sssd.conf.5.xml:987
-#: sssd.conf.5.xml:1272 sssd-ldap.5.xml:1775
-msgid "Default: none"
-msgstr "Padrão: none"
-
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:518
+#: sssd.conf.5.xml:564
msgid "NSS configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:520
+#: sssd.conf.5.xml:566
msgid ""
"These options can be used to configure the Name Service Switch (NSS) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:525
+#: sssd.conf.5.xml:571
msgid "enum_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:528
+#: sssd.conf.5.xml:574
msgid ""
"How many seconds should nss_sss cache enumerations (requests for info about "
"all users)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:532
+#: sssd.conf.5.xml:578
msgid "Default: 120"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:537
+#: sssd.conf.5.xml:583
msgid "entry_cache_nowait_percentage (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
+#: sssd.conf.5.xml:586
msgid ""
"The entry cache can be set to automatically update entries in the background "
"if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -829,7 +881,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:546
+#: sssd.conf.5.xml:592
msgid ""
"For example, if the domain's entry_cache_timeout is set to 30s and "
"entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -839,7 +891,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:556
+#: sssd.conf.5.xml:602
msgid ""
"Valid values for this option are 0-99 and represent a percentage of the "
"entry_cache_timeout for each domain. For performance reasons, this "
@@ -848,17 +900,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:564
+#: sssd.conf.5.xml:610
msgid "Default: 50"
msgstr "Padrão: 50"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:569
+#: sssd.conf.5.xml:615
msgid "entry_negative_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:572
+#: sssd.conf.5.xml:618
msgid ""
"Specifies for how many seconds nss_sss should cache negative cache hits "
"(that is, queries for invalid database entries, like nonexistent ones) "
@@ -866,60 +918,88 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:578 sssd.conf.5.xml:1059
+#: sssd.conf.5.xml:624 sssd.conf.5.xml:1185
msgid "Default: 15"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:583
+#: sssd.conf.5.xml:629
+#, fuzzy
+#| msgid "ldap_network_timeout (integer)"
+msgid "local_negative_timeout (integer)"
+msgstr "ldap_network_timeout (integer)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:632
+msgid ""
+"Specifies for how many seconds nss_sss should keep local users and groups in "
+"negative cache before trying to look it up in the back end again."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:637 sssd.conf.5.xml:983 sssd.conf.5.xml:2406 sssd.8.xml:79
+msgid "Default: 0"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:642
msgid "filter_users, filter_groups (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:586
+#: sssd.conf.5.xml:645
msgid ""
-"Exclude certain users from being fetched from the sss NSS database. This is "
-"particularly useful for system accounts. This option can also be set per-"
-"domain or include fully-qualified names to filter only users from the "
-"particular domain."
+"Exclude certain users or groups from being fetched from the sss NSS "
+"database. This is particularly useful for system accounts. This option can "
+"also be set per-domain or include fully-qualified names to filter only users "
+"from the particular domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:593
+#: sssd.conf.5.xml:652
+msgid ""
+"NOTE: The filter_groups option doesn't affect inheritance of nested group "
+"members, since filtering happens after they are propagated for returning via "
+"NSS. E.g. a group having a member group filtered out will still have the "
+"member users of the latter listed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:660
msgid "Default: root"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:598
+#: sssd.conf.5.xml:665
msgid "filter_users_in_groups (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:601
+#: sssd.conf.5.xml:668
msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:612
+#: sssd.conf.5.xml:679
msgid "fallback_homedir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:615
+#: sssd.conf.5.xml:682
msgid ""
"Set a default template for a user's home directory if one is not specified "
"explicitly by the domain's data provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:620
+#: sssd.conf.5.xml:687
msgid ""
"The available values for this option are the same as for override_homedir."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:626
+#: sssd.conf.5.xml:693
#, no-wrap
msgid ""
"fallback_homedir = /home/%u\n"
@@ -927,23 +1007,23 @@ msgid ""
msgstr ""
#. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:624 sssd.conf.5.xml:981 sssd-krb5.5.xml:533
-#: include/override_homedir.xml:55
+#: sssd.conf.5.xml:691 sssd.conf.5.xml:1062 sssd.conf.5.xml:1081
+#: sssd-krb5.5.xml:533 include/override_homedir.xml:55
msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:630
+#: sssd.conf.5.xml:697
msgid "Default: not set (no substitution for unset home directories)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:636
+#: sssd.conf.5.xml:703
msgid "override_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:639
+#: sssd.conf.5.xml:706
msgid ""
"Override the login shell for all users. This option supersedes any other "
"shell options if it takes effect and can be set either in the [nss] section "
@@ -951,47 +1031,47 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:645
+#: sssd.conf.5.xml:712
msgid "Default: not set (SSSD will use the value retrieved from LDAP)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:651
+#: sssd.conf.5.xml:718
msgid "allowed_shells (string)"
msgstr "allowed_shells (string)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:654
+#: sssd.conf.5.xml:721
msgid ""
"Restrict user shell to one of the listed values. The order of evaluation is:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:657
+#: sssd.conf.5.xml:724
msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:661
+#: sssd.conf.5.xml:728
msgid ""
"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
"quote>, use the value of the shell_fallback parameter."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:666
+#: sssd.conf.5.xml:733
msgid ""
"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
"shells</quote>, a nologin shell is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:671
+#: sssd.conf.5.xml:738
msgid "The wildcard (*) can be used to allow any shell."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:674
+#: sssd.conf.5.xml:741
msgid ""
"The (*) is useful if you want to use shell_fallback in case that user's "
"shell is not in <quote>/etc/shells</quote> and maintaining list of all "
@@ -999,103 +1079,110 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:681
+#: sssd.conf.5.xml:748
msgid "An empty string for shell is passed as-is to libc."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:684
+#: sssd.conf.5.xml:751
msgid ""
"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
"that a restart of the SSSD is required in case a new shell is installed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:688
+#: sssd.conf.5.xml:755
msgid "Default: Not set. The user shell is automatically used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:693
+#: sssd.conf.5.xml:760
msgid "vetoed_shells (string)"
msgstr "vetoed_shells (string)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:696
+#: sssd.conf.5.xml:763
msgid "Replace any instance of these shells with the shell_fallback"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:701
+#: sssd.conf.5.xml:768
msgid "shell_fallback (string)"
msgstr "shell_fallback (string)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:704
+#: sssd.conf.5.xml:771
msgid ""
"The default shell to use if an allowed shell is not installed on the machine."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:708
+#: sssd.conf.5.xml:775
msgid "Default: /bin/sh"
msgstr "Padrão: /bin/sh"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:713
+#: sssd.conf.5.xml:780
msgid "default_shell"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:716
+#: sssd.conf.5.xml:783
msgid ""
"The default shell to use if the provider does not return one during lookup. "
"This option can be specified globally in the [nss] section or per-domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:722
+#: sssd.conf.5.xml:789
msgid ""
"Default: not set (Return NULL if no shell is specified and rely on libc to "
"substitute something sensible when necessary, usually /bin/sh)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:729 sssd.conf.5.xml:915
+#: sssd.conf.5.xml:796 sssd.conf.5.xml:988
msgid "get_domains_timeout (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:732 sssd.conf.5.xml:918
+#: sssd.conf.5.xml:799 sssd.conf.5.xml:991
msgid ""
"Specifies time in seconds for which the list of subdomains will be "
"considered valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:741
+#: sssd.conf.5.xml:808
msgid "memcache_timeout (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:744
+#: sssd.conf.5.xml:811
msgid ""
"Specifies time in seconds for which records in the in-memory cache will be "
-"valid"
+"valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:748 sssd-ldap.5.xml:706
+#: sssd.conf.5.xml:815 sssd.conf.5.xml:1299 sssd-ldap.5.xml:706
msgid "Default: 300"
msgstr "Padrão: 300"
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:818
+msgid ""
+"NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", "
+"client applications will not use the fast in-memory cache."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:753 sssd-ifp.5.xml:74
+#: sssd.conf.5.xml:826 sssd-ifp.5.xml:74
msgid "user_attributes (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:829
msgid ""
"Some of the additional NSS responder requests can return more attributes "
"than just the POSIX ones defined by the NSS interface. The list of "
@@ -1106,72 +1193,72 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:769
+#: sssd.conf.5.xml:842
msgid ""
"To make configuration more easy the NSS responder will check the InfoPipe "
"option if it is not set for the NSS responder."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:774
+#: sssd.conf.5.xml:847
msgid "Default: not set, fallback to InfoPipe option"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:781
+#: sssd.conf.5.xml:854
msgid "PAM configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:856
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:788
+#: sssd.conf.5.xml:861
msgid "offline_credentials_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:791
+#: sssd.conf.5.xml:864
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:796 sssd.conf.5.xml:809
+#: sssd.conf.5.xml:869 sssd.conf.5.xml:882
msgid "Default: 0 (No limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:802
+#: sssd.conf.5.xml:875
msgid "offline_failed_login_attempts (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:805
+#: sssd.conf.5.xml:878
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:815
+#: sssd.conf.5.xml:888
msgid "offline_failed_login_delay (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:818
+#: sssd.conf.5.xml:891
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:823
+#: sssd.conf.5.xml:896
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -1179,59 +1266,59 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:829 sssd.conf.5.xml:882
+#: sssd.conf.5.xml:902 sssd.conf.5.xml:955
msgid "Default: 5"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:835
+#: sssd.conf.5.xml:908
msgid "pam_verbosity (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:838
+#: sssd.conf.5.xml:911
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:843
+#: sssd.conf.5.xml:916
msgid "Currently sssd supports the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:846
+#: sssd.conf.5.xml:919
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:849
+#: sssd.conf.5.xml:922
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:853
+#: sssd.conf.5.xml:926
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:856
+#: sssd.conf.5.xml:929
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:860 sssd.8.xml:63
+#: sssd.conf.5.xml:933 sssd.8.xml:63
msgid "Default: 1"
msgstr "Padrão: 1"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:865
+#: sssd.conf.5.xml:938
msgid "pam_id_timeout (integer)"
msgstr "pam_id_timeout (integer)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:941
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -1239,7 +1326,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:874
+#: sssd.conf.5.xml:947
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
@@ -1248,17 +1335,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:888
+#: sssd.conf.5.xml:961
msgid "pam_pwd_expiration_warning (integer)"
msgstr "pam_pwd_expiration_warning (integer)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:891 sssd.conf.5.xml:1492
+#: sssd.conf.5.xml:964 sssd.conf.5.xml:1631
msgid "Display a warning N days before the password expires."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:894
+#: sssd.conf.5.xml:967
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -1266,119 +1353,189 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:900 sssd.conf.5.xml:1495
+#: sssd.conf.5.xml:973 sssd.conf.5.xml:1634
msgid ""
"If zero is set, then this filter is not applied, i.e. if the expiration "
"warning was received from backend server, it will automatically be displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:905
+#: sssd.conf.5.xml:978
msgid ""
"This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
"emphasis> for a particular domain."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:910 sssd.conf.5.xml:2224 sssd.8.xml:79
-msgid "Default: 0"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:927
+#: sssd.conf.5.xml:1000
msgid "pam_trusted_users (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:930
+#: sssd.conf.5.xml:1003
msgid ""
"Specifies the comma-separated list of UID values or user names that are "
-"allowed to access the PAM responder. User names are resolved to UIDs at "
+"allowed to run PAM conversations against trusted domains. Users not "
+"included in this list can only access domains marked as public with "
+"<quote>pam_public_domains</quote>. User names are resolved to UIDs at "
"startup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:936
-msgid "Default: all (All users are allowed to access the PAM responder)"
+#: sssd.conf.5.xml:1013
+msgid "Default: All users are considered trusted by default"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940
+#: sssd.conf.5.xml:1017
msgid ""
"Please note that UID 0 is always allowed to access the PAM responder even in "
"case it is not in the pam_trusted_users list."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:947
+#: sssd.conf.5.xml:1024
msgid "pam_public_domains (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:950
+#: sssd.conf.5.xml:1027
msgid ""
"Specifies the comma-separated list of domain names that are accessible even "
"to untrusted users."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:954
+#: sssd.conf.5.xml:1031
msgid "Two special values for pam_public_domains option are defined:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:958
+#: sssd.conf.5.xml:1035
msgid ""
"all (Untrusted users are allowed to access all domains in PAM responder.)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:962
+#: sssd.conf.5.xml:1039
msgid ""
"none (Untrusted users are not allowed to access any domains PAM in "
"responder.)"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1043 sssd.conf.5.xml:1068 sssd.conf.5.xml:1087
+#: sssd.conf.5.xml:1411 sssd.conf.5.xml:2342 sssd-ldap.5.xml:1793
+msgid "Default: none"
+msgstr "Padrão: none"
+
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:971
+#: sssd.conf.5.xml:1048
msgid "pam_account_expired_message (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:974
+#: sssd.conf.5.xml:1051
msgid ""
-"If user is authenticating using SSH keys and account is expired then by "
-"default 'Permission denied' is output. This output will be changed to "
-"content of this variable if it is set."
+"Allows a custom expiration message to be set, replacing the default "
+"'Permission denied' message."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1056
+msgid ""
+"Note: Please be aware that message is only printed for the SSH service "
+"unless pam_verbostiy is set to 3 (show all messages and debug information)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:983
+#: sssd.conf.5.xml:1064
#, no-wrap
msgid ""
-"pam_account_expired_message = Account expired, please call help desk.\n"
+"pam_account_expired_message = Account expired, please contact help desk.\n"
" "
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:992
+#: sssd.conf.5.xml:1073
+msgid "pam_account_locked_message (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1076
+msgid ""
+"Allows a custom lockout message to be set, replacing the default 'Permission "
+"denied' message."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd.conf.5.xml:1083
+#, no-wrap
+msgid ""
+"pam_account_locked_message = Account locked, please contact help desk.\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1092
+#, fuzzy
+#| msgid "enumerate (bool)"
+msgid "pam_cert_auth (bool)"
+msgstr "enumerate (bool)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1095
+msgid ""
+"Enable certificate based Smartcard authentication. Since this requires "
+"additional communication with the Smartcard which will delay the "
+"authentication process this option is disabled by default."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1101 sssd-ldap.5.xml:1021 sssd-ldap.5.xml:1048
+#: sssd-ldap.5.xml:1339 sssd-ldap.5.xml:1360 sssd-ldap.5.xml:1866
+#: include/ldap_id_mapping.xml:244
+msgid "Default: False"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1106
+#, fuzzy
+#| msgid "ipa_hbac_search_base (string)"
+msgid "pam_cert_db_path (string)"
+msgstr "ipa_hbac_search_base (string)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1109
+msgid ""
+"The path to the certificate database which contain the PKCS#11 modules to "
+"access the Smartcard."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1113
+msgid "Default: /etc/pki/nssdb (NSS version)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1118
#, fuzzy
#| msgid "pam_id_timeout (integer)"
msgid "p11_child_timeout (integer)"
msgstr "pam_id_timeout (integer)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:995
+#: sssd.conf.5.xml:1121
msgid "How many seconds will pam_sss wait for p11_child to finish."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1008
+#: sssd.conf.5.xml:1134
msgid "SUDO configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1010
+#: sssd.conf.5.xml:1136
msgid ""
"These options can be used to configure the sudo service. The detailed "
"instructions for configuration of <citerefentry> <refentrytitle>sudo</"
@@ -1389,34 +1546,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1027
+#: sssd.conf.5.xml:1153
msgid "sudo_timed (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1030
+#: sssd.conf.5.xml:1156
msgid ""
"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
"that implement time-dependent sudoers entries."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1043
+#: sssd.conf.5.xml:1169
msgid "AUTOFS configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1045
+#: sssd.conf.5.xml:1171
msgid "These options can be used to configure the autofs service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1049
+#: sssd.conf.5.xml:1175
msgid "autofs_negative_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1052
+#: sssd.conf.5.xml:1178
msgid ""
"Specifies for how many seconds should the autofs responder negative cache "
"hits (that is, queries for invalid map entries, like nonexistent ones) "
@@ -1424,72 +1581,72 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1068
+#: sssd.conf.5.xml:1194
msgid "SSH configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1070
+#: sssd.conf.5.xml:1196
msgid "These options can be used to configure the SSH service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1074
+#: sssd.conf.5.xml:1200
msgid "ssh_hash_known_hosts (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1077
+#: sssd.conf.5.xml:1203
msgid ""
"Whether or not to hash host names and addresses in the managed known_hosts "
"file."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1086
+#: sssd.conf.5.xml:1212
msgid "ssh_known_hosts_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1089
+#: sssd.conf.5.xml:1215
msgid ""
"How many seconds to keep a host in the managed known_hosts file after its "
"host keys were requested."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1093
+#: sssd.conf.5.xml:1219
msgid "Default: 180"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1098
+#: sssd.conf.5.xml:1224
#, fuzzy
#| msgid "mail_dir (string)"
msgid "ca_db (string)"
msgstr "mail_dir (string)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1101
+#: sssd.conf.5.xml:1227
msgid ""
"Path to a storage of trusted CA certificates. The option is used to validate "
"user certificates before deriving public ssh keys from them."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1106
+#: sssd.conf.5.xml:1232
#, fuzzy
#| msgid "Default: /etc/krb5.keytab"
msgid "Default: /etc/pki/nssdb"
msgstr "Padrão: /etc/krb5.keytab"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1114
+#: sssd.conf.5.xml:1240
msgid "PAC responder configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1116
+#: sssd.conf.5.xml:1242
msgid ""
"The PAC responder works together with the authorization data plugin for MIT "
"Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the "
@@ -1501,7 +1658,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1125
+#: sssd.conf.5.xml:1251
msgid ""
"If the remote user does not exist in the cache, it is created. The uid is "
"determined with the help of the SID, trusted domains will have UPGs and the "
@@ -1512,24 +1669,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1133
+#: sssd.conf.5.xml:1259
msgid ""
"If there are SIDs of groups from domains sssd knows about, the user will be "
"added to those groups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1139
+#: sssd.conf.5.xml:1265
msgid "These options can be used to configure the PAC responder."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1143 sssd-ifp.5.xml:50
+#: sssd.conf.5.xml:1269 sssd-ifp.5.xml:50
msgid "allowed_uids (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1146
+#: sssd.conf.5.xml:1272
msgid ""
"Specifies the comma-separated list of UID values or user names that are "
"allowed to access the PAC responder. User names are resolved to UIDs at "
@@ -1537,12 +1694,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1152
+#: sssd.conf.5.xml:1278
msgid "Default: 0 (only the root user is allowed to access the PAC responder)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1156
+#: sssd.conf.5.xml:1282
msgid ""
"Please note that although the UID 0 is used as the default it will be "
"overwritten with this option. If you still want to allow the root user to "
@@ -1550,25 +1707,39 @@ msgid ""
"to the list of allowed UIDs as well."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1291
+#, fuzzy
+#| msgid "pam_id_timeout (integer)"
+msgid "pac_lifetime (integer)"
+msgstr "pam_id_timeout (integer)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1294
+msgid ""
+"Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC "
+"data can be used to determine the group memberships of a user."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1170
+#: sssd.conf.5.xml:1309
msgid "DOMAIN SECTIONS"
msgstr "SECÇÕES DE DOMÍNIO"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1177
+#: sssd.conf.5.xml:1316
msgid "min_id,max_id (integer)"
msgstr "min_id,max_id (integer)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1180
+#: sssd.conf.5.xml:1319
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1185
+#: sssd.conf.5.xml:1324
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -1577,46 +1748,46 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1192
+#: sssd.conf.5.xml:1331
msgid ""
"These ID limits affect even saving entries to cache, not only returning them "
"by name or ID."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1196
+#: sssd.conf.5.xml:1335
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr "Padrão: 1 para min_id, 0 (sem limite) para max_id"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1202
+#: sssd.conf.5.xml:1341
msgid "enumerate (bool)"
msgstr "enumerate (bool)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1205
+#: sssd.conf.5.xml:1344
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1209
+#: sssd.conf.5.xml:1348
msgid "TRUE = Users and groups are enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1212
+#: sssd.conf.5.xml:1351
msgid "FALSE = No enumerations for this domain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1215 sssd.conf.5.xml:1447 sssd.conf.5.xml:1614
+#: sssd.conf.5.xml:1354 sssd.conf.5.xml:1586 sssd.conf.5.xml:1753
msgid "Default: FALSE"
msgstr "Padrão: FALSE"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1218
+#: sssd.conf.5.xml:1357
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -1628,14 +1799,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1231
+#: sssd.conf.5.xml:1370
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1236
+#: sssd.conf.5.xml:1375
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -1644,39 +1815,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1244
+#: sssd.conf.5.xml:1383
msgid ""
"For the reasons cited above, enabling enumeration is not recommended, "
"especially in large environments."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1252
+#: sssd.conf.5.xml:1391
msgid "subdomain_enumerate (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1259
+#: sssd.conf.5.xml:1398
msgid "all"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1260
+#: sssd.conf.5.xml:1399
msgid "All discovered trusted domains will be enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1263
+#: sssd.conf.5.xml:1402
msgid "none"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1264
+#: sssd.conf.5.xml:1403
msgid "No discovered trusted domains will be enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1255
+#: sssd.conf.5.xml:1394
msgid ""
"Whether any of autodetected trusted domains should be enumerated. The "
"supported values are: <placeholder type=\"variablelist\" id=\"0\"/> "
@@ -1685,19 +1856,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1295
+#: sssd.conf.5.xml:1434
msgid "entry_cache_timeout (integer)"
msgstr "entry_cache_timeout (integer)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1298
+#: sssd.conf.5.xml:1437
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1302
+#: sssd.conf.5.xml:1441
msgid ""
"The cache expiration timestamps are stored as attributes of individual "
"objects in the cache. Therefore, changing the cache timeout only has effect "
@@ -1708,151 +1879,151 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1315
+#: sssd.conf.5.xml:1454
msgid "Default: 5400"
msgstr "Padrão: 5400"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1321
+#: sssd.conf.5.xml:1460
msgid "entry_cache_user_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1324
+#: sssd.conf.5.xml:1463
msgid ""
"How many seconds should nss_sss consider user entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1328 sssd.conf.5.xml:1341 sssd.conf.5.xml:1354
-#: sssd.conf.5.xml:1367 sssd.conf.5.xml:1380 sssd.conf.5.xml:1394
-#: sssd.conf.5.xml:1408
+#: sssd.conf.5.xml:1467 sssd.conf.5.xml:1480 sssd.conf.5.xml:1493
+#: sssd.conf.5.xml:1506 sssd.conf.5.xml:1519 sssd.conf.5.xml:1533
+#: sssd.conf.5.xml:1547
msgid "Default: entry_cache_timeout"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1334
+#: sssd.conf.5.xml:1473
msgid "entry_cache_group_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1337
+#: sssd.conf.5.xml:1476
msgid ""
"How many seconds should nss_sss consider group entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1347
+#: sssd.conf.5.xml:1486
msgid "entry_cache_netgroup_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1350
+#: sssd.conf.5.xml:1489
msgid ""
"How many seconds should nss_sss consider netgroup entries valid before "
"asking the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1360
+#: sssd.conf.5.xml:1499
msgid "entry_cache_service_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1363
+#: sssd.conf.5.xml:1502
msgid ""
"How many seconds should nss_sss consider service entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1373
+#: sssd.conf.5.xml:1512
msgid "entry_cache_sudo_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1376
+#: sssd.conf.5.xml:1515
msgid ""
"How many seconds should sudo consider rules valid before asking the backend "
"again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1386
+#: sssd.conf.5.xml:1525
msgid "entry_cache_autofs_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1389
+#: sssd.conf.5.xml:1528
msgid ""
"How many seconds should the autofs service consider automounter maps valid "
"before asking the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1400
+#: sssd.conf.5.xml:1539
msgid "entry_cache_ssh_host_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1403
+#: sssd.conf.5.xml:1542
msgid ""
"How many seconds to keep a host ssh key after refresh. IE how long to cache "
"the host key for."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1414
+#: sssd.conf.5.xml:1553
msgid "refresh_expired_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1417
+#: sssd.conf.5.xml:1556
msgid ""
"Specifies how many seconds SSSD has to wait before triggering a background "
"refresh task which will refresh all expired or nearly expired records."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1422
+#: sssd.conf.5.xml:1561
msgid ""
"The background refresh will process users, groups and netgroups in the cache."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1426
+#: sssd.conf.5.xml:1565
msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1430 sssd-ldap.5.xml:730 sssd-ipa.5.xml:227
+#: sssd.conf.5.xml:1569 sssd-ldap.5.xml:730 sssd-ipa.5.xml:227
msgid "Default: 0 (disabled)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1436
+#: sssd.conf.5.xml:1575
msgid "cache_credentials (bool)"
msgstr "cache_credentials (bool)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1439
+#: sssd.conf.5.xml:1578
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1443
+#: sssd.conf.5.xml:1582
msgid "User credentials are stored in a SHA512 hash, not in plaintext"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1453
+#: sssd.conf.5.xml:1592
msgid "cache_credentials_minimal_first_factor_length (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1456
+#: sssd.conf.5.xml:1595
msgid ""
"If 2-Factor-Authentication (2FA) is used and credentials should be saved "
"this value determines the minimal length the first authentication factor "
@@ -1860,24 +2031,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1463
+#: sssd.conf.5.xml:1602
msgid ""
"This should avoid that the short PINs of a PIN based 2FA scheme are saved in "
"the cache which would make them easy targets for brute-force attacks."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1468
+#: sssd.conf.5.xml:1607
msgid "Default: 8"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1474
+#: sssd.conf.5.xml:1613
msgid "account_cache_expiration (integer)"
msgstr "account_cache_expiration (integer)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1477
+#: sssd.conf.5.xml:1616
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -1886,17 +2057,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1484
+#: sssd.conf.5.xml:1623
msgid "Default: 0 (unlimited)"
msgstr "Padrão: 0 (ilimitado)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1489
+#: sssd.conf.5.xml:1628
msgid "pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1500
+#: sssd.conf.5.xml:1639
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -1905,33 +2076,33 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1507
+#: sssd.conf.5.xml:1646
msgid "Default: 7 (Kerberos), 0 (LDAP)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1513
+#: sssd.conf.5.xml:1652
msgid "id_provider (string)"
msgstr "id_provider (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1516
+#: sssd.conf.5.xml:1655
msgid ""
"The identification provider used for the domain. Supported ID providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1520
+#: sssd.conf.5.xml:1659
msgid "<quote>proxy</quote>: Support a legacy NSS provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1523 sssd.conf.5.xml:1660
+#: sssd.conf.5.xml:1662 sssd.conf.5.xml:1799
msgid "<quote>local</quote>: SSSD internal provider for local users"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1527
+#: sssd.conf.5.xml:1666
msgid ""
"<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-"
"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
@@ -1939,8 +2110,8 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1535 sssd.conf.5.xml:1640 sssd.conf.5.xml:1695
-#: sssd.conf.5.xml:1748
+#: sssd.conf.5.xml:1674 sssd.conf.5.xml:1779 sssd.conf.5.xml:1834
+#: sssd.conf.5.xml:1897
msgid ""
"<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management "
"provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
@@ -1949,8 +2120,8 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1544 sssd.conf.5.xml:1649 sssd.conf.5.xml:1704
-#: sssd.conf.5.xml:1757
+#: sssd.conf.5.xml:1683 sssd.conf.5.xml:1788 sssd.conf.5.xml:1843
+#: sssd.conf.5.xml:1906
msgid ""
"<quote>ad</quote>: Active Directory provider. See <citerefentry> "
"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1958,19 +2129,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1555
+#: sssd.conf.5.xml:1694
msgid "use_fully_qualified_names (bool)"
msgstr "use_fully_qualified_names (bool)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1558
+#: sssd.conf.5.xml:1697
msgid ""
"Use the full name and domain (as formatted by the domain's full_name_format) "
"as the user's login name reported to NSS."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1563
+#: sssd.conf.5.xml:1702
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -1979,7 +2150,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1571
+#: sssd.conf.5.xml:1710
msgid ""
"NOTE: This option has no effect on netgroup lookups due to their tendency to "
"include nested netgroups without qualified names. For netgroups, all domains "
@@ -1987,22 +2158,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1578
+#: sssd.conf.5.xml:1717
msgid "Default: FALSE (TRUE if default_domain_suffix is used)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1584
+#: sssd.conf.5.xml:1723
msgid "ignore_group_members (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1587
+#: sssd.conf.5.xml:1726
msgid "Do not return group members for group lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1590
+#: sssd.conf.5.xml:1729
msgid ""
"If set to TRUE, the group membership attribute is not requested from the "
"ldap server, and group members are not returned when processing group lookup "
@@ -2014,7 +2185,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1608
+#: sssd.conf.5.xml:1747
msgid ""
"Enabling this option can also make access provider checks for group "
"membership significantly faster, especially for groups containing many "
@@ -2022,19 +2193,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1619
+#: sssd.conf.5.xml:1758
msgid "auth_provider (string)"
msgstr "auth_provider (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1622
+#: sssd.conf.5.xml:1761
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1626 sssd.conf.5.xml:1688
+#: sssd.conf.5.xml:1765 sssd.conf.5.xml:1827
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2042,7 +2213,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1633
+#: sssd.conf.5.xml:1772
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2050,30 +2221,30 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1657
+#: sssd.conf.5.xml:1796
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1664
+#: sssd.conf.5.xml:1803
msgid "<quote>none</quote> disables authentication explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1667
+#: sssd.conf.5.xml:1806
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1673
+#: sssd.conf.5.xml:1812
msgid "access_provider (string)"
msgstr "access_provider (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1676
+#: sssd.conf.5.xml:1815
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -2081,19 +2252,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1682
+#: sssd.conf.5.xml:1821
msgid ""
"<quote>permit</quote> always allow access. It's the only permitted access "
"provider for a local domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1685
+#: sssd.conf.5.xml:1824
msgid "<quote>deny</quote> always deny access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1712
+#: sssd.conf.5.xml:1851
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -2102,24 +2273,37 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1719
+#: sssd.conf.5.xml:1858
+msgid ""
+"<quote>krb5</quote>: .k5login based access control. See <citerefentry> "
+"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></"
+"citerefentry> for more information on configuring Kerberos."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1865
+msgid "<quote>proxy</quote> for relaying access control to another PAM module."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1868
msgid "Default: <quote>permit</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1724
+#: sssd.conf.5.xml:1873
msgid "chpass_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1727
+#: sssd.conf.5.xml:1876
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1732
+#: sssd.conf.5.xml:1881
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -2127,7 +2311,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1740
+#: sssd.conf.5.xml:1889
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2135,35 +2319,35 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1765
+#: sssd.conf.5.xml:1914
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1769
+#: sssd.conf.5.xml:1918
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1772
+#: sssd.conf.5.xml:1921
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1779
+#: sssd.conf.5.xml:1928
msgid "sudo_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1782
+#: sssd.conf.5.xml:1931
msgid "The SUDO provider used for the domain. Supported SUDO providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1786
+#: sssd.conf.5.xml:1935
msgid ""
"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2171,32 +2355,32 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1794
+#: sssd.conf.5.xml:1943
msgid ""
"<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default "
"settings."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1798
+#: sssd.conf.5.xml:1947
msgid ""
"<quote>ad</quote> the same as <quote>ldap</quote> but with AD default "
"settings."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1802
+#: sssd.conf.5.xml:1951
msgid "<quote>none</quote> disables SUDO explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1805 sssd.conf.5.xml:1883 sssd.conf.5.xml:1915
-#: sssd.conf.5.xml:1940
+#: sssd.conf.5.xml:1954 sssd.conf.5.xml:2032 sssd.conf.5.xml:2073
+#: sssd.conf.5.xml:2098
msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1809
+#: sssd.conf.5.xml:1958
msgid ""
"The detailed instructions for configuration of sudo_provider are in the "
"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -2207,12 +2391,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1826
+#: sssd.conf.5.xml:1975
msgid "selinux_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1829
+#: sssd.conf.5.xml:1978
msgid ""
"The provider which should handle loading of selinux settings. Note that this "
"provider will be called right after access provider ends. Supported selinux "
@@ -2220,7 +2404,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1835
+#: sssd.conf.5.xml:1984
msgid ""
"<quote>ipa</quote> to load selinux settings from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2228,31 +2412,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1843
+#: sssd.conf.5.xml:1992
msgid "<quote>none</quote> disallows fetching selinux settings explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1846
+#: sssd.conf.5.xml:1995
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"selinux loading requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1852
+#: sssd.conf.5.xml:2001
msgid "subdomains_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1855
+#: sssd.conf.5.xml:2004
msgid ""
"The provider which should handle fetching of subdomains. This value should "
"be always the same as id_provider. Supported subdomain providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1861
+#: sssd.conf.5.xml:2010
msgid ""
"<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2260,7 +2444,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1870
+#: sssd.conf.5.xml:2019
msgid ""
"<quote>ad</quote> to load a list of subdomains from an Active Directory "
"server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> "
@@ -2269,23 +2453,23 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1879
+#: sssd.conf.5.xml:2028
msgid "<quote>none</quote> disallows fetching subdomains explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1890
+#: sssd.conf.5.xml:2039
msgid "autofs_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1893
+#: sssd.conf.5.xml:2042
msgid ""
"The autofs provider used for the domain. Supported autofs providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1897
+#: sssd.conf.5.xml:2046
msgid ""
"<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2293,7 +2477,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1904
+#: sssd.conf.5.xml:2053
msgid ""
"<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2301,24 +2485,32 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1912
+#: sssd.conf.5.xml:2061
+msgid ""
+"<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> "
+"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> for more information on configuring the AD provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2070
msgid "<quote>none</quote> disables autofs explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1922
+#: sssd.conf.5.xml:2080
msgid "hostid_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1925
+#: sssd.conf.5.xml:2083
msgid ""
"The provider used for retrieving host identity information. Supported "
"hostid providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1929
+#: sssd.conf.5.xml:2087
msgid ""
"<quote>ipa</quote> to load host identity stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2326,12 +2518,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1937
+#: sssd.conf.5.xml:2095
msgid "<quote>none</quote> disables hostid explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1950
+#: sssd.conf.5.xml:2108
msgid ""
"Regular expression for this domain that describes how to parse the string "
"containing user name and domain into these components. The \"domain\" can "
@@ -2341,7 +2533,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1959
+#: sssd.conf.5.xml:2117
msgid ""
"Default for the AD and IPA provider: <quote>(((?P&lt;domain&gt;[^\\\\]+)\\"
"\\(?P&lt;name&gt;.+$))|((?P&lt;name&gt;[^@]+)@(?P&lt;domain&gt;.+$))|(^(?"
@@ -2350,29 +2542,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1964
+#: sssd.conf.5.xml:2122
msgid "username"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1967
+#: sssd.conf.5.xml:2125
msgid "username@domain.name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1970
+#: sssd.conf.5.xml:2128
msgid "domain\\username"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1973
+#: sssd.conf.5.xml:2131
msgid ""
"While the first two correspond to the general default the third one is "
"introduced to allow easy integration of users from Windows domains."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1978
+#: sssd.conf.5.xml:2136
msgid ""
"Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
"which translates to \"the name is everything up to the <quote>@</quote> "
@@ -2380,7 +2572,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1984
+#: sssd.conf.5.xml:2142
msgid ""
"PLEASE NOTE: the support for non-unique named subpatterns is not available "
"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
@@ -2388,66 +2580,66 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1991
+#: sssd.conf.5.xml:2149
msgid ""
"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
"P&lt;name&gt;) to label subpatterns."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2038
+#: sssd.conf.5.xml:2196
msgid "Default: <quote>%1$s@%2$s</quote>."
msgstr "Default: <quote>%1$s@%2$s</quote>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2044
+#: sssd.conf.5.xml:2202
msgid "lookup_family_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2047
+#: sssd.conf.5.xml:2205
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2051
+#: sssd.conf.5.xml:2209
msgid "Supported values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2054
+#: sssd.conf.5.xml:2212
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2057
+#: sssd.conf.5.xml:2215
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2060
+#: sssd.conf.5.xml:2218
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2063
+#: sssd.conf.5.xml:2221
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2066
+#: sssd.conf.5.xml:2224
msgid "Default: ipv4_first"
msgstr "Default: ipv4_first"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2072
+#: sssd.conf.5.xml:2230
msgid "dns_resolver_timeout (integer)"
msgstr "dns_resolver_timeout (integer)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2075
+#: sssd.conf.5.xml:2233
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -2455,70 +2647,70 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2081 sssd-ldap.5.xml:1203 sssd-ldap.5.xml:1245
-#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:248
+#: sssd.conf.5.xml:2239 sssd-ldap.5.xml:1221 sssd-ldap.5.xml:1263
+#: sssd-ldap.5.xml:1281 sssd-krb5.5.xml:248
msgid "Default: 6"
msgstr "Padrão: 6"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2087
+#: sssd.conf.5.xml:2245
msgid "dns_discovery_domain (string)"
msgstr "dns_discovery_domain (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2090
+#: sssd.conf.5.xml:2248
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2094
+#: sssd.conf.5.xml:2252
msgid "Default: Use the domain part of machine's hostname"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2100
+#: sssd.conf.5.xml:2258
msgid "override_gid (integer)"
msgstr "override_gid (integer)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2103
+#: sssd.conf.5.xml:2261
msgid "Override the primary GID value with the one specified."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2109
+#: sssd.conf.5.xml:2267
msgid "case_sensitive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2117
+#: sssd.conf.5.xml:2275
msgid "True"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2120
+#: sssd.conf.5.xml:2278
msgid "Case sensitive. This value is invalid for AD provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2126
+#: sssd.conf.5.xml:2284
msgid "False"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2128
+#: sssd.conf.5.xml:2286
msgid "Case insensitive."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2132
+#: sssd.conf.5.xml:2290
msgid "Preserving"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2135
+#: sssd.conf.5.xml:2293
msgid ""
"Same as False (case insensitive), but does not lowercase names in the result "
"of NSS operations. Note that name aliases (and in case of services also "
@@ -2526,7 +2718,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2112
+#: sssd.conf.5.xml:2270
msgid ""
"Treat user and group names as case sensitive. At the moment, this option is "
"not supported in the local provider. Possible option values are: "
@@ -2534,41 +2726,85 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2147
+#: sssd.conf.5.xml:2305
msgid "Default: True (False for AD provider)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2153
-msgid "proxy_fast_alias (boolean)"
+#: sssd.conf.5.xml:2311
+msgid "subdomain_inherit (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2156
+#: sssd.conf.5.xml:2314
msgid ""
-"When a user or group is looked up by name in the proxy provider, a second "
-"lookup by ID is performed to \"canonicalize\" the name in case the requested "
-"name was an alias. Setting this option to true would cause the SSSD to "
-"perform the ID lookup from cache for performance reasons."
+"Specifies a list of configuration parameters that should be inherited by a "
+"subdomain. Please note that only selected parameters can be inherited. "
+"Currently the following options can be inherited:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2320
+msgid "ignore_group_members"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2323
+msgid "ldap_purge_cache_timeout"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2170
+#: sssd.conf.5.xml:2326 sssd-ldap.5.xml:1054
+msgid "ldap_use_tokengroups"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2329
+msgid "ldap_user_principal"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2332
+msgid ""
+"ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab "
+"is not set explicitly)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd.conf.5.xml:2338
+#, no-wrap
+msgid ""
+"subdomain_inherit = ldap_purge_cache_timeout\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2336
+msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2345
+msgid "Note: This option only works with the IPA and AD provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2352
msgid "subdomain_homedir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2181
+#: sssd.conf.5.xml:2363
msgid "%F"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2182
+#: sssd.conf.5.xml:2364
msgid "flat (NetBIOS) name of a subdomain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2173
+#: sssd.conf.5.xml:2355
msgid ""
"Use this homedir as default value for all subdomains within this domain in "
"IPA AD trust. See <emphasis>override_homedir</emphasis> for info about "
@@ -2578,36 +2814,36 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2187
+#: sssd.conf.5.xml:2369
msgid ""
"The value can be overridden by <emphasis>override_homedir</emphasis> option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2191
+#: sssd.conf.5.xml:2373
msgid "Default: <filename>/home/%d/%u</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2196
+#: sssd.conf.5.xml:2378
msgid "realmd_tags (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2199
+#: sssd.conf.5.xml:2381
msgid ""
"Various tags stored by the realmd configuration service for this domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2205
+#: sssd.conf.5.xml:2387
#, fuzzy
#| msgid "krb5_auth_timeout (integer)"
msgid "cached_auth_timeout (int)"
msgstr "krb5_auth_timeout (integer)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2208
+#: sssd.conf.5.xml:2390
msgid ""
"Specifies time in seconds since last successful online authentication for "
"which user will be authenticated using cached credentials while SSSD is in "
@@ -2615,12 +2851,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2214
+#: sssd.conf.5.xml:2396
msgid "Special value 0 implies that this feature is disabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2218
+#: sssd.conf.5.xml:2400
msgid ""
"Please note that if <quote>cached_auth_timeout</quote> is longer than "
"<quote>pam_id_timeout</quote> then the back end could be called to handle "
@@ -2628,7 +2864,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1172
+#: sssd.conf.5.xml:1311
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -2636,49 +2872,63 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2236
+#: sssd.conf.5.xml:2418
msgid "proxy_pam_target (string)"
msgstr "proxy_pam_target (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2239
+#: sssd.conf.5.xml:2421
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2242
+#: sssd.conf.5.xml:2424
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2250
+#: sssd.conf.5.xml:2432
msgid "proxy_lib_name (string)"
msgstr "proxy_lib_name (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2253
+#: sssd.conf.5.xml:2435
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
"for example _nss_files_getpwent."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2445
+msgid "proxy_fast_alias (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2448
+msgid ""
+"When a user or group is looked up by name in the proxy provider, a second "
+"lookup by ID is performed to \"canonicalize\" the name in case the requested "
+"name was an alias. Setting this option to true would cause the SSSD to "
+"perform the ID lookup from cache for performance reasons."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2232
+#: sssd.conf.5.xml:2414
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2265
+#: sssd.conf.5.xml:2465
msgid "The local domain section"
msgstr "A secção de domínio local"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2267
+#: sssd.conf.5.xml:2467
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -2686,73 +2936,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2274
+#: sssd.conf.5.xml:2474
msgid "default_shell (string)"
msgstr "default_shell (string)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2277
+#: sssd.conf.5.xml:2477
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2281
+#: sssd.conf.5.xml:2481
msgid "Default: <filename>/bin/bash</filename>"
msgstr "Padrão: <filename>bash/bin/bash</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2286
+#: sssd.conf.5.xml:2486
msgid "base_directory (string)"
msgstr "base_directory (string)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2289
+#: sssd.conf.5.xml:2489
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2294
+#: sssd.conf.5.xml:2494
msgid "Default: <filename>/home</filename>"
msgstr "Padrão: <filename>/ home</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2299
+#: sssd.conf.5.xml:2499
msgid "create_homedir (bool)"
msgstr "create_homedir (bool)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2302
+#: sssd.conf.5.xml:2502
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2306 sssd.conf.5.xml:2318
+#: sssd.conf.5.xml:2506 sssd.conf.5.xml:2518
msgid "Default: TRUE"
msgstr "Padrão: TRUE"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2311
+#: sssd.conf.5.xml:2511
msgid "remove_homedir (bool)"
msgstr "remove_homedir (bool)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2314
+#: sssd.conf.5.xml:2514
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2323
+#: sssd.conf.5.xml:2523
msgid "homedir_umask (integer)"
msgstr "homedir_umask (integer)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2326
+#: sssd.conf.5.xml:2526
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -2760,17 +3010,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2334
+#: sssd.conf.5.xml:2534
msgid "Default: 077"
msgstr "Padrão: 077"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2339
+#: sssd.conf.5.xml:2539
msgid "skel_dir (string)"
msgstr "skel_dir (string)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2342
+#: sssd.conf.5.xml:2542
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -2779,17 +3029,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2352
+#: sssd.conf.5.xml:2552
msgid "Default: <filename>/etc/skel</filename>"
msgstr "Padrão: <filename>skel/etc/skel</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2357
+#: sssd.conf.5.xml:2557
msgid "mail_dir (string)"
msgstr "mail_dir (string)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2360
+#: sssd.conf.5.xml:2560
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -2797,17 +3047,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2367
+#: sssd.conf.5.xml:2567
msgid "Default: <filename>/var/mail</filename>"
msgstr "Padrão: <filename>mail/var/mail</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2372
+#: sssd.conf.5.xml:2572
msgid "userdel_cmd (string)"
msgstr "userdel_cmd (string)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2375
+#: sssd.conf.5.xml:2575
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -2815,19 +3065,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2381
+#: sssd.conf.5.xml:2581
msgid "Default: None, no command is run"
msgstr "Padrão: None, nenhum comando é executado"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:2391 sssd-ldap.5.xml:2611 sssd-simple.5.xml:131
-#: sssd-ipa.5.xml:717 sssd-ad.5.xml:889 sssd-krb5.5.xml:564
+#: sssd.conf.5.xml:2591 sssd-ldap.5.xml:2629 sssd-simple.5.xml:131
+#: sssd-ipa.5.xml:717 sssd-ad.5.xml:965 sssd-krb5.5.xml:564
#: sss_rpcidmapd.5.xml:98
msgid "EXAMPLE"
msgstr "EXEMPLO"
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:2397
+#: sssd.conf.5.xml:2597
#, no-wrap
msgid ""
"[sssd]\n"
@@ -2881,7 +3131,7 @@ msgstr ""
"enumerate = False\n"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2393
+#: sssd.conf.5.xml:2593
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -2927,7 +3177,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:88
+#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:89
#: sssd-krb5.5.xml:63 sssd-ifp.5.xml:44
msgid "CONFIGURATION OPTIONS"
msgstr "OPÇÕES DE CONFIGURAÇÃO"
@@ -3027,8 +3277,8 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:646 sssd-ad.5.xml:212
-#: sss_override.8.xml:99 sss_override.8.xml:167
+#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:646 sssd-ad.5.xml:220
+#: sss_override.8.xml:137 sss_override.8.xml:234
msgid "Examples:"
msgstr "Exemplos:"
@@ -3321,14 +3571,14 @@ msgid "ldap_user_modify_timestamp (string)"
msgstr "ldap_user_modify_timestamp (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:373 sssd-ldap.5.xml:914 sssd-ldap.5.xml:1119
+#: sssd-ldap.5.xml:373 sssd-ldap.5.xml:914 sssd-ldap.5.xml:1137
msgid ""
"The LDAP attribute that contains timestamp of the last modification of the "
"parent object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:377 sssd-ldap.5.xml:918 sssd-ldap.5.xml:1126
+#: sssd-ldap.5.xml:377 sssd-ldap.5.xml:918 sssd-ldap.5.xml:1144
msgid "Default: modifyTimestamp"
msgstr "Padrão: modifyTimestamp"
@@ -3723,8 +3973,8 @@ msgid "The LDAP attribute that corresponds to the user's full name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:743 sssd-ldap.5.xml:850 sssd-ldap.5.xml:1077
-#: sssd-ldap.5.xml:1151 sssd-ldap.5.xml:2192 sssd-ipa.5.xml:590
+#: sssd-ldap.5.xml:743 sssd-ldap.5.xml:850 sssd-ldap.5.xml:1095
+#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:2210 sssd-ipa.5.xml:590
msgid "Default: cn"
msgstr "Padrão: NC"
@@ -3928,11 +4178,30 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:945
+#, fuzzy
+#| msgid "ldap_group_search_base (string)"
+msgid "ldap_group_external_member (string)"
+msgstr "ldap_group_search_base (string)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:948
+msgid ""
+"The LDAP attribute that references group members that are defined in an "
+"external domain. At the moment, only IPA's external members are supported."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:954
+msgid "Default: ipaExternalMember in the IPA provider, otherwise unset."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:961
msgid "ldap_group_nesting_level (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:948
+#: sssd-ldap.5.xml:964
msgid ""
"If ldap_schema is set to a schema format that supports nested groups (e.g. "
"RFC2307bis), then this option controls how many levels of nesting SSSD will "
@@ -3940,7 +4209,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:955
+#: sssd-ldap.5.xml:971
msgid ""
"Note: This option specifies the guaranteed level of nested groups to be "
"processed for any lookup. However, nested groups beyond this limit "
@@ -3950,26 +4219,27 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:964
+#: sssd-ldap.5.xml:980
msgid ""
"If ldap_group_nesting_level is set to 0 then no nested groups are processed "
-"at all. However, when connected to Active-Directory Server 2008 and later it "
-"is furthermore required to disable usage of Token-Groups by setting "
-"ldap_use_tokengroups to false."
+"at all. However, when connected to Active-Directory Server 2008 and later "
+"using <quote>id_provider=ad</quote> it is furthermore required to disable "
+"usage of Token-Groups by setting ldap_use_tokengroups to false in order to "
+"restrict group nesting."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:971
+#: sssd-ldap.5.xml:989
msgid "Default: 2"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:977
+#: sssd-ldap.5.xml:995
msgid "ldap_groups_use_matching_rule_in_chain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:980
+#: sssd-ldap.5.xml:998
msgid ""
"This option tells SSSD to take advantage of an Active Directory-specific "
"feature which may speed up group lookup operations on deployments with "
@@ -3977,14 +4247,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:986
+#: sssd-ldap.5.xml:1004
msgid ""
"In most common cases, it is best to leave this option disabled. It generally "
"only provides a performance increase on very complex nestings."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:991 sssd-ldap.5.xml:1018
+#: sssd-ldap.5.xml:1009 sssd-ldap.5.xml:1036
msgid ""
"If this option is enabled, SSSD will use it if it detects that the server "
"supports it during initial connection. So \"True\" here essentially means "
@@ -3992,7 +4262,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:997 sssd-ldap.5.xml:1024
+#: sssd-ldap.5.xml:1015 sssd-ldap.5.xml:1042
msgid ""
"Note: This feature is currently known to work only with Active Directory "
"2008 R1 and later. See <ulink url=\"http://msdn.microsoft.com/en-us/library/"
@@ -4000,19 +4270,13 @@ msgid ""
"for more details."
msgstr ""
-#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1003 sssd-ldap.5.xml:1030 sssd-ldap.5.xml:1321
-#: sssd-ldap.5.xml:1342 sssd-ldap.5.xml:1848 include/ldap_id_mapping.xml:242
-msgid "Default: False"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1009
+#: sssd-ldap.5.xml:1027
msgid "ldap_initgroups_use_matching_rule_in_chain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1012
+#: sssd-ldap.5.xml:1030
msgid ""
"This option tells SSSD to take advantage of an Active Directory-specific "
"feature which might speed up initgroups operations (most notably when "
@@ -4020,168 +4284,168 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1039
+#: sssd-ldap.5.xml:1057
msgid ""
"This options enables or disables use of Token-Groups attribute when "
"performing initgroup for users from Active Directory Server 2008 and later."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1044
+#: sssd-ldap.5.xml:1062
msgid "Default: True for AD and IPA otherwise False."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1050
+#: sssd-ldap.5.xml:1068
msgid "ldap_netgroup_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1053
+#: sssd-ldap.5.xml:1071
msgid "The object class of a netgroup entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1056
+#: sssd-ldap.5.xml:1074
msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1060
+#: sssd-ldap.5.xml:1078
msgid "Default: nisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1066
+#: sssd-ldap.5.xml:1084
msgid "ldap_netgroup_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1069
+#: sssd-ldap.5.xml:1087
msgid "The LDAP attribute that corresponds to the netgroup name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1073
+#: sssd-ldap.5.xml:1091
msgid "In IPA provider, ipa_netgroup_name should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1083
+#: sssd-ldap.5.xml:1101
msgid "ldap_netgroup_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1086
+#: sssd-ldap.5.xml:1104
msgid "The LDAP attribute that contains the names of the netgroup's members."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1090
+#: sssd-ldap.5.xml:1108
msgid "In IPA provider, ipa_netgroup_member should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1094
+#: sssd-ldap.5.xml:1112
msgid "Default: memberNisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1100
+#: sssd-ldap.5.xml:1118
msgid "ldap_netgroup_triple (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1103
+#: sssd-ldap.5.xml:1121
msgid ""
"The LDAP attribute that contains the (host, user, domain) netgroup triples."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1107 sssd-ldap.5.xml:1123
+#: sssd-ldap.5.xml:1125 sssd-ldap.5.xml:1141
msgid "This option is not available in IPA provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1110
+#: sssd-ldap.5.xml:1128
msgid "Default: nisNetgroupTriple"
msgstr "Padrão: nisNetgroupTriple"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1116
+#: sssd-ldap.5.xml:1134
msgid "ldap_netgroup_modify_timestamp (string)"
msgstr "ldap_netgroup_modify_timestamp (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1132
+#: sssd-ldap.5.xml:1150
msgid "ldap_service_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1135
+#: sssd-ldap.5.xml:1153
msgid "The object class of a service entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1138
+#: sssd-ldap.5.xml:1156
msgid "Default: ipService"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1144
+#: sssd-ldap.5.xml:1162
msgid "ldap_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1147
+#: sssd-ldap.5.xml:1165
msgid ""
"The LDAP attribute that contains the name of service attributes and their "
"aliases."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1157
+#: sssd-ldap.5.xml:1175
msgid "ldap_service_port (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1160
+#: sssd-ldap.5.xml:1178
msgid "The LDAP attribute that contains the port managed by this service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1164
+#: sssd-ldap.5.xml:1182
msgid "Default: ipServicePort"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1170
+#: sssd-ldap.5.xml:1188
msgid "ldap_service_proto (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1173
+#: sssd-ldap.5.xml:1191
msgid ""
"The LDAP attribute that contains the protocols understood by this service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1177
+#: sssd-ldap.5.xml:1195
msgid "Default: ipServiceProtocol"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1183
+#: sssd-ldap.5.xml:1201
msgid "ldap_service_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1188
+#: sssd-ldap.5.xml:1206
msgid "ldap_search_timeout (integer)"
msgstr "ldap_search_timeout (integer)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1191
+#: sssd-ldap.5.xml:1209
msgid ""
"Specifies the timeout (in seconds) that ldap searches are allowed to run "
"before they are cancelled and cached results are returned (and offline mode "
@@ -4189,7 +4453,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1197
+#: sssd-ldap.5.xml:1215
msgid ""
"Note: this option is subject to change in future versions of the SSSD. It "
"will likely be replaced at some point by a series of timeouts for specific "
@@ -4197,12 +4461,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1209
+#: sssd-ldap.5.xml:1227
msgid "ldap_enumeration_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1212
+#: sssd-ldap.5.xml:1230
msgid ""
"Specifies the timeout (in seconds) that ldap searches for user and group "
"enumerations are allowed to run before they are cancelled and cached results "
@@ -4210,12 +4474,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1225
+#: sssd-ldap.5.xml:1243
msgid "ldap_network_timeout (integer)"
msgstr "ldap_network_timeout (integer)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1228
+#: sssd-ldap.5.xml:1246
msgid ""
"Specifies the timeout (in seconds) after which the <citerefentry> "
"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
@@ -4226,12 +4490,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1251
+#: sssd-ldap.5.xml:1269
msgid "ldap_opt_timeout (integer)"
msgstr "ldap_opt_timeout (integer)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1254
+#: sssd-ldap.5.xml:1272
msgid ""
"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
"will abort if no response is received. Also controls the timeout when "
@@ -4240,12 +4504,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1269
+#: sssd-ldap.5.xml:1287
msgid "ldap_connection_expire_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1272
+#: sssd-ldap.5.xml:1290
msgid ""
"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
"maintained. After this time, the connection will be re-established. If used "
@@ -4254,34 +4518,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1280 sssd-ldap.5.xml:2349
+#: sssd-ldap.5.xml:1298 sssd-ldap.5.xml:2367
msgid "Default: 900 (15 minutes)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1286
+#: sssd-ldap.5.xml:1304
msgid "ldap_page_size (integer)"
msgstr "ldap_page_size (integer)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1289
+#: sssd-ldap.5.xml:1307
msgid ""
"Specify the number of records to retrieve from LDAP in a single request. "
"Some LDAP servers enforce a maximum limit per-request."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1294
+#: sssd-ldap.5.xml:1312
msgid "Default: 1000"
msgstr "Padrão: 1000"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1300
+#: sssd-ldap.5.xml:1318
msgid "ldap_disable_paging (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1303
+#: sssd-ldap.5.xml:1321
msgid ""
"Disable the LDAP paging control. This option should be used if the LDAP "
"server reports that it supports the LDAP paging control in its RootDSE but "
@@ -4289,14 +4553,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1309
+#: sssd-ldap.5.xml:1327
msgid ""
"Example: OpenLDAP servers with the paging control module installed on the "
"server but not enabled will report it in the RootDSE but be unable to use it."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1315
+#: sssd-ldap.5.xml:1333
msgid ""
"Example: 389 DS has a bug where it can only support a one paging control at "
"a time on a single connection. On busy clients, this can result in some "
@@ -4304,17 +4568,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1327
+#: sssd-ldap.5.xml:1345
msgid "ldap_disable_range_retrieval (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1330
+#: sssd-ldap.5.xml:1348
msgid "Disable Active Directory range retrieval."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1333
+#: sssd-ldap.5.xml:1351
msgid ""
"Active Directory limits the number of members to be retrieved in a single "
"lookup using the MaxValRange policy (which defaults to 1500 members). If a "
@@ -4324,12 +4588,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1348
+#: sssd-ldap.5.xml:1366
msgid "ldap_sasl_minssf (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1351
+#: sssd-ldap.5.xml:1369
msgid ""
"When communicating with an LDAP server using SASL, specify the minimum "
"security level necessary to establish the connection. The values of this "
@@ -4337,17 +4601,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1357
+#: sssd-ldap.5.xml:1375
msgid "Default: Use the system default (usually specified by ldap.conf)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1364
+#: sssd-ldap.5.xml:1382
msgid "ldap_deref_threshold (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1367
+#: sssd-ldap.5.xml:1385
msgid ""
"Specify the number of group members that must be missing from the internal "
"cache in order to trigger a dereference lookup. If less members are missing, "
@@ -4355,13 +4619,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1373
+#: sssd-ldap.5.xml:1391
msgid ""
"You can turn off dereference lookups completely by setting the value to 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1377
+#: sssd-ldap.5.xml:1395
msgid ""
"A dereference lookup is a means of fetching all group members in a single "
"LDAP call. Different LDAP servers may implement different dereference "
@@ -4370,7 +4634,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1385
+#: sssd-ldap.5.xml:1403
msgid ""
"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
"filter, then the dereference lookup performance enhancement will be disabled "
@@ -4378,19 +4642,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1398
+#: sssd-ldap.5.xml:1416
msgid "ldap_tls_reqcert (string)"
msgstr "ldap_tls_reqcert (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1401
+#: sssd-ldap.5.xml:1419
msgid ""
"Specifies what checks to perform on server certificates in a TLS session, if "
"any. It can be specified as one of the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1407
+#: sssd-ldap.5.xml:1425
msgid ""
"<emphasis>never</emphasis> = The client will not request or check any server "
"certificate."
@@ -4399,7 +4663,7 @@ msgstr ""
"qualquer certificado de servidor."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1411
+#: sssd-ldap.5.xml:1429
msgid ""
"<emphasis>allow</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -4407,7 +4671,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1418
+#: sssd-ldap.5.xml:1436
msgid ""
"<emphasis>try</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -4415,7 +4679,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1424
+#: sssd-ldap.5.xml:1442
msgid ""
"<emphasis>demand</emphasis> = The server certificate is requested. If no "
"certificate is provided, or a bad certificate is provided, the session is "
@@ -4423,41 +4687,41 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1430
+#: sssd-ldap.5.xml:1448
msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1434
+#: sssd-ldap.5.xml:1452
msgid "Default: hard"
msgstr "Padrão: hard"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1440
+#: sssd-ldap.5.xml:1458
msgid "ldap_tls_cacert (string)"
msgstr "ldap_tls_cacert (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1443
+#: sssd-ldap.5.xml:1461
msgid ""
"Specifies the file that contains certificates for all of the Certificate "
"Authorities that <command>sssd</command> will recognize."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1448 sssd-ldap.5.xml:1466 sssd-ldap.5.xml:1507
+#: sssd-ldap.5.xml:1466 sssd-ldap.5.xml:1484 sssd-ldap.5.xml:1525
msgid ""
"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
"conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1455
+#: sssd-ldap.5.xml:1473
msgid "ldap_tls_cacertdir (string)"
msgstr "ldap_tls_cacertdir (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1458
+#: sssd-ldap.5.xml:1476
msgid ""
"Specifies the path of a directory that contains Certificate Authority "
"certificates in separate individual files. Typically the file names need to "
@@ -4466,32 +4730,32 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1473
+#: sssd-ldap.5.xml:1491
msgid "ldap_tls_cert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1476
+#: sssd-ldap.5.xml:1494
msgid "Specifies the file that contains the certificate for the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1486
+#: sssd-ldap.5.xml:1504
msgid "ldap_tls_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1489
+#: sssd-ldap.5.xml:1507
msgid "Specifies the file that contains the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1498
+#: sssd-ldap.5.xml:1516
msgid "ldap_tls_cipher_suite (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1501
+#: sssd-ldap.5.xml:1519
msgid ""
"Specifies acceptable cipher suites. Typically this is a colon separated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -4499,24 +4763,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1514
+#: sssd-ldap.5.xml:1532
msgid "ldap_id_use_start_tls (boolean)"
msgstr "ldap_id_use_start_tls (boolean)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1517
+#: sssd-ldap.5.xml:1535
msgid ""
"Specifies that the id_provider connection must also use <systemitem class="
"\"protocol\">tls</systemitem> to protect the channel."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1527
+#: sssd-ldap.5.xml:1545
msgid "ldap_id_mapping (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1530
+#: sssd-ldap.5.xml:1548
msgid ""
"Specifies that SSSD should attempt to map user and group IDs from the "
"ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
@@ -4524,17 +4788,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1536
+#: sssd-ldap.5.xml:1554
msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1546
+#: sssd-ldap.5.xml:1564
msgid "ldap_min_id, ldap_max_id (interger)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1549
+#: sssd-ldap.5.xml:1567
msgid ""
"In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
"set to true the allowed ID range for ldap_user_uid_number and "
@@ -4545,29 +4809,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1561
+#: sssd-ldap.5.xml:1579
msgid "Default: not set (both options are set to 0)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1567
+#: sssd-ldap.5.xml:1585
msgid "ldap_sasl_mech (string)"
msgstr "ldap_sasl_mech (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1570
+#: sssd-ldap.5.xml:1588
msgid ""
"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
"supported."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1580
+#: sssd-ldap.5.xml:1598
msgid "ldap_sasl_authid (string)"
msgstr "ldap_sasl_authid (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1583
+#: sssd-ldap.5.xml:1601
msgid ""
"Specify the SASL authorization id to use. When GSSAPI is used, this "
"represents the Kerberos principal used for authentication to the directory. "
@@ -4576,17 +4840,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1591
+#: sssd-ldap.5.xml:1609
msgid "Default: host/hostname@REALM"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1597
+#: sssd-ldap.5.xml:1615
msgid "ldap_sasl_realm (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1600
+#: sssd-ldap.5.xml:1618
msgid ""
"Specify the SASL realm to use. When not specified, this option defaults to "
"the value of krb5_realm. If the ldap_sasl_authid contains the realm as "
@@ -4594,50 +4858,50 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1606
+#: sssd-ldap.5.xml:1624
msgid "Default: the value of krb5_realm."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1612
+#: sssd-ldap.5.xml:1630
msgid "ldap_sasl_canonicalize (boolean)"
msgstr "ldap_sasl_canonicalize (boolean)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1615
+#: sssd-ldap.5.xml:1633
msgid ""
"If set to true, the LDAP library would perform a reverse lookup to "
"canonicalize the host name during a SASL bind."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1620
+#: sssd-ldap.5.xml:1638
msgid "Default: false;"
msgstr "Padrão: false;"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1626
+#: sssd-ldap.5.xml:1644
msgid "ldap_krb5_keytab (string)"
msgstr "ldap_krb5_keytab (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1629
+#: sssd-ldap.5.xml:1647
msgid "Specify the keytab to use when using SASL/GSSAPI."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1632
+#: sssd-ldap.5.xml:1650
msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
msgstr ""
"Padrão: Sistema keytab, normalmente <filename>/etc/krb5.keytab</filename>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1638
+#: sssd-ldap.5.xml:1656
msgid "ldap_krb5_init_creds (boolean)"
msgstr "ldap_krb5_init_creds (boolean)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1641
+#: sssd-ldap.5.xml:1659
msgid ""
"Specifies that the id_provider should init Kerberos credentials (TGT). This "
"action is performed only if SASL is used and the mechanism selected is "
@@ -4645,27 +4909,27 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1653
+#: sssd-ldap.5.xml:1671
msgid "ldap_krb5_ticket_lifetime (integer)"
msgstr "ldap_krb5_ticket_lifetime (integer)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1656
+#: sssd-ldap.5.xml:1674
msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1660 sssd-ad.5.xml:783
+#: sssd-ldap.5.xml:1678 sssd-ad.5.xml:859
msgid "Default: 86400 (24 hours)"
msgstr "Padrão: 86400 (24 horas)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1666 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1684 sssd-krb5.5.xml:74
msgid "krb5_server, krb5_backup_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1669
+#: sssd-ldap.5.xml:1687
msgid ""
"Specifies the comma-separated list of IP addresses or hostnames of the "
"Kerberos servers to which SSSD should connect in the order of preference. "
@@ -4677,7 +4941,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1681 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1699 sssd-krb5.5.xml:89
msgid ""
"When using service discovery for KDC or kpasswd servers, SSSD first searches "
"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -4685,7 +4949,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1686 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1704 sssd-krb5.5.xml:94
msgid ""
"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
"While the legacy name is recognized for the time being, users are advised to "
@@ -4693,39 +4957,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1695 sssd-ipa.5.xml:415 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1713 sssd-ipa.5.xml:415 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr "krb5_realm (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1698
+#: sssd-ldap.5.xml:1716
msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1701
+#: sssd-ldap.5.xml:1719
msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1707 sssd-ipa.5.xml:430 sssd-krb5.5.xml:462
+#: sssd-ldap.5.xml:1725 sssd-ipa.5.xml:430 sssd-krb5.5.xml:462
msgid "krb5_canonicalize (boolean)"
msgstr "krb5_canonicalize (boolean)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1710
+#: sssd-ldap.5.xml:1728
msgid ""
"Specifies if the host principal should be canonicalized when connecting to "
"LDAP server. This feature is available with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1722 sssd-krb5.5.xml:477
+#: sssd-ldap.5.xml:1740 sssd-krb5.5.xml:477
msgid "krb5_use_kdcinfo (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1725 sssd-krb5.5.xml:480
+#: sssd-ldap.5.xml:1743 sssd-krb5.5.xml:480
msgid ""
"Specifies if the SSSD should instruct the Kerberos libraries what realm and "
"which KDCs to use. This option is on by default, if you disable it, you need "
@@ -4735,7 +4999,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1736 sssd-krb5.5.xml:491
+#: sssd-ldap.5.xml:1754 sssd-krb5.5.xml:491
msgid ""
"See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
@@ -4743,26 +5007,26 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1750
+#: sssd-ldap.5.xml:1768
msgid "ldap_pwd_policy (string)"
msgstr "ldap_pwd_policy (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1753
+#: sssd-ldap.5.xml:1771
msgid ""
"Select the policy to evaluate the password expiration on the client side. "
"The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1758
+#: sssd-ldap.5.xml:1776
msgid ""
"<emphasis>none</emphasis> - No evaluation on the client side. This option "
"cannot disable server-side password policies."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1763
+#: sssd-ldap.5.xml:1781
msgid ""
"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -4770,7 +5034,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1769
+#: sssd-ldap.5.xml:1787
msgid ""
"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
"to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -4778,31 +5042,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1778
+#: sssd-ldap.5.xml:1796
msgid ""
"<emphasis>Note</emphasis>: if a password policy is configured on server "
"side, it always takes precedence over policy set with this option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1786
+#: sssd-ldap.5.xml:1804
msgid "ldap_referrals (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1789
+#: sssd-ldap.5.xml:1807
msgid "Specifies whether automatic referral chasing should be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1793
+#: sssd-ldap.5.xml:1811
msgid ""
"Please note that sssd only supports referral chasing when it is compiled "
"with OpenLDAP version 2.4.13 or higher."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1798
+#: sssd-ldap.5.xml:1816
msgid ""
"Chasing referrals may incur a performance penalty in environments that use "
"them heavily, a notable example is Microsoft Active Directory. If your setup "
@@ -4811,56 +5075,56 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1812
+#: sssd-ldap.5.xml:1830
msgid "ldap_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1815
+#: sssd-ldap.5.xml:1833
msgid "Specifies the service name to use when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1819
+#: sssd-ldap.5.xml:1837
msgid "Default: ldap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1825
+#: sssd-ldap.5.xml:1843
msgid "ldap_chpass_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1828
+#: sssd-ldap.5.xml:1846
msgid ""
"Specifies the service name to use to find an LDAP server which allows "
"password changes when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1833
+#: sssd-ldap.5.xml:1851
msgid "Default: not set, i.e. service discovery is disabled"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1839
+#: sssd-ldap.5.xml:1857
msgid "ldap_chpass_update_last_change (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1842
+#: sssd-ldap.5.xml:1860
msgid ""
"Specifies whether to update the ldap_user_shadow_last_change attribute with "
"days since the Epoch after a password change operation."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1854
+#: sssd-ldap.5.xml:1872
msgid "ldap_access_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1857
+#: sssd-ldap.5.xml:1875
msgid ""
"If using access_provider = ldap and ldap_access_order = filter (default), "
"this option is mandatory. It specifies an LDAP search filter criteria that "
@@ -4876,12 +5140,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1877
+#: sssd-ldap.5.xml:1895
msgid "Example:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1880
+#: sssd-ldap.5.xml:1898
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -4890,14 +5154,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1884
+#: sssd-ldap.5.xml:1902
msgid ""
"This example means that access to this host is restricted to users whose "
"employeeType attribute is set to \"admin\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1889
+#: sssd-ldap.5.xml:1907
msgid ""
"Offline caching for this feature is limited to determining whether the "
"user's last online login was granted access permission. If they were granted "
@@ -4906,24 +5170,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1897 sssd-ldap.5.xml:1954
+#: sssd-ldap.5.xml:1915 sssd-ldap.5.xml:1972
msgid "Default: Empty"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1903
+#: sssd-ldap.5.xml:1921
msgid "ldap_account_expire_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1906
+#: sssd-ldap.5.xml:1924
msgid ""
"With this option a client side evaluation of access control attributes can "
"be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1910
+#: sssd-ldap.5.xml:1928
msgid ""
"Please note that it is always recommended to use server side access control, "
"i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -4931,19 +5195,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1917
+#: sssd-ldap.5.xml:1935
msgid "The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1920
+#: sssd-ldap.5.xml:1938
msgid ""
"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
"determine if the account is expired."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1925
+#: sssd-ldap.5.xml:1943
msgid ""
"<emphasis>ad</emphasis>: use the value of the 32bit field "
"ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -4952,7 +5216,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1932
+#: sssd-ldap.5.xml:1950
msgid ""
"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
"emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -4960,7 +5224,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1938
+#: sssd-ldap.5.xml:1956
msgid ""
"<emphasis>nds</emphasis>: the values of "
"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -4969,7 +5233,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1947
+#: sssd-ldap.5.xml:1965
msgid ""
"Please note that the ldap_access_order configuration option <emphasis>must</"
"emphasis> include <quote>expire</quote> in order for the "
@@ -4977,22 +5241,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1960
+#: sssd-ldap.5.xml:1978
msgid "ldap_access_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1963
+#: sssd-ldap.5.xml:1981
msgid "Comma separated list of access control options. Allowed values are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1967
+#: sssd-ldap.5.xml:1985
msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1970
+#: sssd-ldap.5.xml:1988
msgid ""
"<emphasis>lockout</emphasis>: use account locking. If set, this option "
"denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -5002,14 +5266,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1980
+#: sssd-ldap.5.xml:1998
msgid ""
"<emphasis> Please note that this option is superseded by the <quote>ppolicy</"
"quote> option and might be removed in a future release. </emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1987
+#: sssd-ldap.5.xml:2005
msgid ""
"<emphasis>ppolicy</emphasis>: use account locking. If set, this option "
"denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -5022,12 +5286,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2004
+#: sssd-ldap.5.xml:2022
msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2008
+#: sssd-ldap.5.xml:2026
msgid ""
"<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, "
"pwd_expire_policy_renew: </emphasis> These options are useful if users are "
@@ -5037,7 +5301,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2018
+#: sssd-ldap.5.xml:2036
msgid ""
"The difference between these options is the action taken if user password is "
"expired: pwd_expire_policy_reject - user is denied to log in, "
@@ -5047,49 +5311,49 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2026
+#: sssd-ldap.5.xml:2044
msgid ""
"Note If user password is expired no explicit message is prompted by SSSD."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2030
+#: sssd-ldap.5.xml:2048
msgid ""
"Please note that 'access_provider = ldap' must be set for this feature to "
"work. Also 'ldap_pwd_policy' must be set to an appropriate password policy."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2035
+#: sssd-ldap.5.xml:2053
msgid ""
"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
"to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2040
+#: sssd-ldap.5.xml:2058
msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2044
+#: sssd-ldap.5.xml:2062
msgid "Default: filter"
msgstr "Padrão: filter"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2047
+#: sssd-ldap.5.xml:2065
msgid ""
"Please note that it is a configuration error if a value is used more than "
"once."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2054
+#: sssd-ldap.5.xml:2072
msgid "ldap_pwdlockout_dn (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2057
+#: sssd-ldap.5.xml:2075
msgid ""
"This option specifies the DN of password policy entry on LDAP server. Please "
"note that absence of this option in sssd.conf in case of enabled account "
@@ -5098,74 +5362,74 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2065
+#: sssd-ldap.5.xml:2083
msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2068
+#: sssd-ldap.5.xml:2086
msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2074
+#: sssd-ldap.5.xml:2092
msgid "ldap_deref (string)"
msgstr "ldap_deref (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2077
+#: sssd-ldap.5.xml:2095
msgid ""
"Specifies how alias dereferencing is done when performing a search. The "
"following options are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2082
+#: sssd-ldap.5.xml:2100
msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2086
+#: sssd-ldap.5.xml:2104
msgid ""
"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
"the base object, but not in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2091
+#: sssd-ldap.5.xml:2109
msgid ""
"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
"the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2096
+#: sssd-ldap.5.xml:2114
msgid ""
"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
"in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2101
+#: sssd-ldap.5.xml:2119
msgid ""
"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
"client libraries)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2109
+#: sssd-ldap.5.xml:2127
msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2112
+#: sssd-ldap.5.xml:2130
msgid ""
"Allows to retain local users as members of an LDAP group for servers that "
"use the RFC2307 schema."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2116
+#: sssd-ldap.5.xml:2134
msgid ""
"In some environments where the RFC2307 schema is used, local users are made "
"members of LDAP groups by adding their names to the memberUid attribute. "
@@ -5176,7 +5440,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2127
+#: sssd-ldap.5.xml:2145
msgid ""
"This option falls back to checking if local users are referenced, and caches "
"them so that later initgroups() calls will augment the local users with the "
@@ -5184,26 +5448,26 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2139 sssd-ifp.5.xml:136
+#: sssd-ldap.5.xml:2157 sssd-ifp.5.xml:136
#, fuzzy
#| msgid "ldap_opt_timeout (integer)"
msgid "wildcart_limit (integer)"
msgstr "ldap_opt_timeout (integer)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2142
+#: sssd-ldap.5.xml:2160
msgid ""
"Specifies an upper limit on the number of entries that are downloaded during "
"a wildcard lookup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2146
+#: sssd-ldap.5.xml:2164
msgid "At the moment, only the InfoPipe responder supports wildcard lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2150
+#: sssd-ldap.5.xml:2168
msgid "Default: 1000 (often the size of one page)"
msgstr ""
@@ -5218,12 +5482,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2160
+#: sssd-ldap.5.xml:2178
msgid "SUDO OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2162
+#: sssd-ldap.5.xml:2180
msgid ""
"The detailed instructions for configuration of sudo_provider are in the "
"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -5231,208 +5495,208 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2173
+#: sssd-ldap.5.xml:2191
msgid "ldap_sudorule_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2176
+#: sssd-ldap.5.xml:2194
msgid "The object class of a sudo rule entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2179
+#: sssd-ldap.5.xml:2197
msgid "Default: sudoRole"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2185
+#: sssd-ldap.5.xml:2203
msgid "ldap_sudorule_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2188
+#: sssd-ldap.5.xml:2206
msgid "The LDAP attribute that corresponds to the sudo rule name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2198
+#: sssd-ldap.5.xml:2216
msgid "ldap_sudorule_command (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2201
+#: sssd-ldap.5.xml:2219
msgid "The LDAP attribute that corresponds to the command name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2205
+#: sssd-ldap.5.xml:2223
msgid "Default: sudoCommand"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2211
+#: sssd-ldap.5.xml:2229
msgid "ldap_sudorule_host (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2214
+#: sssd-ldap.5.xml:2232
msgid ""
"The LDAP attribute that corresponds to the host name (or host IP address, "
"host IP network, or host netgroup)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2219
+#: sssd-ldap.5.xml:2237
msgid "Default: sudoHost"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2225
+#: sssd-ldap.5.xml:2243
msgid "ldap_sudorule_user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2228
+#: sssd-ldap.5.xml:2246
msgid ""
"The LDAP attribute that corresponds to the user name (or UID, group name or "
"user's netgroup)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2232
+#: sssd-ldap.5.xml:2250
msgid "Default: sudoUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2238
+#: sssd-ldap.5.xml:2256
msgid "ldap_sudorule_option (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2241
+#: sssd-ldap.5.xml:2259
msgid "The LDAP attribute that corresponds to the sudo options."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2245
+#: sssd-ldap.5.xml:2263
msgid "Default: sudoOption"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2251
+#: sssd-ldap.5.xml:2269
msgid "ldap_sudorule_runasuser (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2254
+#: sssd-ldap.5.xml:2272
msgid ""
"The LDAP attribute that corresponds to the user name that commands may be "
"run as."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2258
+#: sssd-ldap.5.xml:2276
msgid "Default: sudoRunAsUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2264
+#: sssd-ldap.5.xml:2282
msgid "ldap_sudorule_runasgroup (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2267
+#: sssd-ldap.5.xml:2285
msgid ""
"The LDAP attribute that corresponds to the group name or group GID that "
"commands may be run as."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2271
+#: sssd-ldap.5.xml:2289
msgid "Default: sudoRunAsGroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2277
+#: sssd-ldap.5.xml:2295
msgid "ldap_sudorule_notbefore (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2280
+#: sssd-ldap.5.xml:2298
msgid ""
"The LDAP attribute that corresponds to the start date/time for when the sudo "
"rule is valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2284
+#: sssd-ldap.5.xml:2302
msgid "Default: sudoNotBefore"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2290
+#: sssd-ldap.5.xml:2308
msgid "ldap_sudorule_notafter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2293
+#: sssd-ldap.5.xml:2311
msgid ""
"The LDAP attribute that corresponds to the expiration date/time, after which "
"the sudo rule will no longer be valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2298
+#: sssd-ldap.5.xml:2316
msgid "Default: sudoNotAfter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2304
+#: sssd-ldap.5.xml:2322
msgid "ldap_sudorule_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2307
+#: sssd-ldap.5.xml:2325
msgid "The LDAP attribute that corresponds to the ordering index of the rule."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2311
+#: sssd-ldap.5.xml:2329
msgid "Default: sudoOrder"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2317
+#: sssd-ldap.5.xml:2335
msgid "ldap_sudo_full_refresh_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2320
+#: sssd-ldap.5.xml:2338
msgid ""
"How many seconds SSSD will wait between executing a full refresh of sudo "
"rules (which downloads all rules that are stored on the server)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2325
+#: sssd-ldap.5.xml:2343
msgid ""
"The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
"emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2330
+#: sssd-ldap.5.xml:2348
msgid "Default: 21600 (6 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2336
+#: sssd-ldap.5.xml:2354
msgid "ldap_sudo_smart_refresh_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2339
+#: sssd-ldap.5.xml:2357
msgid ""
"How many seconds SSSD has to wait before executing a smart refresh of sudo "
"rules (which downloads all rules that have USN higher than the highest USN "
@@ -5440,101 +5704,101 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2345
+#: sssd-ldap.5.xml:2363
msgid ""
"If USN attributes are not supported by the server, the modifyTimestamp "
"attribute is used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2355
+#: sssd-ldap.5.xml:2373
msgid "ldap_sudo_use_host_filter (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2358
+#: sssd-ldap.5.xml:2376
msgid ""
"If true, SSSD will download only rules that are applicable to this machine "
"(using the IPv4 or IPv6 host/network addresses and hostnames)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2369
+#: sssd-ldap.5.xml:2387
msgid "ldap_sudo_hostnames (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2372
+#: sssd-ldap.5.xml:2390
msgid ""
"Space separated list of hostnames or fully qualified domain names that "
"should be used to filter the rules."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2377
+#: sssd-ldap.5.xml:2395
msgid ""
"If this option is empty, SSSD will try to discover the hostname and the "
"fully qualified domain name automatically."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2382 sssd-ldap.5.xml:2405 sssd-ldap.5.xml:2423
-#: sssd-ldap.5.xml:2441
+#: sssd-ldap.5.xml:2400 sssd-ldap.5.xml:2423 sssd-ldap.5.xml:2441
+#: sssd-ldap.5.xml:2459
msgid ""
"If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
"emphasis> then this option has no effect."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2387 sssd-ldap.5.xml:2410
+#: sssd-ldap.5.xml:2405 sssd-ldap.5.xml:2428
msgid "Default: not specified"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2393
+#: sssd-ldap.5.xml:2411
msgid "ldap_sudo_ip (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2396
+#: sssd-ldap.5.xml:2414
msgid ""
"Space separated list of IPv4 or IPv6 host/network addresses that should be "
"used to filter the rules."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2401
+#: sssd-ldap.5.xml:2419
msgid ""
"If this option is empty, SSSD will try to discover the addresses "
"automatically."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2416
+#: sssd-ldap.5.xml:2434
msgid "ldap_sudo_include_netgroups (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2419
+#: sssd-ldap.5.xml:2437
msgid ""
"If true then SSSD will download every rule that contains a netgroup in "
"sudoHost attribute."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2434
+#: sssd-ldap.5.xml:2452
msgid "ldap_sudo_include_regexp (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2437
+#: sssd-ldap.5.xml:2455
msgid ""
"If true then SSSD will download every rule that contains a wildcard in "
"sudoHost attribute."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2453
+#: sssd-ldap.5.xml:2471
msgid ""
"This manual page only describes attribute name mapping. For detailed "
"explanation of sudo related attribute semantics, see <citerefentry> "
@@ -5543,110 +5807,110 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2463
+#: sssd-ldap.5.xml:2481
msgid "AUTOFS OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2465
+#: sssd-ldap.5.xml:2483
msgid ""
"Some of the defaults for the parameters below are dependent on the LDAP "
"schema."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2471
+#: sssd-ldap.5.xml:2489
msgid "ldap_autofs_map_master_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2474
+#: sssd-ldap.5.xml:2492
msgid "The name of the automount master map in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2477
+#: sssd-ldap.5.xml:2495
msgid "Default: auto.master"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2484
+#: sssd-ldap.5.xml:2502
msgid "ldap_autofs_map_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2487
+#: sssd-ldap.5.xml:2505
msgid "The object class of an automount map entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2490
+#: sssd-ldap.5.xml:2508
msgid "Default: automountMap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2497
+#: sssd-ldap.5.xml:2515
msgid "ldap_autofs_map_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2500
+#: sssd-ldap.5.xml:2518
msgid "The name of an automount map entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2503
+#: sssd-ldap.5.xml:2521
msgid "Default: ou (rfc2307), automountMapName (rfc2307bis, ipa, ad)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2511
+#: sssd-ldap.5.xml:2529
msgid "ldap_autofs_entry_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2514
+#: sssd-ldap.5.xml:2532
msgid ""
"The object class of an automount entry in LDAP. The entry usually "
"corresponds to a mount point."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2519
+#: sssd-ldap.5.xml:2537
#, fuzzy
#| msgid "Default: none"
msgid "Default: automount"
msgstr "Padrão: none"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2526
+#: sssd-ldap.5.xml:2544
msgid "ldap_autofs_entry_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2529 sssd-ldap.5.xml:2544
+#: sssd-ldap.5.xml:2547 sssd-ldap.5.xml:2562
msgid ""
"The key of an automount entry in LDAP. The entry usually corresponds to a "
"mount point."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2533
+#: sssd-ldap.5.xml:2551
msgid "Default: cn (rfc2307), automountKey (rfc2307bis, ipa, ad)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2541
+#: sssd-ldap.5.xml:2559
msgid "ldap_autofs_entry_value (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2548
+#: sssd-ldap.5.xml:2566
msgid "Default: automountInformation"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2469
+#: sssd-ldap.5.xml:2487
msgid ""
"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
@@ -5655,32 +5919,32 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2558
+#: sssd-ldap.5.xml:2576
msgid "ADVANCED OPTIONS"
msgstr "OPÇÕES AVANÇADAS"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2565
+#: sssd-ldap.5.xml:2583
msgid "ldap_netgroup_search_base (string)"
msgstr "ldap_netgroup_search_base (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2570
+#: sssd-ldap.5.xml:2588
msgid "ldap_user_search_base (string)"
msgstr "ldap_user_search_base (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2575
+#: sssd-ldap.5.xml:2593
msgid "ldap_group_search_base (string)"
msgstr "ldap_group_search_base (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><note>
-#: sssd-ldap.5.xml:2580
+#: sssd-ldap.5.xml:2598
msgid "<note>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para>
-#: sssd-ldap.5.xml:2582
+#: sssd-ldap.5.xml:2600
msgid ""
"If the option <quote>ldap_use_tokengroups</quote> is enabled. The searches "
"against Active Directory will not be restricted and return all groups "
@@ -5689,22 +5953,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist>
-#: sssd-ldap.5.xml:2589
+#: sssd-ldap.5.xml:2607
msgid "</note>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2591
+#: sssd-ldap.5.xml:2609
msgid "ldap_sudo_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2596
+#: sssd-ldap.5.xml:2614
msgid "ldap_autofs_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2560
+#: sssd-ldap.5.xml:2578
msgid ""
"These options are supported by LDAP domains, but they should be used with "
"caution. Please include them in your configuration only if you know what you "
@@ -5713,7 +5977,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2613
+#: sssd-ldap.5.xml:2631
msgid ""
"The following example assumes that SSSD is correctly configured and LDAP is "
"set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -5721,7 +5985,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2619
+#: sssd-ldap.5.xml:2637
#, no-wrap
msgid ""
"[domain/LDAP]\n"
@@ -5734,26 +5998,26 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: sssd-ldap.5.xml:2618 sssd-ldap.5.xml:2636 sssd-simple.5.xml:139
-#: sssd-ipa.5.xml:725 sssd-ad.5.xml:897 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98
+#: sssd-ldap.5.xml:2636 sssd-ldap.5.xml:2654 sssd-simple.5.xml:139
+#: sssd-ipa.5.xml:725 sssd-ad.5.xml:973 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98
#: sssd-krb5.5.xml:573 include/ldap_id_mapping.xml:105
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr "<placeholder type=\"programlisting\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2630
+#: sssd-ldap.5.xml:2648
msgid "LDAP ACCESS FILTER EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2632
+#: sssd-ldap.5.xml:2650
msgid ""
"The following example assumes that SSSD is correctly configured and to use "
"the ldap_access_order=lockout."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2637
+#: sssd-ldap.5.xml:2655
#, no-wrap
msgid ""
"[domain/LDAP]\n"
@@ -5769,13 +6033,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2652 sssd_krb5_locator_plugin.8.xml:61
-#: sssd-simple.5.xml:148 sssd-ad.5.xml:912 sssd.8.xml:195 sss_seed.8.xml:163
+#: sssd-ldap.5.xml:2670 sssd_krb5_locator_plugin.8.xml:61
+#: sssd-simple.5.xml:148 sssd-ad.5.xml:988 sssd.8.xml:195 sss_seed.8.xml:163
msgid "NOTES"
msgstr "NOTAS"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2654
+#: sssd-ldap.5.xml:2672
msgid ""
"The descriptions of some of the configuration options in this manual page "
"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -5810,11 +6074,12 @@ msgid ""
"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </"
"arg> <arg choice='opt'> <replaceable>ignore_unknown_user</replaceable> </"
"arg> <arg choice='opt'> <replaceable>ignore_authinfo_unavail</replaceable> </"
-"arg> <arg choice='opt'> <replaceable>domains=X</replaceable> </arg>"
+"arg> <arg choice='opt'> <replaceable>domains=X</replaceable> </arg> <arg "
+"choice='opt'> <replaceable>allow_missing_name</replaceable> </arg>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:54
+#: pam_sss.8.xml:57
msgid ""
"<command>pam_sss.so</command> is the PAM interface to the System Security "
"Services daemon (SSSD). Errors and results are logged through "
@@ -5822,34 +6087,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:64
+#: pam_sss.8.xml:67
msgid "<option>quiet</option>"
msgstr "<option>quiet</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:67
+#: pam_sss.8.xml:70
msgid "Suppress log messages for unknown users."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:72
+#: pam_sss.8.xml:75
msgid "<option>forward_pass</option>"
msgstr "<option>forward_pass</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:75
+#: pam_sss.8.xml:78
msgid ""
"If <option>forward_pass</option> is set the entered password is put on the "
"stack for other PAM modules to use."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:82
+#: pam_sss.8.xml:85
msgid "<option>use_first_pass</option>"
msgstr "<option>use_first_pass</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:85
+#: pam_sss.8.xml:88
msgid ""
"The argument use_first_pass forces the module to use a previous stacked "
"modules password and will never prompt the user - if no password is "
@@ -5857,31 +6122,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:93
+#: pam_sss.8.xml:96
msgid "<option>use_authtok</option>"
msgstr "<option>use_authtok</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:96
+#: pam_sss.8.xml:99
msgid ""
"When password changing enforce the module to set the new password to the one "
"provided by a previously stacked password module."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:103
+#: pam_sss.8.xml:106
msgid "<option>retry=N</option>"
msgstr "<option>retry=N</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:106
+#: pam_sss.8.xml:109
msgid ""
"If specified the user is asked another N times for a password if "
"authentication fails. Default is 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:108
+#: pam_sss.8.xml:111
msgid ""
"Please note that this option might not work as expected if the application "
"calling PAM handles the user dialog on its own. A typical example is "
@@ -5889,36 +6154,36 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:117
+#: pam_sss.8.xml:120
msgid "<option>ignore_unknown_user</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:120
+#: pam_sss.8.xml:123
msgid ""
"If this option is specified and the user does not exist, the PAM module will "
"return PAM_IGNORE. This causes the PAM framework to ignore this module."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:127
+#: pam_sss.8.xml:130
msgid "<option>ignore_authinfo_unavail</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:131
+#: pam_sss.8.xml:134
msgid ""
"Specifies that the PAM module should return PAM_IGNORE if it cannot contact "
"the SSSD daemon. This causes the PAM framework to ignore this module."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:138
+#: pam_sss.8.xml:141
msgid "<option>domains</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:142
+#: pam_sss.8.xml:145
msgid ""
"Allows the administrator to restrict the domains a particular PAM service is "
"allowed to authenticate against. The format is a comma-separated list of "
@@ -5926,7 +6191,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:148
+#: pam_sss.8.xml:151
msgid ""
"NOTE: Must be used in conjunction with the <quote>pam_trusted_users</quote> "
"and <quote>pam_public_domains</quote> options. Please see the "
@@ -5935,25 +6200,58 @@ msgid ""
"responder options."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:165
+#, fuzzy
+#| msgid "<option>forward_pass</option>"
+msgid "<option>allow_missing_name</option>"
+msgstr "<option>forward_pass</option>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:169
+msgid ""
+"The main purpose of this option is to let SSSD determine the user name based "
+"on additional information, e.g. the certificate from a Smartcard."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
+#: pam_sss.8.xml:179
+#, no-wrap
+msgid ""
+" auth sufficient pam_sss.so allow_missing_name\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:174
+msgid ""
+"The current use case are login managers which can monitor a Smartcard reader "
+"for card events. In case a Smartcard is inserted the login manager will call "
+"a PAM stack which includes a line like <placeholder type=\"programlisting\" "
+"id=\"0\"/> In this case SSSD will try to determine the user name based on "
+"the content of the Smartcard, returns it to pam_sss which will finally put "
+"it on the PAM stack."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:164
+#: pam_sss.8.xml:191
msgid "MODULE TYPES PROVIDED"
msgstr "MÓDULOS TIPO FORNECIDOS"
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:165
+#: pam_sss.8.xml:192
msgid ""
"All module types (<option>account</option>, <option>auth</option>, "
"<option>password</option> and <option>session</option>) are provided."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:171
+#: pam_sss.8.xml:198
msgid "FILES"
msgstr "FICHEIROS"
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:172
+#: pam_sss.8.xml:199
msgid ""
"If a password reset by root fails, because the corresponding SSSD provider "
"does not support password resets, an individual message can be displayed. "
@@ -5961,7 +6259,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:177
+#: pam_sss.8.xml:204
msgid ""
"The message is read from the file <filename>pam_sss_pw_reset_message.LOC</"
"filename> where LOC stands for a locale string returned by <citerefentry> "
@@ -5973,7 +6271,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:187
+#: pam_sss.8.xml:214
msgid ""
"These files are searched in the directory <filename>/etc/sssd/customize/"
"DOMAIN_NAME/</filename>. If no matching file is present a generic message is "
@@ -6132,7 +6430,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:89
+#: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:90
msgid ""
"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -6280,7 +6578,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:116 sssd-ad.5.xml:714
+#: sssd-ipa.5.xml:116 sssd-ad.5.xml:790
msgid "dyndns_update (boolean)"
msgstr ""
@@ -6288,14 +6586,14 @@ msgstr ""
#: sssd-ipa.5.xml:119
msgid ""
"Optional. This option tells SSSD to automatically update the DNS server "
-"built into FreeIPA v2 with the IP address of this client. The update is "
-"secured using GSS-TSIG. The IP address of the IPA LDAP connection is used "
-"for the updates, if it is not otherwise specified by using the "
-"<quote>dyndns_iface</quote> option."
+"built into FreeIPA with the IP address of this client. The update is secured "
+"using GSS-TSIG. The IP address of the IPA LDAP connection is used for the "
+"updates, if it is not otherwise specified by using the <quote>dyndns_iface</"
+"quote> option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:128 sssd-ad.5.xml:728
+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:804
msgid ""
"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
"the default Kerberos realm must be set properly in /etc/krb5.conf"
@@ -6310,12 +6608,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:145 sssd-ad.5.xml:739
+#: sssd-ipa.5.xml:145 sssd-ad.5.xml:815
msgid "dyndns_ttl (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:148 sssd-ad.5.xml:742
+#: sssd-ipa.5.xml:148 sssd-ad.5.xml:818
msgid ""
"The TTL to apply to the client DNS record when updating it. If "
"dyndns_update is false this has no effect. This will override the TTL "
@@ -6336,12 +6634,12 @@ msgid "Default: 1200 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:165 sssd-ad.5.xml:753
+#: sssd-ipa.5.xml:165 sssd-ad.5.xml:829
msgid "dyndns_iface (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168 sssd-ad.5.xml:756
+#: sssd-ipa.5.xml:168 sssd-ad.5.xml:832
msgid ""
"Optional. Applicable only when dyndns_update is true. Choose the interface "
"or a list of interfaces whose IP addresses should be used for dynamic DNS "
@@ -6365,7 +6663,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:185 sssd-ad.5.xml:767
+#: sssd-ipa.5.xml:185 sssd-ad.5.xml:843
msgid "Example: dyndns_iface = em1, vnet1, vnet2"
msgstr ""
@@ -6375,7 +6673,7 @@ msgid "ipa_enable_dns_sites (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:194 sssd-ad.5.xml:152
+#: sssd-ipa.5.xml:194 sssd-ad.5.xml:160
msgid "Enables DNS sites - location based service discovery."
msgstr ""
@@ -6392,12 +6690,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:217 sssd-ad.5.xml:773
+#: sssd-ipa.5.xml:217 sssd-ad.5.xml:849
msgid "dyndns_refresh_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:220 sssd-ad.5.xml:776
+#: sssd-ipa.5.xml:220 sssd-ad.5.xml:852
msgid ""
"How often should the back end perform periodic DNS update in addition to the "
"automatic update performed when the back end goes online. This option is "
@@ -6405,12 +6703,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:233 sssd-ad.5.xml:789
+#: sssd-ipa.5.xml:233 sssd-ad.5.xml:865
msgid "dyndns_update_ptr (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:236 sssd-ad.5.xml:792
+#: sssd-ipa.5.xml:236 sssd-ad.5.xml:868
msgid ""
"Whether the PTR record should also be explicitly updated when updating the "
"client's DNS records. Applicable only when dyndns_update is true."
@@ -6429,52 +6727,52 @@ msgid "Default: False (disabled)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:253 sssd-ad.5.xml:803
+#: sssd-ipa.5.xml:253 sssd-ad.5.xml:879
msgid "dyndns_force_tcp (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:256 sssd-ad.5.xml:806
+#: sssd-ipa.5.xml:256 sssd-ad.5.xml:882
msgid ""
"Whether the nsupdate utility should default to using TCP for communicating "
"with the DNS server."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:260 sssd-ad.5.xml:810
+#: sssd-ipa.5.xml:260 sssd-ad.5.xml:886
msgid "Default: False (let nsupdate choose the protocol)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:266 sssd-ad.5.xml:816
+#: sssd-ipa.5.xml:266 sssd-ad.5.xml:892
#, fuzzy
#| msgid "id_provider (string)"
msgid "dyndns_server (string)"
msgstr "id_provider (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:269 sssd-ad.5.xml:819
+#: sssd-ipa.5.xml:269 sssd-ad.5.xml:895
msgid ""
"The DNS server to use when performing a DNS update. In most setups, it's "
"recommended to leave this option unset."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:274 sssd-ad.5.xml:824
+#: sssd-ipa.5.xml:274 sssd-ad.5.xml:900
msgid ""
"Setting this option makes sense for environments where the DNS server is "
"different from the identity server."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:279 sssd-ad.5.xml:829
+#: sssd-ipa.5.xml:279 sssd-ad.5.xml:905
msgid ""
"Please note that this option will be only used in fallback attempt when "
"previous attempt using autodetected settings failed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:284 sssd-ad.5.xml:834
+#: sssd-ipa.5.xml:284 sssd-ad.5.xml:910
msgid "Default: None (let nsupdate choose the server)"
msgstr ""
@@ -6584,7 +6882,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:408 sssd-ad.5.xml:855
+#: sssd-ipa.5.xml:408 sssd-ad.5.xml:931
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
@@ -6658,26 +6956,26 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:480 sssd-ad.5.xml:862
+#: sssd-ipa.5.xml:480 sssd-ad.5.xml:938
msgid "krb5_confd_path (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:483 sssd-ad.5.xml:865
+#: sssd-ipa.5.xml:483 sssd-ad.5.xml:941
msgid ""
"Absolute path of a directory where SSSD should place Kerberos configuration "
"snippets."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:487 sssd-ad.5.xml:869
+#: sssd-ipa.5.xml:487 sssd-ad.5.xml:945
msgid ""
"To disable the creation of the configuration snippets set the parameter to "
"'none'."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:491 sssd-ad.5.xml:873
+#: sssd-ipa.5.xml:491 sssd-ad.5.xml:949
msgid ""
"Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
msgstr ""
@@ -6696,7 +6994,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:508 sssd-ipa.5.xml:524 sssd-ad.5.xml:347
+#: sssd-ipa.5.xml:508 sssd-ipa.5.xml:524 sssd-ad.5.xml:355
msgid "Default: 5 (seconds)"
msgstr ""
@@ -6994,13 +7292,14 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ad.5.xml:45
msgid ""
-"The AD provider is able to provide identity information and authentication "
-"for entities from trusted domains as well. Currently only trusted domains in "
-"the same forest are recognized."
+"The AD provider can be used to get user information and authenticate users "
+"from trusted domains. Currently only trusted domains in the same forest are "
+"recognized. In addition servers from trusted domains are always auto-"
+"discovered."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:50
+#: sssd-ad.5.xml:51
msgid ""
"The AD provider accepts the same options used by the <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -7010,15 +7309,15 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:62
+#: sssd-ad.5.xml:63
msgid ""
"However, it is neither necessary nor recommended to set these options. The "
-"AD provider can also be used as an access, chpass and sudo provider. No "
-"configuration of the access provider is required on the client side."
+"AD provider can also be used as an access, chpass, sudo and autofs provider. "
+"No configuration of the access provider is required on the client side."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:74
+#: sssd-ad.5.xml:75
#, no-wrap
msgid ""
"ldap_id_mapping = False\n"
@@ -7026,7 +7325,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:68
+#: sssd-ad.5.xml:69
msgid ""
"By default, the AD provider will map UID and GID values from the objectSID "
"parameter in Active Directory. For details on this, see the <quote>ID "
@@ -7039,7 +7338,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:81
+#: sssd-ad.5.xml:82
msgid ""
"Users, groups and other entities served by SSSD are always treated as case-"
"insensitive in the AD provider for compatibility with Active Directory's "
@@ -7047,53 +7346,65 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:96
+#: sssd-ad.5.xml:97
msgid "ad_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:99
+#: sssd-ad.5.xml:100
msgid ""
"Specifies the name of the Active Directory domain. This is optional. If not "
"provided, the configuration domain name is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:104
+#: sssd-ad.5.xml:105
msgid ""
"For proper operation, this option should be specified as the lower-case "
"version of the long version of the Active Directory domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:109
+#: sssd-ad.5.xml:110
msgid ""
"The short domain name (also known as the NetBIOS or the flat name) is "
"autodetected by the SSSD."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:116
+#: sssd-ad.5.xml:117
msgid "ad_server, ad_backup_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:119
+#: sssd-ad.5.xml:120
msgid ""
"The comma-separated list of hostnames of the AD servers to which SSSD should "
"connect in order of preference. For more information on failover and server "
-"redundancy, see the <quote>FAILOVER</quote> section. This is optional if "
-"autodiscovery is enabled. For more information on service discovery, refer "
-"to the <quote>SERVICE DISCOVERY</quote> section."
+"redundancy, see the <quote>FAILOVER</quote> section."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:127
+msgid ""
+"This is optional if autodiscovery is enabled. For more information on "
+"service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ad.5.xml:132
+msgid ""
+"Note: Trusted domains will always auto-discover servers even if the primary "
+"server is explicitly defined in the ad_server option."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:140
msgid "ad_hostname (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:135
+#: sssd-ad.5.xml:143
msgid ""
"Optional. May be set on machines where the hostname(5) does not reflect the "
"fully qualified name used in the Active Directory domain to identify this "
@@ -7101,19 +7412,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:141
+#: sssd-ad.5.xml:149
msgid ""
"This field is used to determine the host principal in use in the keytab. It "
"must match the hostname for which the keytab was issued."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:149
+#: sssd-ad.5.xml:157
msgid "ad_enable_dns_sites (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:156
+#: sssd-ad.5.xml:164
msgid ""
"If true and service discovery (see Service Discovery paragraph at the bottom "
"of the man page) is enabled, the SSSD will first attempt to discover the "
@@ -7124,12 +7435,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:172
+#: sssd-ad.5.xml:180
msgid "ad_access_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:175
+#: sssd-ad.5.xml:183
msgid ""
"This option specifies LDAP access control filter that the user must match in "
"order to be allowed access. Please note that the <quote>access_provider</"
@@ -7138,7 +7449,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:183
+#: sssd-ad.5.xml:191
msgid ""
"The option also supports specifying different filters per domain or forest. "
"This extended filter would consist of: <quote>KEYWORD:NAME:FILTER</quote>. "
@@ -7147,7 +7458,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:191
+#: sssd-ad.5.xml:199
msgid ""
"If the keyword equals to <quote>DOM</quote> or is missing, then <quote>NAME</"
"quote> specifies the domain or subdomain the filter applies to. If the "
@@ -7156,14 +7467,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:199
+#: sssd-ad.5.xml:207
msgid ""
"Multiple filters can be separated with the <quote>?</quote> character, "
"similarly to how search bases work."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:204
+#: sssd-ad.5.xml:212
msgid ""
"The most specific match is always used. For example, if the option specified "
"filter for a domain the user is a member of and a global filter, the per-"
@@ -7172,7 +7483,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ad.5.xml:215
+#: sssd-ad.5.xml:223
#, no-wrap
msgid ""
"# apply filter on domain called dom1 only:\n"
@@ -7187,29 +7498,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:225 sssd-ad.5.xml:239
+#: sssd-ad.5.xml:233 sssd-ad.5.xml:247
msgid "Default: Not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:231
+#: sssd-ad.5.xml:239
msgid "ad_site (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:234
+#: sssd-ad.5.xml:242
msgid ""
"Specify AD site to which client should try to connect. If this option is "
"not provided, the AD site will be auto-discovered."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:245
+#: sssd-ad.5.xml:253
msgid "ad_enable_gc (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:248
+#: sssd-ad.5.xml:256
msgid ""
"By default, the SSSD connects to the Global Catalog first to retrieve users "
"from trusted domains and uses the LDAP port to retrieve group memberships or "
@@ -7218,7 +7529,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:256
+#: sssd-ad.5.xml:264
msgid ""
"Please note that disabling Global Catalog support does not disable "
"retrieving users from trusted domains. The SSSD would connect to the LDAP "
@@ -7227,12 +7538,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:270
+#: sssd-ad.5.xml:278
msgid "ad_gpo_access_control (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:273
+#: sssd-ad.5.xml:281
msgid ""
"This option specifies the operation mode for GPO-based access control "
"functionality: whether it operates in disabled mode, enforcing mode, or "
@@ -7242,14 +7553,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:282
+#: sssd-ad.5.xml:290
msgid ""
"GPO-based access control functionality uses GPO policy settings to determine "
"whether or not a particular user is allowed to logon to a particular host."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:288
+#: sssd-ad.5.xml:296
msgid ""
"NOTE: If the operation mode is set to enforcing, it is possible that users "
"that were previously allowed logon access will now be denied logon access "
@@ -7262,23 +7573,23 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:301
+#: sssd-ad.5.xml:309
msgid "There are three supported values for this option:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:305
+#: sssd-ad.5.xml:313
msgid ""
"disabled: GPO-based access control rules are neither evaluated nor enforced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:311
+#: sssd-ad.5.xml:319
msgid "enforcing: GPO-based access control rules are evaluated and enforced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:317
+#: sssd-ad.5.xml:325
msgid ""
"permissive: GPO-based access control rules are evaluated, but not enforced. "
"Instead, a syslog message will be emitted indicating that the user would "
@@ -7286,22 +7597,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:328
+#: sssd-ad.5.xml:336
msgid "Default: permissive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:331
+#: sssd-ad.5.xml:339
msgid "Default: enforcing"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:337
+#: sssd-ad.5.xml:345
msgid "ad_gpo_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:340
+#: sssd-ad.5.xml:348
msgid ""
"The amount of time between lookups of GPO policy files against the AD "
"server. This will reduce the latency and load on the AD server if there are "
@@ -7309,12 +7620,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:353
+#: sssd-ad.5.xml:361
msgid "ad_gpo_map_interactive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:356
+#: sssd-ad.5.xml:364
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the InteractiveLogonRight and "
@@ -7322,14 +7633,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:362
+#: sssd-ad.5.xml:370
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on locally\" and \"Deny log on locally\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:376
+#: sssd-ad.5.xml:384
#, no-wrap
msgid ""
"ad_gpo_map_interactive = +my_pam_service, -login\n"
@@ -7337,7 +7648,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:367
+#: sssd-ad.5.xml:375
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7349,53 +7660,78 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:380 sssd-ad.5.xml:451 sssd-ad.5.xml:492 sssd-ad.5.xml:537
-#: sssd-ad.5.xml:603
+#: sssd-ad.5.xml:388 sssd-ad.5.xml:484 sssd-ad.5.xml:530 sssd-ad.5.xml:575
+#: sssd-ad.5.xml:641
msgid "Default: the default set of PAM service names includes:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:384
+#: sssd-ad.5.xml:392
msgid "login"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:389
+#: sssd-ad.5.xml:397
msgid "su"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:394
+#: sssd-ad.5.xml:402
msgid "su-l"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:399
+#: sssd-ad.5.xml:407
msgid "gdm-fingerprint"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:404
+#: sssd-ad.5.xml:412
msgid "gdm-password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:409
+#: sssd-ad.5.xml:417
msgid "gdm-smartcard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:414
+#: sssd-ad.5.xml:422
msgid "kdm"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:427
+msgid "lightdm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:432
+msgid "lxdm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:437
+msgid "sddm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:442
+msgid "unity"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:447
+msgid "xdm"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:423
+#: sssd-ad.5.xml:456
msgid "ad_gpo_map_remote_interactive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:426
+#: sssd-ad.5.xml:459
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the RemoteInteractiveLogonRight and "
@@ -7403,7 +7739,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:432
+#: sssd-ad.5.xml:465
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on through Remote Desktop Services\" and \"Deny log on through Remote "
@@ -7411,7 +7747,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:447
+#: sssd-ad.5.xml:480
#, no-wrap
msgid ""
"ad_gpo_map_remote_interactive = +my_pam_service, -sshd\n"
@@ -7419,7 +7755,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:438
+#: sssd-ad.5.xml:471
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7431,17 +7767,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:455
+#: sssd-ad.5.xml:488
msgid "sshd"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:493
+msgid "cockpit"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:464
+#: sssd-ad.5.xml:502
msgid "ad_gpo_map_network (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:467
+#: sssd-ad.5.xml:505
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the NetworkLogonRight and "
@@ -7449,7 +7790,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:473
+#: sssd-ad.5.xml:511
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Access "
"this computer from the network\" and \"Deny access to this computer from the "
@@ -7457,7 +7798,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:488
+#: sssd-ad.5.xml:526
#, no-wrap
msgid ""
"ad_gpo_map_network = +my_pam_service, -ftp\n"
@@ -7465,7 +7806,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:479
+#: sssd-ad.5.xml:517
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7477,22 +7818,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:496
+#: sssd-ad.5.xml:534
msgid "ftp"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:501
+#: sssd-ad.5.xml:539
msgid "samba"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:510
+#: sssd-ad.5.xml:548
msgid "ad_gpo_map_batch (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:513
+#: sssd-ad.5.xml:551
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the BatchLogonRight and DenyBatchLogonRight "
@@ -7500,14 +7841,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:519
+#: sssd-ad.5.xml:557
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on as a batch job\" and \"Deny log on as a batch job\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:533
+#: sssd-ad.5.xml:571
#, no-wrap
msgid ""
"ad_gpo_map_batch = +my_pam_service, -crond\n"
@@ -7515,7 +7856,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:524
+#: sssd-ad.5.xml:562
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7527,17 +7868,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:541
+#: sssd-ad.5.xml:579
msgid "crond"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:550
+#: sssd-ad.5.xml:588
msgid "ad_gpo_map_service (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:553
+#: sssd-ad.5.xml:591
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the ServiceLogonRight and "
@@ -7545,14 +7886,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:559
+#: sssd-ad.5.xml:597
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on as a service\" and \"Deny log on as a service\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:572
+#: sssd-ad.5.xml:610
#, no-wrap
msgid ""
"ad_gpo_map_service = +my_pam_service\n"
@@ -7560,7 +7901,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:564 sssd-ad.5.xml:634
+#: sssd-ad.5.xml:602 sssd-ad.5.xml:677
msgid ""
"It is possible to add a PAM service name to the default set by using <quote>"
"+service_name</quote>. Since the default set is empty, it is not possible "
@@ -7571,19 +7912,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:582
+#: sssd-ad.5.xml:620
msgid "ad_gpo_map_permit (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:585
+#: sssd-ad.5.xml:623
msgid ""
"A comma-separated list of PAM service names for which GPO-based access is "
"always granted, regardless of any GPO Logon Rights."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:599
+#: sssd-ad.5.xml:637
#, no-wrap
msgid ""
"ad_gpo_map_permit = +my_pam_service, -sudo\n"
@@ -7591,7 +7932,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:590
+#: sssd-ad.5.xml:628
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7603,34 +7944,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:607
+#: sssd-ad.5.xml:645
+msgid "polkit-1"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:650
msgid "sudo"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:612
+#: sssd-ad.5.xml:655
msgid "sudo-i"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:617
+#: sssd-ad.5.xml:660
msgid "systemd-user"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:626
+#: sssd-ad.5.xml:669
msgid "ad_gpo_map_deny (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:629
+#: sssd-ad.5.xml:672
msgid ""
"A comma-separated list of PAM service names for which GPO-based access is "
"always denied, regardless of any GPO Logon Rights."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:642
+#: sssd-ad.5.xml:685
#, no-wrap
msgid ""
"ad_gpo_map_deny = +my_pam_service\n"
@@ -7638,12 +7984,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:652
+#: sssd-ad.5.xml:695
msgid "ad_gpo_default_right (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:655
+#: sssd-ad.5.xml:698
msgid ""
"This option defines how access control is evaluated for PAM service names "
"that are not explicitly listed in one of the ad_gpo_map_* options. This "
@@ -7656,52 +8002,94 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:668
+#: sssd-ad.5.xml:711
msgid "Supported values for this option include:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:672
+#: sssd-ad.5.xml:715
msgid "interactive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:677
+#: sssd-ad.5.xml:720
msgid "remote_interactive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:682
+#: sssd-ad.5.xml:725
msgid "network"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:687
+#: sssd-ad.5.xml:730
msgid "batch"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:692
+#: sssd-ad.5.xml:735
msgid "service"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:697
+#: sssd-ad.5.xml:740
msgid "permit"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:702
+#: sssd-ad.5.xml:745
msgid "deny"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:708
+#: sssd-ad.5.xml:751
msgid "Default: deny"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:757
+msgid "ad_maximum_machine_account_password_age (integer)"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:717
+#: sssd-ad.5.xml:760
+msgid ""
+"SSSD will check once a day if the machine account password is older than the "
+"given age in days and try to renew it. A value of 0 will disable the renewal "
+"attempt."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:766
+#, fuzzy
+#| msgid "Default: 300"
+msgid "Default: 30 days"
+msgstr "Padrão: 300"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:772
+msgid "ad_machine_account_password_renewal_opts (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:775
+msgid ""
+"This option should only be used to test the machine account renewal task. "
+"The option expect 2 integers seperated by a colon (':'). The first integer "
+"defines the interval in seconds how often the task is run. The second "
+"specifies the inital timeout in seconds before the task is run for the first "
+"time after startup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:784
+#, fuzzy
+#| msgid "Default: 86400 (24 hours)"
+msgid "Default: 86400:750 (24h and 15m)"
+msgstr "Padrão: 86400 (24 horas)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:793
msgid ""
"Optional. This option tells SSSD to automatically update the Active "
"Directory DNS server with the IP address of this client. The update is "
@@ -7712,36 +8100,36 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:747
+#: sssd-ad.5.xml:823
msgid "Default: 3600 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:763
+#: sssd-ad.5.xml:839
msgid ""
"Default: Use the IP addresses of the interface which is used for AD LDAP "
"connection"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:797 sss_rpcidmapd.5.xml:76
+#: sssd-ad.5.xml:873 sss_rpcidmapd.5.xml:76
msgid "Default: True"
msgstr "Padrão: TRUE"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:843 sssd-krb5.5.xml:505
+#: sssd-ad.5.xml:919 sssd-krb5.5.xml:505
msgid "krb5_use_enterprise_principal (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:846 sssd-krb5.5.xml:508
+#: sssd-ad.5.xml:922 sssd-krb5.5.xml:508
msgid ""
"Specifies if the user principal should be treated as enterprise principal. "
"See section 5 of RFC 6806 for more details about enterprise principals."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:891
+#: sssd-ad.5.xml:967
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -7749,7 +8137,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:898
+#: sssd-ad.5.xml:974
#, no-wrap
msgid ""
"[domain/EXAMPLE]\n"
@@ -7764,7 +8152,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:918
+#: sssd-ad.5.xml:994
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -7773,7 +8161,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:914
+#: sssd-ad.5.xml:990
msgid ""
"The AD access control provider checks if the account is expired. It has the "
"same effect as the following configuration of the LDAP provider: "
@@ -7781,7 +8169,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:924
+#: sssd-ad.5.xml:1000
msgid ""
"However, unless the <quote>ad</quote> access control provider is explicitly "
"configured, the default access provider is <quote>permit</quote>. Please "
@@ -7790,6 +8178,14 @@ msgid ""
"encryption details) manually."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ad.5.xml:1008
+msgid ""
+"When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema "
+"attribute mapping (nisMap, nisObject, ...) is used, because these attributes "
+"are included in the default Active Directory schema."
+msgstr ""
+
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16
msgid "sssd-sudo"
@@ -8255,7 +8651,7 @@ msgid "The password to obfuscate will be read from standard input."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:80
+#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:70
#: sss_ssh_knownhostsproxy.1.xml:78
msgid ""
"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
@@ -8327,17 +8723,22 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_override.8.xml:37
msgid ""
-"Overrides data are stored in SSSD cache. If the cache is deleted all local "
-"overrides are lost."
+"Overrides data are stored in the SSSD cache. If the cache is deleted, all "
+"local overrides are lost. Please note that after the first override is "
+"created using any of the following <emphasis>user-add</emphasis>, "
+"<emphasis>group-add</emphasis>, <emphasis>user-import</emphasis> or "
+"<emphasis>group-import</emphasis> command. SSSD needs to be restarted to "
+"take effect. <emphasis>sss_override</emphasis> prints message when a "
+"restart is required."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_override.8.xml:43
+#: sss_override.8.xml:50
msgid "AVAILABLE COMMANDS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_override.8.xml:45
+#: sss_override.8.xml:52
msgid ""
"Argument <emphasis>NAME</emphasis> is the name of original object in all "
"commands. It is not possible to override <emphasis>uid</emphasis> or "
@@ -8345,50 +8746,86 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:52
+#: sss_override.8.xml:59
msgid ""
"<option>user-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--"
"name</option> NAME</optional> <optional><option>-u,--uid</option> UID</"
"optional> <optional><option>-g,--gid</option> GID</optional> "
"<optional><option>-h,--home</option> HOME</optional> <optional><option>-s,--"
"shell</option> SHELL</optional> <optional><option>-c,--gecos</option> GECOS</"
-"optional>"
+"optional> <optional><option>-x,--certificate</option> BASE64 ENCODED "
+"CERTIFICATE</optional>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:63
-msgid "Override attributes of an user."
+#: sss_override.8.xml:72
+msgid ""
+"Override attributes of an user. Please be aware that calling this command "
+"will replace any previous override for the (NAMEd) user."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:69
+#: sss_override.8.xml:80
msgid "<option>user-del</option> <emphasis>NAME</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:74
-msgid "Remove user overrides."
+#: sss_override.8.xml:85
+msgid ""
+"Remove user overrides. However be aware that overridden attributes might be "
+"returned from memory cache. Please see SSSD option "
+"<emphasis>memcache_timeout</emphasis> for more details."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:80
+#: sss_override.8.xml:94
+#, fuzzy
+#| msgid ""
+#| "<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
+#| "replaceable>"
+msgid ""
+"<option>user-find</option> <optional><option>-d,--domain</option> DOMAIN</"
+"optional>"
+msgstr ""
+"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
+"replaceable>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:99
+msgid ""
+"List all users with set overrides. If <emphasis>DOMAIN</emphasis> parameter "
+"is set, only users from the domain are listed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:107
+msgid "<option>user-show</option> <emphasis>NAME</emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:112
+msgid "Show user overrides."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:118
msgid "<option>user-import</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:85
+#: sss_override.8.xml:123
msgid ""
"Import user overrides from <emphasis>FILE</emphasis>. Data format is "
"similar to standard passwd file. The format is:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:90
-msgid "original_name:name:uid:gid:gecos:home:shell"
+#: sss_override.8.xml:128
+msgid "original_name:name:uid:gid:gecos:home:shell:base64_encoded_certificate"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:93
+#: sss_override.8.xml:131
msgid ""
"where original_name is original name of the user whose attributes should be "
"overridden. The rest of fields correspond to new values. You can omit a "
@@ -8396,29 +8833,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:102
+#: sss_override.8.xml:140
msgid "ckent:superman::::::"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:105
-msgid "ckent@krypton.com::501:501:Superman:/home/earth:/bin/bash"
+#: sss_override.8.xml:143
+msgid "ckent@krypton.com::501:501:Superman:/home/earth:/bin/bash:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:111
+#: sss_override.8.xml:149
msgid "<option>user-export</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:116
+#: sss_override.8.xml:154
msgid ""
"Export all overridden attributes and store them in <emphasis>FILE</"
"emphasis>. See <emphasis>user-import</emphasis> for data format."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:124
+#: sss_override.8.xml:162
msgid ""
"<option>group-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--"
"name</option> NAME</optional> <optional><option>-g,--gid</option> GID</"
@@ -8426,39 +8863,74 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:131
-msgid "Override attributes of a group."
+#: sss_override.8.xml:169
+msgid ""
+"Override attributes of a group. Please be aware that calling this command "
+"will replace any previous override for the (NAMEd) group."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:137
+#: sss_override.8.xml:177
msgid "<option>group-del</option> <emphasis>NAME</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:142
-msgid "Remove group overrides."
+#: sss_override.8.xml:182
+msgid ""
+"Remove group overrides. However be aware that overridden attributes might be "
+"returned from memory cache. Please see SSSD option "
+"<emphasis>memcache_timeout</emphasis> for more details."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:148
+#: sss_override.8.xml:191
+#, fuzzy
+#| msgid ""
+#| "<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
+#| "replaceable>"
+msgid ""
+"<option>group-find</option> <optional><option>-d,--domain</option> DOMAIN</"
+"optional>"
+msgstr ""
+"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
+"replaceable>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:196
+msgid ""
+"List all groups with set overrides. If <emphasis>DOMAIN</emphasis> "
+"parameter is set, only groups from the domain are listed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:204
+msgid "<option>group-show</option> <emphasis>NAME</emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:209
+msgid "Show group overrides."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:215
msgid "<option>group-import</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:153
+#: sss_override.8.xml:220
msgid ""
"Import group overrides from <emphasis>FILE</emphasis>. Data format is "
"similar to standard group file. The format is:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:158
+#: sss_override.8.xml:225
msgid "original_name:name:gid"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:161
+#: sss_override.8.xml:228
msgid ""
"where original_name is original name of the group whose attributes should be "
"overridden. The rest of fields correspond to new values. You can omit a "
@@ -8466,41 +8938,41 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:170
+#: sss_override.8.xml:237
msgid "admins:administrators:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:173
+#: sss_override.8.xml:240
msgid "Domain Users:Users:501"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:179
+#: sss_override.8.xml:246
msgid "<option>group-export</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:184
+#: sss_override.8.xml:251
msgid ""
"Export all overridden attributes and store them in <emphasis>FILE</"
"emphasis>. See <emphasis>group-import</emphasis> for data format."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_override.8.xml:194
+#: sss_override.8.xml:261
#, fuzzy
#| msgid "CONFIGURATION OPTIONS"
msgid "COMMON OPTIONS"
msgstr "OPÇÕES DE CONFIGURAÇÃO"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_override.8.xml:196
+#: sss_override.8.xml:263
msgid "Those options are available with all commands."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:201
+#: sss_override.8.xml:268
#, fuzzy
#| msgid "<option>--debug-timestamps=</option><replaceable>mode</replaceable>"
msgid "<option>--debug</option> <replaceable>LEVEL</replaceable>"
@@ -9653,13 +10125,44 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_cache.8.xml:185
+#, fuzzy
+#| msgid ""
+#| "<option>-f</option>,<option>--file</option> <replaceable>FILE</"
+#| "replaceable>"
msgid ""
-"<option>-d</option>,<option>--domain</option> <replaceable>domain</"
+"<option>-r</option>,<option>--sudo-rule</option> <replaceable>rule</"
"replaceable>"
msgstr ""
+"<option>-f</option>,<option>--file</option> <replaceable>FILE</replaceable>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_cache.8.xml:190
+msgid "Invalidate particular sudo rule."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:196
+#, fuzzy
+#| msgid "<option>-R</option>,<option>--recursive</option>"
+msgid "<option>-R</option>,<option>--sudo-rules</option>"
+msgstr "<option>-R</option>,<option>--recursive</option>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:200
+msgid ""
+"Invalidate all cached sudo rules. This option overrides invalidation of "
+"specific sudo rule if it was also set."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:208
+msgid ""
+"<option>-d</option>,<option>--domain</option> <replaceable>domain</"
+"replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:213
msgid "Restrict invalidation process only to a particular domain."
msgstr ""
@@ -10139,13 +10642,13 @@ msgid ""
"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
"citerefentry> can be configured to use <command>sss_ssh_authorizedkeys</"
"command> for public key user authentication if it is compiled with support "
-"for either <quote>AuthorizedKeysCommand</quote> or <quote>PubkeyAgent</"
-"quote> <citerefentry> <refentrytitle>sshd_config</refentrytitle> "
-"<manvolnum>5</manvolnum></citerefentry> options."
+"for <quote>AuthorizedKeysCommand</quote> option. Please refer to the "
+"<citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</"
+"manvolnum></citerefentry> man page for more details about this option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sss_ssh_authorizedkeys.1.xml:58
+#: sss_ssh_authorizedkeys.1.xml:59
#, no-wrap
msgid ""
" AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n"
@@ -10153,7 +10656,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:51
+#: sss_ssh_authorizedkeys.1.xml:52
msgid ""
"If <quote>AuthorizedKeysCommand</quote> is supported, "
"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
@@ -10163,36 +10666,19 @@ msgid ""
"\" id=\"0\"/>"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sss_ssh_authorizedkeys.1.xml:70
-#, no-wrap
-msgid "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:63
-msgid ""
-"If <quote>PubkeyAgent</quote> is supported, "
-"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
-"citerefentry> can be configured to use it by using the following directive "
-"for <citerefentry> <refentrytitle>sshd</refentrytitle> <manvolnum>8</"
-"manvolnum></citerefentry> configuration: <placeholder type=\"programlisting"
-"\" id=\"0\"/>"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_ssh_authorizedkeys.1.xml:85
+#: sss_ssh_authorizedkeys.1.xml:75
msgid ""
"Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_ssh_authorizedkeys.1.xml:94 sss_ssh_knownhostsproxy.1.xml:92
+#: sss_ssh_authorizedkeys.1.xml:84 sss_ssh_knownhostsproxy.1.xml:92
msgid "EXIT STATUS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:96 sss_ssh_knownhostsproxy.1.xml:94
+#: sss_ssh_authorizedkeys.1.xml:86 sss_ssh_knownhostsproxy.1.xml:94
msgid ""
"In case of success, an exit value of 0 is returned. Otherwise, 1 is returned."
msgstr ""
@@ -10579,7 +11065,7 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:137 include/ldap_id_mapping.xml:189
+#: include/ldap_id_mapping.xml:137 include/ldap_id_mapping.xml:191
msgid "Default: 200000"
msgstr ""
@@ -10636,11 +11122,12 @@ msgstr ""
msgid ""
"For example, if your most recently-added Active Directory user has "
"objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, "
-"<quote>ldap_idmap_range_size</quote> must be at least 1107."
+"<quote>ldap_idmap_range_size</quote> must be at least 1108 as range size is "
+"equal to maximal SID minus minimal SID plus one (e.g. 1108 = 1107 - 0 + 1)."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:184
+#: include/ldap_id_mapping.xml:186
msgid ""
"It is important to plan ahead for future expansion, as changing this value "
"will result in changing all of the ID mappings on the system, leading to "
@@ -10648,12 +11135,12 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:194
+#: include/ldap_id_mapping.xml:196
msgid "ldap_idmap_default_domain_sid (string)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:197
+#: include/ldap_id_mapping.xml:199
msgid ""
"Specify the domain SID of the default domain. This will guarantee that this "
"domain will always be assigned to slice zero in the ID map, bypassing the "
@@ -10661,36 +11148,36 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:208
+#: include/ldap_id_mapping.xml:210
msgid "ldap_idmap_default_domain (string)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:211
+#: include/ldap_id_mapping.xml:213
msgid "Specify the name of the default domain."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:219
+#: include/ldap_id_mapping.xml:221
msgid "ldap_idmap_autorid_compat (boolean)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:222
+#: include/ldap_id_mapping.xml:224
msgid ""
"Changes the behavior of the ID-mapping algorithm to behave more similarly to "
"winbind's <quote>idmap_autorid</quote> algorithm."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:227
+#: include/ldap_id_mapping.xml:229
msgid ""
"When this option is configured, domains will be allocated starting with "
"slice zero and increasing monatomically with each additional domain."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:232
+#: include/ldap_id_mapping.xml:234
msgid ""
"NOTE: This algorithm is non-deterministic (it depends on the order that "
"users and groups are requested). If this mode is required for compatibility "
@@ -10699,13 +11186,36 @@ msgid ""
"least one domain is consistently allocated to slice zero."
msgstr ""
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:249
+#, fuzzy
+#| msgid "ldap_page_size (integer)"
+msgid "ldap_idmap_helper_table_size (integer)"
+msgstr "ldap_page_size (integer)"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:252
+msgid ""
+"Maximal number of secondary slices that is tried when performing mapping "
+"from UNIX id to SID."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:256
+msgid ""
+"Note: Additional secondary slices might be generated when SID is being "
+"mapped to UNIX id and RID part of SID is out of range for secondary slices "
+"generated so far. If value of ldap_idmap_helper_table_size is equal to 0 "
+"then no additional secondary slices are generated."
+msgstr ""
+
#. type: Content of: <refsect1><refsect2><title>
-#: include/ldap_id_mapping.xml:251
+#: include/ldap_id_mapping.xml:273
msgid "Well-Known SIDs"
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:253
+#: include/ldap_id_mapping.xml:275
msgid ""
"SSSD supports to look up the names of Well-Known SIDs, i.e. SIDs with a "
"special hardcoded meaning. Since the generic users and groups related to "
@@ -10714,51 +11224,51 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:259
+#: include/ldap_id_mapping.xml:281
msgid ""
"The SID name space is organized in authorities which can be seen as "
"different domains. The authorities for the Well-Known SIDs are"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:262
+#: include/ldap_id_mapping.xml:284
msgid "Null Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:263
+#: include/ldap_id_mapping.xml:285
msgid "World Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:264
+#: include/ldap_id_mapping.xml:286
msgid "Local Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:265
+#: include/ldap_id_mapping.xml:287
msgid "Creator Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:266
+#: include/ldap_id_mapping.xml:288
msgid "NT Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:267
+#: include/ldap_id_mapping.xml:289
msgid "Built-in"
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:269
+#: include/ldap_id_mapping.xml:291
msgid ""
"The capitalized version of these names are used as domain names when "
"returning the fully qualified name of a Well-Known SID."
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:273
+#: include/ldap_id_mapping.xml:295
msgid ""
"Since some utilities allow to modify SID based access control information "
"with the help of a name instead of using the SID directly SSSD supports to "
diff --git a/src/man/po/pt_BR.po b/src/man/po/pt_BR.po
new file mode 100644
index 000000000..631a5be90
--- /dev/null
+++ b/src/man/po/pt_BR.po
@@ -0,0 +1,11506 @@
+# Marco Aurélio Krause <ouesten@me.com>, 2015. #zanata
+msgid ""
+msgstr ""
+"Project-Id-Version: sssd-docs 1.12.90\n"
+"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
+"POT-Creation-Date: 2016-06-20 21:22+0200\n"
+"PO-Revision-Date: 2015-10-27 08:16-0400\n"
+"Last-Translator: Marco Aurélio Krause <ouesten@me.com>\n"
+"Language-Team: Portuguese (Brazil)\n"
+"Language: pt-BR\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Generator: Zanata 3.8.4\n"
+"Plural-Forms: nplurals=2; plural=(n != 1)\n"
+
+#. type: Content of: <reference><title>
+#: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5
+#: sssd_krb5_locator_plugin.8.xml:5 sssd-simple.5.xml:5 sssd-ipa.5.xml:5
+#: sssd-ad.5.xml:5 sssd-sudo.5.xml:5 sssd.8.xml:5 sss_obfuscate.8.xml:5
+#: sss_override.8.xml:5 sss_useradd.8.xml:5 sssd-krb5.5.xml:5
+#: sss_groupadd.8.xml:5 sss_userdel.8.xml:5 sss_groupdel.8.xml:5
+#: sss_groupshow.8.xml:5 sss_usermod.8.xml:5 sss_cache.8.xml:5
+#: sss_debuglevel.8.xml:5 sss_seed.8.xml:5 sssd-ifp.5.xml:5
+#: sss_rpcidmapd.5.xml:5 sss_ssh_authorizedkeys.1.xml:5
+#: sss_ssh_knownhostsproxy.1.xml:5
+msgid "SSSD Manual pages"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sss_groupmod.8.xml:10 sss_groupmod.8.xml:15
+msgid "sss_groupmod"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refmeta><manvolnum>
+#: sss_groupmod.8.xml:11 pam_sss.8.xml:14 sssd_krb5_locator_plugin.8.xml:11
+#: sssd.8.xml:11 sss_obfuscate.8.xml:11 sss_override.8.xml:11
+#: sss_useradd.8.xml:11 sss_groupadd.8.xml:11 sss_userdel.8.xml:11
+#: sss_groupdel.8.xml:11 sss_groupshow.8.xml:11 sss_usermod.8.xml:11
+#: sss_cache.8.xml:11 sss_debuglevel.8.xml:11 sss_seed.8.xml:11
+msgid "8"
+msgstr "8"
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sss_groupmod.8.xml:16
+msgid "modify a group"
+msgstr "Modificar um grupo"
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sss_groupmod.8.xml:21
+msgid ""
+"<command>sss_groupmod</command> <arg choice='opt'> <replaceable>options</"
+"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
+"arg>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:56
+#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21
+#: sssd-ad.5.xml:21 sssd-sudo.5.xml:21 sssd.8.xml:29 sss_obfuscate.8.xml:30
+#: sss_override.8.xml:30 sss_useradd.8.xml:30 sssd-krb5.5.xml:21
+#: sss_groupadd.8.xml:30 sss_userdel.8.xml:30 sss_groupdel.8.xml:30
+#: sss_groupshow.8.xml:30 sss_usermod.8.xml:30 sss_cache.8.xml:29
+#: sss_debuglevel.8.xml:30 sss_seed.8.xml:31 sssd-ifp.5.xml:21
+#: sss_ssh_authorizedkeys.1.xml:30 sss_ssh_knownhostsproxy.1.xml:31
+msgid "DESCRIPTION"
+msgstr "DESCRIÇÃO"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_groupmod.8.xml:32
+msgid ""
+"<command>sss_groupmod</command> modifies the group to reflect the changes "
+"that are specified on the command line."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sss_groupmod.8.xml:39 pam_sss.8.xml:63 sssd.8.xml:42 sss_obfuscate.8.xml:58
+#: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
+#: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
+#: sss_cache.8.xml:38 sss_debuglevel.8.xml:38 sss_seed.8.xml:42
+#: sss_ssh_authorizedkeys.1.xml:66 sss_ssh_knownhostsproxy.1.xml:62
+msgid "OPTIONS"
+msgstr "OPÇÕES"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_groupmod.8.xml:43 sss_usermod.8.xml:77
+msgid ""
+"<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</"
+"replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_groupmod.8.xml:48
+msgid ""
+"Append this group to groups specified by the <replaceable>GROUPS</"
+"replaceable> parameter. The <replaceable>GROUPS</replaceable> parameter is "
+"a comma separated list of group names."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_groupmod.8.xml:57 sss_usermod.8.xml:91
+msgid ""
+"<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</"
+"replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_groupmod.8.xml:62
+msgid ""
+"Remove this group from groups specified by the <replaceable>GROUPS</"
+"replaceable> parameter."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd.conf.5.xml:10 sssd.conf.5.xml:16
+msgid "sssd.conf"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refmeta><manvolnum>
+#: sssd.conf.5.xml:11 sssd-ldap.5.xml:11 sssd-simple.5.xml:11
+#: sssd-ipa.5.xml:11 sssd-ad.5.xml:11 sssd-sudo.5.xml:11 sssd-krb5.5.xml:11
+#: sssd-ifp.5.xml:11 sss_rpcidmapd.5.xml:27
+msgid "5"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refmeta><refmiscinfo>
+#: sssd.conf.5.xml:12 sssd-ldap.5.xml:12 sssd-simple.5.xml:12
+#: sssd-ipa.5.xml:12 sssd-ad.5.xml:12 sssd-sudo.5.xml:12 sssd-krb5.5.xml:12
+#: sssd-ifp.5.xml:12 sss_rpcidmapd.5.xml:28
+msgid "File Formats and Conventions"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd.conf.5.xml:17
+msgid "the configuration file for SSSD"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd.conf.5.xml:21
+msgid "FILE FORMAT"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd.conf.5.xml:29
+#, no-wrap
+msgid ""
+"<replaceable>[section]</replaceable>\n"
+"<replaceable>key</replaceable> = <replaceable>value</replaceable>\n"
+"<replaceable>key2</replaceable> = <replaceable>value2,value3</replaceable>\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:24
+msgid ""
+"The file has an ini-style syntax and consists of sections and parameters. A "
+"section begins with the name of the section in square brackets and continues "
+"until the next section begins. An example of section with single and multi-"
+"valued parameters: <placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:36
+msgid ""
+"The data types used are string (no quotes needed), integer and bool (with "
+"values of <quote>TRUE/FALSE</quote>)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:41
+msgid ""
+"A line comment starts with a hash sign (<quote>#</quote>) or a semicolon "
+"(<quote>;</quote>). Inline comments are not supported."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:47
+msgid ""
+"All sections can have an optional <replaceable>description</replaceable> "
+"parameter. Its function is only as a label for the section."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:53
+msgid ""
+"<filename>sssd.conf</filename> must be a regular file, owned by root and "
+"only root may read from or write to the file."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd.conf.5.xml:59
+msgid "GENERAL OPTIONS"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:61
+msgid "Following options are usable in more than one configuration sections."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:65
+msgid "Options usable in all sections"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:69
+msgid "debug_level (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:73
+msgid "debug (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:76
+msgid ""
+"SSSD 1.14 and later also includes the <replaceable>debug</replaceable> alias "
+"for <replaceable>debug_level</replaceable> as a convenience feature. If both "
+"are specified, the value of <replaceable>debug_level</replaceable> will be "
+"used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:86
+msgid "debug_timestamps (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:89
+msgid ""
+"Add a timestamp to the debug messages. If journald is enabled for SSSD "
+"debug logging this option is ignored."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:94 sssd.conf.5.xml:672 sssd.conf.5.xml:1207
+#: sssd-ldap.5.xml:1665 sssd-ldap.5.xml:1762 sssd-ldap.5.xml:1824
+#: sssd-ldap.5.xml:2381 sssd-ldap.5.xml:2446 sssd-ldap.5.xml:2464
+#: sssd-ipa.5.xml:405 sssd-ipa.5.xml:440 sssd-ad.5.xml:174 sssd-ad.5.xml:272
+#: sssd-ad.5.xml:809 sssd-ad.5.xml:928 sssd-krb5.5.xml:499
+msgid "Default: true"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:99
+msgid "debug_microseconds (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:102
+msgid ""
+"Add microseconds to the timestamp in debug messages. If journald is enabled "
+"for SSSD debug logging this option is ignored."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:107 sssd.conf.5.xml:1161 sssd.conf.5.xml:2456
+#: sssd-ldap.5.xml:692 sssd-ldap.5.xml:1539 sssd-ldap.5.xml:1558
+#: sssd-ldap.5.xml:1734 sssd-ldap.5.xml:2151 sssd-ipa.5.xml:139
+#: sssd-ipa.5.xml:211 sssd-ipa.5.xml:542 sssd-krb5.5.xml:266
+#: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471
+msgid "Default: false"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:67 sssd.conf.5.xml:118 sssd-ldap.5.xml:2189
+msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:116
+msgid "Options usable in SERVICE and DOMAIN sections"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:120
+msgid "timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:123
+msgid ""
+"Timeout in seconds between heartbeats for this service. This is used to "
+"ensure that the process is alive and capable of answering requests."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:128 sssd.conf.5.xml:1125 sssd-ldap.5.xml:1410
+#: include/ldap_id_mapping.xml:264
+msgid "Default: 10"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd.conf.5.xml:138
+msgid "SPECIAL SECTIONS"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:141
+msgid "The [sssd] section"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
+#: sssd.conf.5.xml:150 sssd.conf.5.xml:2472
+msgid "Section parameters"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:152
+msgid "config_file_version (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:155
+msgid ""
+"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use "
+"version 2."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:161
+msgid "services"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:164
+msgid ""
+"Comma separated list of services that are started when sssd itself starts."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:168
+msgid ""
+"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> "
+"<phrase condition=\"with_autofs\">, autofs</phrase> <phrase condition="
+"\"with_ssh\">, ssh</phrase> <phrase condition=\"with_pac_responder\">, pac</"
+"phrase> <phrase condition=\"with_ifp\">, ifp</phrase>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:178 sssd.conf.5.xml:468
+msgid "reconnection_retries (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:181 sssd.conf.5.xml:471
+msgid ""
+"Number of times services should attempt to reconnect in the event of a Data "
+"Provider crash or restart before they give up"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:186 sssd.conf.5.xml:476
+msgid "Default: 3"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:191
+msgid "domains"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:194
+msgid ""
+"A domain is a database containing user information. SSSD can use more "
+"domains at the same time, but at least one must be configured or SSSD won't "
+"start. This parameter described the list of domains in the order you want "
+"them to be queried. A domain name should only consist of alphanumeric ASCII "
+"characters, dashes, dots and underscores."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:206 sssd.conf.5.xml:2105
+msgid "re_expression (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:209
+msgid ""
+"Default regular expression that describes how to parse the string containing "
+"user name and domain into these components."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:214
+msgid ""
+"Each domain can have an individual regular expression configured. For some "
+"ID providers there are also default regular expressions. See DOMAIN "
+"SECTIONS for more info on these regular expressions."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:223 sssd.conf.5.xml:2156
+msgid "full_name_format (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:226 sssd.conf.5.xml:2159
+msgid ""
+"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
+"manvolnum> </citerefentry>-compatible format that describes how to compose a "
+"fully qualified name from user name and domain name components."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:237 sssd.conf.5.xml:2170
+msgid "%1$s"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:238 sssd.conf.5.xml:2171
+msgid "user name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:241 sssd.conf.5.xml:2174
+msgid "%2$s"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:244 sssd.conf.5.xml:2177
+msgid "domain name as specified in the SSSD config file."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:250 sssd.conf.5.xml:2183
+msgid "%3$s"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:253 sssd.conf.5.xml:2186
+msgid ""
+"domain flat name. Mostly usable for Active Directory domains, both directly "
+"configured or discovered via IPA trusts."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:234 sssd.conf.5.xml:2167
+msgid ""
+"The following expansions are supported: <placeholder type=\"variablelist\" "
+"id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:263
+msgid ""
+"Each domain can have an individual format string configured. see DOMAIN "
+"SECTIONS for more info on this option."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:269
+msgid "try_inotify (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:272
+msgid ""
+"SSSD monitors the state of resolv.conf to identify when it needs to update "
+"its internal DNS resolver. By default, we will attempt to use inotify for "
+"this, and will fall back to polling resolv.conf every five seconds if "
+"inotify cannot be used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:280
+msgid ""
+"There are some limited situations where it is preferred that we should skip "
+"even trying to use inotify. In these rare cases, this option should be set "
+"to 'false'"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:286
+msgid ""
+"Default: true on platforms where inotify is supported. False on other "
+"platforms."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:290
+msgid ""
+"Note: this option will have no effect on platforms where inotify is "
+"unavailable. On these platforms, polling will always be used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:297
+msgid "krb5_rcache_dir (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:300
+msgid ""
+"Directory on the filesystem where SSSD should store Kerberos replay cache "
+"files."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:304
+msgid ""
+"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct "
+"SSSD to let libkrb5 decide the appropriate location for the replay cache."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:310
+msgid ""
+"Default: Distribution-specific and specified at build-time. "
+"(__LIBKRB5_DEFAULTS__ if not configured)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:317
+msgid "user (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:320
+msgid ""
+"The user to drop the privileges to where appropriate to avoid running as the "
+"root user."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:325
+msgid "Default: not set, process will run as root"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:330
+msgid "default_domain_suffix (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:333
+msgid ""
+"This string will be used as a default domain name for all names without a "
+"domain name component. The main use case is environments where the primary "
+"domain is intended for managing host policies and all users are located in a "
+"trusted domain. The option allows those users to log in just with their "
+"user name without giving a domain name as well."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:343
+msgid ""
+"Please note that if this option is set all users from the primary domain "
+"have to use their fully qualified name, e.g. user@domain.name, to log in. "
+"Setting this option changes default of use_fully_qualified_names to True. It "
+"is not allowed to use this option together with use_fully_qualified_names "
+"set to False."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:352 sssd-ldap.5.xml:663 sssd-ldap.5.xml:1498
+#: sssd-ldap.5.xml:1510 sssd-ldap.5.xml:1592 sssd-ad.5.xml:614
+#: sssd-ad.5.xml:689 sssd-krb5.5.xml:410 sssd-krb5.5.xml:550
+#: include/ldap_id_mapping.xml:205 include/ldap_id_mapping.xml:216
+msgid "Default: not set"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:357
+msgid "override_space (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:360
+msgid ""
+"This parameter will replace spaces (space bar) with the given character for "
+"user and group names. e.g. (_). User name &quot;john doe&quot; will be "
+"&quot;john_doe&quot; This feature was added to help compatibility with shell "
+"scripts that have difficulty handling spaces, due to the default field "
+"separator in the shell."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:369
+msgid ""
+"Please note it is a configuration error to use a replacement character that "
+"might be used in user or group names. If a name contains the replacement "
+"character SSSD tries to return the unmodified name but in general the result "
+"of a lookup is undefined."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:377
+msgid "Default: not set (spaces will not be replaced)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:382
+msgid "certificate_verification (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:390
+msgid "no_ocsp"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:392
+msgid ""
+"Disables Online Certificate Status Protocol (OCSP) checks. This might be "
+"needed if the OCSP servers defined in the certificate are not reachable from "
+"the client."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:400
+msgid "no_verification"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:402
+msgid ""
+"Disables verification completely. This option should only be used for "
+"testing."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:408
+msgid "ocsp_default_responder=URL"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:410
+msgid ""
+"Sets the OCSP default responder which should be used instead of the one "
+"mentioned in the certificate. URL must be replaced with the URL of the OCSP "
+"default responder e.g. http://example.com:80/ocsp."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:416
+msgid ""
+"This option must be used together with ocsp_default_responder_signing_cert."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:424
+msgid "ocsp_default_responder_signing_cert=NAME"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:426
+msgid ""
+"The nickname of the cert to trust (expected) to sign the OCSP responses. "
+"The certificate with the given nickname must be availble in the systems NSS "
+"database."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:431
+msgid "This option must be used together with ocsp_default_responder."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:385
+msgid ""
+"With this parameter the certificate verification can be tuned with a comma "
+"separated list of options. Supported options are: <placeholder type="
+"\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:438
+msgid "Unknown options are reported but ignored."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:441
+msgid "Default: not set, i.e. do not restrict certificate vertification"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:143
+msgid ""
+"Individual pieces of SSSD functionality are provided by special SSSD "
+"services that are started and stopped together with SSSD. The services are "
+"managed by a special service frequently called <quote>monitor</quote>. The "
+"<quote>[sssd]</quote> section is used to configure the monitor as well as "
+"some other important options like the identity domains. <placeholder type="
+"\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd.conf.5.xml:453
+msgid "SERVICES SECTIONS"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:455
+msgid ""
+"Settings that can be used to configure different services are described in "
+"this section. They should reside in the [<replaceable>$NAME</replaceable>] "
+"section, for example, for NSS service, the section would be <quote>[nss]</"
+"quote>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:462
+msgid "General service configuration options"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:464
+msgid "These options can be used to configure any service."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:481
+msgid "fd_limit"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:484
+msgid ""
+"This option specifies the maximum number of file descriptors that may be "
+"opened at one time by this SSSD process. On systems where SSSD is granted "
+"the CAP_SYS_RESOURCE capability, this will be an absolute setting. On "
+"systems without this capability, the resulting value will be the lower value "
+"of this or the limits.conf \"hard\" limit."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:493
+msgid "Default: 8192 (or limits.conf \"hard\" limit)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:498
+msgid "client_idle_timeout"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:501
+msgid ""
+"This option specifies the number of seconds that a client of an SSSD process "
+"can hold onto a file descriptor without communicating on it. This value is "
+"limited in order to avoid resource exhaustion on the system."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:508 sssd.conf.5.xml:524 sssd.conf.5.xml:556
+#: sssd.conf.5.xml:803 sssd.conf.5.xml:995 sssd.conf.5.xml:1428
+#: sssd-ldap.5.xml:1237
+msgid "Default: 60"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:513 sssd.conf.5.xml:1417
+msgid "force_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:516 sssd.conf.5.xml:1420
+msgid ""
+"If a service is not responding to ping checks (see the <quote>timeout</"
+"quote> option), it is first sent the SIGTERM signal that instructs it to "
+"quit gracefully. If the service does not terminate after "
+"<quote>force_timeout</quote> seconds, the monitor will forcibly shut it down "
+"by sending a SIGKILL signal."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:529
+msgid "offline_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:532
+msgid ""
+"When SSSD switches to offline mode the amount of time before it tries to go "
+"back online will increase based upon the time spent disconnected. This "
+"value is in seconds and calculated by the following:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:539
+msgid "offline_timeout + random_offset"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:542
+msgid ""
+"The random offset can increment up to 30 seconds. After each unsuccessful "
+"attempt to go online, the new interval is recalculated by the following:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:547
+msgid "new_interval = old_interval*2 + random_offset"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:550
+msgid ""
+"Note that the maximum length of each interval is currently limited to one "
+"hour. If the calculated length of new_interval is greater than an hour, it "
+"will be forced to one hour."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:564
+msgid "NSS configuration options"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:566
+msgid ""
+"These options can be used to configure the Name Service Switch (NSS) service."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:571
+msgid "enum_cache_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:574
+msgid ""
+"How many seconds should nss_sss cache enumerations (requests for info about "
+"all users)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:578
+msgid "Default: 120"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:583
+msgid "entry_cache_nowait_percentage (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:586
+msgid ""
+"The entry cache can be set to automatically update entries in the background "
+"if they are requested beyond a percentage of the entry_cache_timeout value "
+"for the domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:592
+msgid ""
+"For example, if the domain's entry_cache_timeout is set to 30s and "
+"entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
+"after 15 seconds past the last cache update will be returned immediately, "
+"but the SSSD will go and update the cache on its own, so that future "
+"requests will not need to block waiting for a cache update."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:602
+msgid ""
+"Valid values for this option are 0-99 and represent a percentage of the "
+"entry_cache_timeout for each domain. For performance reasons, this "
+"percentage will never reduce the nowait timeout to less than 10 seconds. (0 "
+"disables this feature)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:610
+msgid "Default: 50"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:615
+msgid "entry_negative_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:618
+msgid ""
+"Specifies for how many seconds nss_sss should cache negative cache hits "
+"(that is, queries for invalid database entries, like nonexistent ones) "
+"before asking the back end again."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:624 sssd.conf.5.xml:1185
+msgid "Default: 15"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:629
+msgid "local_negative_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:632
+msgid ""
+"Specifies for how many seconds nss_sss should keep local users and groups in "
+"negative cache before trying to look it up in the back end again."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:637 sssd.conf.5.xml:983 sssd.conf.5.xml:2406 sssd.8.xml:79
+msgid "Default: 0"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:642
+msgid "filter_users, filter_groups (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:645
+msgid ""
+"Exclude certain users or groups from being fetched from the sss NSS "
+"database. This is particularly useful for system accounts. This option can "
+"also be set per-domain or include fully-qualified names to filter only users "
+"from the particular domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:652
+msgid ""
+"NOTE: The filter_groups option doesn't affect inheritance of nested group "
+"members, since filtering happens after they are propagated for returning via "
+"NSS. E.g. a group having a member group filtered out will still have the "
+"member users of the latter listed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:660
+msgid "Default: root"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:665
+msgid "filter_users_in_groups (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:668
+msgid ""
+"If you want filtered user still be group members set this option to false."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:679
+msgid "fallback_homedir (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:682
+msgid ""
+"Set a default template for a user's home directory if one is not specified "
+"explicitly by the domain's data provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:687
+msgid ""
+"The available values for this option are the same as for override_homedir."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd.conf.5.xml:693
+#, no-wrap
+msgid ""
+"fallback_homedir = /home/%u\n"
+" "
+msgstr ""
+
+#. type: Content of: <varlistentry><listitem><para>
+#: sssd.conf.5.xml:691 sssd.conf.5.xml:1062 sssd.conf.5.xml:1081
+#: sssd-krb5.5.xml:533 include/override_homedir.xml:55
+msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:697
+msgid "Default: not set (no substitution for unset home directories)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:703
+msgid "override_shell (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:706
+msgid ""
+"Override the login shell for all users. This option supersedes any other "
+"shell options if it takes effect and can be set either in the [nss] section "
+"or per-domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:712
+msgid "Default: not set (SSSD will use the value retrieved from LDAP)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:718
+msgid "allowed_shells (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:721
+msgid ""
+"Restrict user shell to one of the listed values. The order of evaluation is:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:724
+msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:728
+msgid ""
+"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
+"quote>, use the value of the shell_fallback parameter."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:733
+msgid ""
+"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
+"shells</quote>, a nologin shell is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:738
+msgid "The wildcard (*) can be used to allow any shell."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:741
+msgid ""
+"The (*) is useful if you want to use shell_fallback in case that user's "
+"shell is not in <quote>/etc/shells</quote> and maintaining list of all "
+"allowed shells in allowed_shells would be to much overhead."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:748
+msgid "An empty string for shell is passed as-is to libc."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:751
+msgid ""
+"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
+"that a restart of the SSSD is required in case a new shell is installed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:755
+msgid "Default: Not set. The user shell is automatically used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:760
+msgid "vetoed_shells (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:763
+msgid "Replace any instance of these shells with the shell_fallback"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:768
+msgid "shell_fallback (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:771
+msgid ""
+"The default shell to use if an allowed shell is not installed on the machine."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:775
+msgid "Default: /bin/sh"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:780
+msgid "default_shell"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:783
+msgid ""
+"The default shell to use if the provider does not return one during lookup. "
+"This option can be specified globally in the [nss] section or per-domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:789
+msgid ""
+"Default: not set (Return NULL if no shell is specified and rely on libc to "
+"substitute something sensible when necessary, usually /bin/sh)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:796 sssd.conf.5.xml:988
+msgid "get_domains_timeout (int)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:799 sssd.conf.5.xml:991
+msgid ""
+"Specifies time in seconds for which the list of subdomains will be "
+"considered valid."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:808
+msgid "memcache_timeout (int)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:811
+msgid ""
+"Specifies time in seconds for which records in the in-memory cache will be "
+"valid."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:815 sssd.conf.5.xml:1299 sssd-ldap.5.xml:706
+msgid "Default: 300"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:818
+msgid ""
+"NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", "
+"client applications will not use the fast in-memory cache."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:826 sssd-ifp.5.xml:74
+msgid "user_attributes (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:829
+msgid ""
+"Some of the additional NSS responder requests can return more attributes "
+"than just the POSIX ones defined by the NSS interface. The list of "
+"attributes is controlled by this option. It is handled the same way as the "
+"<quote>user_attributes</quote> option of the InfoPipe responder (see "
+"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> for details) but with no default values."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:842
+msgid ""
+"To make configuration more easy the NSS responder will check the InfoPipe "
+"option if it is not set for the NSS responder."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:847
+msgid "Default: not set, fallback to InfoPipe option"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:854
+msgid "PAM configuration options"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:856
+msgid ""
+"These options can be used to configure the Pluggable Authentication Module "
+"(PAM) service."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:861
+msgid "offline_credentials_expiration (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:864
+msgid ""
+"If the authentication provider is offline, how long should we allow cached "
+"logins (in days since the last successful online login)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:869 sssd.conf.5.xml:882
+msgid "Default: 0 (No limit)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:875
+msgid "offline_failed_login_attempts (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:878
+msgid ""
+"If the authentication provider is offline, how many failed login attempts "
+"are allowed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:888
+msgid "offline_failed_login_delay (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:891
+msgid ""
+"The time in minutes which has to pass after offline_failed_login_attempts "
+"has been reached before a new login attempt is possible."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:896
+msgid ""
+"If set to 0 the user cannot authenticate offline if "
+"offline_failed_login_attempts has been reached. Only a successful online "
+"authentication can enable offline authentication again."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:902 sssd.conf.5.xml:955
+msgid "Default: 5"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:908
+msgid "pam_verbosity (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:911
+msgid ""
+"Controls what kind of messages are shown to the user during authentication. "
+"The higher the number to more messages are displayed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:916
+msgid "Currently sssd supports the following values:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:919
+msgid "<emphasis>0</emphasis>: do not show any message"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:922
+msgid "<emphasis>1</emphasis>: show only important messages"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:926
+msgid "<emphasis>2</emphasis>: show informational messages"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:929
+msgid "<emphasis>3</emphasis>: show all messages and debug information"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:933 sssd.8.xml:63
+msgid "Default: 1"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:938
+msgid "pam_id_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:941
+msgid ""
+"For any PAM request while SSSD is online, the SSSD will attempt to "
+"immediately update the cached identity information for the user in order to "
+"ensure that authentication takes place with the latest information."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:947
+msgid ""
+"A complete PAM conversation may perform multiple PAM requests, such as "
+"account management and session opening. This option controls (on a per-"
+"client-application basis) how long (in seconds) we can cache the identity "
+"information to avoid excessive round-trips to the identity provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:961
+msgid "pam_pwd_expiration_warning (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:964 sssd.conf.5.xml:1631
+msgid "Display a warning N days before the password expires."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:967
+msgid ""
+"Please note that the backend server has to provide information about the "
+"expiration time of the password. If this information is missing, sssd "
+"cannot display a warning."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:973 sssd.conf.5.xml:1634
+msgid ""
+"If zero is set, then this filter is not applied, i.e. if the expiration "
+"warning was received from backend server, it will automatically be displayed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:978
+msgid ""
+"This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
+"emphasis> for a particular domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1000
+msgid "pam_trusted_users (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1003
+msgid ""
+"Specifies the comma-separated list of UID values or user names that are "
+"allowed to run PAM conversations against trusted domains. Users not "
+"included in this list can only access domains marked as public with "
+"<quote>pam_public_domains</quote>. User names are resolved to UIDs at "
+"startup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1013
+msgid "Default: All users are considered trusted by default"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1017
+msgid ""
+"Please note that UID 0 is always allowed to access the PAM responder even in "
+"case it is not in the pam_trusted_users list."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1024
+msgid "pam_public_domains (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1027
+msgid ""
+"Specifies the comma-separated list of domain names that are accessible even "
+"to untrusted users."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1031
+msgid "Two special values for pam_public_domains option are defined:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1035
+msgid ""
+"all (Untrusted users are allowed to access all domains in PAM responder.)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1039
+msgid ""
+"none (Untrusted users are not allowed to access any domains PAM in "
+"responder.)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1043 sssd.conf.5.xml:1068 sssd.conf.5.xml:1087
+#: sssd.conf.5.xml:1411 sssd.conf.5.xml:2342 sssd-ldap.5.xml:1793
+msgid "Default: none"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1048
+msgid "pam_account_expired_message (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1051
+msgid ""
+"Allows a custom expiration message to be set, replacing the default "
+"'Permission denied' message."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1056
+msgid ""
+"Note: Please be aware that message is only printed for the SSH service "
+"unless pam_verbostiy is set to 3 (show all messages and debug information)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd.conf.5.xml:1064
+#, no-wrap
+msgid ""
+"pam_account_expired_message = Account expired, please contact help desk.\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1073
+msgid "pam_account_locked_message (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1076
+msgid ""
+"Allows a custom lockout message to be set, replacing the default 'Permission "
+"denied' message."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd.conf.5.xml:1083
+#, no-wrap
+msgid ""
+"pam_account_locked_message = Account locked, please contact help desk.\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1092
+msgid "pam_cert_auth (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1095
+msgid ""
+"Enable certificate based Smartcard authentication. Since this requires "
+"additional communication with the Smartcard which will delay the "
+"authentication process this option is disabled by default."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1101 sssd-ldap.5.xml:1021 sssd-ldap.5.xml:1048
+#: sssd-ldap.5.xml:1339 sssd-ldap.5.xml:1360 sssd-ldap.5.xml:1866
+#: include/ldap_id_mapping.xml:244
+msgid "Default: False"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1106
+msgid "pam_cert_db_path (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1109
+msgid ""
+"The path to the certificate database which contain the PKCS#11 modules to "
+"access the Smartcard."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1113
+msgid "Default: /etc/pki/nssdb (NSS version)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1118
+msgid "p11_child_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1121
+msgid "How many seconds will pam_sss wait for p11_child to finish."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:1134
+msgid "SUDO configuration options"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:1136
+msgid ""
+"These options can be used to configure the sudo service. The detailed "
+"instructions for configuration of <citerefentry> <refentrytitle>sudo</"
+"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to work with "
+"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
+"</citerefentry> are in the manual page <citerefentry> <refentrytitle>sssd-"
+"sudo</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1153
+msgid "sudo_timed (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1156
+msgid ""
+"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
+"that implement time-dependent sudoers entries."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:1169
+msgid "AUTOFS configuration options"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:1171
+msgid "These options can be used to configure the autofs service."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1175
+msgid "autofs_negative_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1178
+msgid ""
+"Specifies for how many seconds should the autofs responder negative cache "
+"hits (that is, queries for invalid map entries, like nonexistent ones) "
+"before asking the back end again."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:1194
+msgid "SSH configuration options"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:1196
+msgid "These options can be used to configure the SSH service."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1200
+msgid "ssh_hash_known_hosts (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1203
+msgid ""
+"Whether or not to hash host names and addresses in the managed known_hosts "
+"file."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1212
+msgid "ssh_known_hosts_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1215
+msgid ""
+"How many seconds to keep a host in the managed known_hosts file after its "
+"host keys were requested."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1219
+msgid "Default: 180"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1224
+msgid "ca_db (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1227
+msgid ""
+"Path to a storage of trusted CA certificates. The option is used to validate "
+"user certificates before deriving public ssh keys from them."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1232
+msgid "Default: /etc/pki/nssdb"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:1240
+msgid "PAC responder configuration options"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:1242
+msgid ""
+"The PAC responder works together with the authorization data plugin for MIT "
+"Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the "
+"PAC data during a GSSAPI authentication to the PAC responder. The sub-domain "
+"provider collects domain SID and ID ranges of the domain the client is "
+"joined to and of remote trusted domains from the local domain controller. "
+"If the PAC is decoded and evaluated some of the following operations are "
+"done:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
+#: sssd.conf.5.xml:1251
+msgid ""
+"If the remote user does not exist in the cache, it is created. The uid is "
+"determined with the help of the SID, trusted domains will have UPGs and the "
+"gid will have the same value as the uid. The home directory is set based on "
+"the subdomain_homedir parameter. The shell will be empty by default, i.e. "
+"the system defaults are used, but can be overwritten with the default_shell "
+"parameter."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
+#: sssd.conf.5.xml:1259
+msgid ""
+"If there are SIDs of groups from domains sssd knows about, the user will be "
+"added to those groups."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:1265
+msgid "These options can be used to configure the PAC responder."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1269 sssd-ifp.5.xml:50
+msgid "allowed_uids (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1272
+msgid ""
+"Specifies the comma-separated list of UID values or user names that are "
+"allowed to access the PAC responder. User names are resolved to UIDs at "
+"startup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1278
+msgid "Default: 0 (only the root user is allowed to access the PAC responder)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1282
+msgid ""
+"Please note that although the UID 0 is used as the default it will be "
+"overwritten with this option. If you still want to allow the root user to "
+"access the PAC responder, which would be the typical case, you have to add 0 "
+"to the list of allowed UIDs as well."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1291
+msgid "pac_lifetime (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1294
+msgid ""
+"Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC "
+"data can be used to determine the group memberships of a user."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd.conf.5.xml:1309
+msgid "DOMAIN SECTIONS"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1316
+msgid "min_id,max_id (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1319
+msgid ""
+"UID and GID limits for the domain. If a domain contains an entry that is "
+"outside these limits, it is ignored."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1324
+msgid ""
+"For users, this affects the primary GID limit. The user will not be returned "
+"to NSS if either the UID or the primary GID is outside the range. For non-"
+"primary group memberships, those that are in range will be reported as "
+"expected."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1331
+msgid ""
+"These ID limits affect even saving entries to cache, not only returning them "
+"by name or ID."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1335
+msgid "Default: 1 for min_id, 0 (no limit) for max_id"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1341
+msgid "enumerate (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1344
+msgid ""
+"Determines if a domain can be enumerated. This parameter can have one of the "
+"following values:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1348
+msgid "TRUE = Users and groups are enumerated"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1351
+msgid "FALSE = No enumerations for this domain"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1354 sssd.conf.5.xml:1586 sssd.conf.5.xml:1753
+msgid "Default: FALSE"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1357
+msgid ""
+"Note: Enabling enumeration has a moderate performance impact on SSSD while "
+"enumeration is running. It may take up to several minutes after SSSD startup "
+"to fully complete enumerations. During this time, individual requests for "
+"information will go directly to LDAP, though it may be slow, due to the "
+"heavy enumeration processing. Saving a large number of entries to cache "
+"after the enumeration completes might also be CPU intensive as the "
+"memberships have to be recomputed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1370
+msgid ""
+"While the first enumeration is running, requests for the complete user or "
+"group lists may return no results until it completes."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1375
+msgid ""
+"Further, enabling enumeration may increase the time necessary to detect "
+"network disconnection, as longer timeouts are required to ensure that "
+"enumeration lookups are completed successfully. For more information, refer "
+"to the man pages for the specific id_provider in use."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1383
+msgid ""
+"For the reasons cited above, enabling enumeration is not recommended, "
+"especially in large environments."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1391
+msgid "subdomain_enumerate (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1398
+msgid "all"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1399
+msgid "All discovered trusted domains will be enumerated"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1402
+msgid "none"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1403
+msgid "No discovered trusted domains will be enumerated"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1394
+msgid ""
+"Whether any of autodetected trusted domains should be enumerated. The "
+"supported values are: <placeholder type=\"variablelist\" id=\"0\"/> "
+"Optionally, a list of one or more domain names can enable enumeration just "
+"for these trusted domains."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1434
+msgid "entry_cache_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1437
+msgid ""
+"How many seconds should nss_sss consider entries valid before asking the "
+"backend again"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1441
+msgid ""
+"The cache expiration timestamps are stored as attributes of individual "
+"objects in the cache. Therefore, changing the cache timeout only has effect "
+"for newly added or expired entries. You should run the <citerefentry> "
+"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </"
+"citerefentry> tool in order to force refresh of entries that have already "
+"been cached."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1454
+msgid "Default: 5400"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1460
+msgid "entry_cache_user_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1463
+msgid ""
+"How many seconds should nss_sss consider user entries valid before asking "
+"the backend again"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1467 sssd.conf.5.xml:1480 sssd.conf.5.xml:1493
+#: sssd.conf.5.xml:1506 sssd.conf.5.xml:1519 sssd.conf.5.xml:1533
+#: sssd.conf.5.xml:1547
+msgid "Default: entry_cache_timeout"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1473
+msgid "entry_cache_group_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1476
+msgid ""
+"How many seconds should nss_sss consider group entries valid before asking "
+"the backend again"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1486
+msgid "entry_cache_netgroup_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1489
+msgid ""
+"How many seconds should nss_sss consider netgroup entries valid before "
+"asking the backend again"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1499
+msgid "entry_cache_service_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1502
+msgid ""
+"How many seconds should nss_sss consider service entries valid before asking "
+"the backend again"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1512
+msgid "entry_cache_sudo_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1515
+msgid ""
+"How many seconds should sudo consider rules valid before asking the backend "
+"again"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1525
+msgid "entry_cache_autofs_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1528
+msgid ""
+"How many seconds should the autofs service consider automounter maps valid "
+"before asking the backend again"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1539
+msgid "entry_cache_ssh_host_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1542
+msgid ""
+"How many seconds to keep a host ssh key after refresh. IE how long to cache "
+"the host key for."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1553
+msgid "refresh_expired_interval (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1556
+msgid ""
+"Specifies how many seconds SSSD has to wait before triggering a background "
+"refresh task which will refresh all expired or nearly expired records."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1561
+msgid ""
+"The background refresh will process users, groups and netgroups in the cache."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1565
+msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1569 sssd-ldap.5.xml:730 sssd-ipa.5.xml:227
+msgid "Default: 0 (disabled)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1575
+msgid "cache_credentials (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1578
+msgid "Determines if user credentials are also cached in the local LDB cache"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1582
+msgid "User credentials are stored in a SHA512 hash, not in plaintext"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1592
+msgid "cache_credentials_minimal_first_factor_length (int)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1595
+msgid ""
+"If 2-Factor-Authentication (2FA) is used and credentials should be saved "
+"this value determines the minimal length the first authentication factor "
+"(long term password) must have to be saved as SHA512 hash into the cache."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1602
+msgid ""
+"This should avoid that the short PINs of a PIN based 2FA scheme are saved in "
+"the cache which would make them easy targets for brute-force attacks."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1607
+msgid "Default: 8"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1613
+msgid "account_cache_expiration (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1616
+msgid ""
+"Number of days entries are left in cache after last successful login before "
+"being removed during a cleanup of the cache. 0 means keep forever. The "
+"value of this parameter must be greater than or equal to "
+"offline_credentials_expiration."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1623
+msgid "Default: 0 (unlimited)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1628
+msgid "pwd_expiration_warning (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1639
+msgid ""
+"Please note that the backend server has to provide information about the "
+"expiration time of the password. If this information is missing, sssd "
+"cannot display a warning. Also an auth provider has to be configured for the "
+"backend."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1646
+msgid "Default: 7 (Kerberos), 0 (LDAP)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1652
+msgid "id_provider (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1655
+msgid ""
+"The identification provider used for the domain. Supported ID providers are:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1659
+msgid "<quote>proxy</quote>: Support a legacy NSS provider"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1662 sssd.conf.5.xml:1799
+msgid "<quote>local</quote>: SSSD internal provider for local users"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1666
+msgid ""
+"<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-"
+"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
+"information on configuring LDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1674 sssd.conf.5.xml:1779 sssd.conf.5.xml:1834
+#: sssd.conf.5.xml:1897
+msgid ""
+"<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management "
+"provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring "
+"FreeIPA."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1683 sssd.conf.5.xml:1788 sssd.conf.5.xml:1843
+#: sssd.conf.5.xml:1906
+msgid ""
+"<quote>ad</quote>: Active Directory provider. See <citerefentry> "
+"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> for more information on configuring Active Directory."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1694
+msgid "use_fully_qualified_names (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1697
+msgid ""
+"Use the full name and domain (as formatted by the domain's full_name_format) "
+"as the user's login name reported to NSS."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1702
+msgid ""
+"If set to TRUE, all requests to this domain must use fully qualified names. "
+"For example, if used in LOCAL domain that contains a \"test\" user, "
+"<command>getent passwd test</command> wouldn't find the user while "
+"<command>getent passwd test@LOCAL</command> would."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1710
+msgid ""
+"NOTE: This option has no effect on netgroup lookups due to their tendency to "
+"include nested netgroups without qualified names. For netgroups, all domains "
+"will be searched when an unqualified name is requested."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1717
+msgid "Default: FALSE (TRUE if default_domain_suffix is used)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1723
+msgid "ignore_group_members (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1726
+msgid "Do not return group members for group lookups."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1729
+msgid ""
+"If set to TRUE, the group membership attribute is not requested from the "
+"ldap server, and group members are not returned when processing group lookup "
+"calls, such as <citerefentry> <refentrytitle>getgrnam</refentrytitle> "
+"<manvolnum>3</manvolnum> </citerefentry> or <citerefentry> "
+"<refentrytitle>getgrgid</refentrytitle> <manvolnum>3</manvolnum> </"
+"citerefentry>. As an effect, <quote>getent group $groupname</quote> would "
+"return the requested group as if it was empty."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1747
+msgid ""
+"Enabling this option can also make access provider checks for group "
+"membership significantly faster, especially for groups containing many "
+"members."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1758
+msgid "auth_provider (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1761
+msgid ""
+"The authentication provider used for the domain. Supported auth providers "
+"are:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1765 sssd.conf.5.xml:1827
+msgid ""
+"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
+"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> for more information on configuring LDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1772
+msgid ""
+"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
+"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> for more information on configuring Kerberos."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1796
+msgid ""
+"<quote>proxy</quote> for relaying authentication to some other PAM target."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1803
+msgid "<quote>none</quote> disables authentication explicitly."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1806
+msgid ""
+"Default: <quote>id_provider</quote> is used if it is set and can handle "
+"authentication requests."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1812
+msgid "access_provider (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1815
+msgid ""
+"The access control provider used for the domain. There are two built-in "
+"access providers (in addition to any included in installed backends) "
+"Internal special providers are:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1821
+msgid ""
+"<quote>permit</quote> always allow access. It's the only permitted access "
+"provider for a local domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1824
+msgid "<quote>deny</quote> always deny access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1851
+msgid ""
+"<quote>simple</quote> access control based on access or deny lists. See "
+"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
+"manvolnum></citerefentry> for more information on configuring the simple "
+"access module."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1858
+msgid ""
+"<quote>krb5</quote>: .k5login based access control. See <citerefentry> "
+"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></"
+"citerefentry> for more information on configuring Kerberos."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1865
+msgid "<quote>proxy</quote> for relaying access control to another PAM module."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1868
+msgid "Default: <quote>permit</quote>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1873
+msgid "chpass_provider (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1876
+msgid ""
+"The provider which should handle change password operations for the domain. "
+"Supported change password providers are:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1881
+msgid ""
+"<quote>ldap</quote> to change a password stored in a LDAP server. See "
+"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> for more information on configuring LDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1889
+msgid ""
+"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
+"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> for more information on configuring Kerberos."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1914
+msgid ""
+"<quote>proxy</quote> for relaying password changes to some other PAM target."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1918
+msgid "<quote>none</quote> disallows password changes explicitly."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1921
+msgid ""
+"Default: <quote>auth_provider</quote> is used if it is set and can handle "
+"change password requests."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1928
+msgid "sudo_provider (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1931
+msgid "The SUDO provider used for the domain. Supported SUDO providers are:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1935
+msgid ""
+"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
+"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> for more information on configuring LDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1943
+msgid ""
+"<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default "
+"settings."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1947
+msgid ""
+"<quote>ad</quote> the same as <quote>ldap</quote> but with AD default "
+"settings."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1951
+msgid "<quote>none</quote> disables SUDO explicitly."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1954 sssd.conf.5.xml:2032 sssd.conf.5.xml:2073
+#: sssd.conf.5.xml:2098
+msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1958
+msgid ""
+"The detailed instructions for configuration of sudo_provider are in the "
+"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry>. There are many configuration "
+"options that can be used to adjust the behavior. Please refer to "
+"\"ldap_sudo_*\" in <citerefentry> <refentrytitle>sssd-ldap</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1975
+msgid "selinux_provider (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1978
+msgid ""
+"The provider which should handle loading of selinux settings. Note that this "
+"provider will be called right after access provider ends. Supported selinux "
+"providers are:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1984
+msgid ""
+"<quote>ipa</quote> to load selinux settings from an IPA server. See "
+"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> for more information on configuring IPA."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1992
+msgid "<quote>none</quote> disallows fetching selinux settings explicitly."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1995
+msgid ""
+"Default: <quote>id_provider</quote> is used if it is set and can handle "
+"selinux loading requests."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2001
+msgid "subdomains_provider (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2004
+msgid ""
+"The provider which should handle fetching of subdomains. This value should "
+"be always the same as id_provider. Supported subdomain providers are:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2010
+msgid ""
+"<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
+"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> for more information on configuring IPA."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2019
+msgid ""
+"<quote>ad</quote> to load a list of subdomains from an Active Directory "
+"server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring "
+"the AD provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2028
+msgid "<quote>none</quote> disallows fetching subdomains explicitly."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2039
+msgid "autofs_provider (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2042
+msgid ""
+"The autofs provider used for the domain. Supported autofs providers are:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2046
+msgid ""
+"<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
+"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> for more information on configuring LDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2053
+msgid ""
+"<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
+"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> for more information on configuring IPA."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2061
+msgid ""
+"<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> "
+"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> for more information on configuring the AD provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2070
+msgid "<quote>none</quote> disables autofs explicitly."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2080
+msgid "hostid_provider (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2083
+msgid ""
+"The provider used for retrieving host identity information. Supported "
+"hostid providers are:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2087
+msgid ""
+"<quote>ipa</quote> to load host identity stored in an IPA server. See "
+"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> for more information on configuring IPA."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2095
+msgid "<quote>none</quote> disables hostid explicitly."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2108
+msgid ""
+"Regular expression for this domain that describes how to parse the string "
+"containing user name and domain into these components. The \"domain\" can "
+"match either the SSSD configuration domain name, or, in the case of IPA "
+"trust subdomains and Active Directory domains, the flat (NetBIOS) name of "
+"the domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2117
+msgid ""
+"Default for the AD and IPA provider: <quote>(((?P&lt;domain&gt;[^\\\\]+)\\"
+"\\(?P&lt;name&gt;.+$))|((?P&lt;name&gt;[^@]+)@(?P&lt;domain&gt;.+$))|(^(?"
+"P&lt;name&gt;[^@\\\\]+)$))</quote> which allows three different styles for "
+"user names:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd.conf.5.xml:2122
+msgid "username"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd.conf.5.xml:2125
+msgid "username@domain.name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd.conf.5.xml:2128
+msgid "domain\\username"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2131
+msgid ""
+"While the first two correspond to the general default the third one is "
+"introduced to allow easy integration of users from Windows domains."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2136
+msgid ""
+"Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
+"which translates to \"the name is everything up to the <quote>@</quote> "
+"sign, the domain everything after that\""
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2142
+msgid ""
+"PLEASE NOTE: the support for non-unique named subpatterns is not available "
+"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
+"version 7 or higher can support non-unique named subpatterns."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2149
+msgid ""
+"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
+"P&lt;name&gt;) to label subpatterns."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2196
+msgid "Default: <quote>%1$s@%2$s</quote>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2202
+msgid "lookup_family_order (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2205
+msgid ""
+"Provides the ability to select preferred address family to use when "
+"performing DNS lookups."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2209
+msgid "Supported values:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2212
+msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2215
+msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2218
+msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2221
+msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2224
+msgid "Default: ipv4_first"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2230
+msgid "dns_resolver_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2233
+msgid ""
+"Defines the amount of time (in seconds) to wait for a reply from the DNS "
+"resolver before assuming that it is unreachable. If this timeout is reached, "
+"the domain will continue to operate in offline mode."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2239 sssd-ldap.5.xml:1221 sssd-ldap.5.xml:1263
+#: sssd-ldap.5.xml:1281 sssd-krb5.5.xml:248
+msgid "Default: 6"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2245
+msgid "dns_discovery_domain (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2248
+msgid ""
+"If service discovery is used in the back end, specifies the domain part of "
+"the service discovery DNS query."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2252
+msgid "Default: Use the domain part of machine's hostname"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2258
+msgid "override_gid (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2261
+msgid "Override the primary GID value with the one specified."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2267
+msgid "case_sensitive (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2275
+msgid "True"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2278
+msgid "Case sensitive. This value is invalid for AD provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2284
+msgid "False"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2286
+msgid "Case insensitive."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2290
+msgid "Preserving"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2293
+msgid ""
+"Same as False (case insensitive), but does not lowercase names in the result "
+"of NSS operations. Note that name aliases (and in case of services also "
+"protocol names) are still lowercased in the output."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2270
+msgid ""
+"Treat user and group names as case sensitive. At the moment, this option is "
+"not supported in the local provider. Possible option values are: "
+"<placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2305
+msgid "Default: True (False for AD provider)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2311
+msgid "subdomain_inherit (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2314
+msgid ""
+"Specifies a list of configuration parameters that should be inherited by a "
+"subdomain. Please note that only selected parameters can be inherited. "
+"Currently the following options can be inherited:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2320
+msgid "ignore_group_members"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2323
+msgid "ldap_purge_cache_timeout"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2326 sssd-ldap.5.xml:1054
+msgid "ldap_use_tokengroups"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2329
+msgid "ldap_user_principal"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2332
+msgid ""
+"ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab "
+"is not set explicitly)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd.conf.5.xml:2338
+#, no-wrap
+msgid ""
+"subdomain_inherit = ldap_purge_cache_timeout\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2336
+msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2345
+msgid "Note: This option only works with the IPA and AD provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2352
+msgid "subdomain_homedir (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2363
+msgid "%F"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2364
+msgid "flat (NetBIOS) name of a subdomain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2355
+msgid ""
+"Use this homedir as default value for all subdomains within this domain in "
+"IPA AD trust. See <emphasis>override_homedir</emphasis> for info about "
+"possible values. In addition to those, the expansion below can only be used "
+"with <emphasis>subdomain_homedir</emphasis>. <placeholder type="
+"\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2369
+msgid ""
+"The value can be overridden by <emphasis>override_homedir</emphasis> option."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2373
+msgid "Default: <filename>/home/%d/%u</filename>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2378
+msgid "realmd_tags (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2381
+msgid ""
+"Various tags stored by the realmd configuration service for this domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2387
+msgid "cached_auth_timeout (int)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2390
+msgid ""
+"Specifies time in seconds since last successful online authentication for "
+"which user will be authenticated using cached credentials while SSSD is in "
+"the online mode."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2396
+msgid "Special value 0 implies that this feature is disabled."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2400
+msgid ""
+"Please note that if <quote>cached_auth_timeout</quote> is longer than "
+"<quote>pam_id_timeout</quote> then the back end could be called to handle "
+"<quote>initgroups.</quote>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:1311
+msgid ""
+"These configuration options can be present in a domain configuration "
+"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
+"replaceable>]</quote> <placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2418
+msgid "proxy_pam_target (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2421
+msgid "The proxy target PAM proxies to."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2424
+msgid ""
+"Default: not set by default, you have to take an existing pam configuration "
+"or create a new one and add the service name here."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2432
+msgid "proxy_lib_name (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2435
+msgid ""
+"The name of the NSS library to use in proxy domains. The NSS functions "
+"searched for in the library are in the form of _nss_$(libName)_$(function), "
+"for example _nss_files_getpwent."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2445
+msgid "proxy_fast_alias (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2448
+msgid ""
+"When a user or group is looked up by name in the proxy provider, a second "
+"lookup by ID is performed to \"canonicalize\" the name in case the requested "
+"name was an alias. Setting this option to true would cause the SSSD to "
+"perform the ID lookup from cache for performance reasons."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:2414
+msgid ""
+"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
+"\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:2465
+msgid "The local domain section"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:2467
+msgid ""
+"This section contains settings for domain that stores users and groups in "
+"SSSD native database, that is, a domain that uses "
+"<replaceable>id_provider=local</replaceable>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2474
+msgid "default_shell (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2477
+msgid "The default shell for users created with SSSD userspace tools."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2481
+msgid "Default: <filename>/bin/bash</filename>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2486
+msgid "base_directory (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2489
+msgid ""
+"The tools append the login name to <replaceable>base_directory</replaceable> "
+"and use that as the home directory."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2494
+msgid "Default: <filename>/home</filename>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2499
+msgid "create_homedir (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2502
+msgid ""
+"Indicate if a home directory should be created by default for new users. "
+"Can be overridden on command line."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2506 sssd.conf.5.xml:2518
+msgid "Default: TRUE"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2511
+msgid "remove_homedir (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2514
+msgid ""
+"Indicate if a home directory should be removed by default for deleted "
+"users. Can be overridden on command line."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2523
+msgid "homedir_umask (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2526
+msgid ""
+"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
+"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
+"on a newly created home directory."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2534
+msgid "Default: 077"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2539
+msgid "skel_dir (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2542
+msgid ""
+"The skeleton directory, which contains files and directories to be copied in "
+"the user's home directory, when the home directory is created by "
+"<citerefentry> <refentrytitle>sss_useradd</refentrytitle> <manvolnum>8</"
+"manvolnum> </citerefentry>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2552
+msgid "Default: <filename>/etc/skel</filename>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2557
+msgid "mail_dir (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2560
+msgid ""
+"The mail spool directory. This is needed to manipulate the mailbox when its "
+"corresponding user account is modified or deleted. If not specified, a "
+"default value is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2567
+msgid "Default: <filename>/var/mail</filename>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2572
+msgid "userdel_cmd (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2575
+msgid ""
+"The command that is run after a user is removed. The command us passed the "
+"username of the user being removed as the first and only parameter. The "
+"return code of the command is not taken into account."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2581
+msgid "Default: None, no command is run"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd.conf.5.xml:2591 sssd-ldap.5.xml:2629 sssd-simple.5.xml:131
+#: sssd-ipa.5.xml:717 sssd-ad.5.xml:965 sssd-krb5.5.xml:564
+#: sss_rpcidmapd.5.xml:98
+msgid "EXAMPLE"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd.conf.5.xml:2597
+#, no-wrap
+msgid ""
+"[sssd]\n"
+"domains = LDAP\n"
+"services = nss, pam\n"
+"config_file_version = 2\n"
+"\n"
+"[nss]\n"
+"filter_groups = root\n"
+"filter_users = root\n"
+"\n"
+"[pam]\n"
+"\n"
+"[domain/LDAP]\n"
+"id_provider = ldap\n"
+"ldap_uri = ldap://ldap.example.com\n"
+"ldap_search_base = dc=example,dc=com\n"
+"\n"
+"auth_provider = krb5\n"
+"krb5_server = kerberos.example.com\n"
+"krb5_realm = EXAMPLE.COM\n"
+"cache_credentials = true\n"
+"\n"
+"min_id = 10000\n"
+"max_id = 20000\n"
+"enumerate = False\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:2593
+msgid ""
+"The following example shows a typical SSSD config. It does not describe "
+"configuration of the domains themselves - refer to documentation on "
+"configuring domains for more details. <placeholder type=\"programlisting\" "
+"id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-ldap.5.xml:10 sssd-ldap.5.xml:16
+msgid "sssd-ldap"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-ldap.5.xml:17
+msgid "SSSD LDAP provider"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ldap.5.xml:23
+msgid ""
+"This manual page describes the configuration of LDAP domains for "
+"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
+"</citerefentry>. Refer to the <quote>FILE FORMAT</quote> section of the "
+"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> manual page for detailed syntax information."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ldap.5.xml:35
+msgid "You can configure SSSD to use more than one LDAP domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ldap.5.xml:38
+msgid ""
+"LDAP back end supports id, auth, access and chpass providers. If you want to "
+"authenticate against an LDAP server either TLS/SSL or LDAPS is required. "
+"<command>sssd</command> <emphasis>does not</emphasis> support authentication "
+"over an unencrypted channel. If the LDAP server is used only as an identity "
+"provider, an encrypted channel is not needed. Please refer to "
+"<quote>ldap_access_filter</quote> config option for more information about "
+"using LDAP as an access provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:89
+#: sssd-krb5.5.xml:63 sssd-ifp.5.xml:44
+msgid "CONFIGURATION OPTIONS"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:60
+msgid "ldap_uri, ldap_backup_uri (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:63
+msgid ""
+"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD "
+"should connect in the order of preference. Refer to the <quote>FAILOVER</"
+"quote> section for more information on failover and server redundancy. If "
+"neither option is specified, service discovery is enabled. For more "
+"information, refer to the <quote>SERVICE DISCOVERY</quote> section."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:70
+msgid "The format of the URI must match the format defined in RFC 2732:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:73
+msgid "ldap[s]://&lt;host&gt;[:port]"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:76
+msgid ""
+"For explicit IPv6 addresses, &lt;host&gt; must be enclosed in brackets []"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:79
+msgid "example: ldap://[fc00::126:25]:389"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:85
+msgid "ldap_chpass_uri, ldap_chpass_backup_uri (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:88
+msgid ""
+"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD "
+"should connect in the order of preference to change the password of a user. "
+"Refer to the <quote>FAILOVER</quote> section for more information on "
+"failover and server redundancy."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:95
+msgid "To enable service discovery ldap_chpass_dns_service_name must be set."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:99
+msgid "Default: empty, i.e. ldap_uri is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:105
+msgid "ldap_search_base (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:108
+msgid "The default base DN to use for performing LDAP user operations."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:112
+msgid ""
+"Starting with SSSD 1.7.0, SSSD supports multiple search bases using the "
+"syntax:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:116
+msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:119
+msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: sssd-ldap.5.xml:122 include/ldap_search_bases.xml:18
+msgid ""
+"The filter must be a valid LDAP search filter as specified by http://www."
+"ietf.org/rfc/rfc2254.txt"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:646 sssd-ad.5.xml:220
+#: sss_override.8.xml:137 sss_override.8.xml:234
+msgid "Examples:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:129
+msgid ""
+"ldap_search_base = dc=example,dc=com (which is equivalent to) "
+"ldap_search_base = dc=example,dc=com?subtree?"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:134
+msgid ""
+"ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?"
+"(host=thishost)?dc=example.com?subtree?"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:137
+msgid ""
+"Note: It is unsupported to have multiple search bases which reference "
+"identically-named objects (for example, groups with the same name in two "
+"different search bases). This will lead to unpredictable behavior on client "
+"machines."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:144
+msgid ""
+"Default: If not set, the value of the defaultNamingContext or namingContexts "
+"attribute from the RootDSE of the LDAP server is used. If "
+"defaultNamingContext does not exist or has an empty value namingContexts is "
+"used. The namingContexts attribute must have a single value with the DN of "
+"the search base of the LDAP server to make this work. Multiple values are "
+"are not supported."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:158
+msgid "ldap_schema (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:161
+msgid ""
+"Specifies the Schema Type in use on the target LDAP server. Depending on "
+"the selected schema, the default attribute names retrieved from the servers "
+"may vary. The way that some attributes are handled may also differ."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:168
+msgid "Four schema types are currently supported:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ldap.5.xml:172
+msgid "rfc2307"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ldap.5.xml:177
+msgid "rfc2307bis"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ldap.5.xml:182
+msgid "IPA"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ldap.5.xml:187
+msgid "AD"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:193
+msgid ""
+"The main difference between these schema types is how group memberships are "
+"recorded in the server. With rfc2307, group members are listed by name in "
+"the <emphasis>memberUid</emphasis> attribute. With rfc2307bis and IPA, "
+"group members are listed by DN and stored in the <emphasis>member</emphasis> "
+"attribute. The AD schema type sets the attributes to correspond with Active "
+"Directory 2008r2 values."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:203
+msgid "Default: rfc2307"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:209
+msgid "ldap_default_bind_dn (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:212
+msgid "The default bind DN to use for performing LDAP operations."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:219
+msgid "ldap_default_authtok_type (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:222
+msgid "The type of the authentication token of the default bind DN."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:226
+msgid "The two mechanisms currently supported are:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:229
+msgid "password"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:232
+msgid "obfuscated_password"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:235
+msgid "Default: password"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:241
+msgid "ldap_default_authtok (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:244
+msgid ""
+"The authentication token of the default bind DN. Only clear text passwords "
+"are currently supported."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:251
+msgid "ldap_user_object_class (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:254
+msgid "The object class of a user entry in LDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:257
+msgid "Default: posixAccount"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:263
+msgid "ldap_user_name (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:266
+msgid "The LDAP attribute that corresponds to the user's login name."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:270
+msgid "Default: uid"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:276
+msgid "ldap_user_uid_number (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:279
+msgid "The LDAP attribute that corresponds to the user's id."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:283
+msgid "Default: uidNumber"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:289
+msgid "ldap_user_gid_number (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:292
+msgid "The LDAP attribute that corresponds to the user's primary group id."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:296 sssd-ldap.5.xml:863
+msgid "Default: gidNumber"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:302
+msgid "ldap_user_gecos (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:305
+msgid "The LDAP attribute that corresponds to the user's gecos field."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:309
+msgid "Default: gecos"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:315
+msgid "ldap_user_home_directory (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:318
+msgid "The LDAP attribute that contains the name of the user's home directory."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:322
+msgid "Default: homeDirectory"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:328
+msgid "ldap_user_shell (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:331
+msgid "The LDAP attribute that contains the path to the user's default shell."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:335
+msgid "Default: loginShell"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:341
+msgid "ldap_user_uuid (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:344
+msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:348 sssd-ldap.5.xml:889
+msgid ""
+"Default: not set in the general case, objectGUID for AD and ipaUniqueID for "
+"IPA"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:355
+msgid "ldap_user_objectsid (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:358
+msgid ""
+"The LDAP attribute that contains the objectSID of an LDAP user object. This "
+"is usually only necessary for ActiveDirectory servers."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:363 sssd-ldap.5.xml:904
+msgid "Default: objectSid for ActiveDirectory, not set for other servers."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:370
+msgid "ldap_user_modify_timestamp (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:373 sssd-ldap.5.xml:914 sssd-ldap.5.xml:1137
+msgid ""
+"The LDAP attribute that contains timestamp of the last modification of the "
+"parent object."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:377 sssd-ldap.5.xml:918 sssd-ldap.5.xml:1144
+msgid "Default: modifyTimestamp"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:383
+msgid "ldap_user_shadow_last_change (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:386
+msgid ""
+"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
+"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
+"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (date of "
+"the last password change)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:396
+msgid "Default: shadowLastChange"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:402
+msgid "ldap_user_shadow_min (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:405
+msgid ""
+"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
+"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
+"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (minimum "
+"password age)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:414
+msgid "Default: shadowMin"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:420
+msgid "ldap_user_shadow_max (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:423
+msgid ""
+"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
+"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
+"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (maximum "
+"password age)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:432
+msgid "Default: shadowMax"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:438
+msgid "ldap_user_shadow_warning (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:441
+msgid ""
+"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
+"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
+"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart "
+"(password warning period)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:451
+msgid "Default: shadowWarning"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:457
+msgid "ldap_user_shadow_inactive (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:460
+msgid ""
+"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
+"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
+"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart "
+"(password inactivity period)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:470
+msgid "Default: shadowInactive"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:476
+msgid "ldap_user_shadow_expire (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:479
+msgid ""
+"When using ldap_pwd_policy=shadow or ldap_account_expire_policy=shadow, this "
+"parameter contains the name of an LDAP attribute corresponding to its "
+"<citerefentry> <refentrytitle>shadow</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> counterpart (account expiration date)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:489
+msgid "Default: shadowExpire"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:495
+msgid "ldap_user_krb_last_pwd_change (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:498
+msgid ""
+"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
+"an LDAP attribute storing the date and time of last password change in "
+"kerberos."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:504
+msgid "Default: krbLastPwdChange"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:510
+msgid "ldap_user_krb_password_expiration (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:513
+msgid ""
+"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
+"an LDAP attribute storing the date and time when current password expires."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:519
+msgid "Default: krbPasswordExpiration"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:525
+msgid "ldap_user_ad_account_expires (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:528
+msgid ""
+"When using ldap_account_expire_policy=ad, this parameter contains the name "
+"of an LDAP attribute storing the expiration time of the account."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:533
+msgid "Default: accountExpires"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:539
+msgid "ldap_user_ad_user_account_control (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:542
+msgid ""
+"When using ldap_account_expire_policy=ad, this parameter contains the name "
+"of an LDAP attribute storing the user account control bit field."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:547
+msgid "Default: userAccountControl"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:553
+msgid "ldap_ns_account_lock (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:556
+msgid ""
+"When using ldap_account_expire_policy=rhds or equivalent, this parameter "
+"determines if access is allowed or not."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:561
+msgid "Default: nsAccountLock"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:567
+msgid "ldap_user_nds_login_disabled (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:570
+msgid ""
+"When using ldap_account_expire_policy=nds, this attribute determines if "
+"access is allowed or not."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:574 sssd-ldap.5.xml:588
+msgid "Default: loginDisabled"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:580
+msgid "ldap_user_nds_login_expiration_time (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:583
+msgid ""
+"When using ldap_account_expire_policy=nds, this attribute determines until "
+"which date access is granted."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:594
+msgid "ldap_user_nds_login_allowed_time_map (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:597
+msgid ""
+"When using ldap_account_expire_policy=nds, this attribute determines the "
+"hours of a day in a week when access is granted."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:602
+msgid "Default: loginAllowedTimeMap"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:608
+msgid "ldap_user_principal (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:611
+msgid ""
+"The LDAP attribute that contains the user's Kerberos User Principal Name "
+"(UPN)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:615
+msgid "Default: krbPrincipalName"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:621
+msgid "ldap_user_extra_attrs (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:624
+msgid ""
+"Comma-separated list of LDAP attributes that SSSD would fetch along with the "
+"usual set of user attributes."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:629
+msgid ""
+"The list can either contain LDAP attribute names only, or colon-separated "
+"tuples of SSSD cache attribute name and LDAP attribute name. In case only "
+"LDAP attribute name is specified, the attribute is saved to the cache "
+"verbatim. Using a custom SSSD attribute name might be required by "
+"environments that configure several SSSD domains with different LDAP schemas."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:639
+msgid ""
+"Please note that several attribute names are reserved by SSSD, notably the "
+"<quote>name</quote> attribute. SSSD would report an error if any of the "
+"reserved attribute names is used as an extra attribute name."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:649
+msgid "ldap_user_extra_attrs = telephoneNumber"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:652
+msgid ""
+"Save the <quote>telephoneNumber</quote> attribute from LDAP as "
+"<quote>telephoneNumber</quote> to the cache."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:656
+msgid "ldap_user_extra_attrs = phone:telephoneNumber"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:659
+msgid ""
+"Save the <quote>telephoneNumber</quote> attribute from LDAP as <quote>phone</"
+"quote> to the cache."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:669
+msgid "ldap_user_ssh_public_key (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:672
+msgid "The LDAP attribute that contains the user's SSH public keys."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:676
+msgid "Default: sshPublicKey"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:682
+msgid "ldap_force_upper_case_realm (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:685
+msgid ""
+"Some directory servers, for example Active Directory, might deliver the "
+"realm part of the UPN in lower case, which might cause the authentication to "
+"fail. Set this option to a non-zero value if you want to use an upper-case "
+"realm."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:698
+msgid "ldap_enumeration_refresh_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:701
+msgid ""
+"Specifies how many seconds SSSD has to wait before refreshing its cache of "
+"enumerated records."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:712
+msgid "ldap_purge_cache_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:715
+msgid ""
+"Determine how often to check the cache for inactive entries (such as groups "
+"with no members and users who have never logged in) and remove them to save "
+"space."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:721
+msgid ""
+"Setting this option to zero will disable the cache cleanup operation. Please "
+"note that if enumeration is enabled, the cleanup task is required in order "
+"to detect entries removed from the server and can't be disabled. By default, "
+"the cleanup task will run every 3 hours with enumeration enabled."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:736
+msgid "ldap_user_fullname (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:739
+msgid "The LDAP attribute that corresponds to the user's full name."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:743 sssd-ldap.5.xml:850 sssd-ldap.5.xml:1095
+#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:2210 sssd-ipa.5.xml:590
+msgid "Default: cn"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:749
+msgid "ldap_user_member_of (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:752
+msgid "The LDAP attribute that lists the user's group memberships."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:756
+msgid "Default: memberOf"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:762
+msgid "ldap_user_authorized_service (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:765
+msgid ""
+"If access_provider=ldap and ldap_access_order=authorized_service, SSSD will "
+"use the presence of the authorizedService attribute in the user's LDAP entry "
+"to determine access privilege."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:772
+msgid ""
+"An explicit deny (!svc) is resolved first. Second, SSSD searches for "
+"explicit allow (svc) and finally for allow_all (*)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:777
+msgid ""
+"Please note that the ldap_access_order configuration option <emphasis>must</"
+"emphasis> include <quote>authorized_service</quote> in order for the "
+"ldap_user_authorized_service option to work."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:784
+msgid "Default: authorizedService"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:790
+msgid "ldap_user_authorized_host (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:793
+msgid ""
+"If access_provider=ldap and ldap_access_order=host, SSSD will use the "
+"presence of the host attribute in the user's LDAP entry to determine access "
+"privilege."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:799
+msgid ""
+"An explicit deny (!host) is resolved first. Second, SSSD searches for "
+"explicit allow (host) and finally for allow_all (*)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:804
+msgid ""
+"Please note that the ldap_access_order configuration option <emphasis>must</"
+"emphasis> include <quote>host</quote> in order for the "
+"ldap_user_authorized_host option to work."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:811
+msgid "Default: host"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:817
+msgid "ldap_user_certificate (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:820
+msgid "Name of the LDAP attribute containing the X509 certificate of the user."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:824
+msgid "Default: no set in the general case, userCertificate;binary for IPA"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:831
+msgid "ldap_group_object_class (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:834
+msgid "The object class of a group entry in LDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:837
+msgid "Default: posixGroup"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:843
+msgid "ldap_group_name (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:846
+msgid "The LDAP attribute that corresponds to the group name."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:856
+msgid "ldap_group_gid_number (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:859
+msgid "The LDAP attribute that corresponds to the group's id."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:869
+msgid "ldap_group_member (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:872
+msgid "The LDAP attribute that contains the names of the group's members."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:876
+msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:882
+msgid "ldap_group_uuid (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:885
+msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:896
+msgid "ldap_group_objectsid (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:899
+msgid ""
+"The LDAP attribute that contains the objectSID of an LDAP group object. This "
+"is usually only necessary for ActiveDirectory servers."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:911
+msgid "ldap_group_modify_timestamp (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:924
+msgid "ldap_group_type (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:927
+msgid ""
+"The LDAP attribute that contains an integer value indicating the type of the "
+"group and maybe other flags."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:932
+msgid ""
+"This attribute is currently only used by the AD provider to determine if a "
+"group is a domain local groups and has to be filtered out for trusted "
+"domains."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:938
+msgid "Default: groupType in the AD provider, othewise not set"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:945
+msgid "ldap_group_external_member (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:948
+msgid ""
+"The LDAP attribute that references group members that are defined in an "
+"external domain. At the moment, only IPA's external members are supported."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:954
+msgid "Default: ipaExternalMember in the IPA provider, otherwise unset."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:961
+msgid "ldap_group_nesting_level (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:964
+msgid ""
+"If ldap_schema is set to a schema format that supports nested groups (e.g. "
+"RFC2307bis), then this option controls how many levels of nesting SSSD will "
+"follow. This option has no effect on the RFC2307 schema."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:971
+msgid ""
+"Note: This option specifies the guaranteed level of nested groups to be "
+"processed for any lookup. However, nested groups beyond this limit "
+"<emphasis>may be</emphasis> returned if previous lookups already resolved "
+"the deeper nesting levels. Also, subsequent lookups for other groups may "
+"enlarge the result set for original lookup if re-queried."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:980
+msgid ""
+"If ldap_group_nesting_level is set to 0 then no nested groups are processed "
+"at all. However, when connected to Active-Directory Server 2008 and later "
+"using <quote>id_provider=ad</quote> it is furthermore required to disable "
+"usage of Token-Groups by setting ldap_use_tokengroups to false in order to "
+"restrict group nesting."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:989
+msgid "Default: 2"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:995
+msgid "ldap_groups_use_matching_rule_in_chain"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:998
+msgid ""
+"This option tells SSSD to take advantage of an Active Directory-specific "
+"feature which may speed up group lookup operations on deployments with "
+"complex or deep nested groups."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1004
+msgid ""
+"In most common cases, it is best to leave this option disabled. It generally "
+"only provides a performance increase on very complex nestings."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1009 sssd-ldap.5.xml:1036
+msgid ""
+"If this option is enabled, SSSD will use it if it detects that the server "
+"supports it during initial connection. So \"True\" here essentially means "
+"\"auto-detect\"."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1015 sssd-ldap.5.xml:1042
+msgid ""
+"Note: This feature is currently known to work only with Active Directory "
+"2008 R1 and later. See <ulink url=\"http://msdn.microsoft.com/en-us/library/"
+"windows/desktop/aa746475%28v=vs.85%29.aspx\"> MSDN(TM) documentation</ulink> "
+"for more details."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1027
+msgid "ldap_initgroups_use_matching_rule_in_chain"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1030
+msgid ""
+"This option tells SSSD to take advantage of an Active Directory-specific "
+"feature which might speed up initgroups operations (most notably when "
+"dealing with complex or deep nested groups)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1057
+msgid ""
+"This options enables or disables use of Token-Groups attribute when "
+"performing initgroup for users from Active Directory Server 2008 and later."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1062
+msgid "Default: True for AD and IPA otherwise False."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1068
+msgid "ldap_netgroup_object_class (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1071
+msgid "The object class of a netgroup entry in LDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1074
+msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1078
+msgid "Default: nisNetgroup"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1084
+msgid "ldap_netgroup_name (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1087
+msgid "The LDAP attribute that corresponds to the netgroup name."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1091
+msgid "In IPA provider, ipa_netgroup_name should be used instead."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1101
+msgid "ldap_netgroup_member (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1104
+msgid "The LDAP attribute that contains the names of the netgroup's members."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1108
+msgid "In IPA provider, ipa_netgroup_member should be used instead."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1112
+msgid "Default: memberNisNetgroup"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1118
+msgid "ldap_netgroup_triple (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1121
+msgid ""
+"The LDAP attribute that contains the (host, user, domain) netgroup triples."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1125 sssd-ldap.5.xml:1141
+msgid "This option is not available in IPA provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1128
+msgid "Default: nisNetgroupTriple"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1134
+msgid "ldap_netgroup_modify_timestamp (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1150
+msgid "ldap_service_object_class (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1153
+msgid "The object class of a service entry in LDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1156
+msgid "Default: ipService"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1162
+msgid "ldap_service_name (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1165
+msgid ""
+"The LDAP attribute that contains the name of service attributes and their "
+"aliases."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1175
+msgid "ldap_service_port (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1178
+msgid "The LDAP attribute that contains the port managed by this service."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1182
+msgid "Default: ipServicePort"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1188
+msgid "ldap_service_proto (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1191
+msgid ""
+"The LDAP attribute that contains the protocols understood by this service."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1195
+msgid "Default: ipServiceProtocol"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1201
+msgid "ldap_service_search_base (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1206
+msgid "ldap_search_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1209
+msgid ""
+"Specifies the timeout (in seconds) that ldap searches are allowed to run "
+"before they are cancelled and cached results are returned (and offline mode "
+"is entered)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1215
+msgid ""
+"Note: this option is subject to change in future versions of the SSSD. It "
+"will likely be replaced at some point by a series of timeouts for specific "
+"lookup types."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1227
+msgid "ldap_enumeration_search_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1230
+msgid ""
+"Specifies the timeout (in seconds) that ldap searches for user and group "
+"enumerations are allowed to run before they are cancelled and cached results "
+"are returned (and offline mode is entered)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1243
+msgid "ldap_network_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1246
+msgid ""
+"Specifies the timeout (in seconds) after which the <citerefentry> "
+"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
+"<citerefentry> <refentrytitle>select</refentrytitle> <manvolnum>2</"
+"manvolnum> </citerefentry> following a <citerefentry> "
+"<refentrytitle>connect</refentrytitle> <manvolnum>2</manvolnum> </"
+"citerefentry> returns in case of no activity."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1269
+msgid "ldap_opt_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1272
+msgid ""
+"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
+"will abort if no response is received. Also controls the timeout when "
+"communicating with the KDC in case of SASL bind, the timeout of an LDAP bind "
+"operation, password change extended operation and the StartTLS operation."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1287
+msgid "ldap_connection_expire_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1290
+msgid ""
+"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
+"maintained. After this time, the connection will be re-established. If used "
+"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. "
+"the TGT lifetime) will be used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1298 sssd-ldap.5.xml:2367
+msgid "Default: 900 (15 minutes)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1304
+msgid "ldap_page_size (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1307
+msgid ""
+"Specify the number of records to retrieve from LDAP in a single request. "
+"Some LDAP servers enforce a maximum limit per-request."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1312
+msgid "Default: 1000"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1318
+msgid "ldap_disable_paging (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1321
+msgid ""
+"Disable the LDAP paging control. This option should be used if the LDAP "
+"server reports that it supports the LDAP paging control in its RootDSE but "
+"it is not enabled or does not behave properly."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1327
+msgid ""
+"Example: OpenLDAP servers with the paging control module installed on the "
+"server but not enabled will report it in the RootDSE but be unable to use it."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1333
+msgid ""
+"Example: 389 DS has a bug where it can only support a one paging control at "
+"a time on a single connection. On busy clients, this can result in some "
+"requests being denied."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1345
+msgid "ldap_disable_range_retrieval (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1348
+msgid "Disable Active Directory range retrieval."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1351
+msgid ""
+"Active Directory limits the number of members to be retrieved in a single "
+"lookup using the MaxValRange policy (which defaults to 1500 members). If a "
+"group contains more members, the reply would include an AD-specific range "
+"extension. This option disables parsing of the range extension, therefore "
+"large groups will appear as having no members."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1366
+msgid "ldap_sasl_minssf (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1369
+msgid ""
+"When communicating with an LDAP server using SASL, specify the minimum "
+"security level necessary to establish the connection. The values of this "
+"option are defined by OpenLDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1375
+msgid "Default: Use the system default (usually specified by ldap.conf)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1382
+msgid "ldap_deref_threshold (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1385
+msgid ""
+"Specify the number of group members that must be missing from the internal "
+"cache in order to trigger a dereference lookup. If less members are missing, "
+"they are looked up individually."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1391
+msgid ""
+"You can turn off dereference lookups completely by setting the value to 0."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1395
+msgid ""
+"A dereference lookup is a means of fetching all group members in a single "
+"LDAP call. Different LDAP servers may implement different dereference "
+"methods. The currently supported servers are 389/RHDS, OpenLDAP and Active "
+"Directory."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1403
+msgid ""
+"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
+"filter, then the dereference lookup performance enhancement will be disabled "
+"regardless of this setting."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1416
+msgid "ldap_tls_reqcert (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1419
+msgid ""
+"Specifies what checks to perform on server certificates in a TLS session, if "
+"any. It can be specified as one of the following values:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1425
+msgid ""
+"<emphasis>never</emphasis> = The client will not request or check any server "
+"certificate."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1429
+msgid ""
+"<emphasis>allow</emphasis> = The server certificate is requested. If no "
+"certificate is provided, the session proceeds normally. If a bad certificate "
+"is provided, it will be ignored and the session proceeds normally."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1436
+msgid ""
+"<emphasis>try</emphasis> = The server certificate is requested. If no "
+"certificate is provided, the session proceeds normally. If a bad certificate "
+"is provided, the session is immediately terminated."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1442
+msgid ""
+"<emphasis>demand</emphasis> = The server certificate is requested. If no "
+"certificate is provided, or a bad certificate is provided, the session is "
+"immediately terminated."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1448
+msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1452
+msgid "Default: hard"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1458
+msgid "ldap_tls_cacert (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1461
+msgid ""
+"Specifies the file that contains certificates for all of the Certificate "
+"Authorities that <command>sssd</command> will recognize."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1466 sssd-ldap.5.xml:1484 sssd-ldap.5.xml:1525
+msgid ""
+"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
+"conf</filename>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1473
+msgid "ldap_tls_cacertdir (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1476
+msgid ""
+"Specifies the path of a directory that contains Certificate Authority "
+"certificates in separate individual files. Typically the file names need to "
+"be the hash of the certificate followed by '.0'. If available, "
+"<command>cacertdir_rehash</command> can be used to create the correct names."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1491
+msgid "ldap_tls_cert (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1494
+msgid "Specifies the file that contains the certificate for the client's key."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1504
+msgid "ldap_tls_key (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1507
+msgid "Specifies the file that contains the client's key."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1516
+msgid "ldap_tls_cipher_suite (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1519
+msgid ""
+"Specifies acceptable cipher suites. Typically this is a colon separated "
+"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
+"<manvolnum>5</manvolnum></citerefentry> for format."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1532
+msgid "ldap_id_use_start_tls (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1535
+msgid ""
+"Specifies that the id_provider connection must also use <systemitem class="
+"\"protocol\">tls</systemitem> to protect the channel."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1545
+msgid "ldap_id_mapping (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1548
+msgid ""
+"Specifies that SSSD should attempt to map user and group IDs from the "
+"ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
+"on ldap_user_uid_number and ldap_group_gid_number."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1554
+msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1564
+msgid "ldap_min_id, ldap_max_id (interger)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1567
+msgid ""
+"In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
+"set to true the allowed ID range for ldap_user_uid_number and "
+"ldap_group_gid_number is unbound. In a setup with sub/trusted-domains this "
+"might lead to ID collisions. To avoid collisions ldap_min_id and ldap_max_id "
+"can be set to restrict the allowed range for the IDs which are read directly "
+"from the server. Sub-domains can then pick other ranges to map IDs."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1579
+msgid "Default: not set (both options are set to 0)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1585
+msgid "ldap_sasl_mech (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1588
+msgid ""
+"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
+"supported."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1598
+msgid "ldap_sasl_authid (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1601
+msgid ""
+"Specify the SASL authorization id to use. When GSSAPI is used, this "
+"represents the Kerberos principal used for authentication to the directory. "
+"This option can either contain the full principal (for example host/"
+"myhost@EXAMPLE.COM) or just the principal name (for example host/myhost)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1609
+msgid "Default: host/hostname@REALM"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1615
+msgid "ldap_sasl_realm (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1618
+msgid ""
+"Specify the SASL realm to use. When not specified, this option defaults to "
+"the value of krb5_realm. If the ldap_sasl_authid contains the realm as "
+"well, this option is ignored."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1624
+msgid "Default: the value of krb5_realm."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1630
+msgid "ldap_sasl_canonicalize (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1633
+msgid ""
+"If set to true, the LDAP library would perform a reverse lookup to "
+"canonicalize the host name during a SASL bind."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1638
+msgid "Default: false;"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1644
+msgid "ldap_krb5_keytab (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1647
+msgid "Specify the keytab to use when using SASL/GSSAPI."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1650
+msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1656
+msgid "ldap_krb5_init_creds (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1659
+msgid ""
+"Specifies that the id_provider should init Kerberos credentials (TGT). This "
+"action is performed only if SASL is used and the mechanism selected is "
+"GSSAPI."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1671
+msgid "ldap_krb5_ticket_lifetime (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1674
+msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1678 sssd-ad.5.xml:859
+msgid "Default: 86400 (24 hours)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1684 sssd-krb5.5.xml:74
+msgid "krb5_server, krb5_backup_server (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1687
+msgid ""
+"Specifies the comma-separated list of IP addresses or hostnames of the "
+"Kerberos servers to which SSSD should connect in the order of preference. "
+"For more information on failover and server redundancy, see the "
+"<quote>FAILOVER</quote> section. An optional port number (preceded by a "
+"colon) may be appended to the addresses or hostnames. If empty, service "
+"discovery is enabled - for more information, refer to the <quote>SERVICE "
+"DISCOVERY</quote> section."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1699 sssd-krb5.5.xml:89
+msgid ""
+"When using service discovery for KDC or kpasswd servers, SSSD first searches "
+"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
+"none are found."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1704 sssd-krb5.5.xml:94
+msgid ""
+"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
+"While the legacy name is recognized for the time being, users are advised to "
+"migrate their config files to use <quote>krb5_server</quote> instead."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1713 sssd-ipa.5.xml:415 sssd-krb5.5.xml:103
+msgid "krb5_realm (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1716
+msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1719
+msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1725 sssd-ipa.5.xml:430 sssd-krb5.5.xml:462
+msgid "krb5_canonicalize (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1728
+msgid ""
+"Specifies if the host principal should be canonicalized when connecting to "
+"LDAP server. This feature is available with MIT Kerberos >= 1.7"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1740 sssd-krb5.5.xml:477
+msgid "krb5_use_kdcinfo (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1743 sssd-krb5.5.xml:480
+msgid ""
+"Specifies if the SSSD should instruct the Kerberos libraries what realm and "
+"which KDCs to use. This option is on by default, if you disable it, you need "
+"to configure the Kerberos library using the <citerefentry> "
+"<refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> configuration file."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1754 sssd-krb5.5.xml:491
+msgid ""
+"See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
+"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
+"information on the locator plugin."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1768
+msgid "ldap_pwd_policy (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1771
+msgid ""
+"Select the policy to evaluate the password expiration on the client side. "
+"The following values are allowed:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1776
+msgid ""
+"<emphasis>none</emphasis> - No evaluation on the client side. This option "
+"cannot disable server-side password policies."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1781
+msgid ""
+"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
+"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
+"evaluate if the password has expired."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1787
+msgid ""
+"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
+"to determine if the password has expired. Use chpass_provider=krb5 to update "
+"these attributes when the password is changed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1796
+msgid ""
+"<emphasis>Note</emphasis>: if a password policy is configured on server "
+"side, it always takes precedence over policy set with this option."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1804
+msgid "ldap_referrals (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1807
+msgid "Specifies whether automatic referral chasing should be enabled."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1811
+msgid ""
+"Please note that sssd only supports referral chasing when it is compiled "
+"with OpenLDAP version 2.4.13 or higher."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1816
+msgid ""
+"Chasing referrals may incur a performance penalty in environments that use "
+"them heavily, a notable example is Microsoft Active Directory. If your setup "
+"does not in fact require the use of referrals, setting this option to false "
+"might bring a noticeable performance improvement."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1830
+msgid "ldap_dns_service_name (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1833
+msgid "Specifies the service name to use when service discovery is enabled."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1837
+msgid "Default: ldap"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1843
+msgid "ldap_chpass_dns_service_name (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1846
+msgid ""
+"Specifies the service name to use to find an LDAP server which allows "
+"password changes when service discovery is enabled."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1851
+msgid "Default: not set, i.e. service discovery is disabled"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1857
+msgid "ldap_chpass_update_last_change (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1860
+msgid ""
+"Specifies whether to update the ldap_user_shadow_last_change attribute with "
+"days since the Epoch after a password change operation."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1872
+msgid "ldap_access_filter (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1875
+msgid ""
+"If using access_provider = ldap and ldap_access_order = filter (default), "
+"this option is mandatory. It specifies an LDAP search filter criteria that "
+"must be met for the user to be granted access on this host. If "
+"access_provider = ldap, ldap_access_order = filter and this option is not "
+"set, it will result in all users being denied access. Use access_provider = "
+"permit to change this default behavior. Please note that this filter is "
+"applied on the LDAP user entry only and thus filtering based on nested "
+"groups may not work (e.g. memberOf attribute on AD entries points only to "
+"direct parents). If filtering based on nested groups is required, please see "
+"<citerefentry> <refentrytitle>sssd-simple</refentrytitle><manvolnum>5</"
+"manvolnum> </citerefentry>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1895
+msgid "Example:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-ldap.5.xml:1898
+#, no-wrap
+msgid ""
+"access_provider = ldap\n"
+"ldap_access_filter = (employeeType=admin)\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1902
+msgid ""
+"This example means that access to this host is restricted to users whose "
+"employeeType attribute is set to \"admin\"."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1907
+msgid ""
+"Offline caching for this feature is limited to determining whether the "
+"user's last online login was granted access permission. If they were granted "
+"access during their last login, they will continue to be granted access "
+"while offline and vice-versa."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1915 sssd-ldap.5.xml:1972
+msgid "Default: Empty"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1921
+msgid "ldap_account_expire_policy (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1924
+msgid ""
+"With this option a client side evaluation of access control attributes can "
+"be enabled."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1928
+msgid ""
+"Please note that it is always recommended to use server side access control, "
+"i.e. the LDAP server should deny the bind request with a suitable error code "
+"even if the password is correct."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1935
+msgid "The following values are allowed:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1938
+msgid ""
+"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
+"determine if the account is expired."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1943
+msgid ""
+"<emphasis>ad</emphasis>: use the value of the 32bit field "
+"ldap_user_ad_user_account_control and allow access if the second bit is not "
+"set. If the attribute is missing access is granted. Also the expiration time "
+"of the account is checked."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1950
+msgid ""
+"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
+"emphasis>: use the value of ldap_ns_account_lock to check if access is "
+"allowed or not."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1956
+msgid ""
+"<emphasis>nds</emphasis>: the values of "
+"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
+"ldap_user_nds_login_expiration_time are used to check if access is allowed. "
+"If both attributes are missing access is granted."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1965
+msgid ""
+"Please note that the ldap_access_order configuration option <emphasis>must</"
+"emphasis> include <quote>expire</quote> in order for the "
+"ldap_account_expire_policy option to work."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1978
+msgid "ldap_access_order (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1981
+msgid "Comma separated list of access control options. Allowed values are:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1985
+msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1988
+msgid ""
+"<emphasis>lockout</emphasis>: use account locking. If set, this option "
+"denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
+"and has value of '000001010000Z'. Please see the option ldap_pwdlockout_dn. "
+"Please note that 'access_provider = ldap' must be set for this feature to "
+"work."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1998
+msgid ""
+"<emphasis> Please note that this option is superseded by the <quote>ppolicy</"
+"quote> option and might be removed in a future release. </emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2005
+msgid ""
+"<emphasis>ppolicy</emphasis>: use account locking. If set, this option "
+"denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
+"and has value of '000001010000Z' or represents any time in the past. The "
+"value of the 'pwdAccountLockedTime' attribute must end with 'Z', which "
+"denotes the UTC time zone. Other time zones are not currently supported and "
+"will result in \"access-denied\" when users attempt to log in. Please see "
+"the option ldap_pwdlockout_dn. Please note that 'access_provider = ldap' "
+"must be set for this feature to work."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2022
+msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2026
+msgid ""
+"<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, "
+"pwd_expire_policy_renew: </emphasis> These options are useful if users are "
+"interested in being warned that password is about to expire and "
+"authentication is based on using a different method than passwords - for "
+"example SSH keys."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2036
+msgid ""
+"The difference between these options is the action taken if user password is "
+"expired: pwd_expire_policy_reject - user is denied to log in, "
+"pwd_expire_policy_warn - user is still able to log in, "
+"pwd_expire_policy_renew - user is prompted to change his password "
+"immediately."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2044
+msgid ""
+"Note If user password is expired no explicit message is prompted by SSSD."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2048
+msgid ""
+"Please note that 'access_provider = ldap' must be set for this feature to "
+"work. Also 'ldap_pwd_policy' must be set to an appropriate password policy."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2053
+msgid ""
+"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
+"to determine access"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2058
+msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2062
+msgid "Default: filter"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2065
+msgid ""
+"Please note that it is a configuration error if a value is used more than "
+"once."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:2072
+msgid "ldap_pwdlockout_dn (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2075
+msgid ""
+"This option specifies the DN of password policy entry on LDAP server. Please "
+"note that absence of this option in sssd.conf in case of enabled account "
+"lockout checking will yield access denied as ppolicy attributes on LDAP "
+"server cannot be checked properly."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2083
+msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2086
+msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:2092
+msgid "ldap_deref (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2095
+msgid ""
+"Specifies how alias dereferencing is done when performing a search. The "
+"following options are allowed:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2100
+msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2104
+msgid ""
+"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
+"the base object, but not in locating the base object of the search."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2109
+msgid ""
+"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
+"the base object of the search."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2114
+msgid ""
+"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
+"in locating the base object of the search."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2119
+msgid ""
+"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
+"client libraries)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:2127
+msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2130
+msgid ""
+"Allows to retain local users as members of an LDAP group for servers that "
+"use the RFC2307 schema."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2134
+msgid ""
+"In some environments where the RFC2307 schema is used, local users are made "
+"members of LDAP groups by adding their names to the memberUid attribute. "
+"The self-consistency of the domain is compromised when this is done, so SSSD "
+"would normally remove the \"missing\" users from the cached group "
+"memberships as soon as nsswitch tries to fetch information about the user "
+"via getpw*() or initgroups() calls."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2145
+msgid ""
+"This option falls back to checking if local users are referenced, and caches "
+"them so that later initgroups() calls will augment the local users with the "
+"additional LDAP groups."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:2157 sssd-ifp.5.xml:136
+msgid "wildcart_limit (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2160
+msgid ""
+"Specifies an upper limit on the number of entries that are downloaded during "
+"a wildcard lookup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2164
+msgid "At the moment, only the InfoPipe responder supports wildcard lookups."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2168
+msgid "Default: 1000 (often the size of one page)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ldap.5.xml:51
+msgid ""
+"All of the common configuration options that apply to SSSD domains also "
+"apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section "
+"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> manual page for full details. <placeholder type="
+"\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd-ldap.5.xml:2178
+msgid "SUDO OPTIONS"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ldap.5.xml:2180
+msgid ""
+"The detailed instructions for configuration of sudo_provider are in the "
+"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:2191
+msgid "ldap_sudorule_object_class (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2194
+msgid "The object class of a sudo rule entry in LDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2197
+msgid "Default: sudoRole"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:2203
+msgid "ldap_sudorule_name (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2206
+msgid "The LDAP attribute that corresponds to the sudo rule name."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:2216
+msgid "ldap_sudorule_command (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2219
+msgid "The LDAP attribute that corresponds to the command name."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2223
+msgid "Default: sudoCommand"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:2229
+msgid "ldap_sudorule_host (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2232
+msgid ""
+"The LDAP attribute that corresponds to the host name (or host IP address, "
+"host IP network, or host netgroup)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2237
+msgid "Default: sudoHost"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:2243
+msgid "ldap_sudorule_user (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2246
+msgid ""
+"The LDAP attribute that corresponds to the user name (or UID, group name or "
+"user's netgroup)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2250
+msgid "Default: sudoUser"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:2256
+msgid "ldap_sudorule_option (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2259
+msgid "The LDAP attribute that corresponds to the sudo options."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2263
+msgid "Default: sudoOption"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:2269
+msgid "ldap_sudorule_runasuser (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2272
+msgid ""
+"The LDAP attribute that corresponds to the user name that commands may be "
+"run as."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2276
+msgid "Default: sudoRunAsUser"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:2282
+msgid "ldap_sudorule_runasgroup (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2285
+msgid ""
+"The LDAP attribute that corresponds to the group name or group GID that "
+"commands may be run as."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2289
+msgid "Default: sudoRunAsGroup"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:2295
+msgid "ldap_sudorule_notbefore (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2298
+msgid ""
+"The LDAP attribute that corresponds to the start date/time for when the sudo "
+"rule is valid."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2302
+msgid "Default: sudoNotBefore"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:2308
+msgid "ldap_sudorule_notafter (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2311
+msgid ""
+"The LDAP attribute that corresponds to the expiration date/time, after which "
+"the sudo rule will no longer be valid."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2316
+msgid "Default: sudoNotAfter"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:2322
+msgid "ldap_sudorule_order (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2325
+msgid "The LDAP attribute that corresponds to the ordering index of the rule."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2329
+msgid "Default: sudoOrder"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:2335
+msgid "ldap_sudo_full_refresh_interval (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2338
+msgid ""
+"How many seconds SSSD will wait between executing a full refresh of sudo "
+"rules (which downloads all rules that are stored on the server)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2343
+msgid ""
+"The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
+"emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2348
+msgid "Default: 21600 (6 hours)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:2354
+msgid "ldap_sudo_smart_refresh_interval (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2357
+msgid ""
+"How many seconds SSSD has to wait before executing a smart refresh of sudo "
+"rules (which downloads all rules that have USN higher than the highest USN "
+"of cached rules)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2363
+msgid ""
+"If USN attributes are not supported by the server, the modifyTimestamp "
+"attribute is used instead."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:2373
+msgid "ldap_sudo_use_host_filter (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2376
+msgid ""
+"If true, SSSD will download only rules that are applicable to this machine "
+"(using the IPv4 or IPv6 host/network addresses and hostnames)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:2387
+msgid "ldap_sudo_hostnames (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2390
+msgid ""
+"Space separated list of hostnames or fully qualified domain names that "
+"should be used to filter the rules."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2395
+msgid ""
+"If this option is empty, SSSD will try to discover the hostname and the "
+"fully qualified domain name automatically."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2400 sssd-ldap.5.xml:2423 sssd-ldap.5.xml:2441
+#: sssd-ldap.5.xml:2459
+msgid ""
+"If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
+"emphasis> then this option has no effect."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2405 sssd-ldap.5.xml:2428
+msgid "Default: not specified"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:2411
+msgid "ldap_sudo_ip (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2414
+msgid ""
+"Space separated list of IPv4 or IPv6 host/network addresses that should be "
+"used to filter the rules."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2419
+msgid ""
+"If this option is empty, SSSD will try to discover the addresses "
+"automatically."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:2434
+msgid "ldap_sudo_include_netgroups (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2437
+msgid ""
+"If true then SSSD will download every rule that contains a netgroup in "
+"sudoHost attribute."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:2452
+msgid "ldap_sudo_include_regexp (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2455
+msgid ""
+"If true then SSSD will download every rule that contains a wildcard in "
+"sudoHost attribute."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ldap.5.xml:2471
+msgid ""
+"This manual page only describes attribute name mapping. For detailed "
+"explanation of sudo related attribute semantics, see <citerefentry> "
+"<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </"
+"citerefentry>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd-ldap.5.xml:2481
+msgid "AUTOFS OPTIONS"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ldap.5.xml:2483
+msgid ""
+"Some of the defaults for the parameters below are dependent on the LDAP "
+"schema."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:2489
+msgid "ldap_autofs_map_master_name (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2492
+msgid "The name of the automount master map in LDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2495
+msgid "Default: auto.master"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:2502
+msgid "ldap_autofs_map_object_class (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2505
+msgid "The object class of an automount map entry in LDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2508
+msgid "Default: automountMap"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:2515
+msgid "ldap_autofs_map_name (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2518
+msgid "The name of an automount map entry in LDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2521
+msgid "Default: ou (rfc2307), automountMapName (rfc2307bis, ipa, ad)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:2529
+msgid "ldap_autofs_entry_object_class (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2532
+msgid ""
+"The object class of an automount entry in LDAP. The entry usually "
+"corresponds to a mount point."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2537
+msgid "Default: automount"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:2544
+msgid "ldap_autofs_entry_key (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2547 sssd-ldap.5.xml:2562
+msgid ""
+"The key of an automount entry in LDAP. The entry usually corresponds to a "
+"mount point."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2551
+msgid "Default: cn (rfc2307), automountKey (rfc2307bis, ipa, ad)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:2559
+msgid "ldap_autofs_entry_value (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2566
+msgid "Default: automountInformation"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ldap.5.xml:2487
+msgid ""
+"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
+"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
+"<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type="
+"\"variablelist\" id=\"4\"/> <placeholder type=\"variablelist\" id=\"5\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd-ldap.5.xml:2576
+msgid "ADVANCED OPTIONS"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:2583
+msgid "ldap_netgroup_search_base (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:2588
+msgid "ldap_user_search_base (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:2593
+msgid "ldap_group_search_base (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><note>
+#: sssd-ldap.5.xml:2598
+msgid "<note>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para>
+#: sssd-ldap.5.xml:2600
+msgid ""
+"If the option <quote>ldap_use_tokengroups</quote> is enabled. The searches "
+"against Active Directory will not be restricted and return all groups "
+"memberships, even with no gid mapping. It is recommended to disable this "
+"feature, if group names are not being displayed correctly."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist>
+#: sssd-ldap.5.xml:2607
+msgid "</note>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:2609
+msgid "ldap_sudo_search_base (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:2614
+msgid "ldap_autofs_search_base (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ldap.5.xml:2578
+msgid ""
+"These options are supported by LDAP domains, but they should be used with "
+"caution. Please include them in your configuration only if you know what you "
+"are doing. <placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
+"\"variablelist\" id=\"1\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ldap.5.xml:2631
+msgid ""
+"The following example assumes that SSSD is correctly configured and LDAP is "
+"set to one of the domains in the <replaceable>[domains]</replaceable> "
+"section."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-ldap.5.xml:2637
+#, no-wrap
+msgid ""
+"[domain/LDAP]\n"
+"id_provider = ldap\n"
+"auth_provider = ldap\n"
+"ldap_uri = ldap://ldap.mydomain.org\n"
+"ldap_search_base = dc=mydomain,dc=org\n"
+"ldap_tls_reqcert = demand\n"
+"cache_credentials = true\n"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: sssd-ldap.5.xml:2636 sssd-ldap.5.xml:2654 sssd-simple.5.xml:139
+#: sssd-ipa.5.xml:725 sssd-ad.5.xml:973 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98
+#: sssd-krb5.5.xml:573 include/ldap_id_mapping.xml:105
+msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd-ldap.5.xml:2648
+msgid "LDAP ACCESS FILTER EXAMPLE"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ldap.5.xml:2650
+msgid ""
+"The following example assumes that SSSD is correctly configured and to use "
+"the ldap_access_order=lockout."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-ldap.5.xml:2655
+#, no-wrap
+msgid ""
+"[domain/LDAP]\n"
+"id_provider = ldap\n"
+"auth_provider = ldap\n"
+"access_provider = ldap\n"
+"ldap_access_order = lockout\n"
+"ldap_pwdlockout_dn = cn=ppolicy,ou=policies,dc=mydomain,dc=org\n"
+"ldap_uri = ldap://ldap.mydomain.org\n"
+"ldap_search_base = dc=mydomain,dc=org\n"
+"ldap_tls_reqcert = demand\n"
+"cache_credentials = true\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd-ldap.5.xml:2670 sssd_krb5_locator_plugin.8.xml:61
+#: sssd-simple.5.xml:148 sssd-ad.5.xml:988 sssd.8.xml:195 sss_seed.8.xml:163
+msgid "NOTES"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ldap.5.xml:2672
+msgid ""
+"The descriptions of some of the configuration options in this manual page "
+"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry> manual page from the OpenLDAP 2.4 "
+"distribution."
+msgstr ""
+
+#. type: Content of: <refentryinfo>
+#: pam_sss.8.xml:8 include/upstream.xml:2
+msgid ""
+"<productname>SSSD</productname> <orgname>The SSSD upstream - http://"
+"fedorahosted.org/sssd</orgname>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: pam_sss.8.xml:13 pam_sss.8.xml:18
+msgid "pam_sss"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: pam_sss.8.xml:19
+msgid "PAM module for SSSD"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: pam_sss.8.xml:24
+msgid ""
+"<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</"
+"replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</"
+"replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</"
+"replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</"
+"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </"
+"arg> <arg choice='opt'> <replaceable>ignore_unknown_user</replaceable> </"
+"arg> <arg choice='opt'> <replaceable>ignore_authinfo_unavail</replaceable> </"
+"arg> <arg choice='opt'> <replaceable>domains=X</replaceable> </arg> <arg "
+"choice='opt'> <replaceable>allow_missing_name</replaceable> </arg>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: pam_sss.8.xml:57
+msgid ""
+"<command>pam_sss.so</command> is the PAM interface to the System Security "
+"Services daemon (SSSD). Errors and results are logged through "
+"<command>syslog(3)</command> with the LOG_AUTHPRIV facility."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:67
+msgid "<option>quiet</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:70
+msgid "Suppress log messages for unknown users."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:75
+msgid "<option>forward_pass</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:78
+msgid ""
+"If <option>forward_pass</option> is set the entered password is put on the "
+"stack for other PAM modules to use."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:85
+msgid "<option>use_first_pass</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:88
+msgid ""
+"The argument use_first_pass forces the module to use a previous stacked "
+"modules password and will never prompt the user - if no password is "
+"available or the password is not appropriate, the user will be denied access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:96
+msgid "<option>use_authtok</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:99
+msgid ""
+"When password changing enforce the module to set the new password to the one "
+"provided by a previously stacked password module."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:106
+msgid "<option>retry=N</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:109
+msgid ""
+"If specified the user is asked another N times for a password if "
+"authentication fails. Default is 0."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:111
+msgid ""
+"Please note that this option might not work as expected if the application "
+"calling PAM handles the user dialog on its own. A typical example is "
+"<command>sshd</command> with <option>PasswordAuthentication</option>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:120
+msgid "<option>ignore_unknown_user</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:123
+msgid ""
+"If this option is specified and the user does not exist, the PAM module will "
+"return PAM_IGNORE. This causes the PAM framework to ignore this module."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:130
+msgid "<option>ignore_authinfo_unavail</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:134
+msgid ""
+"Specifies that the PAM module should return PAM_IGNORE if it cannot contact "
+"the SSSD daemon. This causes the PAM framework to ignore this module."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:141
+msgid "<option>domains</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:145
+msgid ""
+"Allows the administrator to restrict the domains a particular PAM service is "
+"allowed to authenticate against. The format is a comma-separated list of "
+"SSSD domain names, as specified in the sssd.conf file."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:151
+msgid ""
+"NOTE: Must be used in conjunction with the <quote>pam_trusted_users</quote> "
+"and <quote>pam_public_domains</quote> options. Please see the "
+"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> manual page for more information on these two PAM "
+"responder options."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:165
+msgid "<option>allow_missing_name</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:169
+msgid ""
+"The main purpose of this option is to let SSSD determine the user name based "
+"on additional information, e.g. the certificate from a Smartcard."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
+#: pam_sss.8.xml:179
+#, no-wrap
+msgid ""
+" auth sufficient pam_sss.so allow_missing_name\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:174
+msgid ""
+"The current use case are login managers which can monitor a Smartcard reader "
+"for card events. In case a Smartcard is inserted the login manager will call "
+"a PAM stack which includes a line like <placeholder type=\"programlisting\" "
+"id=\"0\"/> In this case SSSD will try to determine the user name based on "
+"the content of the Smartcard, returns it to pam_sss which will finally put "
+"it on the PAM stack."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: pam_sss.8.xml:191
+msgid "MODULE TYPES PROVIDED"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: pam_sss.8.xml:192
+msgid ""
+"All module types (<option>account</option>, <option>auth</option>, "
+"<option>password</option> and <option>session</option>) are provided."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: pam_sss.8.xml:198
+msgid "FILES"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: pam_sss.8.xml:199
+msgid ""
+"If a password reset by root fails, because the corresponding SSSD provider "
+"does not support password resets, an individual message can be displayed. "
+"This message can e.g. contain instructions about how to reset a password."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: pam_sss.8.xml:204
+msgid ""
+"The message is read from the file <filename>pam_sss_pw_reset_message.LOC</"
+"filename> where LOC stands for a locale string returned by <citerefentry> "
+"<refentrytitle>setlocale</refentrytitle><manvolnum>3</manvolnum> </"
+"citerefentry>. If there is no matching file the content of "
+"<filename>pam_sss_pw_reset_message.txt</filename> is displayed. Root must be "
+"the owner of the files and only root may have read and write permissions "
+"while all other users must have only read permissions."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: pam_sss.8.xml:214
+msgid ""
+"These files are searched in the directory <filename>/etc/sssd/customize/"
+"DOMAIN_NAME/</filename>. If no matching file is present a generic message is "
+"displayed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd_krb5_locator_plugin.8.xml:10 sssd_krb5_locator_plugin.8.xml:15
+msgid "sssd_krb5_locator_plugin"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd_krb5_locator_plugin.8.xml:16
+msgid "Kerberos locator plugin"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd_krb5_locator_plugin.8.xml:22
+msgid ""
+"The Kerberos locator plugin <command>sssd_krb5_locator_plugin</command> is "
+"used by the Kerberos provider of <citerefentry> <refentrytitle>sssd</"
+"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to tell the Kerberos "
+"libraries what Realm and which KDC to use. Typically this is done in "
+"<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> which is always read by the Kerberos libraries. "
+"To simplify the configuration the Realm and the KDC can be defined in "
+"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> as described in <citerefentry> "
+"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd_krb5_locator_plugin.8.xml:48
+msgid ""
+"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
+"</citerefentry> puts the Realm and the name or IP address of the KDC into "
+"the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. "
+"When <command>sssd_krb5_locator_plugin</command> is called by the kerberos "
+"libraries it reads and evaluates these variables and returns them to the "
+"libraries."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd_krb5_locator_plugin.8.xml:63
+msgid ""
+"Not all Kerberos implementations support the use of plugins. If "
+"<command>sssd_krb5_locator_plugin</command> is not available on your system "
+"you have to edit /etc/krb5.conf to reflect your Kerberos setup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd_krb5_locator_plugin.8.xml:69
+msgid ""
+"If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value "
+"debug messages will be sent to stderr."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-simple.5.xml:10 sssd-simple.5.xml:16
+msgid "sssd-simple"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-simple.5.xml:17
+msgid "the configuration file for SSSD's 'simple' access-control provider"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-simple.5.xml:24
+msgid ""
+"This manual page describes the configuration of the simple access-control "
+"provider for <citerefentry> <refentrytitle>sssd</refentrytitle> "
+"<manvolnum>8</manvolnum> </citerefentry>. For a detailed syntax reference, "
+"refer to the <quote>FILE FORMAT</quote> section of the <citerefentry> "
+"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> manual page."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-simple.5.xml:38
+msgid ""
+"The simple access provider grants or denies access based on an access or "
+"deny list of user or group names. The following rules apply:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
+#: sssd-simple.5.xml:43
+msgid "If all lists are empty, access is granted"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
+#: sssd-simple.5.xml:47
+msgid ""
+"If any list is provided, the order of evaluation is allow,deny. This means "
+"that any matching deny rule will supersede any matched allow rule."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
+#: sssd-simple.5.xml:54
+msgid ""
+"If either or both \"allow\" lists are provided, all users are denied unless "
+"they appear in the list."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
+#: sssd-simple.5.xml:60
+msgid ""
+"If only \"deny\" lists are provided, all users are granted access unless "
+"they appear in the list."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-simple.5.xml:78
+msgid "simple_allow_users (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-simple.5.xml:81
+msgid "Comma separated list of users who are allowed to log in."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-simple.5.xml:88
+msgid "simple_deny_users (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-simple.5.xml:91
+msgid "Comma separated list of users who are explicitly denied access."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-simple.5.xml:97
+msgid "simple_allow_groups (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-simple.5.xml:100
+msgid ""
+"Comma separated list of groups that are allowed to log in. This applies only "
+"to groups within this SSSD domain. Local groups are not evaluated."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-simple.5.xml:108
+msgid "simple_deny_groups (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-simple.5.xml:111
+msgid ""
+"Comma separated list of groups that are explicitly denied access. This "
+"applies only to groups within this SSSD domain. Local groups are not "
+"evaluated."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:90
+msgid ""
+"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
+"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> manual page for details on the configuration of an SSSD "
+"domain. <placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-simple.5.xml:120
+msgid ""
+"Specifying no values for any of the lists is equivalent to skipping it "
+"entirely. Beware of this while generating parameters for the simple provider "
+"using automated scripts."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-simple.5.xml:125
+msgid ""
+"Please note that it is an configuration error if both, simple_allow_users "
+"and simple_deny_users, are defined."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-simple.5.xml:133
+msgid ""
+"The following example assumes that SSSD is correctly configured and example."
+"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
+"This examples shows only the simple access provider-specific options."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-simple.5.xml:140
+#, no-wrap
+msgid ""
+"[domain/example.com]\n"
+"access_provider = simple\n"
+"simple_allow_users = user1, user2\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-simple.5.xml:150
+msgid ""
+"The complete group membership hierarchy is resolved before the access check, "
+"thus even nested groups can be included in the access lists. Please be "
+"aware that the <quote>ldap_group_nesting_level</quote> option may impact the "
+"results and should be set to a sufficient value. (<citerefentry> "
+"<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </"
+"citerefentry>) option."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-ipa.5.xml:10 sssd-ipa.5.xml:16
+msgid "sssd-ipa"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-ipa.5.xml:17
+msgid "SSSD IPA provider"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ipa.5.xml:23
+msgid ""
+"This manual page describes the configuration of the IPA provider for "
+"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
+"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE "
+"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</"
+"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ipa.5.xml:36
+msgid ""
+"The IPA provider is a back end used to connect to an IPA server. (Refer to "
+"the freeipa.org web site for information about IPA servers.) This provider "
+"requires that the machine be joined to the IPA domain; configuration is "
+"almost entirely self-discovered and obtained directly from the server."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ipa.5.xml:43
+msgid ""
+"The IPA provider accepts the same options used by the <citerefentry> "
+"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-"
+"krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication "
+"provider with some exceptions described below."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ipa.5.xml:55
+msgid ""
+"However, it is neither necessary nor recommended to set these options. IPA "
+"provider can also be used as an access and chpass provider. As an access "
+"provider it uses HBAC (host-based access control) rules. Please refer to "
+"freeipa.org for more information about HBAC. No configuration of access "
+"provider is required on the client side."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ipa.5.xml:62
+msgid ""
+"The IPA provider will use the PAC responder if the Kerberos tickets of users "
+"from trusted realms contain a PAC. To make configuration easier the PAC "
+"responder is started automatically if the IPA ID provider is configured."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:78
+msgid "ipa_domain (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:81
+msgid ""
+"Specifies the name of the IPA domain. This is optional. If not provided, "
+"the configuration domain name is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:89
+msgid "ipa_server, ipa_backup_server (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:92
+msgid ""
+"The comma-separated list of IP addresses or hostnames of the IPA servers to "
+"which SSSD should connect in the order of preference. For more information "
+"on failover and server redundancy, see the <quote>FAILOVER</quote> section. "
+"This is optional if autodiscovery is enabled. For more information on "
+"service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:105
+msgid "ipa_hostname (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:108
+msgid ""
+"Optional. May be set on machines where the hostname(5) does not reflect the "
+"fully qualified name used in the IPA domain to identify this host."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:116 sssd-ad.5.xml:790
+msgid "dyndns_update (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:119
+msgid ""
+"Optional. This option tells SSSD to automatically update the DNS server "
+"built into FreeIPA with the IP address of this client. The update is secured "
+"using GSS-TSIG. The IP address of the IPA LDAP connection is used for the "
+"updates, if it is not otherwise specified by using the <quote>dyndns_iface</"
+"quote> option."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:804
+msgid ""
+"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
+"the default Kerberos realm must be set properly in /etc/krb5.conf"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:133
+msgid ""
+"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_update</"
+"emphasis> option, users should migrate to using <emphasis>dyndns_update</"
+"emphasis> in their config file."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:145 sssd-ad.5.xml:815
+msgid "dyndns_ttl (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:148 sssd-ad.5.xml:818
+msgid ""
+"The TTL to apply to the client DNS record when updating it. If "
+"dyndns_update is false this has no effect. This will override the TTL "
+"serverside if set by an administrator."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:153
+msgid ""
+"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_ttl</"
+"emphasis> option, users should migrate to using <emphasis>dyndns_ttl</"
+"emphasis> in their config file."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:159
+msgid "Default: 1200 (seconds)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:165 sssd-ad.5.xml:829
+msgid "dyndns_iface (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:168 sssd-ad.5.xml:832
+msgid ""
+"Optional. Applicable only when dyndns_update is true. Choose the interface "
+"or a list of interfaces whose IP addresses should be used for dynamic DNS "
+"updates. Special value <quote>*</quote> implies that IPs from all interfaces "
+"should be used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:175
+msgid ""
+"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_iface</"
+"emphasis> option, users should migrate to using <emphasis>dyndns_iface</"
+"emphasis> in their config file."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:181
+msgid ""
+"Default: Use the IP addresses of the interface which is used for IPA LDAP "
+"connection"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:185 sssd-ad.5.xml:843
+msgid "Example: dyndns_iface = em1, vnet1, vnet2"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:191
+msgid "ipa_enable_dns_sites (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:194 sssd-ad.5.xml:160
+msgid "Enables DNS sites - location based service discovery."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:198
+msgid ""
+"If true and service discovery (see Service Discovery paragraph at the bottom "
+"of the man page) is enabled, then the SSSD will first attempt location "
+"based discovery using a query that contains \"_location.hostname.example.com"
+"\" and then fall back to traditional SRV discovery. If the location based "
+"discovery succeeds, the IPA servers located with the location based "
+"discovery are treated as primary servers and the IPA servers located using "
+"the traditional SRV discovery are used as back up servers"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:217 sssd-ad.5.xml:849
+msgid "dyndns_refresh_interval (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:220 sssd-ad.5.xml:852
+msgid ""
+"How often should the back end perform periodic DNS update in addition to the "
+"automatic update performed when the back end goes online. This option is "
+"optional and applicable only when dyndns_update is true."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:233 sssd-ad.5.xml:865
+msgid "dyndns_update_ptr (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:236 sssd-ad.5.xml:868
+msgid ""
+"Whether the PTR record should also be explicitly updated when updating the "
+"client's DNS records. Applicable only when dyndns_update is true."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:241
+msgid ""
+"This option should be False in most IPA deployments as the IPA server "
+"generates the PTR records automatically when forward records are changed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:247
+msgid "Default: False (disabled)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:253 sssd-ad.5.xml:879
+msgid "dyndns_force_tcp (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:256 sssd-ad.5.xml:882
+msgid ""
+"Whether the nsupdate utility should default to using TCP for communicating "
+"with the DNS server."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:260 sssd-ad.5.xml:886
+msgid "Default: False (let nsupdate choose the protocol)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:266 sssd-ad.5.xml:892
+msgid "dyndns_server (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:269 sssd-ad.5.xml:895
+msgid ""
+"The DNS server to use when performing a DNS update. In most setups, it's "
+"recommended to leave this option unset."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:274 sssd-ad.5.xml:900
+msgid ""
+"Setting this option makes sense for environments where the DNS server is "
+"different from the identity server."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:279 sssd-ad.5.xml:905
+msgid ""
+"Please note that this option will be only used in fallback attempt when "
+"previous attempt using autodetected settings failed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:284 sssd-ad.5.xml:910
+msgid "Default: None (let nsupdate choose the server)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:290
+msgid "ipa_hbac_search_base (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:293
+msgid "Optional. Use the given string as search base for HBAC related objects."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:297
+msgid "Default: Use base DN"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:303
+msgid "ipa_host_search_base (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:306
+msgid "Optional. Use the given string as search base for host objects."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:310 sssd-ipa.5.xml:329 sssd-ipa.5.xml:348 sssd-ipa.5.xml:367
+#: sssd-ipa.5.xml:386
+msgid ""
+"See <quote>ldap_search_base</quote> for information about configuring "
+"multiple search bases."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: sssd-ipa.5.xml:315 sssd-ipa.5.xml:334 include/ldap_search_bases.xml:27
+msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:322
+msgid "ipa_selinux_search_base (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:325
+msgid "Optional. Use the given string as search base for SELinux user maps."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:341
+msgid "ipa_subdomains_search_base (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:344
+msgid "Optional. Use the given string as search base for trusted domains."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:353
+msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:360
+msgid "ipa_master_domain_search_base (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:363
+msgid "Optional. Use the given string as search base for master domain object."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:372
+msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:379
+msgid "ipa_views_search_base (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:382
+msgid "Optional. Use the given string as search base for views containers."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:391
+msgid "Default: the value of <emphasis>cn=views,cn=accounts,%basedn</emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:398 sssd-krb5.5.xml:254
+msgid "krb5_validate (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:401
+msgid ""
+"Verify with the help of krb5_keytab that the TGT obtained has not been "
+"spoofed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:408 sssd-ad.5.xml:931
+msgid ""
+"Note that this default differs from the traditional Kerberos provider back "
+"end."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:418
+msgid ""
+"The name of the Kerberos realm. This is optional and defaults to the value "
+"of <quote>ipa_domain</quote>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:422
+msgid ""
+"The name of the Kerberos realm has a special meaning in IPA - it is "
+"converted into the base DN to use for performing LDAP operations."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:433
+msgid ""
+"Specifies if the host and user principal should be canonicalized when "
+"connecting to IPA LDAP and also for AS requests. This feature is available "
+"with MIT Kerberos >= 1.7"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:446 sssd-krb5.5.xml:416
+msgid "krb5_use_fast (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:449 sssd-krb5.5.xml:419
+msgid ""
+"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-"
+"authentication. The following options are supported:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:454
+msgid "<emphasis>never</emphasis> use FAST."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:457
+msgid ""
+"<emphasis>try</emphasis> to use FAST. If the server does not support FAST, "
+"continue the authentication without it. This is equivalent to not setting "
+"this option at all."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:463 sssd-krb5.5.xml:433
+msgid ""
+"<emphasis>demand</emphasis> to use FAST. The authentication fails if the "
+"server does not require fast."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:468
+msgid "Default: try"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:471 sssd-krb5.5.xml:444
+msgid ""
+"NOTE: SSSD supports FAST only with MIT Kerberos version 1.8 and later. If "
+"SSSD is used with an older version of MIT Kerberos, using this option is a "
+"configuration error."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:480 sssd-ad.5.xml:938
+msgid "krb5_confd_path (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:483 sssd-ad.5.xml:941
+msgid ""
+"Absolute path of a directory where SSSD should place Kerberos configuration "
+"snippets."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:487 sssd-ad.5.xml:945
+msgid ""
+"To disable the creation of the configuration snippets set the parameter to "
+"'none'."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:491 sssd-ad.5.xml:949
+msgid ""
+"Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:498
+msgid "ipa_hbac_refresh (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:501
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server. "
+"This will reduce the latency and load on the IPA server if there are many "
+"access-control requests made in a short period."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:508 sssd-ipa.5.xml:524 sssd-ad.5.xml:355
+msgid "Default: 5 (seconds)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:514
+msgid "ipa_hbac_selinux (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:517
+msgid ""
+"The amount of time between lookups of the SELinux maps against the IPA "
+"server. This will reduce the latency and load on the IPA server if there are "
+"many user login requests made in a short period."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:530
+msgid "ipa_server_mode (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:533
+msgid "This option should only be set by the IPA installer."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:537
+msgid ""
+"The option denotes that the SSSD is running on IPA server and should perform "
+"lookups of users and groups from trusted domains differently."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:548
+msgid "ipa_automount_location (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:551
+msgid "The automounter location this IPA client will be using"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:554
+msgid "Default: The location named \"default\""
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-ipa.5.xml:562
+msgid "VIEWS AND OVERRIDES"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:571
+msgid "ipa_view_class (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:574
+msgid "Objectclass of the view container."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:577
+msgid "Default: nsContainer"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:583
+msgid "ipa_view_name (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:586
+msgid "Name of the attribute holding the name of the view."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:596
+msgid "ipa_overide_object_class (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:599
+msgid "Objectclass of the override objects."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:602
+msgid "Default: ipaOverrideAnchor"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:608
+msgid "ipa_anchor_uuid (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:611
+msgid ""
+"Name of the attribute containing the reference to the original object in a "
+"remote domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:615
+msgid "Default: ipaAnchorUUID"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:621
+msgid "ipa_user_override_object_class (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:624
+msgid ""
+"Name of the objectclass for user overrides. It is used to determine if the "
+"found override object is related to a user or a group."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:629
+msgid "User overrides can contain attributes given by"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ipa.5.xml:632
+msgid "ldap_user_name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ipa.5.xml:635
+msgid "ldap_user_uid_number"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ipa.5.xml:638
+msgid "ldap_user_gid_number"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ipa.5.xml:641
+msgid "ldap_user_gecos"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ipa.5.xml:644
+msgid "ldap_user_home_directory"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ipa.5.xml:647
+msgid "ldap_user_shell"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ipa.5.xml:650
+msgid "ldap_user_ssh_public_key"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:655
+msgid "Default: ipaUserOverride"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:661
+msgid "ipa_group_override_object_class (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:664
+msgid ""
+"Name of the objectclass for group overrides. It is used to determine if the "
+"found override object is related to a user or a group."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:669
+msgid "Group overrides can contain attributes given by"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ipa.5.xml:672
+msgid "ldap_group_name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ipa.5.xml:675
+msgid "ldap_group_gid_number"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:680
+msgid "Default: ipaGroupOverride"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd-ipa.5.xml:564
+msgid ""
+"SSSD can handle views and overrides which are offered by FreeIPA 4.1 and "
+"later version. Since all paths and objectclasses are fixed on the server "
+"side there is basically no need to configure anything. For completeness the "
+"related options are listed here with their default values. <placeholder "
+"type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd-ipa.5.xml:690
+msgid "SUBDOMAINS PROVIDER"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ipa.5.xml:692
+msgid ""
+"The IPA subdomains provider behaves slightly differently if it is configured "
+"explicitly or implicitly."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ipa.5.xml:696
+msgid ""
+"If the option 'subdomains_provider = ipa' is found in the domain section of "
+"sssd.conf, the IPA subdomains provider is configured explicitly, and all "
+"subdomain requests are sent to the IPA server if necessary."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ipa.5.xml:702
+msgid ""
+"If the option 'subdomains_provider' is not set in the domain section of sssd."
+"conf but there is the option 'id_provider = ipa', the IPA subdomains "
+"provider is configured implicitly. In this case, if a subdomain request "
+"fails and indicates that the server does not support subdomains, i.e. is not "
+"configured for trusts, the IPA subdomains provider is disabled. After an "
+"hour or after the IPA provider goes online, the subdomains provider is "
+"enabled again."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ipa.5.xml:719
+msgid ""
+"The following example assumes that SSSD is correctly configured and example."
+"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
+"This examples shows only the ipa provider-specific options."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-ipa.5.xml:726
+#, no-wrap
+msgid ""
+"[domain/example.com]\n"
+"id_provider = ipa\n"
+"ipa_server = ipaserver.example.com\n"
+"ipa_hostname = myhost.example.com\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-ad.5.xml:10 sssd-ad.5.xml:16
+msgid "sssd-ad"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-ad.5.xml:17
+msgid "SSSD Active Directory provider"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ad.5.xml:23
+msgid ""
+"This manual page describes the configuration of the AD provider for "
+"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
+"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE "
+"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</"
+"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ad.5.xml:36
+msgid ""
+"The AD provider is a back end used to connect to an Active Directory server. "
+"This provider requires that the machine be joined to the AD domain and a "
+"keytab is available."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ad.5.xml:41
+msgid ""
+"The AD provider supports connecting to Active Directory 2008 R2 or later. "
+"Earlier versions may work, but are unsupported."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ad.5.xml:45
+msgid ""
+"The AD provider can be used to get user information and authenticate users "
+"from trusted domains. Currently only trusted domains in the same forest are "
+"recognized. In addition servers from trusted domains are always auto-"
+"discovered."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ad.5.xml:51
+msgid ""
+"The AD provider accepts the same options used by the <citerefentry> "
+"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-"
+"krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication "
+"provider with some exceptions described below."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ad.5.xml:63
+msgid ""
+"However, it is neither necessary nor recommended to set these options. The "
+"AD provider can also be used as an access, chpass, sudo and autofs provider. "
+"No configuration of the access provider is required on the client side."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-ad.5.xml:75
+#, no-wrap
+msgid ""
+"ldap_id_mapping = False\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ad.5.xml:69
+msgid ""
+"By default, the AD provider will map UID and GID values from the objectSID "
+"parameter in Active Directory. For details on this, see the <quote>ID "
+"MAPPING</quote> section below. If you want to disable ID mapping and instead "
+"rely on POSIX attributes defined in Active Directory, you should set "
+"<placeholder type=\"programlisting\" id=\"0\"/> In order to retrieve users "
+"and groups using POSIX attributes from trusted domains, the AD administrator "
+"must make sure that the POSIX attributes are replicated to the Global "
+"Catalog."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ad.5.xml:82
+msgid ""
+"Users, groups and other entities served by SSSD are always treated as case-"
+"insensitive in the AD provider for compatibility with Active Directory's "
+"LDAP implementation."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:97
+msgid "ad_domain (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:100
+msgid ""
+"Specifies the name of the Active Directory domain. This is optional. If not "
+"provided, the configuration domain name is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:105
+msgid ""
+"For proper operation, this option should be specified as the lower-case "
+"version of the long version of the Active Directory domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:110
+msgid ""
+"The short domain name (also known as the NetBIOS or the flat name) is "
+"autodetected by the SSSD."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:117
+msgid "ad_server, ad_backup_server (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:120
+msgid ""
+"The comma-separated list of hostnames of the AD servers to which SSSD should "
+"connect in order of preference. For more information on failover and server "
+"redundancy, see the <quote>FAILOVER</quote> section."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:127
+msgid ""
+"This is optional if autodiscovery is enabled. For more information on "
+"service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:132
+msgid ""
+"Note: Trusted domains will always auto-discover servers even if the primary "
+"server is explicitly defined in the ad_server option."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:140
+msgid "ad_hostname (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:143
+msgid ""
+"Optional. May be set on machines where the hostname(5) does not reflect the "
+"fully qualified name used in the Active Directory domain to identify this "
+"host."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:149
+msgid ""
+"This field is used to determine the host principal in use in the keytab. It "
+"must match the hostname for which the keytab was issued."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:157
+msgid "ad_enable_dns_sites (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:164
+msgid ""
+"If true and service discovery (see Service Discovery paragraph at the bottom "
+"of the man page) is enabled, the SSSD will first attempt to discover the "
+"Active Directory server to connect to using the Active Directory Site "
+"Discovery and fall back to the DNS SRV records if no AD site is found. The "
+"DNS SRV configuration, including the discovery domain, is used during site "
+"discovery as well."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:180
+msgid "ad_access_filter (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:183
+msgid ""
+"This option specifies LDAP access control filter that the user must match in "
+"order to be allowed access. Please note that the <quote>access_provider</"
+"quote> option must be explicitly set to <quote>ad</quote> in order for this "
+"option to have an effect."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:191
+msgid ""
+"The option also supports specifying different filters per domain or forest. "
+"This extended filter would consist of: <quote>KEYWORD:NAME:FILTER</quote>. "
+"The keyword can be either <quote>DOM</quote>, <quote>FOREST</quote> or "
+"missing."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:199
+msgid ""
+"If the keyword equals to <quote>DOM</quote> or is missing, then <quote>NAME</"
+"quote> specifies the domain or subdomain the filter applies to. If the "
+"keyword equals to <quote>FOREST</quote>, then the filter equals to all "
+"domains from the forest specified by <quote>NAME</quote>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:207
+msgid ""
+"Multiple filters can be separated with the <quote>?</quote> character, "
+"similarly to how search bases work."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:212
+msgid ""
+"The most specific match is always used. For example, if the option specified "
+"filter for a domain the user is a member of and a global filter, the per-"
+"domain filter would be applied. If there are more matches with the same "
+"specification, the first one is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-ad.5.xml:223
+#, no-wrap
+msgid ""
+"# apply filter on domain called dom1 only:\n"
+"dom1:(memberOf=cn=admins,ou=groups,dc=dom1,dc=com)\n"
+"\n"
+"# apply filter on domain called dom2 only:\n"
+"DOM:dom2:(memberOf=cn=admins,ou=groups,dc=dom2,dc=com)\n"
+"\n"
+"# apply filter on forest called EXAMPLE.COM only:\n"
+"FOREST:EXAMPLE.COM:(memberOf=cn=admins,ou=groups,dc=example,dc=com)\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:233 sssd-ad.5.xml:247
+msgid "Default: Not set"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:239
+msgid "ad_site (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:242
+msgid ""
+"Specify AD site to which client should try to connect. If this option is "
+"not provided, the AD site will be auto-discovered."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:253
+msgid "ad_enable_gc (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:256
+msgid ""
+"By default, the SSSD connects to the Global Catalog first to retrieve users "
+"from trusted domains and uses the LDAP port to retrieve group memberships or "
+"as a fallback. Disabling this option makes the SSSD only connect to the LDAP "
+"port of the current AD server."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:264
+msgid ""
+"Please note that disabling Global Catalog support does not disable "
+"retrieving users from trusted domains. The SSSD would connect to the LDAP "
+"port of trusted domains instead. However, Global Catalog must be used in "
+"order to resolve cross-domain group memberships."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:278
+msgid "ad_gpo_access_control (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:281
+msgid ""
+"This option specifies the operation mode for GPO-based access control "
+"functionality: whether it operates in disabled mode, enforcing mode, or "
+"permissive mode. Please note that the <quote>access_provider</quote> option "
+"must be explicitly set to <quote>ad</quote> in order for this option to have "
+"an effect."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:290
+msgid ""
+"GPO-based access control functionality uses GPO policy settings to determine "
+"whether or not a particular user is allowed to logon to a particular host."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:296
+msgid ""
+"NOTE: If the operation mode is set to enforcing, it is possible that users "
+"that were previously allowed logon access will now be denied logon access "
+"(as dictated by the GPO policy settings). In order to facilitate a smooth "
+"transition for administrators, a permissive mode is available that will not "
+"enforce the access control rules, but will evaluate them and will output a "
+"syslog message if access would have been denied. By examining the logs, "
+"administrators can then make the necessary changes before setting the mode "
+"to enforcing."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:309
+msgid "There are three supported values for this option:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:313
+msgid ""
+"disabled: GPO-based access control rules are neither evaluated nor enforced."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:319
+msgid "enforcing: GPO-based access control rules are evaluated and enforced."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:325
+msgid ""
+"permissive: GPO-based access control rules are evaluated, but not enforced. "
+"Instead, a syslog message will be emitted indicating that the user would "
+"have been denied access if this option's value were set to enforcing."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:336
+msgid "Default: permissive"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:339
+msgid "Default: enforcing"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:345
+msgid "ad_gpo_cache_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:348
+msgid ""
+"The amount of time between lookups of GPO policy files against the AD "
+"server. This will reduce the latency and load on the AD server if there are "
+"many access-control requests made in a short period."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:361
+msgid "ad_gpo_map_interactive (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:364
+msgid ""
+"A comma-separated list of PAM service names for which GPO-based access "
+"control is evaluated based on the InteractiveLogonRight and "
+"DenyInteractiveLogonRight policy settings."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:370
+msgid ""
+"Note: Using the Group Policy Management Editor this value is called \"Allow "
+"log on locally\" and \"Deny log on locally\"."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd-ad.5.xml:384
+#, no-wrap
+msgid ""
+"ad_gpo_map_interactive = +my_pam_service, -login\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:375
+msgid ""
+"It is possible to add another PAM service name to the default set by using "
+"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
+"the default set by using <quote>-service_name</quote>. For example, in "
+"order to replace a default PAM service name for this logon right (e.g. "
+"<quote>login</quote>) with a custom pam service name (e.g. "
+"<quote>my_pam_service</quote>), you would use the following configuration: "
+"<placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:388 sssd-ad.5.xml:484 sssd-ad.5.xml:530 sssd-ad.5.xml:575
+#: sssd-ad.5.xml:641
+msgid "Default: the default set of PAM service names includes:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:392
+msgid "login"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:397
+msgid "su"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:402
+msgid "su-l"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:407
+msgid "gdm-fingerprint"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:412
+msgid "gdm-password"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:417
+msgid "gdm-smartcard"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:422
+msgid "kdm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:427
+msgid "lightdm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:432
+msgid "lxdm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:437
+msgid "sddm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:442
+msgid "unity"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:447
+msgid "xdm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:456
+msgid "ad_gpo_map_remote_interactive (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:459
+msgid ""
+"A comma-separated list of PAM service names for which GPO-based access "
+"control is evaluated based on the RemoteInteractiveLogonRight and "
+"DenyRemoteInteractiveLogonRight policy settings."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:465
+msgid ""
+"Note: Using the Group Policy Management Editor this value is called \"Allow "
+"log on through Remote Desktop Services\" and \"Deny log on through Remote "
+"Desktop Services\"."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd-ad.5.xml:480
+#, no-wrap
+msgid ""
+"ad_gpo_map_remote_interactive = +my_pam_service, -sshd\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:471
+msgid ""
+"It is possible to add another PAM service name to the default set by using "
+"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
+"the default set by using <quote>-service_name</quote>. For example, in "
+"order to replace a default PAM service name for this logon right (e.g. "
+"<quote>sshd</quote>) with a custom pam service name (e.g. "
+"<quote>my_pam_service</quote>), you would use the following configuration: "
+"<placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:488
+msgid "sshd"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:493
+msgid "cockpit"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:502
+msgid "ad_gpo_map_network (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:505
+msgid ""
+"A comma-separated list of PAM service names for which GPO-based access "
+"control is evaluated based on the NetworkLogonRight and "
+"DenyNetworkLogonRight policy settings."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:511
+msgid ""
+"Note: Using the Group Policy Management Editor this value is called \"Access "
+"this computer from the network\" and \"Deny access to this computer from the "
+"network\"."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd-ad.5.xml:526
+#, no-wrap
+msgid ""
+"ad_gpo_map_network = +my_pam_service, -ftp\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:517
+msgid ""
+"It is possible to add another PAM service name to the default set by using "
+"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
+"the default set by using <quote>-service_name</quote>. For example, in "
+"order to replace a default PAM service name for this logon right (e.g. "
+"<quote>ftp</quote>) with a custom pam service name (e.g. "
+"<quote>my_pam_service</quote>), you would use the following configuration: "
+"<placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:534
+msgid "ftp"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:539
+msgid "samba"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:548
+msgid "ad_gpo_map_batch (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:551
+msgid ""
+"A comma-separated list of PAM service names for which GPO-based access "
+"control is evaluated based on the BatchLogonRight and DenyBatchLogonRight "
+"policy settings."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:557
+msgid ""
+"Note: Using the Group Policy Management Editor this value is called \"Allow "
+"log on as a batch job\" and \"Deny log on as a batch job\"."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd-ad.5.xml:571
+#, no-wrap
+msgid ""
+"ad_gpo_map_batch = +my_pam_service, -crond\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:562
+msgid ""
+"It is possible to add another PAM service name to the default set by using "
+"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
+"the default set by using <quote>-service_name</quote>. For example, in "
+"order to replace a default PAM service name for this logon right (e.g. "
+"<quote>crond</quote>) with a custom pam service name (e.g. "
+"<quote>my_pam_service</quote>), you would use the following configuration: "
+"<placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:579
+msgid "crond"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:588
+msgid "ad_gpo_map_service (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:591
+msgid ""
+"A comma-separated list of PAM service names for which GPO-based access "
+"control is evaluated based on the ServiceLogonRight and "
+"DenyServiceLogonRight policy settings."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:597
+msgid ""
+"Note: Using the Group Policy Management Editor this value is called \"Allow "
+"log on as a service\" and \"Deny log on as a service\"."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd-ad.5.xml:610
+#, no-wrap
+msgid ""
+"ad_gpo_map_service = +my_pam_service\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:602 sssd-ad.5.xml:677
+msgid ""
+"It is possible to add a PAM service name to the default set by using <quote>"
+"+service_name</quote>. Since the default set is empty, it is not possible "
+"to remove a PAM service name from the default set. For example, in order to "
+"add a custom pam service name (e.g. <quote>my_pam_service</quote>), you "
+"would use the following configuration: <placeholder type=\"programlisting\" "
+"id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:620
+msgid "ad_gpo_map_permit (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:623
+msgid ""
+"A comma-separated list of PAM service names for which GPO-based access is "
+"always granted, regardless of any GPO Logon Rights."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd-ad.5.xml:637
+#, no-wrap
+msgid ""
+"ad_gpo_map_permit = +my_pam_service, -sudo\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:628
+msgid ""
+"It is possible to add another PAM service name to the default set by using "
+"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
+"the default set by using <quote>-service_name</quote>. For example, in "
+"order to replace a default PAM service name for unconditionally permitted "
+"access (e.g. <quote>sudo</quote>) with a custom pam service name (e.g. "
+"<quote>my_pam_service</quote>), you would use the following configuration: "
+"<placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:645
+msgid "polkit-1"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:650
+msgid "sudo"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:655
+msgid "sudo-i"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:660
+msgid "systemd-user"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:669
+msgid "ad_gpo_map_deny (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:672
+msgid ""
+"A comma-separated list of PAM service names for which GPO-based access is "
+"always denied, regardless of any GPO Logon Rights."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd-ad.5.xml:685
+#, no-wrap
+msgid ""
+"ad_gpo_map_deny = +my_pam_service\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:695
+msgid "ad_gpo_default_right (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:698
+msgid ""
+"This option defines how access control is evaluated for PAM service names "
+"that are not explicitly listed in one of the ad_gpo_map_* options. This "
+"option can be set in two different manners. First, this option can be set to "
+"use a default logon right. For example, if this option is set to "
+"'interactive', it means that unmapped PAM service names will be processed "
+"based on the InteractiveLogonRight and DenyInteractiveLogonRight policy "
+"settings. Alternatively, this option can be set to either always permit or "
+"always deny access for unmapped PAM service names."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:711
+msgid "Supported values for this option include:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:715
+msgid "interactive"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:720
+msgid "remote_interactive"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:725
+msgid "network"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:730
+msgid "batch"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:735
+msgid "service"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:740
+msgid "permit"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:745
+msgid "deny"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:751
+msgid "Default: deny"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:757
+msgid "ad_maximum_machine_account_password_age (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:760
+msgid ""
+"SSSD will check once a day if the machine account password is older than the "
+"given age in days and try to renew it. A value of 0 will disable the renewal "
+"attempt."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:766
+msgid "Default: 30 days"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:772
+msgid "ad_machine_account_password_renewal_opts (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:775
+msgid ""
+"This option should only be used to test the machine account renewal task. "
+"The option expect 2 integers seperated by a colon (':'). The first integer "
+"defines the interval in seconds how often the task is run. The second "
+"specifies the inital timeout in seconds before the task is run for the first "
+"time after startup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:784
+msgid "Default: 86400:750 (24h and 15m)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:793
+msgid ""
+"Optional. This option tells SSSD to automatically update the Active "
+"Directory DNS server with the IP address of this client. The update is "
+"secured using GSS-TSIG. As a consequence, the Active Directory administrator "
+"only needs to allow secure updates for the DNS zone. The IP address of the "
+"AD LDAP connection is used for the updates, if it is not otherwise specified "
+"by using the <quote>dyndns_iface</quote> option."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:823
+msgid "Default: 3600 (seconds)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:839
+msgid ""
+"Default: Use the IP addresses of the interface which is used for AD LDAP "
+"connection"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:873 sss_rpcidmapd.5.xml:76
+msgid "Default: True"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:919 sssd-krb5.5.xml:505
+msgid "krb5_use_enterprise_principal (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:922 sssd-krb5.5.xml:508
+msgid ""
+"Specifies if the user principal should be treated as enterprise principal. "
+"See section 5 of RFC 6806 for more details about enterprise principals."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ad.5.xml:967
+msgid ""
+"The following example assumes that SSSD is correctly configured and example."
+"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
+"This example shows only the AD provider-specific options."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-ad.5.xml:974
+#, no-wrap
+msgid ""
+"[domain/EXAMPLE]\n"
+"id_provider = ad\n"
+"auth_provider = ad\n"
+"access_provider = ad\n"
+"chpass_provider = ad\n"
+"\n"
+"ad_server = dc1.example.com\n"
+"ad_hostname = client.example.com\n"
+"ad_domain = example.com\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-ad.5.xml:994
+#, no-wrap
+msgid ""
+"access_provider = ldap\n"
+"ldap_access_order = expire\n"
+"ldap_account_expire_policy = ad\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ad.5.xml:990
+msgid ""
+"The AD access control provider checks if the account is expired. It has the "
+"same effect as the following configuration of the LDAP provider: "
+"<placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ad.5.xml:1000
+msgid ""
+"However, unless the <quote>ad</quote> access control provider is explicitly "
+"configured, the default access provider is <quote>permit</quote>. Please "
+"note that if you configure an access provider other than <quote>ad</quote>, "
+"you need to set all the connection parameters (such as LDAP URIs and "
+"encryption details) manually."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ad.5.xml:1008
+msgid ""
+"When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema "
+"attribute mapping (nisMap, nisObject, ...) is used, because these attributes "
+"are included in the default Active Directory schema."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16
+msgid "sssd-sudo"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-sudo.5.xml:17
+msgid "Configuring sudo with the SSSD back end"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-sudo.5.xml:23
+msgid ""
+"This manual page describes how to configure <citerefentry> "
+"<refentrytitle>sudo</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> "
+"to work with <citerefentry> <refentrytitle>sssd</refentrytitle> "
+"<manvolnum>8</manvolnum> </citerefentry> and how SSSD caches sudo rules."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd-sudo.5.xml:36
+msgid "Configuring sudo to cooperate with SSSD"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-sudo.5.xml:38
+msgid ""
+"To enable SSSD as a source for sudo rules, add <emphasis>sss</emphasis> to "
+"the <emphasis>sudoers</emphasis> entry in <citerefentry> "
+"<refentrytitle>nsswitch.conf</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-sudo.5.xml:47
+msgid ""
+"For example, to configure sudo to first lookup rules in the standard "
+"<citerefentry> <refentrytitle>sudoers</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> file (which should contain rules that apply to "
+"local users) and then in SSSD, the nsswitch.conf file should contain the "
+"following line:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-sudo.5.xml:57
+#, no-wrap
+msgid "sudoers: files sss\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-sudo.5.xml:61
+msgid ""
+"More information about configuring the sudoers search order from the "
+"nsswitch.conf file as well as information about the LDAP schema that is used "
+"to store sudo rules in the directory can be found in <citerefentry> "
+"<refentrytitle>sudoers.ldap</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-sudo.5.xml:70
+msgid ""
+"<emphasis>Note</emphasis>: in order to use netgroups or IPA hostgroups in "
+"sudo rules, you also need to correctly set <citerefentry> "
+"<refentrytitle>nisdomainname</refentrytitle> <manvolnum>1</manvolnum> </"
+"citerefentry> to your NIS domain name (which equals to IPA domain name when "
+"using hostgroups)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd-sudo.5.xml:82
+msgid "Configuring SSSD to fetch sudo rules"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-sudo.5.xml:84
+msgid ""
+"All configuration that is needed on SSSD side is to extend the list of "
+"<emphasis>services</emphasis> with \"sudo\" in [sssd] section of "
+"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry>. To speed up the LDAP lookups, you can also set "
+"search base for sudo rules using <emphasis>ldap_sudo_search_base</emphasis> "
+"option."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-sudo.5.xml:94
+msgid ""
+"The following example shows how to configure SSSD to download sudo rules "
+"from an LDAP server."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-sudo.5.xml:99
+#, no-wrap
+msgid ""
+"[sssd]\n"
+"config_file_version = 2\n"
+"services = nss, pam, sudo\n"
+"domains = EXAMPLE\n"
+"\n"
+"[domain/EXAMPLE]\n"
+"id_provider = ldap\n"
+"sudo_provider = ldap\n"
+"ldap_uri = ldap://example.com\n"
+"ldap_sudo_search_base = ou=sudoers,dc=example,dc=com\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-sudo.5.xml:112
+msgid ""
+"When the SSSD is configured to use IPA as the ID provider, the sudo provider "
+"is automatically enabled. The sudo search base is configured to use the "
+"compat tree (ou=sudoers,$DC)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd-sudo.5.xml:119
+msgid "The SUDO rule caching mechanism"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-sudo.5.xml:121
+msgid ""
+"The biggest challenge, when developing sudo support in SSSD, was to ensure "
+"that running sudo with SSSD as the data source provides the same user "
+"experience and is as fast as sudo but keeps providing the most current set "
+"of rules as possible. To satisfy these requirements, SSSD uses three kinds "
+"of updates. They are referred to as full refresh, smart refresh and rules "
+"refresh."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-sudo.5.xml:129
+msgid ""
+"The <emphasis>smart refresh</emphasis> periodically downloads rules that are "
+"new or were modified after the last update. Its primary goal is to keep the "
+"database growing by fetching only small increments that do not generate "
+"large amounts of network traffic."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-sudo.5.xml:135
+msgid ""
+"The <emphasis>full refresh</emphasis> simply deletes all sudo rules stored "
+"in the cache and replaces them with all rules that are stored on the server. "
+"This is used to keep the cache consistent by removing every rule which was "
+"deleted from the server. However, full refresh may produce a lot of traffic "
+"and thus it should be run only occasionally depending on the size and "
+"stability of the sudo rules."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-sudo.5.xml:143
+msgid ""
+"The <emphasis>rules refresh</emphasis> ensures that we do not grant the user "
+"more permission than defined. It is triggered each time the user runs sudo. "
+"Rules refresh will find all rules that apply to this user, check their "
+"expiration time and redownload them if expired. In the case that any of "
+"these rules are missing on the server, the SSSD will do an out of band full "
+"refresh because more rules (that apply to other users) may have been deleted."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-sudo.5.xml:152
+msgid ""
+"If enabled, SSSD will store only rules that can be applied to this machine. "
+"This means rules that contain one of the following values in "
+"<emphasis>sudoHost</emphasis> attribute:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
+#: sssd-sudo.5.xml:159
+msgid "keyword ALL"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
+#: sssd-sudo.5.xml:164
+msgid "wildcard"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
+#: sssd-sudo.5.xml:169
+msgid "netgroup (in the form \"+netgroup\")"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
+#: sssd-sudo.5.xml:174
+msgid "hostname or fully qualified domain name of this machine"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
+#: sssd-sudo.5.xml:179
+msgid "one of the IP addresses of this machine"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
+#: sssd-sudo.5.xml:184
+msgid "one of the IP addresses of the network (in the form \"address/mask\")"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-sudo.5.xml:190
+msgid ""
+"There are many configuration options that can be used to adjust the "
+"behavior. Please refer to \"ldap_sudo_*\" in <citerefentry> "
+"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> and \"sudo_*\" in <citerefentry> <refentrytitle>sssd.conf</"
+"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd.8.xml:10 sssd.8.xml:15
+msgid "sssd"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd.8.xml:16
+msgid "System Security Services Daemon"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sssd.8.xml:21
+msgid ""
+"<command>sssd</command> <arg choice='opt'> <replaceable>options</"
+"replaceable> </arg>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.8.xml:31
+msgid ""
+"<command>SSSD</command> provides a set of daemons to manage access to remote "
+"directories and authentication mechanisms. It provides an NSS and PAM "
+"interface toward the system and a pluggable backend system to connect to "
+"multiple different account sources as well as D-Bus interface. It is also "
+"the basis to provide client auditing and policy services for projects like "
+"FreeIPA. It provides a more robust database to store local users as well as "
+"extended user data."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:46
+msgid ""
+"<option>-d</option>,<option>--debug-level</option> <replaceable>LEVEL</"
+"replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:53
+msgid "<option>--debug-timestamps=</option><replaceable>mode</replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:57
+msgid "<emphasis>1</emphasis>: Add a timestamp to the debug messages"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:60
+msgid "<emphasis>0</emphasis>: Disable timestamp in the debug messages"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:69
+msgid "<option>--debug-microseconds=</option><replaceable>mode</replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:73
+msgid ""
+"<emphasis>1</emphasis>: Add microseconds to the timestamp in debug messages"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:76
+msgid "<emphasis>0</emphasis>: Disable microseconds in timestamp"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:85
+msgid "<option>-f</option>,<option>--debug-to-files</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:89
+msgid ""
+"Send the debug output to files instead of stderr. By default, the log files "
+"are stored in <filename>/var/log/sssd</filename> and there are separate log "
+"files for every SSSD service and domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:97
+msgid "<option>-D</option>,<option>--daemon</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:101
+msgid "Become a daemon after starting up."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:107 sss_seed.8.xml:136
+msgid "<option>-i</option>,<option>--interactive</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:111
+msgid "Run in the foreground, don't become a daemon."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:117 sss_debuglevel.8.xml:42
+msgid "<option>-c</option>,<option>--config</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:121 sss_debuglevel.8.xml:46
+msgid ""
+"Specify a non-default config file. The default is <filename>/etc/sssd/sssd."
+"conf</filename>. For reference on the config file syntax and options, "
+"consult the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry> manual page."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:135
+msgid "<option>--version</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:139
+msgid "Print version number and exit."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd.8.xml:147
+msgid "Signals"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:150
+msgid "SIGTERM/SIGINT"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:153
+msgid ""
+"Informs the SSSD to gracefully terminate all of its child processes and then "
+"shut down the monitor."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:159
+msgid "SIGHUP"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:162
+msgid ""
+"Tells the SSSD to stop writing to its current debug file descriptors and to "
+"close and reopen them. This is meant to facilitate log rolling with programs "
+"like logrotate."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:170
+msgid "SIGUSR1"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:173
+msgid ""
+"Tells the SSSD to simulate offline operation for the duration of the "
+"<quote>offline_timeout</quote> parameter. This is useful for testing. The "
+"signal can be sent to either the sssd process or any sssd_be process "
+"directly."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:182
+msgid "SIGUSR2"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:185
+msgid ""
+"Tells the SSSD to go online immediately. This is useful for testing. The "
+"signal can be sent to either the sssd process or any sssd_be process "
+"directly."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.8.xml:197
+msgid ""
+"If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client "
+"applications will not use the fast in memory cache."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15
+msgid "sss_obfuscate"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sss_obfuscate.8.xml:16
+msgid "obfuscate a clear text password"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sss_obfuscate.8.xml:21
+msgid ""
+"<command>sss_obfuscate</command> <arg choice='opt'> <replaceable>options</"
+"replaceable> </arg> <arg choice='plain'><replaceable>[PASSWORD]</"
+"replaceable></arg>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_obfuscate.8.xml:32
+msgid ""
+"<command>sss_obfuscate</command> converts a given password into human-"
+"unreadable format and places it into appropriate domain section of the SSSD "
+"config file."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_obfuscate.8.xml:37
+msgid ""
+"The cleartext password is read from standard input or entered "
+"interactively. The obfuscated password is put into "
+"<quote>ldap_default_authtok</quote> parameter of a given SSSD domain and the "
+"<quote>ldap_default_authtok_type</quote> parameter is set to "
+"<quote>obfuscated_password</quote>. Refer to <citerefentry> "
+"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> for more details on these parameters."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_obfuscate.8.xml:49
+msgid ""
+"Please note that obfuscating the password provides <emphasis>no real "
+"security benefit</emphasis> as it is still possible for an attacker to "
+"reverse-engineer the password back. Using better authentication mechanisms "
+"such as client side certificates or GSSAPI is <emphasis>strongly</emphasis> "
+"advised."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_obfuscate.8.xml:63
+msgid "<option>-s</option>,<option>--stdin</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_obfuscate.8.xml:67
+msgid "The password to obfuscate will be read from standard input."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:70
+#: sss_ssh_knownhostsproxy.1.xml:78
+msgid ""
+"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
+"replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_obfuscate.8.xml:79
+msgid ""
+"The SSSD domain to use the password in. The default name is <quote>default</"
+"quote>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_obfuscate.8.xml:86
+msgid ""
+"<option>-f</option>,<option>--file</option> <replaceable>FILE</replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_obfuscate.8.xml:91
+msgid "Read the config file specified by the positional parameter."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_obfuscate.8.xml:95
+msgid "Default: <filename>/etc/sssd/sssd.conf</filename>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sss_override.8.xml:10 sss_override.8.xml:15
+msgid "sss_override"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sss_override.8.xml:16
+msgid "create local overrides of user and group attributes"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sss_override.8.xml:21
+msgid ""
+"<command>sss_override</command> <arg choice='plain'><replaceable>COMMAND</"
+"replaceable></arg> <arg choice='opt'> <replaceable>options</replaceable> </"
+"arg>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_override.8.xml:32
+msgid ""
+"<command>sss_override</command> enables to create a client-side view and "
+"allows to change selected values of specific user and groups. This change "
+"takes effect only on local machine."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_override.8.xml:37
+msgid ""
+"Overrides data are stored in the SSSD cache. If the cache is deleted, all "
+"local overrides are lost. Please note that after the first override is "
+"created using any of the following <emphasis>user-add</emphasis>, "
+"<emphasis>group-add</emphasis>, <emphasis>user-import</emphasis> or "
+"<emphasis>group-import</emphasis> command. SSSD needs to be restarted to "
+"take effect. <emphasis>sss_override</emphasis> prints message when a "
+"restart is required."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sss_override.8.xml:50
+msgid "AVAILABLE COMMANDS"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_override.8.xml:52
+msgid ""
+"Argument <emphasis>NAME</emphasis> is the name of original object in all "
+"commands. It is not possible to override <emphasis>uid</emphasis> or "
+"<emphasis>gid</emphasis> to 0."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:59
+msgid ""
+"<option>user-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--"
+"name</option> NAME</optional> <optional><option>-u,--uid</option> UID</"
+"optional> <optional><option>-g,--gid</option> GID</optional> "
+"<optional><option>-h,--home</option> HOME</optional> <optional><option>-s,--"
+"shell</option> SHELL</optional> <optional><option>-c,--gecos</option> GECOS</"
+"optional> <optional><option>-x,--certificate</option> BASE64 ENCODED "
+"CERTIFICATE</optional>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:72
+msgid ""
+"Override attributes of an user. Please be aware that calling this command "
+"will replace any previous override for the (NAMEd) user."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:80
+msgid "<option>user-del</option> <emphasis>NAME</emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:85
+msgid ""
+"Remove user overrides. However be aware that overridden attributes might be "
+"returned from memory cache. Please see SSSD option "
+"<emphasis>memcache_timeout</emphasis> for more details."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:94
+msgid ""
+"<option>user-find</option> <optional><option>-d,--domain</option> DOMAIN</"
+"optional>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:99
+msgid ""
+"List all users with set overrides. If <emphasis>DOMAIN</emphasis> parameter "
+"is set, only users from the domain are listed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:107
+msgid "<option>user-show</option> <emphasis>NAME</emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:112
+msgid "Show user overrides."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:118
+msgid "<option>user-import</option> <emphasis>FILE</emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:123
+msgid ""
+"Import user overrides from <emphasis>FILE</emphasis>. Data format is "
+"similar to standard passwd file. The format is:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:128
+msgid "original_name:name:uid:gid:gecos:home:shell:base64_encoded_certificate"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:131
+msgid ""
+"where original_name is original name of the user whose attributes should be "
+"overridden. The rest of fields correspond to new values. You can omit a "
+"value simply by leaving corresponding field empty."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:140
+msgid "ckent:superman::::::"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:143
+msgid "ckent@krypton.com::501:501:Superman:/home/earth:/bin/bash:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:149
+msgid "<option>user-export</option> <emphasis>FILE</emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:154
+msgid ""
+"Export all overridden attributes and store them in <emphasis>FILE</"
+"emphasis>. See <emphasis>user-import</emphasis> for data format."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:162
+msgid ""
+"<option>group-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--"
+"name</option> NAME</optional> <optional><option>-g,--gid</option> GID</"
+"optional>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:169
+msgid ""
+"Override attributes of a group. Please be aware that calling this command "
+"will replace any previous override for the (NAMEd) group."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:177
+msgid "<option>group-del</option> <emphasis>NAME</emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:182
+msgid ""
+"Remove group overrides. However be aware that overridden attributes might be "
+"returned from memory cache. Please see SSSD option "
+"<emphasis>memcache_timeout</emphasis> for more details."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:191
+msgid ""
+"<option>group-find</option> <optional><option>-d,--domain</option> DOMAIN</"
+"optional>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:196
+msgid ""
+"List all groups with set overrides. If <emphasis>DOMAIN</emphasis> "
+"parameter is set, only groups from the domain are listed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:204
+msgid "<option>group-show</option> <emphasis>NAME</emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:209
+msgid "Show group overrides."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:215
+msgid "<option>group-import</option> <emphasis>FILE</emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:220
+msgid ""
+"Import group overrides from <emphasis>FILE</emphasis>. Data format is "
+"similar to standard group file. The format is:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:225
+msgid "original_name:name:gid"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:228
+msgid ""
+"where original_name is original name of the group whose attributes should be "
+"overridden. The rest of fields correspond to new values. You can omit a "
+"value simply by leaving corresponding field empty."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:237
+msgid "admins:administrators:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:240
+msgid "Domain Users:Users:501"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:246
+msgid "<option>group-export</option> <emphasis>FILE</emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:251
+msgid ""
+"Export all overridden attributes and store them in <emphasis>FILE</"
+"emphasis>. See <emphasis>group-import</emphasis> for data format."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sss_override.8.xml:261
+#, fuzzy
+#| msgid "OPTIONS"
+msgid "COMMON OPTIONS"
+msgstr "OPÇÕES"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_override.8.xml:263
+msgid "Those options are available with all commands."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:268
+msgid "<option>--debug</option> <replaceable>LEVEL</replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sss_useradd.8.xml:10 sss_useradd.8.xml:15
+msgid "sss_useradd"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sss_useradd.8.xml:16
+msgid "create a new user"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sss_useradd.8.xml:21
+msgid ""
+"<command>sss_useradd</command> <arg choice='opt'> <replaceable>options</"
+"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
+"arg>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_useradd.8.xml:32
+msgid ""
+"<command>sss_useradd</command> creates a new user account using the values "
+"specified on the command line plus the default values from the system."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_useradd.8.xml:43 sss_seed.8.xml:76
+msgid ""
+"<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_useradd.8.xml:48
+msgid ""
+"Set the UID of the user to the value of <replaceable>UID</replaceable>. If "
+"not given, it is chosen automatically."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_useradd.8.xml:55 sss_usermod.8.xml:43 sss_seed.8.xml:100
+msgid ""
+"<option>-c</option>,<option>--gecos</option> <replaceable>COMMENT</"
+"replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_useradd.8.xml:60 sss_usermod.8.xml:48 sss_seed.8.xml:105
+msgid ""
+"Any text string describing the user. Often used as the field for the user's "
+"full name."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_useradd.8.xml:67 sss_usermod.8.xml:55 sss_seed.8.xml:112
+msgid ""
+"<option>-h</option>,<option>--home</option> <replaceable>HOME_DIR</"
+"replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_useradd.8.xml:72
+msgid ""
+"The home directory of the user account. The default is to append the "
+"<replaceable>LOGIN</replaceable> name to <filename>/home</filename> and use "
+"that as the home directory. The base that is prepended before "
+"<replaceable>LOGIN</replaceable> is tunable with <quote>user_defaults/"
+"baseDirectory</quote> setting in sssd.conf."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_useradd.8.xml:82 sss_usermod.8.xml:66 sss_seed.8.xml:124
+msgid ""
+"<option>-s</option>,<option>--shell</option> <replaceable>SHELL</replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_useradd.8.xml:87
+msgid ""
+"The user's login shell. The default is currently <filename>/bin/bash</"
+"filename>. The default can be changed with <quote>user_defaults/"
+"defaultShell</quote> setting in sssd.conf."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_useradd.8.xml:96
+msgid ""
+"<option>-G</option>,<option>--groups</option> <replaceable>GROUPS</"
+"replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_useradd.8.xml:101
+msgid "A list of existing groups this user is also a member of."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_useradd.8.xml:107
+msgid "<option>-m</option>,<option>--create-home</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_useradd.8.xml:111
+msgid ""
+"Create the user's home directory if it does not exist. The files and "
+"directories contained in the skeleton directory (which can be defined with "
+"the -k option or in the config file) will be copied to the home directory."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_useradd.8.xml:121
+msgid "<option>-M</option>,<option>--no-create-home</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_useradd.8.xml:125
+msgid ""
+"Do not create the user's home directory. Overrides configuration settings."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_useradd.8.xml:132
+msgid ""
+"<option>-k</option>,<option>--skel</option> <replaceable>SKELDIR</"
+"replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_useradd.8.xml:137
+msgid ""
+"The skeleton directory, which contains files and directories to be copied in "
+"the user's home directory, when the home directory is created by "
+"<command>sss_useradd</command>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_useradd.8.xml:143
+msgid ""
+"Special files (block devices, character devices, named pipes and unix "
+"sockets) will not be copied."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_useradd.8.xml:147
+msgid ""
+"This option is only valid if the <option>-m</option> (or <option>--create-"
+"home</option>) option is specified, or creation of home directories is set "
+"to TRUE in the configuration."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_useradd.8.xml:156 sss_usermod.8.xml:124
+msgid ""
+"<option>-Z</option>,<option>--selinux-user</option> "
+"<replaceable>SELINUX_USER</replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_useradd.8.xml:161
+msgid ""
+"The SELinux user for the user's login. If not specified, the system default "
+"will be used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-krb5.5.xml:10 sssd-krb5.5.xml:16
+msgid "sssd-krb5"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-krb5.5.xml:17
+msgid "SSSD Kerberos provider"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-krb5.5.xml:23
+msgid ""
+"This manual page describes the configuration of the Kerberos 5 "
+"authentication backend for <citerefentry> <refentrytitle>sssd</"
+"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>. For a detailed "
+"syntax reference, please refer to the <quote>FILE FORMAT</quote> section of "
+"the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> manual page."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-krb5.5.xml:36
+msgid ""
+"The Kerberos 5 authentication backend contains auth and chpass providers. It "
+"must be paired with an identity provider in order to function properly (for "
+"example, id_provider = ldap). Some information required by the Kerberos 5 "
+"authentication backend must be provided by the identity provider, such as "
+"the user's Kerberos Principal Name (UPN). The configuration of the identity "
+"provider should have an entry to specify the UPN. Please refer to the man "
+"page for the applicable identity provider for details on how to configure "
+"this."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-krb5.5.xml:47
+msgid ""
+"This backend also provides access control based on the .k5login file in the "
+"home directory of the user. See <citerefentry> <refentrytitle>.k5login</"
+"refentrytitle><manvolnum>5</manvolnum> </citerefentry> for more details. "
+"Please note that an empty .k5login file will deny all access to this user. "
+"To activate this feature, use 'access_provider = krb5' in your SSSD "
+"configuration."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-krb5.5.xml:55
+msgid ""
+"In the case where the UPN is not available in the identity backend, "
+"<command>sssd</command> will construct a UPN using the format "
+"<replaceable>username</replaceable>@<replaceable>krb5_realm</replaceable>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:77
+msgid ""
+"Specifies the comma-separated list of IP addresses or hostnames of the "
+"Kerberos servers to which SSSD should connect, in the order of preference. "
+"For more information on failover and server redundancy, see the "
+"<quote>FAILOVER</quote> section. An optional port number (preceded by a "
+"colon) may be appended to the addresses or hostnames. If empty, service "
+"discovery is enabled; for more information, refer to the <quote>SERVICE "
+"DISCOVERY</quote> section."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:106
+msgid ""
+"The name of the Kerberos realm. This option is required and must be "
+"specified."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:113
+msgid "krb5_kpasswd, krb5_backup_kpasswd (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:116
+msgid ""
+"If the change password service is not running on the KDC, alternative "
+"servers can be defined here. An optional port number (preceded by a colon) "
+"may be appended to the addresses or hostnames."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:122
+msgid ""
+"For more information on failover and server redundancy, see the "
+"<quote>FAILOVER</quote> section. NOTE: Even if there are no more kpasswd "
+"servers to try, the backend is not switched to operate offline if "
+"authentication against the KDC is still possible."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:129
+msgid "Default: Use the KDC"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:135
+msgid "krb5_ccachedir (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:138
+msgid ""
+"Directory to store credential caches. All the substitution sequences of "
+"krb5_ccname_template can be used here, too, except %d and %P. The directory "
+"is created as private and owned by the user, with permissions set to 0700."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:145
+msgid "Default: /tmp"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:151
+msgid "krb5_ccname_template (string)"
+msgstr ""
+
+#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:165 include/override_homedir.xml:11
+msgid "%u"
+msgstr ""
+
+#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:166 include/override_homedir.xml:12
+msgid "login name"
+msgstr ""
+
+#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:169 include/override_homedir.xml:15
+msgid "%U"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:170
+msgid "login UID"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:173
+msgid "%p"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:174
+msgid "principal name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:178
+msgid "%r"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:179
+msgid "realm name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:182
+msgid "%h"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:183 sssd-ifp.5.xml:108
+msgid "home directory"
+msgstr ""
+
+#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:187 include/override_homedir.xml:19
+msgid "%d"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:188
+msgid "value of krb5_ccachedir"
+msgstr ""
+
+#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:193 include/override_homedir.xml:27
+msgid "%P"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:194
+msgid "the process ID of the SSSD client"
+msgstr ""
+
+#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:199 include/override_homedir.xml:45
+msgid "%%"
+msgstr ""
+
+#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:200 include/override_homedir.xml:46
+msgid "a literal '%'"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:154
+msgid ""
+"Location of the user's credential cache. Three credential cache types are "
+"currently supported: <quote>FILE</quote>, <quote>DIR</quote> and "
+"<quote>KEYRING:persistent</quote>. The cache can be specified either as "
+"<replaceable>TYPE:RESIDUAL</replaceable>, or as an absolute path, which "
+"implies the <quote>FILE</quote> type. In the template, the following "
+"sequences are substituted: <placeholder type=\"variablelist\" id=\"0\"/> If "
+"the template ends with 'XXXXXX' mkstemp(3) is used to create a unique "
+"filename in a safe way."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:208
+msgid ""
+"When using KEYRING types, the only supported mechanism is <quote>KEYRING:"
+"persistent:%U</quote>, which uses the Linux kernel keyring to store "
+"credentials on a per-UID basis. This is also the recommended choice, as it "
+"is the most secure and predictable method."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:216
+msgid ""
+"The default value for the credential cache name is sourced from the profile "
+"stored in the system wide krb5.conf configuration file in the [libdefaults] "
+"section. The option name is default_ccache_name. See krb5.conf(5)'s "
+"PARAMETER EXPANSION paragraph for additional information on the expansion "
+"format defined by krb5.conf."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:225
+msgid ""
+"NOTE: Please be aware that libkrb5 ccache expansion template from "
+"<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> uses different expansion sequences than SSSD."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:234
+msgid "Default: (from libkrb5)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:240
+msgid "krb5_auth_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:243
+msgid ""
+"Timeout in seconds after an online authentication request or change password "
+"request is aborted. If possible, the authentication request is continued "
+"offline."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:257
+msgid ""
+"Verify with the help of krb5_keytab that the TGT obtained has not been "
+"spoofed. The keytab is checked for entries sequentially, and the first entry "
+"with a matching realm is used for validation. If no entry matches the realm, "
+"the last entry in the keytab is used. This process can be used to validate "
+"environments using cross-realm trust by placing the appropriate keytab entry "
+"as the last entry or the only entry in the keytab file."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:272
+msgid "krb5_keytab (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:275
+msgid ""
+"The location of the keytab to use when validating credentials obtained from "
+"KDCs."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:279
+msgid "Default: /etc/krb5.keytab"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:285
+msgid "krb5_store_password_if_offline (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:288
+msgid ""
+"Store the password of the user if the provider is offline and use it to "
+"request a TGT when the provider comes online again."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:293
+msgid ""
+"NOTE: this feature is only available on Linux. Passwords stored in this way "
+"are kept in plaintext in the kernel keyring and are potentially accessible "
+"by the root user (with difficulty)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:306
+msgid "krb5_renewable_lifetime (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:309
+msgid ""
+"Request a renewable ticket with a total lifetime, given as an integer "
+"immediately followed by a time unit:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:314 sssd-krb5.5.xml:348 sssd-krb5.5.xml:385
+msgid "<emphasis>s</emphasis> for seconds"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:317 sssd-krb5.5.xml:351 sssd-krb5.5.xml:388
+msgid "<emphasis>m</emphasis> for minutes"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:320 sssd-krb5.5.xml:354 sssd-krb5.5.xml:391
+msgid "<emphasis>h</emphasis> for hours"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:323 sssd-krb5.5.xml:357 sssd-krb5.5.xml:394
+msgid "<emphasis>d</emphasis> for days."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:326 sssd-krb5.5.xml:397
+msgid "If there is no unit given, <emphasis>s</emphasis> is assumed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:330 sssd-krb5.5.xml:401
+msgid ""
+"NOTE: It is not possible to mix units. To set the renewable lifetime to one "
+"and a half hours, use '90m' instead of '1h30m'."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:335
+msgid "Default: not set, i.e. the TGT is not renewable"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:341
+msgid "krb5_lifetime (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:344
+msgid ""
+"Request ticket with a lifetime, given as an integer immediately followed by "
+"a time unit:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:360
+msgid "If there is no unit given <emphasis>s</emphasis> is assumed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:364
+msgid ""
+"NOTE: It is not possible to mix units. To set the lifetime to one and a "
+"half hours please use '90m' instead of '1h30m'."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:369
+msgid ""
+"Default: not set, i.e. the default ticket lifetime configured on the KDC."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:376
+msgid "krb5_renew_interval (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:379
+msgid ""
+"The time in seconds between two checks if the TGT should be renewed. TGTs "
+"are renewed if about half of their lifetime is exceeded, given as an integer "
+"immediately followed by a time unit:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:406
+msgid "If this option is not set or is 0 the automatic renewal is disabled."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:424
+msgid ""
+"<emphasis>never</emphasis> use FAST. This is equivalent to not setting this "
+"option at all."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:428
+msgid ""
+"<emphasis>try</emphasis> to use FAST. If the server does not support FAST, "
+"continue the authentication without it."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:438
+msgid "Default: not set, i.e. FAST is not used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:441
+msgid "NOTE: a keytab is required to use FAST."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:453
+msgid "krb5_fast_principal (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:456
+msgid "Specifies the server principal to use for FAST."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:465
+msgid ""
+"Specifies if the host and user principal should be canonicalized. This "
+"feature is available with MIT Kerberos 1.7 and later versions."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:514
+msgid "Default: false (AD provider: true)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:520
+msgid "krb5_map_user (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:523
+msgid ""
+"The list of mappings is given as a comma-separated list of pairs "
+"<quote>username:primary</quote> where <quote>username</quote> is a UNIX user "
+"name and <quote>primary</quote> is a user part of a kerberos principal. This "
+"mapping is used when user is authenticating using <quote>auth_provider = "
+"krb5</quote>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd-krb5.5.xml:535
+#, no-wrap
+msgid ""
+"krb5_realm = REALM\n"
+"krb5_map_user = joe:juser,dick:richard\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:540
+msgid ""
+"<quote>joe</quote> and <quote>dick</quote> are UNIX user names and "
+"<quote>juser</quote> and <quote>richard</quote> are primaries of kerberos "
+"principals. For user <quote>joe</quote> resp. <quote>dick</quote> SSSD will "
+"try to kinit as <quote>juser@REALM</quote> resp. <quote>richard@REALM</"
+"quote>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-krb5.5.xml:65
+msgid ""
+"If the auth-module krb5 is used in an SSSD domain, the following options "
+"must be used. See the <citerefentry> <refentrytitle>sssd.conf</"
+"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page, section "
+"<quote>DOMAIN SECTIONS</quote>, for details on the configuration of an SSSD "
+"domain. <placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-krb5.5.xml:566
+msgid ""
+"The following example assumes that SSSD is correctly configured and FOO is "
+"one of the domains in the <replaceable>[sssd]</replaceable> section. This "
+"example shows only configuration of Kerberos authentication; it does not "
+"include any identity provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-krb5.5.xml:574
+#, no-wrap
+msgid ""
+"[domain/FOO]\n"
+"auth_provider = krb5\n"
+"krb5_server = 192.168.1.1\n"
+"krb5_realm = EXAMPLE.COM\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sss_groupadd.8.xml:10 sss_groupadd.8.xml:15
+msgid "sss_groupadd"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sss_groupadd.8.xml:16
+msgid "create a new group"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sss_groupadd.8.xml:21
+msgid ""
+"<command>sss_groupadd</command> <arg choice='opt'> <replaceable>options</"
+"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
+"arg>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_groupadd.8.xml:32
+msgid ""
+"<command>sss_groupadd</command> creates a new group. These groups are "
+"compatible with POSIX groups, with the additional feature that they can "
+"contain other groups as members."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_groupadd.8.xml:43 sss_seed.8.xml:88
+msgid ""
+"<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_groupadd.8.xml:48
+msgid ""
+"Set the GID of the group to the value of <replaceable>GID</replaceable>. If "
+"not given, it is chosen automatically."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sss_userdel.8.xml:10 sss_userdel.8.xml:15
+msgid "sss_userdel"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sss_userdel.8.xml:16
+msgid "delete a user account"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sss_userdel.8.xml:21
+msgid ""
+"<command>sss_userdel</command> <arg choice='opt'> <replaceable>options</"
+"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
+"arg>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_userdel.8.xml:32
+msgid ""
+"<command>sss_userdel</command> deletes a user identified by login name "
+"<replaceable>LOGIN</replaceable> from the system."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_userdel.8.xml:44
+msgid "<option>-r</option>,<option>--remove</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_userdel.8.xml:48
+msgid ""
+"Files in the user's home directory will be removed along with the home "
+"directory itself and the user's mail spool. Overrides the configuration."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_userdel.8.xml:56
+msgid "<option>-R</option>,<option>--no-remove</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_userdel.8.xml:60
+msgid ""
+"Files in the user's home directory will NOT be removed along with the home "
+"directory itself and the user's mail spool. Overrides the configuration."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_userdel.8.xml:68
+msgid "<option>-f</option>,<option>--force</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_userdel.8.xml:72
+msgid ""
+"This option forces <command>sss_userdel</command> to remove the user's home "
+"directory and mail spool, even if they are not owned by the specified user."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_userdel.8.xml:80
+msgid "<option>-k</option>,<option>--kick</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_userdel.8.xml:84
+msgid "Before actually deleting the user, terminate all his processes."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sss_groupdel.8.xml:10 sss_groupdel.8.xml:15
+msgid "sss_groupdel"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sss_groupdel.8.xml:16
+msgid "delete a group"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sss_groupdel.8.xml:21
+msgid ""
+"<command>sss_groupdel</command> <arg choice='opt'> <replaceable>options</"
+"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
+"arg>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_groupdel.8.xml:32
+msgid ""
+"<command>sss_groupdel</command> deletes a group identified by its name "
+"<replaceable>GROUP</replaceable> from the system."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sss_groupshow.8.xml:10 sss_groupshow.8.xml:15
+msgid "sss_groupshow"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sss_groupshow.8.xml:16
+msgid "print properties of a group"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sss_groupshow.8.xml:21
+msgid ""
+"<command>sss_groupshow</command> <arg choice='opt'> <replaceable>options</"
+"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
+"arg>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_groupshow.8.xml:32
+msgid ""
+"<command>sss_groupshow</command> displays information about a group "
+"identified by its name <replaceable>GROUP</replaceable>. The information "
+"includes the group ID number, members of the group and the parent group."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_groupshow.8.xml:43
+msgid "<option>-R</option>,<option>--recursive</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_groupshow.8.xml:47
+msgid ""
+"Also print indirect group members in a tree-like hierarchy. Note that this "
+"also affects printing parent groups - without <option>R</option>, only the "
+"direct parent will be printed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sss_usermod.8.xml:10 sss_usermod.8.xml:15
+msgid "sss_usermod"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sss_usermod.8.xml:16
+msgid "modify a user account"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sss_usermod.8.xml:21
+msgid ""
+"<command>sss_usermod</command> <arg choice='opt'> <replaceable>options</"
+"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
+"arg>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_usermod.8.xml:32
+msgid ""
+"<command>sss_usermod</command> modifies the account specified by "
+"<replaceable>LOGIN</replaceable> to reflect the changes that are specified "
+"on the command line."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_usermod.8.xml:60
+msgid "The home directory of the user account."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_usermod.8.xml:71
+msgid "The user's login shell."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_usermod.8.xml:82
+msgid ""
+"Append this user to groups specified by the <replaceable>GROUPS</"
+"replaceable> parameter. The <replaceable>GROUPS</replaceable> parameter is "
+"a comma separated list of group names."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_usermod.8.xml:96
+msgid ""
+"Remove this user from groups specified by the <replaceable>GROUPS</"
+"replaceable> parameter."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_usermod.8.xml:103
+msgid "<option>-l</option>,<option>--lock</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_usermod.8.xml:107
+msgid "Lock the user account. The user won't be able to log in."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_usermod.8.xml:114
+msgid "<option>-u</option>,<option>--unlock</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_usermod.8.xml:118
+msgid "Unlock the user account."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_usermod.8.xml:129
+msgid "The SELinux user for the user's login."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_usermod.8.xml:135
+msgid "<option>--addattr</option> <replaceable>ATTR_NAME_VAL</replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_usermod.8.xml:140
+msgid "Add an attribute/value pair. The format is attrname=value."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_usermod.8.xml:147
+msgid "<option>--setattr</option> <replaceable>ATTR_NAME_VAL</replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_usermod.8.xml:152
+msgid ""
+"Set an attribute to a name/value pair. The format is attrname=value. For "
+"multi-valued attributes, the command replaces the values already present"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_usermod.8.xml:160
+msgid "<option>--delattr</option> <replaceable>ATTR_NAME_VAL</replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_usermod.8.xml:165
+msgid "Delete an attribute/value pair. The format is attrname=value."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sss_cache.8.xml:10 sss_cache.8.xml:15
+msgid "sss_cache"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sss_cache.8.xml:16
+msgid "perform cache cleanup"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sss_cache.8.xml:21
+msgid ""
+"<command>sss_cache</command> <arg choice='opt'> <replaceable>options</"
+"replaceable> </arg>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_cache.8.xml:31
+msgid ""
+"<command>sss_cache</command> invalidates records in SSSD cache. Invalidated "
+"records are forced to be reloaded from server as soon as related SSSD "
+"backend is online."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:42
+msgid "<option>-E</option>,<option>--everything</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:46
+msgid "Invalidate all cached entries except for sudo rules."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:52
+msgid ""
+"<option>-u</option>,<option>--user</option> <replaceable>login</replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:57
+msgid "Invalidate specific user."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:63
+msgid "<option>-U</option>,<option>--users</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:67
+msgid ""
+"Invalidate all user records. This option overrides invalidation of specific "
+"user if it was also set."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:74
+msgid ""
+"<option>-g</option>,<option>--group</option> <replaceable>group</replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:79
+msgid "Invalidate specific group."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:85
+msgid "<option>-G</option>,<option>--groups</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:89
+msgid ""
+"Invalidate all group records. This option overrides invalidation of specific "
+"group if it was also set."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:96
+msgid ""
+"<option>-n</option>,<option>--netgroup</option> <replaceable>netgroup</"
+"replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:101
+msgid "Invalidate specific netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:107
+msgid "<option>-N</option>,<option>--netgroups</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:111
+msgid ""
+"Invalidate all netgroup records. This option overrides invalidation of "
+"specific netgroup if it was also set."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:118
+msgid ""
+"<option>-s</option>,<option>--service</option> <replaceable>service</"
+"replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:123
+msgid "Invalidate specific service."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:129
+msgid "<option>-S</option>,<option>--services</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:133
+msgid ""
+"Invalidate all service records. This option overrides invalidation of "
+"specific service if it was also set."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:140
+msgid ""
+"<option>-a</option>,<option>--autofs-map</option> <replaceable>autofs-map</"
+"replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:145
+msgid "Invalidate specific autofs maps."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:151
+msgid "<option>-A</option>,<option>--autofs-maps</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:155
+msgid ""
+"Invalidate all autofs maps. This option overrides invalidation of specific "
+"map if it was also set."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:162
+msgid ""
+"<option>-h</option>,<option>--ssh-host</option> <replaceable>hostname</"
+"replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:167
+msgid "Invalidate SSH public keys of a specific host."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:173
+msgid "<option>-H</option>,<option>--ssh-hosts</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:177
+msgid ""
+"Invalidate SSH public keys of all hosts. This option overrides invalidation "
+"of SSH public keys of specific host if it was also set."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:185
+msgid ""
+"<option>-r</option>,<option>--sudo-rule</option> <replaceable>rule</"
+"replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:190
+msgid "Invalidate particular sudo rule."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:196
+msgid "<option>-R</option>,<option>--sudo-rules</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:200
+msgid ""
+"Invalidate all cached sudo rules. This option overrides invalidation of "
+"specific sudo rule if it was also set."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:208
+msgid ""
+"<option>-d</option>,<option>--domain</option> <replaceable>domain</"
+"replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:213
+msgid "Restrict invalidation process only to a particular domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sss_debuglevel.8.xml:10 sss_debuglevel.8.xml:15
+msgid "sss_debuglevel"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sss_debuglevel.8.xml:16
+msgid "change debug level while SSSD is running"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sss_debuglevel.8.xml:21
+msgid ""
+"<command>sss_debuglevel</command> <arg choice='opt'> <replaceable>options</"
+"replaceable> </arg> <arg choice='plain'><replaceable>NEW_DEBUG_LEVEL</"
+"replaceable></arg>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_debuglevel.8.xml:32
+msgid ""
+"<command>sss_debuglevel</command> changes debug level of SSSD monitor and "
+"providers to <replaceable>NEW_DEBUG_LEVEL</replaceable> while SSSD is "
+"running."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_debuglevel.8.xml:59
+msgid "<replaceable>NEW_DEBUG_LEVEL</replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sss_seed.8.xml:10 sss_seed.8.xml:15
+msgid "sss_seed"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sss_seed.8.xml:16
+msgid "seed the SSSD cache with a user"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sss_seed.8.xml:21
+msgid ""
+"<command>sss_seed</command> <arg choice='opt'> <replaceable>options</"
+"replaceable> </arg> <arg choice='plain'>-D <replaceable>DOMAIN</"
+"replaceable></arg> <arg choice='plain'>-n <replaceable>USER</replaceable></"
+"arg>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_seed.8.xml:33
+msgid ""
+"<command>sss_seed</command> seeds the SSSD cache with a user entry and "
+"temporary password. If a user entry is already present in the SSSD cache "
+"then the entry is updated with the temporary password."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_seed.8.xml:46
+msgid ""
+"<option>-D</option>,<option>--domain</option> <replaceable>DOMAIN</"
+"replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_seed.8.xml:51
+msgid ""
+"Provide the name of the domain in which the user is a member of. The domain "
+"is also used to retrieve user information. The domain must be configured in "
+"sssd.conf. The <replaceable>DOMAIN</replaceable> option must be provided. "
+"Information retrieved from the domain overrides what is provided in the "
+"options."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_seed.8.xml:63
+msgid ""
+"<option>-n</option>,<option>--username</option> <replaceable>USER</"
+"replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_seed.8.xml:68
+msgid ""
+"The username of the entry to be created or modified in the cache. The "
+"<replaceable>USER</replaceable> option must be provided."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_seed.8.xml:81
+msgid "Set the UID of the user to <replaceable>UID</replaceable>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_seed.8.xml:93
+msgid "Set the GID of the user to <replaceable>GID</replaceable>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_seed.8.xml:117
+msgid ""
+"Set the home directory of the user to <replaceable>HOME_DIR</replaceable>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_seed.8.xml:129
+msgid "Set the login shell of the user to <replaceable>SHELL</replaceable>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_seed.8.xml:140
+msgid ""
+"Interactive mode for entering user information. This option will only prompt "
+"for information not provided in the options or retrieved from the domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_seed.8.xml:148
+msgid ""
+"<option>-p</option>,<option>--password-file</option> <replaceable>PASS_FILE</"
+"replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_seed.8.xml:153
+msgid ""
+"Specify file to read user's password from. (if not specified password is "
+"prompted for)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_seed.8.xml:165
+msgid ""
+"The length of the password (or the size of file specified with -p or --"
+"password-file option) must be less than or equal to PASS_MAX bytes (64 bytes "
+"on systems with no globally-defined PASS_MAX value)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-ifp.5.xml:10 sssd-ifp.5.xml:16
+msgid "sssd-ifp"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-ifp.5.xml:17
+msgid "SSSD InfoPipe responder"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ifp.5.xml:23
+msgid ""
+"This manual page describes the configuration of the InfoPipe responder for "
+"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
+"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE "
+"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</"
+"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ifp.5.xml:36
+msgid ""
+"The InfoPipe responder provides a public D-Bus interface accessible over the "
+"system bus. The interface allows the user to query information about remote "
+"users and groups over the system bus."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ifp.5.xml:46
+msgid "These options can be used to configure the InfoPipe responder."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:53
+msgid ""
+"Specifies the comma-separated list of UID values or user names that are "
+"allowed to access the InfoPipe responder. User names are resolved to UIDs at "
+"startup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:59
+msgid ""
+"Default: 0 (only the root user is allowed to access the InfoPipe responder)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:63
+msgid ""
+"Please note that although the UID 0 is used as the default it will be "
+"overwritten with this option. If you still want to allow the root user to "
+"access the InfoPipe responder, which would be the typical case, you have to "
+"add 0 to the list of allowed UIDs as well."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:77
+msgid "Specifies the comma-separated list of white or blacklisted attributes."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:91
+msgid "name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:92
+msgid "user's login name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:95
+msgid "uidNumber"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:96
+msgid "user ID"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:99
+msgid "gidNumber"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:100
+msgid "primary group ID"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:103
+msgid "gecos"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:104
+msgid "user information, typically full name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:107
+msgid "homeDirectory"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-ifp.5.xml:111
+msgid "loginShell"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:112
+msgid "user shell"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:81
+msgid ""
+"By default, the InfoPipe responder only allows the default set of POSIX "
+"attributes to be requested. This set is the same as returned by "
+"<citerefentry> <refentrytitle>getpwnam</refentrytitle> <manvolnum>3</"
+"manvolnum> </citerefentry> and includes: <placeholder type=\"variablelist\" "
+"id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd-ifp.5.xml:125
+#, no-wrap
+msgid ""
+"user_attributes = +telephoneNumber, -loginShell\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:117
+msgid ""
+"It is possible to add another attribute to this set by using <quote>"
+"+attr_name</quote> or explicitly remove an attribute using <quote>-"
+"attr_name</quote>. For example, to allow <quote>telephoneNumber</quote> but "
+"deny <quote>loginShell</quote>, you would use the following configuration: "
+"<placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:129
+msgid "Default: not set. Only the default set of POSIX attributes is allowed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:139
+msgid ""
+"Specifies an upper limit on the number of entries that are downloaded during "
+"a wildcard lookup that overrides caller-supplied limit."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ifp.5.xml:144
+msgid "Default: 0 (let the caller set an upper limit)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refentryinfo>
+#: sss_rpcidmapd.5.xml:8
+msgid ""
+"<productname>sss rpc.idmapd plugin</productname> <author> <firstname>Noam</"
+"firstname> <surname>Meltzer</surname> <affiliation> <orgname>Primary Data "
+"Inc.</orgname> </affiliation> <contrib>Developer (2013-2014)</contrib> </"
+"author> <author> <firstname>Noam</firstname> <surname>Meltzer</surname> "
+"<contrib>Developer (2014-)</contrib> <email>tsnoam@gmail.com</email> </"
+"author>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sss_rpcidmapd.5.xml:26 sss_rpcidmapd.5.xml:32
+msgid "sss_rpcidmapd"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sss_rpcidmapd.5.xml:33
+msgid "sss plugin configuration directives for rpc.idmapd"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sss_rpcidmapd.5.xml:37
+msgid "CONFIGURATION FILE"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_rpcidmapd.5.xml:39
+msgid ""
+"rpc.idmapd configuration file is usually found at <emphasis>/etc/idmapd."
+"conf</emphasis>. See <citerefentry> <refentrytitle>idmapd.conf</"
+"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more information."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sss_rpcidmapd.5.xml:49
+msgid "SSS CONFIGURATION EXTENSION"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sss_rpcidmapd.5.xml:51
+msgid "Enable SSS plugin"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_rpcidmapd.5.xml:53
+msgid ""
+"In section <quote>[Translation]</quote>, modify/set <quote>Method</quote> "
+"attribute to contain <emphasis>sss</emphasis>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sss_rpcidmapd.5.xml:59
+msgid "[sss] config section"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sss_rpcidmapd.5.xml:61
+msgid ""
+"In order to change the default of one of the configuration attributes of the "
+"<emphasis>sss</emphasis> plugin listed below you will need to create a "
+"config section for it, named <quote>[sss]</quote>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
+#: sss_rpcidmapd.5.xml:67
+msgid "Configuration attributes"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sss_rpcidmapd.5.xml:69
+msgid "memcache (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sss_rpcidmapd.5.xml:72
+msgid "Indicates whether or not to use memcache optimisation technique."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sss_rpcidmapd.5.xml:85
+msgid "SSSD INTEGRATION"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_rpcidmapd.5.xml:87
+msgid ""
+"The sss plugin requires the <emphasis>NSS Responder</emphasis> to be enabled "
+"in sssd."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_rpcidmapd.5.xml:91
+msgid ""
+"The attribute <quote>use_fully_qualified_names</quote> must be enabled on "
+"all domains (NFSv4 clients expect a fully qualified name to be sent on the "
+"wire)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sss_rpcidmapd.5.xml:103
+#, no-wrap
+msgid ""
+"[General]\n"
+"Verbosity = 2\n"
+"# domain must be synced between NFSv4 server and clients\n"
+"# Solaris/Illumos/AIX use \"localdomain\" as default!\n"
+"Domain = default\n"
+"\n"
+"[Mapping]\n"
+"Nobody-User = nfsnobody\n"
+"Nobody-Group = nfsnobody\n"
+"\n"
+"[Translation]\n"
+"Method = sss\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_rpcidmapd.5.xml:100
+msgid ""
+"The following example shows a minimal idmapd.conf which makes use of the sss "
+"plugin. <placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <refsect1><title>
+#: sss_rpcidmapd.5.xml:120 include/seealso.xml:2
+msgid "SEE ALSO"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_rpcidmapd.5.xml:122
+msgid ""
+"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>idmapd.conf</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sss_ssh_authorizedkeys.1.xml:10 sss_ssh_authorizedkeys.1.xml:15
+msgid "sss_ssh_authorizedkeys"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refmeta><manvolnum>
+#: sss_ssh_authorizedkeys.1.xml:11 sss_ssh_knownhostsproxy.1.xml:11
+msgid "1"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sss_ssh_authorizedkeys.1.xml:16
+msgid "get OpenSSH authorized keys"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sss_ssh_authorizedkeys.1.xml:21
+msgid ""
+"<command>sss_ssh_authorizedkeys</command> <arg choice='opt'> "
+"<replaceable>options</replaceable> </arg> <arg "
+"choice='plain'><replaceable>USER</replaceable></arg>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_authorizedkeys.1.xml:32
+msgid ""
+"<command>sss_ssh_authorizedkeys</command> acquires SSH public keys for user "
+"<replaceable>USER</replaceable> and outputs them in OpenSSH authorized_keys "
+"format (see the <quote>AUTHORIZED_KEYS FILE FORMAT</quote> section of "
+"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
+"citerefentry> for more information)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_authorizedkeys.1.xml:41
+msgid ""
+"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
+"citerefentry> can be configured to use <command>sss_ssh_authorizedkeys</"
+"command> for public key user authentication if it is compiled with support "
+"for <quote>AuthorizedKeysCommand</quote> option. Please refer to the "
+"<citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</"
+"manvolnum></citerefentry> man page for more details about this option."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sss_ssh_authorizedkeys.1.xml:59
+#, no-wrap
+msgid ""
+" AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n"
+" AuthorizedKeysCommandUser nobody\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_authorizedkeys.1.xml:52
+msgid ""
+"If <quote>AuthorizedKeysCommand</quote> is supported, "
+"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
+"citerefentry> can be configured to use it by putting the following "
+"directives in <citerefentry> <refentrytitle>sshd_config</refentrytitle> "
+"<manvolnum>5</manvolnum></citerefentry>: <placeholder type=\"programlisting"
+"\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_ssh_authorizedkeys.1.xml:75
+msgid ""
+"Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sss_ssh_authorizedkeys.1.xml:84 sss_ssh_knownhostsproxy.1.xml:92
+msgid "EXIT STATUS"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_authorizedkeys.1.xml:86 sss_ssh_knownhostsproxy.1.xml:94
+msgid ""
+"In case of success, an exit value of 0 is returned. Otherwise, 1 is returned."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sss_ssh_knownhostsproxy.1.xml:10 sss_ssh_knownhostsproxy.1.xml:15
+msgid "sss_ssh_knownhostsproxy"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sss_ssh_knownhostsproxy.1.xml:16
+msgid "get OpenSSH host keys"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sss_ssh_knownhostsproxy.1.xml:21
+msgid ""
+"<command>sss_ssh_knownhostsproxy</command> <arg choice='opt'> "
+"<replaceable>options</replaceable> </arg> <arg "
+"choice='plain'><replaceable>HOST</replaceable></arg> <arg "
+"choice='opt'><replaceable>PROXY_COMMAND</replaceable></arg>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_knownhostsproxy.1.xml:33
+msgid ""
+"<command>sss_ssh_knownhostsproxy</command> acquires SSH host public keys for "
+"host <replaceable>HOST</replaceable>, stores them in a custom OpenSSH "
+"known_hosts file (see the <quote>SSH_KNOWN_HOSTS FILE FORMAT</quote> section "
+"of <citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</"
+"manvolnum></citerefentry> for more information) <filename>/var/lib/sss/"
+"pubconf/known_hosts</filename> and estabilishes connection to the host."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_knownhostsproxy.1.xml:43
+msgid ""
+"If <replaceable>PROXY_COMMAND</replaceable> is specified, it is used to "
+"create the connection to the host instead of opening a socket."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sss_ssh_knownhostsproxy.1.xml:55
+#, no-wrap
+msgid ""
+"ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h\n"
+"GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_ssh_knownhostsproxy.1.xml:48
+msgid ""
+"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></"
+"citerefentry> can be configured to use <command>sss_ssh_knownhostsproxy</"
+"command> for host key authentication by using the following directives for "
+"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></"
+"citerefentry> configuration: <placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_ssh_knownhostsproxy.1.xml:66
+msgid ""
+"<option>-p</option>,<option>--port</option> <replaceable>PORT</replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_ssh_knownhostsproxy.1.xml:71
+msgid ""
+"Use port <replaceable>PORT</replaceable> to connect to the host. By "
+"default, port 22 is used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_ssh_knownhostsproxy.1.xml:83
+msgid ""
+"Search for host public keys in SSSD domain <replaceable>DOMAIN</replaceable>."
+msgstr ""
+
+#. type: Content of: <refsect1><title>
+#: include/service_discovery.xml:2
+msgid "SERVICE DISCOVERY"
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/service_discovery.xml:4
+msgid ""
+"The service discovery feature allows back ends to automatically find the "
+"appropriate servers to connect to using a special DNS query. This feature is "
+"not supported for backup servers."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><title>
+#: include/service_discovery.xml:9 include/ldap_id_mapping.xml:99
+msgid "Configuration"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/service_discovery.xml:11
+msgid ""
+"If no servers are specified, the back end automatically uses service "
+"discovery to try to find a server. Optionally, the user may choose to use "
+"both fixed server addresses and service discovery by inserting a special "
+"keyword, <quote>_srv_</quote>, in the list of servers. The order of "
+"preference is maintained. This feature is useful if, for example, the user "
+"prefers to use service discovery whenever possible, and fall back to a "
+"specific server when no servers can be discovered using DNS."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><title>
+#: include/service_discovery.xml:23
+msgid "The domain name"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/service_discovery.xml:25
+msgid ""
+"Please refer to the <quote>dns_discovery_domain</quote> parameter in the "
+"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> manual page for more details."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><title>
+#: include/service_discovery.xml:35
+msgid "The protocol"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/service_discovery.xml:37
+msgid ""
+"The queries usually specify _tcp as the protocol. Exceptions are documented "
+"in respective option description."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><title>
+#: include/service_discovery.xml:42
+msgid "See Also"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/service_discovery.xml:44
+msgid ""
+"For more information on the service discovery mechanism, refer to RFC 2782."
+msgstr ""
+
+#. type: Content of: outside any tag (error?)
+#: include/upstream.xml:1
+msgid "<placeholder type=\"refentryinfo\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <refsect1><title>
+#: include/failover.xml:2
+msgid "FAILOVER"
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/failover.xml:4
+msgid ""
+"The failover feature allows back ends to automatically switch to a different "
+"server if the current server fails."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><title>
+#: include/failover.xml:8
+msgid "Failover Syntax"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/failover.xml:10
+msgid ""
+"The list of servers is given as a comma-separated list; any number of spaces "
+"is allowed around the comma. The servers are listed in order of preference. "
+"The list can contain any number of servers."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/failover.xml:16
+msgid ""
+"For each failover-enabled config option, two variants exist: "
+"<emphasis>primary</emphasis> and <emphasis>backup</emphasis>. The idea is "
+"that servers in the primary list are preferred and backup servers are only "
+"searched if no primary servers can be reached. If a backup server is "
+"selected, a timeout of 31 seconds is set. After this timeout SSSD will "
+"periodically try to reconnect to one of the primary servers. If it succeeds, "
+"it will replace the current active (backup) server."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><title>
+#: include/failover.xml:27
+msgid "The Failover Mechanism"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/failover.xml:29
+msgid ""
+"The failover mechanism distinguishes between a machine and a service. The "
+"back end first tries to resolve the hostname of a given machine; if this "
+"resolution attempt fails, the machine is considered offline. No further "
+"attempts are made to connect to this machine for any other service. If the "
+"resolution attempt succeeds, the back end tries to connect to a service on "
+"this machine. If the service connection attempt fails, then only this "
+"particular service is considered offline and the back end automatically "
+"switches over to the next service. The machine is still considered online "
+"and might still be tried for another service."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/failover.xml:42
+msgid ""
+"Further connection attempts are made to machines or services marked as "
+"offline after a specified period of time; this is currently hard coded to 30 "
+"seconds."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/failover.xml:47
+msgid ""
+"If there are no more machines to try, the back end as a whole switches to "
+"offline mode, and then attempts to reconnect every 30 seconds."
+msgstr ""
+
+#. type: Content of: <refsect1><title>
+#: include/ldap_id_mapping.xml:2
+msgid "ID MAPPING"
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/ldap_id_mapping.xml:4
+msgid ""
+"The ID-mapping feature allows SSSD to act as a client of Active Directory "
+"without requiring administrators to extend user attributes to support POSIX "
+"attributes for user and group identifiers."
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/ldap_id_mapping.xml:9
+msgid ""
+"NOTE: When ID-mapping is enabled, the uidNumber and gidNumber attributes are "
+"ignored. This is to avoid the possibility of conflicts between automatically-"
+"assigned and manually-assigned values. If you need to use manually-assigned "
+"values, ALL values must be manually-assigned."
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/ldap_id_mapping.xml:16
+msgid ""
+"Please note that changing the ID mapping related configuration options will "
+"cause user and group IDs to change. At the moment, SSSD does not support "
+"changing IDs, so the SSSD database must be removed. Because cached passwords "
+"are also stored in the database, removing the database should only be "
+"performed while the authentication servers are reachable, otherwise users "
+"might get locked out. In order to cache the password, an authentication must "
+"be performed. It is not sufficient to use <citerefentry> "
+"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </"
+"citerefentry> to remove the database, rather the process consists of:"
+msgstr ""
+
+#. type: Content of: <refsect1><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:33
+msgid "Making sure the remote servers are reachable"
+msgstr ""
+
+#. type: Content of: <refsect1><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:38
+msgid "Stopping the SSSD service"
+msgstr ""
+
+#. type: Content of: <refsect1><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:43
+msgid "Removing the database"
+msgstr ""
+
+#. type: Content of: <refsect1><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:48
+msgid "Starting the SSSD service"
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/ldap_id_mapping.xml:52
+msgid ""
+"Moreover, as the change of IDs might necessitate the adjustment of other "
+"system properties such as file and directory ownership, it's advisable to "
+"plan ahead and test the ID mapping configuration thoroughly."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><title>
+#: include/ldap_id_mapping.xml:59
+msgid "Mapping Algorithm"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:61
+msgid ""
+"Active Directory provides an objectSID for every user and group object in "
+"the directory. This objectSID can be broken up into components that "
+"represent the Active Directory domain identity and the relative identifier "
+"(RID) of the user or group object."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:67
+msgid ""
+"The SSSD ID-mapping algorithm takes a range of available UIDs and divides it "
+"into equally-sized component sections - called \"slices\"-. Each slice "
+"represents the space available to an Active Directory domain."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:73
+msgid ""
+"When a user or group entry for a particular domain is encountered for the "
+"first time, the SSSD allocates one of the available slices for that domain. "
+"In order to make this slice-assignment repeatable on different client "
+"machines, we select the slice based on the following algorithm:"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:80
+msgid ""
+"The SID string is passed through the murmurhash3 algorithm to convert it to "
+"a 32-bit hashed value. We then take the modulus of this value with the total "
+"number of available slices to pick the slice."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:86
+msgid ""
+"NOTE: It is possible to encounter collisions in the hash and subsequent "
+"modulus. In these situations, we will select the next available slice, but "
+"it may not be possible to reproduce the same exact set of slices on other "
+"machines (since the order that they are encountered will determine their "
+"slice). In this situation, it is recommended to either switch to using "
+"explicit POSIX attributes in Active Directory (disabling ID-mapping) or "
+"configure a default domain to guarantee that at least one is always "
+"consistent. See <quote>Configuration</quote> for details."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:101
+msgid ""
+"Minimum configuration (in the <quote>[domain/DOMAINNAME]</quote> section):"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><programlisting>
+#: include/ldap_id_mapping.xml:106
+#, no-wrap
+msgid ""
+"ldap_id_mapping = True\n"
+"ldap_schema = ad\n"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:111
+msgid ""
+"The default configuration results in configuring 10,000 slices, each capable "
+"of holding up to 200,000 IDs, starting from 10,001 and going up to "
+"2,000,100,000. This should be sufficient for most deployments."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><title>
+#: include/ldap_id_mapping.xml:117
+msgid "Advanced Configuration"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:120
+msgid "ldap_idmap_range_min (integer)"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:123
+msgid ""
+"Specifies the lower bound of the range of POSIX IDs to use for mapping "
+"Active Directory user and group SIDs."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:127
+msgid ""
+"NOTE: This option is different from <quote>min_id</quote> in that "
+"<quote>min_id</quote> acts to filter the output of requests to this domain, "
+"whereas this option controls the range of ID assignment. This is a subtle "
+"distinction, but the good general advice would be to have <quote>min_id</"
+"quote> be less-than or equal to <quote>ldap_idmap_range_min</quote>"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:137 include/ldap_id_mapping.xml:191
+msgid "Default: 200000"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:142
+msgid "ldap_idmap_range_max (integer)"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:145
+msgid ""
+"Specifies the upper bound of the range of POSIX IDs to use for mapping "
+"Active Directory user and group SIDs."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:149
+msgid ""
+"NOTE: This option is different from <quote>max_id</quote> in that "
+"<quote>max_id</quote> acts to filter the output of requests to this domain, "
+"whereas this option controls the range of ID assignment. This is a subtle "
+"distinction, but the good general advice would be to have <quote>max_id</"
+"quote> be greater-than or equal to <quote>ldap_idmap_range_max</quote>"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:159
+msgid "Default: 2000200000"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:164
+msgid "ldap_idmap_range_size (integer)"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:167
+msgid ""
+"Specifies the number of IDs available for each slice. If the range size "
+"does not divide evenly into the min and max values, it will create as many "
+"complete slices as it can."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:173
+msgid ""
+"NOTE: The value of this option must be at least as large as the highest user "
+"RID planned for use on the Active Directory server. User lookups and login "
+"will fail for any user whose RID is greater than this value."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:179
+msgid ""
+"For example, if your most recently-added Active Directory user has "
+"objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, "
+"<quote>ldap_idmap_range_size</quote> must be at least 1108 as range size is "
+"equal to maximal SID minus minimal SID plus one (e.g. 1108 = 1107 - 0 + 1)."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:186
+msgid ""
+"It is important to plan ahead for future expansion, as changing this value "
+"will result in changing all of the ID mappings on the system, leading to "
+"users with different local IDs than they previously had."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:196
+msgid "ldap_idmap_default_domain_sid (string)"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:199
+msgid ""
+"Specify the domain SID of the default domain. This will guarantee that this "
+"domain will always be assigned to slice zero in the ID map, bypassing the "
+"murmurhash algorithm described above."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:210
+msgid "ldap_idmap_default_domain (string)"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:213
+msgid "Specify the name of the default domain."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:221
+msgid "ldap_idmap_autorid_compat (boolean)"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:224
+msgid ""
+"Changes the behavior of the ID-mapping algorithm to behave more similarly to "
+"winbind's <quote>idmap_autorid</quote> algorithm."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:229
+msgid ""
+"When this option is configured, domains will be allocated starting with "
+"slice zero and increasing monatomically with each additional domain."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:234
+msgid ""
+"NOTE: This algorithm is non-deterministic (it depends on the order that "
+"users and groups are requested). If this mode is required for compatibility "
+"with machines running winbind, it is recommended to also use the "
+"<quote>ldap_idmap_default_domain_sid</quote> option to guarantee that at "
+"least one domain is consistently allocated to slice zero."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:249
+msgid "ldap_idmap_helper_table_size (integer)"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:252
+msgid ""
+"Maximal number of secondary slices that is tried when performing mapping "
+"from UNIX id to SID."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:256
+msgid ""
+"Note: Additional secondary slices might be generated when SID is being "
+"mapped to UNIX id and RID part of SID is out of range for secondary slices "
+"generated so far. If value of ldap_idmap_helper_table_size is equal to 0 "
+"then no additional secondary slices are generated."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><title>
+#: include/ldap_id_mapping.xml:273
+msgid "Well-Known SIDs"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:275
+msgid ""
+"SSSD supports to look up the names of Well-Known SIDs, i.e. SIDs with a "
+"special hardcoded meaning. Since the generic users and groups related to "
+"those Well-Known SIDs have no equivalent in a Linux/UNIX environment no "
+"POSIX IDs are available for those objects."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:281
+msgid ""
+"The SID name space is organized in authorities which can be seen as "
+"different domains. The authorities for the Well-Known SIDs are"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:284
+msgid "Null Authority"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:285
+msgid "World Authority"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:286
+msgid "Local Authority"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:287
+msgid "Creator Authority"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:288
+msgid "NT Authority"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
+#: include/ldap_id_mapping.xml:289
+msgid "Built-in"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:291
+msgid ""
+"The capitalized version of these names are used as domain names when "
+"returning the fully qualified name of a Well-Known SID."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:295
+msgid ""
+"Since some utilities allow to modify SID based access control information "
+"with the help of a name instead of using the SID directly SSSD supports to "
+"look up the SID by the name as well. To avoid collisions only the fully "
+"qualified names can be used to look up Well-Known SIDs. As a result the "
+"domain names <quote>NULL AUTHORITY</quote>, <quote>WORLD AUTHORITY</quote>, "
+"<quote> LOCAL AUTHORITY</quote>, <quote>CREATOR AUTHORITY</quote>, <quote>NT "
+"AUTHORITY</quote> and <quote>BUILTIN</quote> should not be used as domain "
+"names in <filename>sssd.conf</filename>."
+msgstr ""
+
+#. type: Content of: <varlistentry><term>
+#: include/param_help.xml:3
+msgid "<option>-?</option>,<option>--help</option>"
+msgstr ""
+
+#. type: Content of: <varlistentry><listitem><para>
+#: include/param_help.xml:7 include/param_help_py.xml:7
+msgid "Display help message and exit."
+msgstr ""
+
+#. type: Content of: <varlistentry><term>
+#: include/param_help_py.xml:3
+msgid "<option>-h</option>,<option>--help</option>"
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:3
+msgid ""
+"SSSD supports two representations for specifying the debug level. The "
+"simplest is to specify a decimal value from 0-9, which represents enabling "
+"that level and all lower-level debug messages. The more comprehensive option "
+"is to specify a hexadecimal bitmask to enable or disable specific levels "
+"(such as if you wish to suppress a level)."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:10
+msgid ""
+"Please note that each SSSD service logs into its own log file. Also please "
+"note that enabling <quote>debug_level</quote> in the <quote>[sssd]</quote> "
+"section only enables debugging just for the sssd process itself, not for the "
+"responder or provider processes. The <quote>debug_level</quote> parameter "
+"should be added to all sections that you wish to produce debug logs from."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:18
+msgid ""
+"In addition to changing the log level in the config file using the "
+"<quote>debug_level</quote> parameter, which is persistent, but requires SSSD "
+"restart, it is also possible to change the debug level on the fly using the "
+"<citerefentry> <refentrytitle>sss_debuglevel</refentrytitle> <manvolnum>8</"
+"manvolnum> </citerefentry> tool."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:29
+msgid "Currently supported debug levels:"
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:32
+msgid ""
+"<emphasis>0</emphasis>, <emphasis>0x0010</emphasis>: Fatal failures. "
+"Anything that would prevent SSSD from starting up or causes it to cease "
+"running."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:38
+msgid ""
+"<emphasis>1</emphasis>, <emphasis>0x0020</emphasis>: Critical failures. An "
+"error that doesn't kill the SSSD, but one that indicates that at least one "
+"major feature is not going to work properly."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:45
+msgid ""
+"<emphasis>2</emphasis>, <emphasis>0x0040</emphasis>: Serious failures. An "
+"error announcing that a particular request or operation has failed."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:50
+msgid ""
+"<emphasis>3</emphasis>, <emphasis>0x0080</emphasis>: Minor failures. These "
+"are the errors that would percolate down to cause the operation failure of 2."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:55
+msgid ""
+"<emphasis>4</emphasis>, <emphasis>0x0100</emphasis>: Configuration settings."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:59
+msgid "<emphasis>5</emphasis>, <emphasis>0x0200</emphasis>: Function data."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:63
+msgid ""
+"<emphasis>6</emphasis>, <emphasis>0x0400</emphasis>: Trace messages for "
+"operation functions."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:67
+msgid ""
+"<emphasis>7</emphasis>, <emphasis>0x1000</emphasis>: Trace messages for "
+"internal control functions."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:72
+msgid ""
+"<emphasis>8</emphasis>, <emphasis>0x2000</emphasis>: Contents of function-"
+"internal variables that may be interesting."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:77
+msgid ""
+"<emphasis>9</emphasis>, <emphasis>0x4000</emphasis>: Extremely low-level "
+"tracing information."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:81
+msgid ""
+"To log required bitmask debug levels, simply add their numbers together as "
+"shown in following examples:"
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:85
+msgid ""
+"<emphasis>Example</emphasis>: To log fatal failures, critical failures, "
+"serious failures and function data use 0x0270."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:89
+msgid ""
+"<emphasis>Example</emphasis>: To log fatal failures, configuration settings, "
+"function data, trace messages for internal control functions use 0x1310."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:94
+msgid ""
+"<emphasis>Note</emphasis>: The bitmask format of debug levels was introduced "
+"in 1.7.0."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/debug_levels.xml:98
+msgid "<emphasis>Default</emphasis>: 0"
+msgstr ""
+
+#. type: Content of: outside any tag (error?)
+#: include/experimental.xml:1
+msgid ""
+"<emphasis> This is an experimental feature, please use http://fedorahosted."
+"org/sssd to report any issues. </emphasis>"
+msgstr ""
+
+#. type: Content of: <refsect1><title>
+#: include/local.xml:2
+msgid "THE LOCAL DOMAIN"
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/local.xml:4
+msgid ""
+"In order to function correctly, a domain with <quote>id_provider=local</"
+"quote> must be created and the SSSD must be running."
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/local.xml:9
+msgid ""
+"The administrator might want to use the SSSD local users instead of "
+"traditional UNIX users in cases where the group nesting (see <citerefentry> "
+"<refentrytitle>sss_groupadd</refentrytitle> <manvolnum>8</manvolnum> </"
+"citerefentry>) is needed. The local users are also useful for testing and "
+"development of the SSSD without having to deploy a full remote server. The "
+"<command>sss_user*</command> and <command>sss_group*</command> tools use a "
+"local LDB storage to store users and groups."
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/seealso.xml:4
+msgid ""
+"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sssd.conf</"
+"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
+"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sssd-simple</refentrytitle><manvolnum>5</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sssd-ipa</"
+"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sssd-ad</refentrytitle><manvolnum>5</manvolnum> </"
+"citerefentry>, <phrase condition=\"with_sudo\"> <citerefentry> "
+"<refentrytitle>sssd-sudo</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry>, </phrase> <citerefentry> <refentrytitle>sss_cache</"
+"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sss_debuglevel</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
+"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</"
+"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
+"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
+"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sss_obfuscate</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_seed</"
+"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sssd_krb5_locator_plugin</refentrytitle><manvolnum>8</"
+"manvolnum> </citerefentry>, <phrase condition=\"with_ssh\"> <citerefentry> "
+"<refentrytitle>sss_ssh_authorizedkeys</refentrytitle> <manvolnum>8</"
+"manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle> <manvolnum>8</"
+"manvolnum> </citerefentry>, </phrase> <phrase condition=\"with_ifp\"> "
+"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry>, </phrase> <citerefentry> <refentrytitle>pam_sss</"
+"refentrytitle><manvolnum>8</manvolnum> </citerefentry>. <citerefentry> "
+"<refentrytitle>sss_rpcidmapd</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry>"
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/ldap_search_bases.xml:3
+msgid ""
+"An optional base DN, search scope and LDAP filter to restrict LDAP searches "
+"for this attribute type."
+msgstr ""
+
+#. type: Content of: <listitem><para><programlisting>
+#: include/ldap_search_bases.xml:9
+#, no-wrap
+msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]\n"
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/ldap_search_bases.xml:7
+msgid "syntax: <placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/ldap_search_bases.xml:13
+msgid ""
+"The scope can be one of \"base\", \"onelevel\" or \"subtree\". The scope "
+"functions as specified in section 4.5.1.2 of http://tools.ietf.org/html/"
+"rfc4511"
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/ldap_search_bases.xml:23
+msgid ""
+"For examples of this syntax, please refer to the <quote>ldap_search_base</"
+"quote> examples section."
+msgstr ""
+
+#. type: Content of: <listitem><para>
+#: include/ldap_search_bases.xml:31
+msgid ""
+"Please note that specifying scope or filter is not supported for searches "
+"against an Active Directory Server that might yield a large number of "
+"results and trigger the Range Retrieval extension in the response."
+msgstr ""
+
+#. type: Content of: <para>
+#: include/autofs_restart.xml:2
+msgid ""
+"Please note that the automounter only reads the master map on startup, so if "
+"any autofs-related changes are made to the sssd.conf, you typically also "
+"need to restart the automounter daemon after restarting the SSSD."
+msgstr ""
+
+#. type: Content of: <varlistentry><term>
+#: include/override_homedir.xml:2
+msgid "override_homedir (string)"
+msgstr ""
+
+#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: include/override_homedir.xml:16
+msgid "UID number"
+msgstr ""
+
+#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: include/override_homedir.xml:20
+msgid "domain name"
+msgstr ""
+
+#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
+#: include/override_homedir.xml:23
+msgid "%f"
+msgstr ""
+
+#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: include/override_homedir.xml:24
+msgid "fully qualified user name (user@domain)"
+msgstr ""
+
+#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: include/override_homedir.xml:28
+msgid "UPN - User Principal Name (name@REALM)"
+msgstr ""
+
+#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
+#: include/override_homedir.xml:31
+msgid "%o"
+msgstr ""
+
+#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: include/override_homedir.xml:33
+msgid "The original home directory retrieved from the identity provider."
+msgstr ""
+
+#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
+#: include/override_homedir.xml:38
+msgid "%H"
+msgstr ""
+
+#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: include/override_homedir.xml:40
+msgid "The value of configure option <emphasis>homedir_substring</emphasis>."
+msgstr ""
+
+#. type: Content of: <varlistentry><listitem><para>
+#: include/override_homedir.xml:5
+msgid ""
+"Override the user's home directory. You can either provide an absolute value "
+"or a template. In the template, the following sequences are substituted: "
+"<placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <varlistentry><listitem><para>
+#: include/override_homedir.xml:52
+msgid "This option can also be set per-domain."
+msgstr ""
+
+#. type: Content of: <varlistentry><listitem><para><programlisting>
+#: include/override_homedir.xml:57
+#, no-wrap
+msgid ""
+"override_homedir = /home/%u\n"
+" "
+msgstr ""
+
+#. type: Content of: <varlistentry><listitem><para>
+#: include/override_homedir.xml:61
+msgid "Default: Not set (SSSD will use the value retrieved from LDAP)"
+msgstr ""
+
+#. type: Content of: <varlistentry><term>
+#: include/homedir_substring.xml:2
+msgid "homedir_substring (string)"
+msgstr ""
+
+#. type: Content of: <varlistentry><listitem><para>
+#: include/homedir_substring.xml:5
+msgid ""
+"The value of this option will be used in the expansion of the "
+"<emphasis>override_homedir</emphasis> option if the template contains the "
+"format string <emphasis>%H</emphasis>. An LDAP directory entry can directly "
+"contain this template so that this option can be used to expand the home "
+"directory path for each client machine (or operating system). It can be set "
+"per-domain or globally in the [nss] section. A value specified in a domain "
+"section will override one set in the [nss] section."
+msgstr ""
+
+#. type: Content of: <varlistentry><listitem><para>
+#: include/homedir_substring.xml:15
+msgid "Default: /home"
+msgstr ""
diff --git a/src/man/po/ru.po b/src/man/po/ru.po
index acb1b934a..2354aa72c 100644
--- a/src/man/po/ru.po
+++ b/src/man/po/ru.po
@@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: sssd-docs 1.12.90\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2015-09-30 11:58+0200\n"
+"POT-Creation-Date: 2016-06-20 21:22+0200\n"
"PO-Revision-Date: 2014-06-04 02:04-0400\n"
"Last-Translator: jhrozek <jhrozek@redhat.com>\n"
"Language-Team: Russian (http://www.transifex.com/projects/p/sssd/language/"
@@ -19,7 +19,7 @@ msgstr ""
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n"
"%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n"
-"X-Generator: Zanata 3.7.2\n"
+"X-Generator: Zanata 3.8.4\n"
#. type: Content of: <reference><title>
#: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5
@@ -62,7 +62,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:53
+#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:56
#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21
#: sssd-ad.5.xml:21 sssd-sudo.5.xml:21 sssd.8.xml:29 sss_obfuscate.8.xml:30
#: sss_override.8.xml:30 sss_useradd.8.xml:30 sssd-krb5.5.xml:21
@@ -81,11 +81,11 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:39 pam_sss.8.xml:60 sssd.8.xml:42 sss_obfuscate.8.xml:58
+#: sss_groupmod.8.xml:39 pam_sss.8.xml:63 sssd.8.xml:42 sss_obfuscate.8.xml:58
#: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
#: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
#: sss_cache.8.xml:38 sss_debuglevel.8.xml:38 sss_seed.8.xml:42
-#: sss_ssh_authorizedkeys.1.xml:76 sss_ssh_knownhostsproxy.1.xml:62
+#: sss_ssh_authorizedkeys.1.xml:66 sss_ssh_knownhostsproxy.1.xml:62
msgid "OPTIONS"
msgstr "ОПЦИИ"
@@ -216,113 +216,128 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:73
-msgid "debug_timestamps (bool)"
+msgid "debug (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:76
msgid ""
+"SSSD 1.14 and later also includes the <replaceable>debug</replaceable> alias "
+"for <replaceable>debug_level</replaceable> as a convenience feature. If both "
+"are specified, the value of <replaceable>debug_level</replaceable> will be "
+"used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:86
+msgid "debug_timestamps (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:89
+msgid ""
"Add a timestamp to the debug messages. If journald is enabled for SSSD "
"debug logging this option is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:81 sssd.conf.5.xml:605 sssd.conf.5.xml:1081
-#: sssd-ldap.5.xml:1647 sssd-ldap.5.xml:1744 sssd-ldap.5.xml:1806
-#: sssd-ldap.5.xml:2363 sssd-ldap.5.xml:2428 sssd-ldap.5.xml:2446
-#: sssd-ipa.5.xml:405 sssd-ipa.5.xml:440 sssd-ad.5.xml:166 sssd-ad.5.xml:264
-#: sssd-ad.5.xml:733 sssd-ad.5.xml:852 sssd-krb5.5.xml:499
+#: sssd.conf.5.xml:94 sssd.conf.5.xml:672 sssd.conf.5.xml:1207
+#: sssd-ldap.5.xml:1665 sssd-ldap.5.xml:1762 sssd-ldap.5.xml:1824
+#: sssd-ldap.5.xml:2381 sssd-ldap.5.xml:2446 sssd-ldap.5.xml:2464
+#: sssd-ipa.5.xml:405 sssd-ipa.5.xml:440 sssd-ad.5.xml:174 sssd-ad.5.xml:272
+#: sssd-ad.5.xml:809 sssd-ad.5.xml:928 sssd-krb5.5.xml:499
msgid "Default: true"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:86
+#: sssd.conf.5.xml:99
msgid "debug_microseconds (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:89
+#: sssd.conf.5.xml:102
msgid ""
"Add microseconds to the timestamp in debug messages. If journald is enabled "
"for SSSD debug logging this option is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:94 sssd.conf.5.xml:1035 sssd.conf.5.xml:2164
-#: sssd-ldap.5.xml:692 sssd-ldap.5.xml:1521 sssd-ldap.5.xml:1540
-#: sssd-ldap.5.xml:1716 sssd-ldap.5.xml:2133 sssd-ipa.5.xml:139
+#: sssd.conf.5.xml:107 sssd.conf.5.xml:1161 sssd.conf.5.xml:2456
+#: sssd-ldap.5.xml:692 sssd-ldap.5.xml:1539 sssd-ldap.5.xml:1558
+#: sssd-ldap.5.xml:1734 sssd-ldap.5.xml:2151 sssd-ipa.5.xml:139
#: sssd-ipa.5.xml:211 sssd-ipa.5.xml:542 sssd-krb5.5.xml:266
#: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471
msgid "Default: false"
msgstr "По умолчанию: false"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:67 sssd.conf.5.xml:105 sssd-ldap.5.xml:2171
+#: sssd.conf.5.xml:67 sssd.conf.5.xml:118 sssd-ldap.5.xml:2189
msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:103
+#: sssd.conf.5.xml:116
msgid "Options usable in SERVICE and DOMAIN sections"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:107
+#: sssd.conf.5.xml:120
msgid "timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:110
+#: sssd.conf.5.xml:123
msgid ""
"Timeout in seconds between heartbeats for this service. This is used to "
"ensure that the process is alive and capable of answering requests."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:115 sssd.conf.5.xml:999 sssd-ldap.5.xml:1392
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:128 sssd.conf.5.xml:1125 sssd-ldap.5.xml:1410
+#: include/ldap_id_mapping.xml:264
msgid "Default: 10"
msgstr "По умолчанию: 10"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:125
+#: sssd.conf.5.xml:138
msgid "SPECIAL SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:128
+#: sssd.conf.5.xml:141
msgid "The [sssd] section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:137 sssd.conf.5.xml:2272
+#: sssd.conf.5.xml:150 sssd.conf.5.xml:2472
msgid "Section parameters"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:139
+#: sssd.conf.5.xml:152
msgid "config_file_version (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:142
+#: sssd.conf.5.xml:155
msgid ""
"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use "
"version 2."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:148
+#: sssd.conf.5.xml:161
msgid "services"
msgstr "службы"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:151
+#: sssd.conf.5.xml:164
msgid ""
"Comma separated list of services that are started when sssd itself starts."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:155
+#: sssd.conf.5.xml:168
msgid ""
"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> "
"<phrase condition=\"with_autofs\">, autofs</phrase> <phrase condition="
@@ -331,29 +346,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:165 sssd.conf.5.xml:390
+#: sssd.conf.5.xml:178 sssd.conf.5.xml:468
msgid "reconnection_retries (integer)"
msgstr "попыток_соединения (целое число)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:168 sssd.conf.5.xml:393
+#: sssd.conf.5.xml:181 sssd.conf.5.xml:471
msgid ""
"Number of times services should attempt to reconnect in the event of a Data "
"Provider crash or restart before they give up"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:173 sssd.conf.5.xml:398
+#: sssd.conf.5.xml:186 sssd.conf.5.xml:476
msgid "Default: 3"
msgstr "По умолчанию: 3"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:178
+#: sssd.conf.5.xml:191
msgid "domains"
msgstr "домены"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:181
+#: sssd.conf.5.xml:194
msgid ""
"A domain is a database containing user information. SSSD can use more "
"domains at the same time, but at least one must be configured or SSSD won't "
@@ -363,19 +378,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:193 sssd.conf.5.xml:1947
+#: sssd.conf.5.xml:206 sssd.conf.5.xml:2105
msgid "re_expression (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:196
+#: sssd.conf.5.xml:209
msgid ""
"Default regular expression that describes how to parse the string containing "
"user name and domain into these components."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:201
+#: sssd.conf.5.xml:214
msgid ""
"Each domain can have an individual regular expression configured. For some "
"ID providers there are also default regular expressions. See DOMAIN "
@@ -383,12 +398,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:210 sssd.conf.5.xml:1998
+#: sssd.conf.5.xml:223 sssd.conf.5.xml:2156
msgid "full_name_format (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:213 sssd.conf.5.xml:2001
+#: sssd.conf.5.xml:226 sssd.conf.5.xml:2159
msgid ""
"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
"manvolnum> </citerefentry>-compatible format that describes how to compose a "
@@ -396,58 +411,58 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:224 sssd.conf.5.xml:2012
+#: sssd.conf.5.xml:237 sssd.conf.5.xml:2170
msgid "%1$s"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:225 sssd.conf.5.xml:2013
+#: sssd.conf.5.xml:238 sssd.conf.5.xml:2171
msgid "user name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:228 sssd.conf.5.xml:2016
+#: sssd.conf.5.xml:241 sssd.conf.5.xml:2174
msgid "%2$s"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:231 sssd.conf.5.xml:2019
+#: sssd.conf.5.xml:244 sssd.conf.5.xml:2177
msgid "domain name as specified in the SSSD config file."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:237 sssd.conf.5.xml:2025
+#: sssd.conf.5.xml:250 sssd.conf.5.xml:2183
msgid "%3$s"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:240 sssd.conf.5.xml:2028
+#: sssd.conf.5.xml:253 sssd.conf.5.xml:2186
msgid ""
"domain flat name. Mostly usable for Active Directory domains, both directly "
"configured or discovered via IPA trusts."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:221 sssd.conf.5.xml:2009
+#: sssd.conf.5.xml:234 sssd.conf.5.xml:2167
msgid ""
"The following expansions are supported: <placeholder type=\"variablelist\" "
"id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:250
+#: sssd.conf.5.xml:263
msgid ""
"Each domain can have an individual format string configured. see DOMAIN "
"SECTIONS for more info on this option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:256
+#: sssd.conf.5.xml:269
msgid "try_inotify (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:259
+#: sssd.conf.5.xml:272
msgid ""
"SSSD monitors the state of resolv.conf to identify when it needs to update "
"its internal DNS resolver. By default, we will attempt to use inotify for "
@@ -456,7 +471,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:267
+#: sssd.conf.5.xml:280
msgid ""
"There are some limited situations where it is preferred that we should skip "
"even trying to use inotify. In these rare cases, this option should be set "
@@ -464,69 +479,69 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:273
+#: sssd.conf.5.xml:286
msgid ""
"Default: true on platforms where inotify is supported. False on other "
"platforms."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:277
+#: sssd.conf.5.xml:290
msgid ""
"Note: this option will have no effect on platforms where inotify is "
"unavailable. On these platforms, polling will always be used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:284
+#: sssd.conf.5.xml:297
msgid "krb5_rcache_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:287
+#: sssd.conf.5.xml:300
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:291
+#: sssd.conf.5.xml:304
msgid ""
"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct "
"SSSD to let libkrb5 decide the appropriate location for the replay cache."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:297
+#: sssd.conf.5.xml:310
msgid ""
"Default: Distribution-specific and specified at build-time. "
"(__LIBKRB5_DEFAULTS__ if not configured)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:304
+#: sssd.conf.5.xml:317
msgid "user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:307
+#: sssd.conf.5.xml:320
msgid ""
"The user to drop the privileges to where appropriate to avoid running as the "
"root user."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:312
+#: sssd.conf.5.xml:325
msgid "Default: not set, process will run as root"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:317
+#: sssd.conf.5.xml:330
msgid "default_domain_suffix (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:320
+#: sssd.conf.5.xml:333
msgid ""
"This string will be used as a default domain name for all names without a "
"domain name component. The main use case is environments where the primary "
@@ -536,7 +551,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:330
+#: sssd.conf.5.xml:343
msgid ""
"Please note that if this option is set all users from the primary domain "
"have to use their fully qualified name, e.g. user@domain.name, to log in. "
@@ -546,20 +561,20 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:339 sssd-ldap.5.xml:663 sssd-ldap.5.xml:1480
-#: sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1574 sssd-ad.5.xml:576
-#: sssd-ad.5.xml:646 sssd-krb5.5.xml:410 sssd-krb5.5.xml:550
-#: include/ldap_id_mapping.xml:203 include/ldap_id_mapping.xml:214
+#: sssd.conf.5.xml:352 sssd-ldap.5.xml:663 sssd-ldap.5.xml:1498
+#: sssd-ldap.5.xml:1510 sssd-ldap.5.xml:1592 sssd-ad.5.xml:614
+#: sssd-ad.5.xml:689 sssd-krb5.5.xml:410 sssd-krb5.5.xml:550
+#: include/ldap_id_mapping.xml:205 include/ldap_id_mapping.xml:216
msgid "Default: not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:344
+#: sssd.conf.5.xml:357
msgid "override_space (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:347
+#: sssd.conf.5.xml:360
msgid ""
"This parameter will replace spaces (space bar) with the given character for "
"user and group names. e.g. (_). User name &quot;john doe&quot; will be "
@@ -569,7 +584,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:356
+#: sssd.conf.5.xml:369
msgid ""
"Please note it is a configuration error to use a replacement character that "
"might be used in user or group names. If a name contains the replacement "
@@ -578,12 +593,97 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:364
+#: sssd.conf.5.xml:377
msgid "Default: not set (spaces will not be replaced)"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:382
+msgid "certificate_verification (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:390
+msgid "no_ocsp"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:392
+msgid ""
+"Disables Online Certificate Status Protocol (OCSP) checks. This might be "
+"needed if the OCSP servers defined in the certificate are not reachable from "
+"the client."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:400
+msgid "no_verification"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:402
+msgid ""
+"Disables verification completely. This option should only be used for "
+"testing."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:408
+msgid "ocsp_default_responder=URL"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:410
+msgid ""
+"Sets the OCSP default responder which should be used instead of the one "
+"mentioned in the certificate. URL must be replaced with the URL of the OCSP "
+"default responder e.g. http://example.com:80/ocsp."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:416
+msgid ""
+"This option must be used together with ocsp_default_responder_signing_cert."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:424
+msgid "ocsp_default_responder_signing_cert=NAME"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:426
+msgid ""
+"The nickname of the cert to trust (expected) to sign the OCSP responses. "
+"The certificate with the given nickname must be availble in the systems NSS "
+"database."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:431
+msgid "This option must be used together with ocsp_default_responder."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:385
+msgid ""
+"With this parameter the certificate verification can be tuned with a comma "
+"separated list of options. Supported options are: <placeholder type="
+"\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:438
+msgid "Unknown options are reported but ignored."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:441
+msgid "Default: not set, i.e. do not restrict certificate vertification"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:130
+#: sssd.conf.5.xml:143
msgid ""
"Individual pieces of SSSD functionality are provided by special SSSD "
"services that are started and stopped together with SSSD. The services are "
@@ -594,12 +694,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:375
+#: sssd.conf.5.xml:453
msgid "SERVICES SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:377
+#: sssd.conf.5.xml:455
msgid ""
"Settings that can be used to configure different services are described in "
"this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -608,22 +708,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:384
+#: sssd.conf.5.xml:462
msgid "General service configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:386
+#: sssd.conf.5.xml:464
msgid "These options can be used to configure any service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:403
+#: sssd.conf.5.xml:481
msgid "fd_limit"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:406
+#: sssd.conf.5.xml:484
msgid ""
"This option specifies the maximum number of file descriptors that may be "
"opened at one time by this SSSD process. On systems where SSSD is granted "
@@ -633,17 +733,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:415
+#: sssd.conf.5.xml:493
msgid "Default: 8192 (or limits.conf \"hard\" limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:420
+#: sssd.conf.5.xml:498
msgid "client_idle_timeout"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:423
+#: sssd.conf.5.xml:501
msgid ""
"This option specifies the number of seconds that a client of an SSSD process "
"can hold onto a file descriptor without communicating on it. This value is "
@@ -651,19 +751,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:430 sssd.conf.5.xml:446 sssd.conf.5.xml:478
-#: sssd.conf.5.xml:736 sssd.conf.5.xml:922 sssd.conf.5.xml:1289
-#: sssd-ldap.5.xml:1219
+#: sssd.conf.5.xml:508 sssd.conf.5.xml:524 sssd.conf.5.xml:556
+#: sssd.conf.5.xml:803 sssd.conf.5.xml:995 sssd.conf.5.xml:1428
+#: sssd-ldap.5.xml:1237
msgid "Default: 60"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:435 sssd.conf.5.xml:1278
+#: sssd.conf.5.xml:513 sssd.conf.5.xml:1417
msgid "force_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:438 sssd.conf.5.xml:1281
+#: sssd.conf.5.xml:516 sssd.conf.5.xml:1420
msgid ""
"If a service is not responding to ping checks (see the <quote>timeout</"
"quote> option), it is first sent the SIGTERM signal that instructs it to "
@@ -673,12 +773,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:451
+#: sssd.conf.5.xml:529
msgid "offline_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:454
+#: sssd.conf.5.xml:532
msgid ""
"When SSSD switches to offline mode the amount of time before it tries to go "
"back online will increase based upon the time spent disconnected. This "
@@ -686,117 +786,65 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:461
+#: sssd.conf.5.xml:539
msgid "offline_timeout + random_offset"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:464
+#: sssd.conf.5.xml:542
msgid ""
"The random offset can increment up to 30 seconds. After each unsuccessful "
"attempt to go online, the new interval is recalculated by the following:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:469
+#: sssd.conf.5.xml:547
msgid "new_interval = old_interval*2 + random_offset"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:472
+#: sssd.conf.5.xml:550
msgid ""
"Note that the maximum length of each interval is currently limited to one "
"hour. If the calculated length of new_interval is greater than an hour, it "
"will be forced to one hour."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:483
-msgid "subdomain_inherit (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:486
-msgid ""
-"Specifies a list of configuration parameters that should be inherited by a "
-"subdomain. Please note that only selected parameters can be inherited. "
-"Currently the following options can be inherited:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:492
-msgid "ignore_group_members"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:495
-msgid "ldap_purge_cache_timeout"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:498 sssd-ldap.5.xml:1036
-msgid "ldap_use_tokengroups"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:501
-msgid "ldap_user_principal"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:506
-#, no-wrap
-msgid ""
-"subdomain_inherit = ldap_purge_cache_timeout\n"
-" "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:504
-msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:510 sssd.conf.5.xml:966 sssd.conf.5.xml:987
-#: sssd.conf.5.xml:1272 sssd-ldap.5.xml:1775
-msgid "Default: none"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:518
+#: sssd.conf.5.xml:564
msgid "NSS configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:520
+#: sssd.conf.5.xml:566
msgid ""
"These options can be used to configure the Name Service Switch (NSS) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:525
+#: sssd.conf.5.xml:571
msgid "enum_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:528
+#: sssd.conf.5.xml:574
msgid ""
"How many seconds should nss_sss cache enumerations (requests for info about "
"all users)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:532
+#: sssd.conf.5.xml:578
msgid "Default: 120"
msgstr "По умолчанию: 120"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:537
+#: sssd.conf.5.xml:583
msgid "entry_cache_nowait_percentage (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
+#: sssd.conf.5.xml:586
msgid ""
"The entry cache can be set to automatically update entries in the background "
"if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -804,7 +852,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:546
+#: sssd.conf.5.xml:592
msgid ""
"For example, if the domain's entry_cache_timeout is set to 30s and "
"entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -814,7 +862,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:556
+#: sssd.conf.5.xml:602
msgid ""
"Valid values for this option are 0-99 and represent a percentage of the "
"entry_cache_timeout for each domain. For performance reasons, this "
@@ -823,17 +871,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:564
+#: sssd.conf.5.xml:610
msgid "Default: 50"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:569
+#: sssd.conf.5.xml:615
msgid "entry_negative_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:572
+#: sssd.conf.5.xml:618
msgid ""
"Specifies for how many seconds nss_sss should cache negative cache hits "
"(that is, queries for invalid database entries, like nonexistent ones) "
@@ -841,60 +889,88 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:578 sssd.conf.5.xml:1059
+#: sssd.conf.5.xml:624 sssd.conf.5.xml:1185
msgid "Default: 15"
msgstr "По умолчанию: 15"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:583
+#: sssd.conf.5.xml:629
+#, fuzzy
+#| msgid "reconnection_retries (integer)"
+msgid "local_negative_timeout (integer)"
+msgstr "попыток_соединения (целое число)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:632
+msgid ""
+"Specifies for how many seconds nss_sss should keep local users and groups in "
+"negative cache before trying to look it up in the back end again."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:637 sssd.conf.5.xml:983 sssd.conf.5.xml:2406 sssd.8.xml:79
+msgid "Default: 0"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:642
msgid "filter_users, filter_groups (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:586
+#: sssd.conf.5.xml:645
msgid ""
-"Exclude certain users from being fetched from the sss NSS database. This is "
-"particularly useful for system accounts. This option can also be set per-"
-"domain or include fully-qualified names to filter only users from the "
-"particular domain."
+"Exclude certain users or groups from being fetched from the sss NSS "
+"database. This is particularly useful for system accounts. This option can "
+"also be set per-domain or include fully-qualified names to filter only users "
+"from the particular domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:593
+#: sssd.conf.5.xml:652
+msgid ""
+"NOTE: The filter_groups option doesn't affect inheritance of nested group "
+"members, since filtering happens after they are propagated for returning via "
+"NSS. E.g. a group having a member group filtered out will still have the "
+"member users of the latter listed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:660
msgid "Default: root"
msgstr "По умолчанию: root"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:598
+#: sssd.conf.5.xml:665
msgid "filter_users_in_groups (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:601
+#: sssd.conf.5.xml:668
msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:612
+#: sssd.conf.5.xml:679
msgid "fallback_homedir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:615
+#: sssd.conf.5.xml:682
msgid ""
"Set a default template for a user's home directory if one is not specified "
"explicitly by the domain's data provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:620
+#: sssd.conf.5.xml:687
msgid ""
"The available values for this option are the same as for override_homedir."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:626
+#: sssd.conf.5.xml:693
#, no-wrap
msgid ""
"fallback_homedir = /home/%u\n"
@@ -902,23 +978,23 @@ msgid ""
msgstr ""
#. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:624 sssd.conf.5.xml:981 sssd-krb5.5.xml:533
-#: include/override_homedir.xml:55
+#: sssd.conf.5.xml:691 sssd.conf.5.xml:1062 sssd.conf.5.xml:1081
+#: sssd-krb5.5.xml:533 include/override_homedir.xml:55
msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:630
+#: sssd.conf.5.xml:697
msgid "Default: not set (no substitution for unset home directories)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:636
+#: sssd.conf.5.xml:703
msgid "override_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:639
+#: sssd.conf.5.xml:706
msgid ""
"Override the login shell for all users. This option supersedes any other "
"shell options if it takes effect and can be set either in the [nss] section "
@@ -926,47 +1002,47 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:645
+#: sssd.conf.5.xml:712
msgid "Default: not set (SSSD will use the value retrieved from LDAP)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:651
+#: sssd.conf.5.xml:718
msgid "allowed_shells (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:654
+#: sssd.conf.5.xml:721
msgid ""
"Restrict user shell to one of the listed values. The order of evaluation is:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:657
+#: sssd.conf.5.xml:724
msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:661
+#: sssd.conf.5.xml:728
msgid ""
"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
"quote>, use the value of the shell_fallback parameter."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:666
+#: sssd.conf.5.xml:733
msgid ""
"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
"shells</quote>, a nologin shell is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:671
+#: sssd.conf.5.xml:738
msgid "The wildcard (*) can be used to allow any shell."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:674
+#: sssd.conf.5.xml:741
msgid ""
"The (*) is useful if you want to use shell_fallback in case that user's "
"shell is not in <quote>/etc/shells</quote> and maintaining list of all "
@@ -974,103 +1050,110 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:681
+#: sssd.conf.5.xml:748
msgid "An empty string for shell is passed as-is to libc."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:684
+#: sssd.conf.5.xml:751
msgid ""
"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
"that a restart of the SSSD is required in case a new shell is installed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:688
+#: sssd.conf.5.xml:755
msgid "Default: Not set. The user shell is automatically used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:693
+#: sssd.conf.5.xml:760
msgid "vetoed_shells (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:696
+#: sssd.conf.5.xml:763
msgid "Replace any instance of these shells with the shell_fallback"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:701
+#: sssd.conf.5.xml:768
msgid "shell_fallback (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:704
+#: sssd.conf.5.xml:771
msgid ""
"The default shell to use if an allowed shell is not installed on the machine."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:708
+#: sssd.conf.5.xml:775
msgid "Default: /bin/sh"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:713
+#: sssd.conf.5.xml:780
msgid "default_shell"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:716
+#: sssd.conf.5.xml:783
msgid ""
"The default shell to use if the provider does not return one during lookup. "
"This option can be specified globally in the [nss] section or per-domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:722
+#: sssd.conf.5.xml:789
msgid ""
"Default: not set (Return NULL if no shell is specified and rely on libc to "
"substitute something sensible when necessary, usually /bin/sh)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:729 sssd.conf.5.xml:915
+#: sssd.conf.5.xml:796 sssd.conf.5.xml:988
msgid "get_domains_timeout (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:732 sssd.conf.5.xml:918
+#: sssd.conf.5.xml:799 sssd.conf.5.xml:991
msgid ""
"Specifies time in seconds for which the list of subdomains will be "
"considered valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:741
+#: sssd.conf.5.xml:808
msgid "memcache_timeout (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:744
+#: sssd.conf.5.xml:811
msgid ""
"Specifies time in seconds for which records in the in-memory cache will be "
-"valid"
+"valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:748 sssd-ldap.5.xml:706
+#: sssd.conf.5.xml:815 sssd.conf.5.xml:1299 sssd-ldap.5.xml:706
msgid "Default: 300"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:818
+msgid ""
+"NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", "
+"client applications will not use the fast in-memory cache."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:753 sssd-ifp.5.xml:74
+#: sssd.conf.5.xml:826 sssd-ifp.5.xml:74
msgid "user_attributes (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:829
msgid ""
"Some of the additional NSS responder requests can return more attributes "
"than just the POSIX ones defined by the NSS interface. The list of "
@@ -1081,72 +1164,72 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:769
+#: sssd.conf.5.xml:842
msgid ""
"To make configuration more easy the NSS responder will check the InfoPipe "
"option if it is not set for the NSS responder."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:774
+#: sssd.conf.5.xml:847
msgid "Default: not set, fallback to InfoPipe option"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:781
+#: sssd.conf.5.xml:854
msgid "PAM configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:856
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:788
+#: sssd.conf.5.xml:861
msgid "offline_credentials_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:791
+#: sssd.conf.5.xml:864
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:796 sssd.conf.5.xml:809
+#: sssd.conf.5.xml:869 sssd.conf.5.xml:882
msgid "Default: 0 (No limit)"
msgstr "По умолчанию: 0 (неограничено)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:802
+#: sssd.conf.5.xml:875
msgid "offline_failed_login_attempts (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:805
+#: sssd.conf.5.xml:878
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:815
+#: sssd.conf.5.xml:888
msgid "offline_failed_login_delay (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:818
+#: sssd.conf.5.xml:891
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:823
+#: sssd.conf.5.xml:896
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -1154,59 +1237,59 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:829 sssd.conf.5.xml:882
+#: sssd.conf.5.xml:902 sssd.conf.5.xml:955
msgid "Default: 5"
msgstr "По умолчанию: 5"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:835
+#: sssd.conf.5.xml:908
msgid "pam_verbosity (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:838
+#: sssd.conf.5.xml:911
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:843
+#: sssd.conf.5.xml:916
msgid "Currently sssd supports the following values:"
msgstr "В настоящее время sssd поддерживает следующие значения:"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:846
+#: sssd.conf.5.xml:919
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:849
+#: sssd.conf.5.xml:922
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:853
+#: sssd.conf.5.xml:926
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:856
+#: sssd.conf.5.xml:929
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:860 sssd.8.xml:63
+#: sssd.conf.5.xml:933 sssd.8.xml:63
msgid "Default: 1"
msgstr "По умолчанию: 1"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:865
+#: sssd.conf.5.xml:938
msgid "pam_id_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:941
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -1214,7 +1297,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:874
+#: sssd.conf.5.xml:947
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
@@ -1223,17 +1306,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:888
+#: sssd.conf.5.xml:961
msgid "pam_pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:891 sssd.conf.5.xml:1492
+#: sssd.conf.5.xml:964 sssd.conf.5.xml:1631
msgid "Display a warning N days before the password expires."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:894
+#: sssd.conf.5.xml:967
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -1241,117 +1324,183 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:900 sssd.conf.5.xml:1495
+#: sssd.conf.5.xml:973 sssd.conf.5.xml:1634
msgid ""
"If zero is set, then this filter is not applied, i.e. if the expiration "
"warning was received from backend server, it will automatically be displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:905
+#: sssd.conf.5.xml:978
msgid ""
"This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
"emphasis> for a particular domain."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:910 sssd.conf.5.xml:2224 sssd.8.xml:79
-msgid "Default: 0"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:927
+#: sssd.conf.5.xml:1000
msgid "pam_trusted_users (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:930
+#: sssd.conf.5.xml:1003
msgid ""
"Specifies the comma-separated list of UID values or user names that are "
-"allowed to access the PAM responder. User names are resolved to UIDs at "
+"allowed to run PAM conversations against trusted domains. Users not "
+"included in this list can only access domains marked as public with "
+"<quote>pam_public_domains</quote>. User names are resolved to UIDs at "
"startup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:936
-msgid "Default: all (All users are allowed to access the PAM responder)"
+#: sssd.conf.5.xml:1013
+msgid "Default: All users are considered trusted by default"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940
+#: sssd.conf.5.xml:1017
msgid ""
"Please note that UID 0 is always allowed to access the PAM responder even in "
"case it is not in the pam_trusted_users list."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:947
+#: sssd.conf.5.xml:1024
msgid "pam_public_domains (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:950
+#: sssd.conf.5.xml:1027
msgid ""
"Specifies the comma-separated list of domain names that are accessible even "
"to untrusted users."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:954
+#: sssd.conf.5.xml:1031
msgid "Two special values for pam_public_domains option are defined:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:958
+#: sssd.conf.5.xml:1035
msgid ""
"all (Untrusted users are allowed to access all domains in PAM responder.)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:962
+#: sssd.conf.5.xml:1039
msgid ""
"none (Untrusted users are not allowed to access any domains PAM in "
"responder.)"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1043 sssd.conf.5.xml:1068 sssd.conf.5.xml:1087
+#: sssd.conf.5.xml:1411 sssd.conf.5.xml:2342 sssd-ldap.5.xml:1793
+msgid "Default: none"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:971
+#: sssd.conf.5.xml:1048
msgid "pam_account_expired_message (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:974
+#: sssd.conf.5.xml:1051
+msgid ""
+"Allows a custom expiration message to be set, replacing the default "
+"'Permission denied' message."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1056
+msgid ""
+"Note: Please be aware that message is only printed for the SSH service "
+"unless pam_verbostiy is set to 3 (show all messages and debug information)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd.conf.5.xml:1064
+#, no-wrap
+msgid ""
+"pam_account_expired_message = Account expired, please contact help desk.\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1073
+msgid "pam_account_locked_message (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1076
msgid ""
-"If user is authenticating using SSH keys and account is expired then by "
-"default 'Permission denied' is output. This output will be changed to "
-"content of this variable if it is set."
+"Allows a custom lockout message to be set, replacing the default 'Permission "
+"denied' message."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:983
+#: sssd.conf.5.xml:1083
#, no-wrap
msgid ""
-"pam_account_expired_message = Account expired, please call help desk.\n"
+"pam_account_locked_message = Account locked, please contact help desk.\n"
" "
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:992
+#: sssd.conf.5.xml:1092
+msgid "pam_cert_auth (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1095
+msgid ""
+"Enable certificate based Smartcard authentication. Since this requires "
+"additional communication with the Smartcard which will delay the "
+"authentication process this option is disabled by default."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1101 sssd-ldap.5.xml:1021 sssd-ldap.5.xml:1048
+#: sssd-ldap.5.xml:1339 sssd-ldap.5.xml:1360 sssd-ldap.5.xml:1866
+#: include/ldap_id_mapping.xml:244
+msgid "Default: False"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1106
+msgid "pam_cert_db_path (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1109
+msgid ""
+"The path to the certificate database which contain the PKCS#11 modules to "
+"access the Smartcard."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1113
+msgid "Default: /etc/pki/nssdb (NSS version)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1118
msgid "p11_child_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:995
+#: sssd.conf.5.xml:1121
msgid "How many seconds will pam_sss wait for p11_child to finish."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1008
+#: sssd.conf.5.xml:1134
msgid "SUDO configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1010
+#: sssd.conf.5.xml:1136
msgid ""
"These options can be used to configure the sudo service. The detailed "
"instructions for configuration of <citerefentry> <refentrytitle>sudo</"
@@ -1362,34 +1511,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1027
+#: sssd.conf.5.xml:1153
msgid "sudo_timed (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1030
+#: sssd.conf.5.xml:1156
msgid ""
"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
"that implement time-dependent sudoers entries."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1043
+#: sssd.conf.5.xml:1169
msgid "AUTOFS configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1045
+#: sssd.conf.5.xml:1171
msgid "These options can be used to configure the autofs service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1049
+#: sssd.conf.5.xml:1175
msgid "autofs_negative_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1052
+#: sssd.conf.5.xml:1178
msgid ""
"Specifies for how many seconds should the autofs responder negative cache "
"hits (that is, queries for invalid map entries, like nonexistent ones) "
@@ -1397,70 +1546,70 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1068
+#: sssd.conf.5.xml:1194
msgid "SSH configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1070
+#: sssd.conf.5.xml:1196
msgid "These options can be used to configure the SSH service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1074
+#: sssd.conf.5.xml:1200
msgid "ssh_hash_known_hosts (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1077
+#: sssd.conf.5.xml:1203
msgid ""
"Whether or not to hash host names and addresses in the managed known_hosts "
"file."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1086
+#: sssd.conf.5.xml:1212
msgid "ssh_known_hosts_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1089
+#: sssd.conf.5.xml:1215
msgid ""
"How many seconds to keep a host in the managed known_hosts file after its "
"host keys were requested."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1093
+#: sssd.conf.5.xml:1219
msgid "Default: 180"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1098
+#: sssd.conf.5.xml:1224
msgid "ca_db (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1101
+#: sssd.conf.5.xml:1227
msgid ""
"Path to a storage of trusted CA certificates. The option is used to validate "
"user certificates before deriving public ssh keys from them."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1106
+#: sssd.conf.5.xml:1232
#, fuzzy
#| msgid "Default: gecos"
msgid "Default: /etc/pki/nssdb"
msgstr "По умолчанию: gecos"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1114
+#: sssd.conf.5.xml:1240
msgid "PAC responder configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1116
+#: sssd.conf.5.xml:1242
msgid ""
"The PAC responder works together with the authorization data plugin for MIT "
"Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the "
@@ -1472,7 +1621,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1125
+#: sssd.conf.5.xml:1251
msgid ""
"If the remote user does not exist in the cache, it is created. The uid is "
"determined with the help of the SID, trusted domains will have UPGs and the "
@@ -1483,24 +1632,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1133
+#: sssd.conf.5.xml:1259
msgid ""
"If there are SIDs of groups from domains sssd knows about, the user will be "
"added to those groups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1139
+#: sssd.conf.5.xml:1265
msgid "These options can be used to configure the PAC responder."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1143 sssd-ifp.5.xml:50
+#: sssd.conf.5.xml:1269 sssd-ifp.5.xml:50
msgid "allowed_uids (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1146
+#: sssd.conf.5.xml:1272
msgid ""
"Specifies the comma-separated list of UID values or user names that are "
"allowed to access the PAC responder. User names are resolved to UIDs at "
@@ -1508,12 +1657,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1152
+#: sssd.conf.5.xml:1278
msgid "Default: 0 (only the root user is allowed to access the PAC responder)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1156
+#: sssd.conf.5.xml:1282
msgid ""
"Please note that although the UID 0 is used as the default it will be "
"overwritten with this option. If you still want to allow the root user to "
@@ -1521,25 +1670,39 @@ msgid ""
"to the list of allowed UIDs as well."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1291
+#, fuzzy
+#| msgid "reconnection_retries (integer)"
+msgid "pac_lifetime (integer)"
+msgstr "попыток_соединения (целое число)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1294
+msgid ""
+"Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC "
+"data can be used to determine the group memberships of a user."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1170
+#: sssd.conf.5.xml:1309
msgid "DOMAIN SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1177
+#: sssd.conf.5.xml:1316
msgid "min_id,max_id (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1180
+#: sssd.conf.5.xml:1319
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1185
+#: sssd.conf.5.xml:1324
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -1548,46 +1711,46 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1192
+#: sssd.conf.5.xml:1331
msgid ""
"These ID limits affect even saving entries to cache, not only returning them "
"by name or ID."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1196
+#: sssd.conf.5.xml:1335
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1202
+#: sssd.conf.5.xml:1341
msgid "enumerate (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1205
+#: sssd.conf.5.xml:1344
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1209
+#: sssd.conf.5.xml:1348
msgid "TRUE = Users and groups are enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1212
+#: sssd.conf.5.xml:1351
msgid "FALSE = No enumerations for this domain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1215 sssd.conf.5.xml:1447 sssd.conf.5.xml:1614
+#: sssd.conf.5.xml:1354 sssd.conf.5.xml:1586 sssd.conf.5.xml:1753
msgid "Default: FALSE"
msgstr "По умолчанию: FALSE"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1218
+#: sssd.conf.5.xml:1357
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -1599,14 +1762,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1231
+#: sssd.conf.5.xml:1370
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1236
+#: sssd.conf.5.xml:1375
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -1615,39 +1778,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1244
+#: sssd.conf.5.xml:1383
msgid ""
"For the reasons cited above, enabling enumeration is not recommended, "
"especially in large environments."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1252
+#: sssd.conf.5.xml:1391
msgid "subdomain_enumerate (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1259
+#: sssd.conf.5.xml:1398
msgid "all"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1260
+#: sssd.conf.5.xml:1399
msgid "All discovered trusted domains will be enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1263
+#: sssd.conf.5.xml:1402
msgid "none"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1264
+#: sssd.conf.5.xml:1403
msgid "No discovered trusted domains will be enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1255
+#: sssd.conf.5.xml:1394
msgid ""
"Whether any of autodetected trusted domains should be enumerated. The "
"supported values are: <placeholder type=\"variablelist\" id=\"0\"/> "
@@ -1656,19 +1819,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1295
+#: sssd.conf.5.xml:1434
msgid "entry_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1298
+#: sssd.conf.5.xml:1437
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1302
+#: sssd.conf.5.xml:1441
msgid ""
"The cache expiration timestamps are stored as attributes of individual "
"objects in the cache. Therefore, changing the cache timeout only has effect "
@@ -1679,151 +1842,151 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1315
+#: sssd.conf.5.xml:1454
msgid "Default: 5400"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1321
+#: sssd.conf.5.xml:1460
msgid "entry_cache_user_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1324
+#: sssd.conf.5.xml:1463
msgid ""
"How many seconds should nss_sss consider user entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1328 sssd.conf.5.xml:1341 sssd.conf.5.xml:1354
-#: sssd.conf.5.xml:1367 sssd.conf.5.xml:1380 sssd.conf.5.xml:1394
-#: sssd.conf.5.xml:1408
+#: sssd.conf.5.xml:1467 sssd.conf.5.xml:1480 sssd.conf.5.xml:1493
+#: sssd.conf.5.xml:1506 sssd.conf.5.xml:1519 sssd.conf.5.xml:1533
+#: sssd.conf.5.xml:1547
msgid "Default: entry_cache_timeout"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1334
+#: sssd.conf.5.xml:1473
msgid "entry_cache_group_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1337
+#: sssd.conf.5.xml:1476
msgid ""
"How many seconds should nss_sss consider group entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1347
+#: sssd.conf.5.xml:1486
msgid "entry_cache_netgroup_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1350
+#: sssd.conf.5.xml:1489
msgid ""
"How many seconds should nss_sss consider netgroup entries valid before "
"asking the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1360
+#: sssd.conf.5.xml:1499
msgid "entry_cache_service_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1363
+#: sssd.conf.5.xml:1502
msgid ""
"How many seconds should nss_sss consider service entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1373
+#: sssd.conf.5.xml:1512
msgid "entry_cache_sudo_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1376
+#: sssd.conf.5.xml:1515
msgid ""
"How many seconds should sudo consider rules valid before asking the backend "
"again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1386
+#: sssd.conf.5.xml:1525
msgid "entry_cache_autofs_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1389
+#: sssd.conf.5.xml:1528
msgid ""
"How many seconds should the autofs service consider automounter maps valid "
"before asking the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1400
+#: sssd.conf.5.xml:1539
msgid "entry_cache_ssh_host_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1403
+#: sssd.conf.5.xml:1542
msgid ""
"How many seconds to keep a host ssh key after refresh. IE how long to cache "
"the host key for."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1414
+#: sssd.conf.5.xml:1553
msgid "refresh_expired_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1417
+#: sssd.conf.5.xml:1556
msgid ""
"Specifies how many seconds SSSD has to wait before triggering a background "
"refresh task which will refresh all expired or nearly expired records."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1422
+#: sssd.conf.5.xml:1561
msgid ""
"The background refresh will process users, groups and netgroups in the cache."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1426
+#: sssd.conf.5.xml:1565
msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1430 sssd-ldap.5.xml:730 sssd-ipa.5.xml:227
+#: sssd.conf.5.xml:1569 sssd-ldap.5.xml:730 sssd-ipa.5.xml:227
msgid "Default: 0 (disabled)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1436
+#: sssd.conf.5.xml:1575
msgid "cache_credentials (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1439
+#: sssd.conf.5.xml:1578
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1443
+#: sssd.conf.5.xml:1582
msgid "User credentials are stored in a SHA512 hash, not in plaintext"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1453
+#: sssd.conf.5.xml:1592
msgid "cache_credentials_minimal_first_factor_length (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1456
+#: sssd.conf.5.xml:1595
msgid ""
"If 2-Factor-Authentication (2FA) is used and credentials should be saved "
"this value determines the minimal length the first authentication factor "
@@ -1831,24 +1994,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1463
+#: sssd.conf.5.xml:1602
msgid ""
"This should avoid that the short PINs of a PIN based 2FA scheme are saved in "
"the cache which would make them easy targets for brute-force attacks."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1468
+#: sssd.conf.5.xml:1607
msgid "Default: 8"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1474
+#: sssd.conf.5.xml:1613
msgid "account_cache_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1477
+#: sssd.conf.5.xml:1616
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -1857,17 +2020,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1484
+#: sssd.conf.5.xml:1623
msgid "Default: 0 (unlimited)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1489
+#: sssd.conf.5.xml:1628
msgid "pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1500
+#: sssd.conf.5.xml:1639
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -1876,33 +2039,33 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1507
+#: sssd.conf.5.xml:1646
msgid "Default: 7 (Kerberos), 0 (LDAP)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1513
+#: sssd.conf.5.xml:1652
msgid "id_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1516
+#: sssd.conf.5.xml:1655
msgid ""
"The identification provider used for the domain. Supported ID providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1520
+#: sssd.conf.5.xml:1659
msgid "<quote>proxy</quote>: Support a legacy NSS provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1523 sssd.conf.5.xml:1660
+#: sssd.conf.5.xml:1662 sssd.conf.5.xml:1799
msgid "<quote>local</quote>: SSSD internal provider for local users"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1527
+#: sssd.conf.5.xml:1666
msgid ""
"<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-"
"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
@@ -1910,8 +2073,8 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1535 sssd.conf.5.xml:1640 sssd.conf.5.xml:1695
-#: sssd.conf.5.xml:1748
+#: sssd.conf.5.xml:1674 sssd.conf.5.xml:1779 sssd.conf.5.xml:1834
+#: sssd.conf.5.xml:1897
msgid ""
"<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management "
"provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
@@ -1920,8 +2083,8 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1544 sssd.conf.5.xml:1649 sssd.conf.5.xml:1704
-#: sssd.conf.5.xml:1757
+#: sssd.conf.5.xml:1683 sssd.conf.5.xml:1788 sssd.conf.5.xml:1843
+#: sssd.conf.5.xml:1906
msgid ""
"<quote>ad</quote>: Active Directory provider. See <citerefentry> "
"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1929,19 +2092,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1555
+#: sssd.conf.5.xml:1694
msgid "use_fully_qualified_names (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1558
+#: sssd.conf.5.xml:1697
msgid ""
"Use the full name and domain (as formatted by the domain's full_name_format) "
"as the user's login name reported to NSS."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1563
+#: sssd.conf.5.xml:1702
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -1950,7 +2113,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1571
+#: sssd.conf.5.xml:1710
msgid ""
"NOTE: This option has no effect on netgroup lookups due to their tendency to "
"include nested netgroups without qualified names. For netgroups, all domains "
@@ -1958,22 +2121,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1578
+#: sssd.conf.5.xml:1717
msgid "Default: FALSE (TRUE if default_domain_suffix is used)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1584
+#: sssd.conf.5.xml:1723
msgid "ignore_group_members (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1587
+#: sssd.conf.5.xml:1726
msgid "Do not return group members for group lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1590
+#: sssd.conf.5.xml:1729
msgid ""
"If set to TRUE, the group membership attribute is not requested from the "
"ldap server, and group members are not returned when processing group lookup "
@@ -1985,7 +2148,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1608
+#: sssd.conf.5.xml:1747
msgid ""
"Enabling this option can also make access provider checks for group "
"membership significantly faster, especially for groups containing many "
@@ -1993,19 +2156,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1619
+#: sssd.conf.5.xml:1758
msgid "auth_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1622
+#: sssd.conf.5.xml:1761
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1626 sssd.conf.5.xml:1688
+#: sssd.conf.5.xml:1765 sssd.conf.5.xml:1827
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2013,7 +2176,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1633
+#: sssd.conf.5.xml:1772
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2021,30 +2184,30 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1657
+#: sssd.conf.5.xml:1796
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1664
+#: sssd.conf.5.xml:1803
msgid "<quote>none</quote> disables authentication explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1667
+#: sssd.conf.5.xml:1806
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1673
+#: sssd.conf.5.xml:1812
msgid "access_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1676
+#: sssd.conf.5.xml:1815
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -2052,19 +2215,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1682
+#: sssd.conf.5.xml:1821
msgid ""
"<quote>permit</quote> always allow access. It's the only permitted access "
"provider for a local domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1685
+#: sssd.conf.5.xml:1824
msgid "<quote>deny</quote> always deny access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1712
+#: sssd.conf.5.xml:1851
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -2073,24 +2236,37 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1719
+#: sssd.conf.5.xml:1858
+msgid ""
+"<quote>krb5</quote>: .k5login based access control. See <citerefentry> "
+"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></"
+"citerefentry> for more information on configuring Kerberos."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1865
+msgid "<quote>proxy</quote> for relaying access control to another PAM module."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1868
msgid "Default: <quote>permit</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1724
+#: sssd.conf.5.xml:1873
msgid "chpass_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1727
+#: sssd.conf.5.xml:1876
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1732
+#: sssd.conf.5.xml:1881
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -2098,7 +2274,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1740
+#: sssd.conf.5.xml:1889
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2106,35 +2282,35 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1765
+#: sssd.conf.5.xml:1914
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1769
+#: sssd.conf.5.xml:1918
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1772
+#: sssd.conf.5.xml:1921
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1779
+#: sssd.conf.5.xml:1928
msgid "sudo_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1782
+#: sssd.conf.5.xml:1931
msgid "The SUDO provider used for the domain. Supported SUDO providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1786
+#: sssd.conf.5.xml:1935
msgid ""
"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2142,32 +2318,32 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1794
+#: sssd.conf.5.xml:1943
msgid ""
"<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default "
"settings."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1798
+#: sssd.conf.5.xml:1947
msgid ""
"<quote>ad</quote> the same as <quote>ldap</quote> but with AD default "
"settings."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1802
+#: sssd.conf.5.xml:1951
msgid "<quote>none</quote> disables SUDO explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1805 sssd.conf.5.xml:1883 sssd.conf.5.xml:1915
-#: sssd.conf.5.xml:1940
+#: sssd.conf.5.xml:1954 sssd.conf.5.xml:2032 sssd.conf.5.xml:2073
+#: sssd.conf.5.xml:2098
msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1809
+#: sssd.conf.5.xml:1958
msgid ""
"The detailed instructions for configuration of sudo_provider are in the "
"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -2178,12 +2354,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1826
+#: sssd.conf.5.xml:1975
msgid "selinux_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1829
+#: sssd.conf.5.xml:1978
msgid ""
"The provider which should handle loading of selinux settings. Note that this "
"provider will be called right after access provider ends. Supported selinux "
@@ -2191,7 +2367,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1835
+#: sssd.conf.5.xml:1984
msgid ""
"<quote>ipa</quote> to load selinux settings from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2199,31 +2375,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1843
+#: sssd.conf.5.xml:1992
msgid "<quote>none</quote> disallows fetching selinux settings explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1846
+#: sssd.conf.5.xml:1995
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"selinux loading requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1852
+#: sssd.conf.5.xml:2001
msgid "subdomains_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1855
+#: sssd.conf.5.xml:2004
msgid ""
"The provider which should handle fetching of subdomains. This value should "
"be always the same as id_provider. Supported subdomain providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1861
+#: sssd.conf.5.xml:2010
msgid ""
"<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2231,7 +2407,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1870
+#: sssd.conf.5.xml:2019
msgid ""
"<quote>ad</quote> to load a list of subdomains from an Active Directory "
"server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> "
@@ -2240,23 +2416,23 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1879
+#: sssd.conf.5.xml:2028
msgid "<quote>none</quote> disallows fetching subdomains explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1890
+#: sssd.conf.5.xml:2039
msgid "autofs_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1893
+#: sssd.conf.5.xml:2042
msgid ""
"The autofs provider used for the domain. Supported autofs providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1897
+#: sssd.conf.5.xml:2046
msgid ""
"<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2264,7 +2440,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1904
+#: sssd.conf.5.xml:2053
msgid ""
"<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2272,24 +2448,32 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1912
+#: sssd.conf.5.xml:2061
+msgid ""
+"<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> "
+"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> for more information on configuring the AD provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2070
msgid "<quote>none</quote> disables autofs explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1922
+#: sssd.conf.5.xml:2080
msgid "hostid_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1925
+#: sssd.conf.5.xml:2083
msgid ""
"The provider used for retrieving host identity information. Supported "
"hostid providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1929
+#: sssd.conf.5.xml:2087
msgid ""
"<quote>ipa</quote> to load host identity stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2297,12 +2481,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1937
+#: sssd.conf.5.xml:2095
msgid "<quote>none</quote> disables hostid explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1950
+#: sssd.conf.5.xml:2108
msgid ""
"Regular expression for this domain that describes how to parse the string "
"containing user name and domain into these components. The \"domain\" can "
@@ -2312,7 +2496,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1959
+#: sssd.conf.5.xml:2117
msgid ""
"Default for the AD and IPA provider: <quote>(((?P&lt;domain&gt;[^\\\\]+)\\"
"\\(?P&lt;name&gt;.+$))|((?P&lt;name&gt;[^@]+)@(?P&lt;domain&gt;.+$))|(^(?"
@@ -2321,29 +2505,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1964
+#: sssd.conf.5.xml:2122
msgid "username"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1967
+#: sssd.conf.5.xml:2125
msgid "username@domain.name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1970
+#: sssd.conf.5.xml:2128
msgid "domain\\username"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1973
+#: sssd.conf.5.xml:2131
msgid ""
"While the first two correspond to the general default the third one is "
"introduced to allow easy integration of users from Windows domains."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1978
+#: sssd.conf.5.xml:2136
msgid ""
"Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
"which translates to \"the name is everything up to the <quote>@</quote> "
@@ -2351,7 +2535,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1984
+#: sssd.conf.5.xml:2142
msgid ""
"PLEASE NOTE: the support for non-unique named subpatterns is not available "
"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
@@ -2359,66 +2543,66 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1991
+#: sssd.conf.5.xml:2149
msgid ""
"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
"P&lt;name&gt;) to label subpatterns."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2038
+#: sssd.conf.5.xml:2196
msgid "Default: <quote>%1$s@%2$s</quote>."
msgstr "По умолчанию: <quote>%1$s@%2$s</quote>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2044
+#: sssd.conf.5.xml:2202
msgid "lookup_family_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2047
+#: sssd.conf.5.xml:2205
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2051
+#: sssd.conf.5.xml:2209
msgid "Supported values:"
msgstr "Поддерживаемые значения:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2054
+#: sssd.conf.5.xml:2212
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2057
+#: sssd.conf.5.xml:2215
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2060
+#: sssd.conf.5.xml:2218
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2063
+#: sssd.conf.5.xml:2221
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2066
+#: sssd.conf.5.xml:2224
msgid "Default: ipv4_first"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2072
+#: sssd.conf.5.xml:2230
msgid "dns_resolver_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2075
+#: sssd.conf.5.xml:2233
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -2426,70 +2610,70 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2081 sssd-ldap.5.xml:1203 sssd-ldap.5.xml:1245
-#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:248
+#: sssd.conf.5.xml:2239 sssd-ldap.5.xml:1221 sssd-ldap.5.xml:1263
+#: sssd-ldap.5.xml:1281 sssd-krb5.5.xml:248
msgid "Default: 6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2087
+#: sssd.conf.5.xml:2245
msgid "dns_discovery_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2090
+#: sssd.conf.5.xml:2248
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2094
+#: sssd.conf.5.xml:2252
msgid "Default: Use the domain part of machine's hostname"
msgstr "По умолчанию: использовать доменное имя из hostname"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2100
+#: sssd.conf.5.xml:2258
msgid "override_gid (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2103
+#: sssd.conf.5.xml:2261
msgid "Override the primary GID value with the one specified."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2109
+#: sssd.conf.5.xml:2267
msgid "case_sensitive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2117
+#: sssd.conf.5.xml:2275
msgid "True"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2120
+#: sssd.conf.5.xml:2278
msgid "Case sensitive. This value is invalid for AD provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2126
+#: sssd.conf.5.xml:2284
msgid "False"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2128
+#: sssd.conf.5.xml:2286
msgid "Case insensitive."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2132
+#: sssd.conf.5.xml:2290
msgid "Preserving"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2135
+#: sssd.conf.5.xml:2293
msgid ""
"Same as False (case insensitive), but does not lowercase names in the result "
"of NSS operations. Note that name aliases (and in case of services also "
@@ -2497,7 +2681,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2112
+#: sssd.conf.5.xml:2270
msgid ""
"Treat user and group names as case sensitive. At the moment, this option is "
"not supported in the local provider. Possible option values are: "
@@ -2505,41 +2689,85 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2147
+#: sssd.conf.5.xml:2305
msgid "Default: True (False for AD provider)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2153
-msgid "proxy_fast_alias (boolean)"
+#: sssd.conf.5.xml:2311
+msgid "subdomain_inherit (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2156
+#: sssd.conf.5.xml:2314
msgid ""
-"When a user or group is looked up by name in the proxy provider, a second "
-"lookup by ID is performed to \"canonicalize\" the name in case the requested "
-"name was an alias. Setting this option to true would cause the SSSD to "
-"perform the ID lookup from cache for performance reasons."
+"Specifies a list of configuration parameters that should be inherited by a "
+"subdomain. Please note that only selected parameters can be inherited. "
+"Currently the following options can be inherited:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2320
+msgid "ignore_group_members"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2323
+msgid "ldap_purge_cache_timeout"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2170
+#: sssd.conf.5.xml:2326 sssd-ldap.5.xml:1054
+msgid "ldap_use_tokengroups"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2329
+msgid "ldap_user_principal"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2332
+msgid ""
+"ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab "
+"is not set explicitly)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd.conf.5.xml:2338
+#, no-wrap
+msgid ""
+"subdomain_inherit = ldap_purge_cache_timeout\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2336
+msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2345
+msgid "Note: This option only works with the IPA and AD provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2352
msgid "subdomain_homedir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2181
+#: sssd.conf.5.xml:2363
msgid "%F"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2182
+#: sssd.conf.5.xml:2364
msgid "flat (NetBIOS) name of a subdomain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2173
+#: sssd.conf.5.xml:2355
msgid ""
"Use this homedir as default value for all subdomains within this domain in "
"IPA AD trust. See <emphasis>override_homedir</emphasis> for info about "
@@ -2549,34 +2777,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2187
+#: sssd.conf.5.xml:2369
msgid ""
"The value can be overridden by <emphasis>override_homedir</emphasis> option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2191
+#: sssd.conf.5.xml:2373
msgid "Default: <filename>/home/%d/%u</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2196
+#: sssd.conf.5.xml:2378
msgid "realmd_tags (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2199
+#: sssd.conf.5.xml:2381
msgid ""
"Various tags stored by the realmd configuration service for this domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2205
+#: sssd.conf.5.xml:2387
msgid "cached_auth_timeout (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2208
+#: sssd.conf.5.xml:2390
msgid ""
"Specifies time in seconds since last successful online authentication for "
"which user will be authenticated using cached credentials while SSSD is in "
@@ -2584,12 +2812,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2214
+#: sssd.conf.5.xml:2396
msgid "Special value 0 implies that this feature is disabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2218
+#: sssd.conf.5.xml:2400
msgid ""
"Please note that if <quote>cached_auth_timeout</quote> is longer than "
"<quote>pam_id_timeout</quote> then the back end could be called to handle "
@@ -2597,7 +2825,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1172
+#: sssd.conf.5.xml:1311
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -2605,49 +2833,63 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2236
+#: sssd.conf.5.xml:2418
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2239
+#: sssd.conf.5.xml:2421
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2242
+#: sssd.conf.5.xml:2424
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2250
+#: sssd.conf.5.xml:2432
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2253
+#: sssd.conf.5.xml:2435
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
"for example _nss_files_getpwent."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2445
+msgid "proxy_fast_alias (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2448
+msgid ""
+"When a user or group is looked up by name in the proxy provider, a second "
+"lookup by ID is performed to \"canonicalize\" the name in case the requested "
+"name was an alias. Setting this option to true would cause the SSSD to "
+"perform the ID lookup from cache for performance reasons."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2232
+#: sssd.conf.5.xml:2414
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2265
+#: sssd.conf.5.xml:2465
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2267
+#: sssd.conf.5.xml:2467
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -2655,73 +2897,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2274
+#: sssd.conf.5.xml:2474
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2277
+#: sssd.conf.5.xml:2477
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2281
+#: sssd.conf.5.xml:2481
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2286
+#: sssd.conf.5.xml:2486
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2289
+#: sssd.conf.5.xml:2489
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2294
+#: sssd.conf.5.xml:2494
msgid "Default: <filename>/home</filename>"
msgstr "По умолчанию: <filename>/home</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2299
+#: sssd.conf.5.xml:2499
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2302
+#: sssd.conf.5.xml:2502
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2306 sssd.conf.5.xml:2318
+#: sssd.conf.5.xml:2506 sssd.conf.5.xml:2518
msgid "Default: TRUE"
msgstr "По умолчанию: TRUE"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2311
+#: sssd.conf.5.xml:2511
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2314
+#: sssd.conf.5.xml:2514
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2323
+#: sssd.conf.5.xml:2523
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2326
+#: sssd.conf.5.xml:2526
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -2729,17 +2971,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2334
+#: sssd.conf.5.xml:2534
msgid "Default: 077"
msgstr "По умолчанию: 077"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2339
+#: sssd.conf.5.xml:2539
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2342
+#: sssd.conf.5.xml:2542
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -2748,17 +2990,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2352
+#: sssd.conf.5.xml:2552
msgid "Default: <filename>/etc/skel</filename>"
msgstr "По умолчанию: <filename>/etc/skel</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2357
+#: sssd.conf.5.xml:2557
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2360
+#: sssd.conf.5.xml:2560
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -2766,17 +3008,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2367
+#: sssd.conf.5.xml:2567
msgid "Default: <filename>/var/mail</filename>"
msgstr "По умолчанию: <filename>/var/mail</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2372
+#: sssd.conf.5.xml:2572
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2375
+#: sssd.conf.5.xml:2575
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -2784,19 +3026,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2381
+#: sssd.conf.5.xml:2581
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:2391 sssd-ldap.5.xml:2611 sssd-simple.5.xml:131
-#: sssd-ipa.5.xml:717 sssd-ad.5.xml:889 sssd-krb5.5.xml:564
+#: sssd.conf.5.xml:2591 sssd-ldap.5.xml:2629 sssd-simple.5.xml:131
+#: sssd-ipa.5.xml:717 sssd-ad.5.xml:965 sssd-krb5.5.xml:564
#: sss_rpcidmapd.5.xml:98
msgid "EXAMPLE"
msgstr "ПРИМЕР"
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:2397
+#: sssd.conf.5.xml:2597
#, no-wrap
msgid ""
"[sssd]\n"
@@ -2826,7 +3068,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2393
+#: sssd.conf.5.xml:2593
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -2872,7 +3114,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:88
+#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:89
#: sssd-krb5.5.xml:63 sssd-ifp.5.xml:44
msgid "CONFIGURATION OPTIONS"
msgstr "ПАРАМЕТРЫ КОНФИГУРАЦИИ"
@@ -2972,8 +3214,8 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:646 sssd-ad.5.xml:212
-#: sss_override.8.xml:99 sss_override.8.xml:167
+#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:646 sssd-ad.5.xml:220
+#: sss_override.8.xml:137 sss_override.8.xml:234
msgid "Examples:"
msgstr ""
@@ -3262,14 +3504,14 @@ msgid "ldap_user_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:373 sssd-ldap.5.xml:914 sssd-ldap.5.xml:1119
+#: sssd-ldap.5.xml:373 sssd-ldap.5.xml:914 sssd-ldap.5.xml:1137
msgid ""
"The LDAP attribute that contains timestamp of the last modification of the "
"parent object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:377 sssd-ldap.5.xml:918 sssd-ldap.5.xml:1126
+#: sssd-ldap.5.xml:377 sssd-ldap.5.xml:918 sssd-ldap.5.xml:1144
msgid "Default: modifyTimestamp"
msgstr "По умолчанию: modifyTimestamp"
@@ -3664,8 +3906,8 @@ msgid "The LDAP attribute that corresponds to the user's full name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:743 sssd-ldap.5.xml:850 sssd-ldap.5.xml:1077
-#: sssd-ldap.5.xml:1151 sssd-ldap.5.xml:2192 sssd-ipa.5.xml:590
+#: sssd-ldap.5.xml:743 sssd-ldap.5.xml:850 sssd-ldap.5.xml:1095
+#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:2210 sssd-ipa.5.xml:590
msgid "Default: cn"
msgstr ""
@@ -3869,19 +4111,36 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:945
-msgid "ldap_group_nesting_level (integer)"
+msgid "ldap_group_external_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:948
msgid ""
+"The LDAP attribute that references group members that are defined in an "
+"external domain. At the moment, only IPA's external members are supported."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:954
+msgid "Default: ipaExternalMember in the IPA provider, otherwise unset."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:961
+msgid "ldap_group_nesting_level (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:964
+msgid ""
"If ldap_schema is set to a schema format that supports nested groups (e.g. "
"RFC2307bis), then this option controls how many levels of nesting SSSD will "
"follow. This option has no effect on the RFC2307 schema."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:955
+#: sssd-ldap.5.xml:971
msgid ""
"Note: This option specifies the guaranteed level of nested groups to be "
"processed for any lookup. However, nested groups beyond this limit "
@@ -3891,26 +4150,27 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:964
+#: sssd-ldap.5.xml:980
msgid ""
"If ldap_group_nesting_level is set to 0 then no nested groups are processed "
-"at all. However, when connected to Active-Directory Server 2008 and later it "
-"is furthermore required to disable usage of Token-Groups by setting "
-"ldap_use_tokengroups to false."
+"at all. However, when connected to Active-Directory Server 2008 and later "
+"using <quote>id_provider=ad</quote> it is furthermore required to disable "
+"usage of Token-Groups by setting ldap_use_tokengroups to false in order to "
+"restrict group nesting."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:971
+#: sssd-ldap.5.xml:989
msgid "Default: 2"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:977
+#: sssd-ldap.5.xml:995
msgid "ldap_groups_use_matching_rule_in_chain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:980
+#: sssd-ldap.5.xml:998
msgid ""
"This option tells SSSD to take advantage of an Active Directory-specific "
"feature which may speed up group lookup operations on deployments with "
@@ -3918,14 +4178,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:986
+#: sssd-ldap.5.xml:1004
msgid ""
"In most common cases, it is best to leave this option disabled. It generally "
"only provides a performance increase on very complex nestings."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:991 sssd-ldap.5.xml:1018
+#: sssd-ldap.5.xml:1009 sssd-ldap.5.xml:1036
msgid ""
"If this option is enabled, SSSD will use it if it detects that the server "
"supports it during initial connection. So \"True\" here essentially means "
@@ -3933,7 +4193,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:997 sssd-ldap.5.xml:1024
+#: sssd-ldap.5.xml:1015 sssd-ldap.5.xml:1042
msgid ""
"Note: This feature is currently known to work only with Active Directory "
"2008 R1 and later. See <ulink url=\"http://msdn.microsoft.com/en-us/library/"
@@ -3941,19 +4201,13 @@ msgid ""
"for more details."
msgstr ""
-#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1003 sssd-ldap.5.xml:1030 sssd-ldap.5.xml:1321
-#: sssd-ldap.5.xml:1342 sssd-ldap.5.xml:1848 include/ldap_id_mapping.xml:242
-msgid "Default: False"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1009
+#: sssd-ldap.5.xml:1027
msgid "ldap_initgroups_use_matching_rule_in_chain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1012
+#: sssd-ldap.5.xml:1030
msgid ""
"This option tells SSSD to take advantage of an Active Directory-specific "
"feature which might speed up initgroups operations (most notably when "
@@ -3961,168 +4215,168 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1039
+#: sssd-ldap.5.xml:1057
msgid ""
"This options enables or disables use of Token-Groups attribute when "
"performing initgroup for users from Active Directory Server 2008 and later."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1044
+#: sssd-ldap.5.xml:1062
msgid "Default: True for AD and IPA otherwise False."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1050
+#: sssd-ldap.5.xml:1068
msgid "ldap_netgroup_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1053
+#: sssd-ldap.5.xml:1071
msgid "The object class of a netgroup entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1056
+#: sssd-ldap.5.xml:1074
msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1060
+#: sssd-ldap.5.xml:1078
msgid "Default: nisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1066
+#: sssd-ldap.5.xml:1084
msgid "ldap_netgroup_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1069
+#: sssd-ldap.5.xml:1087
msgid "The LDAP attribute that corresponds to the netgroup name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1073
+#: sssd-ldap.5.xml:1091
msgid "In IPA provider, ipa_netgroup_name should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1083
+#: sssd-ldap.5.xml:1101
msgid "ldap_netgroup_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1086
+#: sssd-ldap.5.xml:1104
msgid "The LDAP attribute that contains the names of the netgroup's members."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1090
+#: sssd-ldap.5.xml:1108
msgid "In IPA provider, ipa_netgroup_member should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1094
+#: sssd-ldap.5.xml:1112
msgid "Default: memberNisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1100
+#: sssd-ldap.5.xml:1118
msgid "ldap_netgroup_triple (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1103
+#: sssd-ldap.5.xml:1121
msgid ""
"The LDAP attribute that contains the (host, user, domain) netgroup triples."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1107 sssd-ldap.5.xml:1123
+#: sssd-ldap.5.xml:1125 sssd-ldap.5.xml:1141
msgid "This option is not available in IPA provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1110
+#: sssd-ldap.5.xml:1128
msgid "Default: nisNetgroupTriple"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1116
+#: sssd-ldap.5.xml:1134
msgid "ldap_netgroup_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1132
+#: sssd-ldap.5.xml:1150
msgid "ldap_service_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1135
+#: sssd-ldap.5.xml:1153
msgid "The object class of a service entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1138
+#: sssd-ldap.5.xml:1156
msgid "Default: ipService"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1144
+#: sssd-ldap.5.xml:1162
msgid "ldap_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1147
+#: sssd-ldap.5.xml:1165
msgid ""
"The LDAP attribute that contains the name of service attributes and their "
"aliases."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1157
+#: sssd-ldap.5.xml:1175
msgid "ldap_service_port (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1160
+#: sssd-ldap.5.xml:1178
msgid "The LDAP attribute that contains the port managed by this service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1164
+#: sssd-ldap.5.xml:1182
msgid "Default: ipServicePort"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1170
+#: sssd-ldap.5.xml:1188
msgid "ldap_service_proto (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1173
+#: sssd-ldap.5.xml:1191
msgid ""
"The LDAP attribute that contains the protocols understood by this service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1177
+#: sssd-ldap.5.xml:1195
msgid "Default: ipServiceProtocol"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1183
+#: sssd-ldap.5.xml:1201
msgid "ldap_service_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1188
+#: sssd-ldap.5.xml:1206
msgid "ldap_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1191
+#: sssd-ldap.5.xml:1209
msgid ""
"Specifies the timeout (in seconds) that ldap searches are allowed to run "
"before they are cancelled and cached results are returned (and offline mode "
@@ -4130,7 +4384,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1197
+#: sssd-ldap.5.xml:1215
msgid ""
"Note: this option is subject to change in future versions of the SSSD. It "
"will likely be replaced at some point by a series of timeouts for specific "
@@ -4138,12 +4392,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1209
+#: sssd-ldap.5.xml:1227
msgid "ldap_enumeration_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1212
+#: sssd-ldap.5.xml:1230
msgid ""
"Specifies the timeout (in seconds) that ldap searches for user and group "
"enumerations are allowed to run before they are cancelled and cached results "
@@ -4151,12 +4405,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1225
+#: sssd-ldap.5.xml:1243
msgid "ldap_network_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1228
+#: sssd-ldap.5.xml:1246
msgid ""
"Specifies the timeout (in seconds) after which the <citerefentry> "
"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
@@ -4167,12 +4421,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1251
+#: sssd-ldap.5.xml:1269
msgid "ldap_opt_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1254
+#: sssd-ldap.5.xml:1272
msgid ""
"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
"will abort if no response is received. Also controls the timeout when "
@@ -4181,12 +4435,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1269
+#: sssd-ldap.5.xml:1287
msgid "ldap_connection_expire_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1272
+#: sssd-ldap.5.xml:1290
msgid ""
"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
"maintained. After this time, the connection will be re-established. If used "
@@ -4195,34 +4449,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1280 sssd-ldap.5.xml:2349
+#: sssd-ldap.5.xml:1298 sssd-ldap.5.xml:2367
msgid "Default: 900 (15 minutes)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1286
+#: sssd-ldap.5.xml:1304
msgid "ldap_page_size (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1289
+#: sssd-ldap.5.xml:1307
msgid ""
"Specify the number of records to retrieve from LDAP in a single request. "
"Some LDAP servers enforce a maximum limit per-request."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1294
+#: sssd-ldap.5.xml:1312
msgid "Default: 1000"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1300
+#: sssd-ldap.5.xml:1318
msgid "ldap_disable_paging (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1303
+#: sssd-ldap.5.xml:1321
msgid ""
"Disable the LDAP paging control. This option should be used if the LDAP "
"server reports that it supports the LDAP paging control in its RootDSE but "
@@ -4230,14 +4484,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1309
+#: sssd-ldap.5.xml:1327
msgid ""
"Example: OpenLDAP servers with the paging control module installed on the "
"server but not enabled will report it in the RootDSE but be unable to use it."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1315
+#: sssd-ldap.5.xml:1333
msgid ""
"Example: 389 DS has a bug where it can only support a one paging control at "
"a time on a single connection. On busy clients, this can result in some "
@@ -4245,17 +4499,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1327
+#: sssd-ldap.5.xml:1345
msgid "ldap_disable_range_retrieval (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1330
+#: sssd-ldap.5.xml:1348
msgid "Disable Active Directory range retrieval."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1333
+#: sssd-ldap.5.xml:1351
msgid ""
"Active Directory limits the number of members to be retrieved in a single "
"lookup using the MaxValRange policy (which defaults to 1500 members). If a "
@@ -4265,12 +4519,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1348
+#: sssd-ldap.5.xml:1366
msgid "ldap_sasl_minssf (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1351
+#: sssd-ldap.5.xml:1369
msgid ""
"When communicating with an LDAP server using SASL, specify the minimum "
"security level necessary to establish the connection. The values of this "
@@ -4278,17 +4532,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1357
+#: sssd-ldap.5.xml:1375
msgid "Default: Use the system default (usually specified by ldap.conf)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1364
+#: sssd-ldap.5.xml:1382
msgid "ldap_deref_threshold (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1367
+#: sssd-ldap.5.xml:1385
msgid ""
"Specify the number of group members that must be missing from the internal "
"cache in order to trigger a dereference lookup. If less members are missing, "
@@ -4296,13 +4550,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1373
+#: sssd-ldap.5.xml:1391
msgid ""
"You can turn off dereference lookups completely by setting the value to 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1377
+#: sssd-ldap.5.xml:1395
msgid ""
"A dereference lookup is a means of fetching all group members in a single "
"LDAP call. Different LDAP servers may implement different dereference "
@@ -4311,7 +4565,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1385
+#: sssd-ldap.5.xml:1403
msgid ""
"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
"filter, then the dereference lookup performance enhancement will be disabled "
@@ -4319,26 +4573,26 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1398
+#: sssd-ldap.5.xml:1416
msgid "ldap_tls_reqcert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1401
+#: sssd-ldap.5.xml:1419
msgid ""
"Specifies what checks to perform on server certificates in a TLS session, if "
"any. It can be specified as one of the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1407
+#: sssd-ldap.5.xml:1425
msgid ""
"<emphasis>never</emphasis> = The client will not request or check any server "
"certificate."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1411
+#: sssd-ldap.5.xml:1429
msgid ""
"<emphasis>allow</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -4346,7 +4600,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1418
+#: sssd-ldap.5.xml:1436
msgid ""
"<emphasis>try</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -4354,7 +4608,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1424
+#: sssd-ldap.5.xml:1442
msgid ""
"<emphasis>demand</emphasis> = The server certificate is requested. If no "
"certificate is provided, or a bad certificate is provided, the session is "
@@ -4362,41 +4616,41 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1430
+#: sssd-ldap.5.xml:1448
msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1434
+#: sssd-ldap.5.xml:1452
msgid "Default: hard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1440
+#: sssd-ldap.5.xml:1458
msgid "ldap_tls_cacert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1443
+#: sssd-ldap.5.xml:1461
msgid ""
"Specifies the file that contains certificates for all of the Certificate "
"Authorities that <command>sssd</command> will recognize."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1448 sssd-ldap.5.xml:1466 sssd-ldap.5.xml:1507
+#: sssd-ldap.5.xml:1466 sssd-ldap.5.xml:1484 sssd-ldap.5.xml:1525
msgid ""
"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
"conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1455
+#: sssd-ldap.5.xml:1473
msgid "ldap_tls_cacertdir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1458
+#: sssd-ldap.5.xml:1476
msgid ""
"Specifies the path of a directory that contains Certificate Authority "
"certificates in separate individual files. Typically the file names need to "
@@ -4405,32 +4659,32 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1473
+#: sssd-ldap.5.xml:1491
msgid "ldap_tls_cert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1476
+#: sssd-ldap.5.xml:1494
msgid "Specifies the file that contains the certificate for the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1486
+#: sssd-ldap.5.xml:1504
msgid "ldap_tls_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1489
+#: sssd-ldap.5.xml:1507
msgid "Specifies the file that contains the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1498
+#: sssd-ldap.5.xml:1516
msgid "ldap_tls_cipher_suite (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1501
+#: sssd-ldap.5.xml:1519
msgid ""
"Specifies acceptable cipher suites. Typically this is a colon separated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -4438,24 +4692,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1514
+#: sssd-ldap.5.xml:1532
msgid "ldap_id_use_start_tls (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1517
+#: sssd-ldap.5.xml:1535
msgid ""
"Specifies that the id_provider connection must also use <systemitem class="
"\"protocol\">tls</systemitem> to protect the channel."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1527
+#: sssd-ldap.5.xml:1545
msgid "ldap_id_mapping (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1530
+#: sssd-ldap.5.xml:1548
msgid ""
"Specifies that SSSD should attempt to map user and group IDs from the "
"ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
@@ -4463,17 +4717,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1536
+#: sssd-ldap.5.xml:1554
msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1546
+#: sssd-ldap.5.xml:1564
msgid "ldap_min_id, ldap_max_id (interger)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1549
+#: sssd-ldap.5.xml:1567
msgid ""
"In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
"set to true the allowed ID range for ldap_user_uid_number and "
@@ -4484,29 +4738,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1561
+#: sssd-ldap.5.xml:1579
msgid "Default: not set (both options are set to 0)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1567
+#: sssd-ldap.5.xml:1585
msgid "ldap_sasl_mech (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1570
+#: sssd-ldap.5.xml:1588
msgid ""
"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
"supported."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1580
+#: sssd-ldap.5.xml:1598
msgid "ldap_sasl_authid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1583
+#: sssd-ldap.5.xml:1601
msgid ""
"Specify the SASL authorization id to use. When GSSAPI is used, this "
"represents the Kerberos principal used for authentication to the directory. "
@@ -4515,17 +4769,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1591
+#: sssd-ldap.5.xml:1609
msgid "Default: host/hostname@REALM"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1597
+#: sssd-ldap.5.xml:1615
msgid "ldap_sasl_realm (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1600
+#: sssd-ldap.5.xml:1618
msgid ""
"Specify the SASL realm to use. When not specified, this option defaults to "
"the value of krb5_realm. If the ldap_sasl_authid contains the realm as "
@@ -4533,49 +4787,49 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1606
+#: sssd-ldap.5.xml:1624
msgid "Default: the value of krb5_realm."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1612
+#: sssd-ldap.5.xml:1630
msgid "ldap_sasl_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1615
+#: sssd-ldap.5.xml:1633
msgid ""
"If set to true, the LDAP library would perform a reverse lookup to "
"canonicalize the host name during a SASL bind."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1620
+#: sssd-ldap.5.xml:1638
msgid "Default: false;"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1626
+#: sssd-ldap.5.xml:1644
msgid "ldap_krb5_keytab (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1629
+#: sssd-ldap.5.xml:1647
msgid "Specify the keytab to use when using SASL/GSSAPI."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1632
+#: sssd-ldap.5.xml:1650
msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1638
+#: sssd-ldap.5.xml:1656
msgid "ldap_krb5_init_creds (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1641
+#: sssd-ldap.5.xml:1659
msgid ""
"Specifies that the id_provider should init Kerberos credentials (TGT). This "
"action is performed only if SASL is used and the mechanism selected is "
@@ -4583,27 +4837,27 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1653
+#: sssd-ldap.5.xml:1671
msgid "ldap_krb5_ticket_lifetime (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1656
+#: sssd-ldap.5.xml:1674
msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1660 sssd-ad.5.xml:783
+#: sssd-ldap.5.xml:1678 sssd-ad.5.xml:859
msgid "Default: 86400 (24 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1666 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1684 sssd-krb5.5.xml:74
msgid "krb5_server, krb5_backup_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1669
+#: sssd-ldap.5.xml:1687
msgid ""
"Specifies the comma-separated list of IP addresses or hostnames of the "
"Kerberos servers to which SSSD should connect in the order of preference. "
@@ -4615,7 +4869,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1681 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1699 sssd-krb5.5.xml:89
msgid ""
"When using service discovery for KDC or kpasswd servers, SSSD first searches "
"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -4623,7 +4877,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1686 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1704 sssd-krb5.5.xml:94
msgid ""
"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
"While the legacy name is recognized for the time being, users are advised to "
@@ -4631,39 +4885,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1695 sssd-ipa.5.xml:415 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1713 sssd-ipa.5.xml:415 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1698
+#: sssd-ldap.5.xml:1716
msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1701
+#: sssd-ldap.5.xml:1719
msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1707 sssd-ipa.5.xml:430 sssd-krb5.5.xml:462
+#: sssd-ldap.5.xml:1725 sssd-ipa.5.xml:430 sssd-krb5.5.xml:462
msgid "krb5_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1710
+#: sssd-ldap.5.xml:1728
msgid ""
"Specifies if the host principal should be canonicalized when connecting to "
"LDAP server. This feature is available with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1722 sssd-krb5.5.xml:477
+#: sssd-ldap.5.xml:1740 sssd-krb5.5.xml:477
msgid "krb5_use_kdcinfo (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1725 sssd-krb5.5.xml:480
+#: sssd-ldap.5.xml:1743 sssd-krb5.5.xml:480
msgid ""
"Specifies if the SSSD should instruct the Kerberos libraries what realm and "
"which KDCs to use. This option is on by default, if you disable it, you need "
@@ -4673,7 +4927,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1736 sssd-krb5.5.xml:491
+#: sssd-ldap.5.xml:1754 sssd-krb5.5.xml:491
msgid ""
"See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
@@ -4681,26 +4935,26 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1750
+#: sssd-ldap.5.xml:1768
msgid "ldap_pwd_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1753
+#: sssd-ldap.5.xml:1771
msgid ""
"Select the policy to evaluate the password expiration on the client side. "
"The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1758
+#: sssd-ldap.5.xml:1776
msgid ""
"<emphasis>none</emphasis> - No evaluation on the client side. This option "
"cannot disable server-side password policies."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1763
+#: sssd-ldap.5.xml:1781
msgid ""
"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -4708,7 +4962,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1769
+#: sssd-ldap.5.xml:1787
msgid ""
"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
"to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -4716,31 +4970,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1778
+#: sssd-ldap.5.xml:1796
msgid ""
"<emphasis>Note</emphasis>: if a password policy is configured on server "
"side, it always takes precedence over policy set with this option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1786
+#: sssd-ldap.5.xml:1804
msgid "ldap_referrals (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1789
+#: sssd-ldap.5.xml:1807
msgid "Specifies whether automatic referral chasing should be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1793
+#: sssd-ldap.5.xml:1811
msgid ""
"Please note that sssd only supports referral chasing when it is compiled "
"with OpenLDAP version 2.4.13 or higher."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1798
+#: sssd-ldap.5.xml:1816
msgid ""
"Chasing referrals may incur a performance penalty in environments that use "
"them heavily, a notable example is Microsoft Active Directory. If your setup "
@@ -4749,56 +5003,56 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1812
+#: sssd-ldap.5.xml:1830
msgid "ldap_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1815
+#: sssd-ldap.5.xml:1833
msgid "Specifies the service name to use when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1819
+#: sssd-ldap.5.xml:1837
msgid "Default: ldap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1825
+#: sssd-ldap.5.xml:1843
msgid "ldap_chpass_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1828
+#: sssd-ldap.5.xml:1846
msgid ""
"Specifies the service name to use to find an LDAP server which allows "
"password changes when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1833
+#: sssd-ldap.5.xml:1851
msgid "Default: not set, i.e. service discovery is disabled"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1839
+#: sssd-ldap.5.xml:1857
msgid "ldap_chpass_update_last_change (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1842
+#: sssd-ldap.5.xml:1860
msgid ""
"Specifies whether to update the ldap_user_shadow_last_change attribute with "
"days since the Epoch after a password change operation."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1854
+#: sssd-ldap.5.xml:1872
msgid "ldap_access_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1857
+#: sssd-ldap.5.xml:1875
msgid ""
"If using access_provider = ldap and ldap_access_order = filter (default), "
"this option is mandatory. It specifies an LDAP search filter criteria that "
@@ -4814,12 +5068,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1877
+#: sssd-ldap.5.xml:1895
msgid "Example:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1880
+#: sssd-ldap.5.xml:1898
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -4828,14 +5082,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1884
+#: sssd-ldap.5.xml:1902
msgid ""
"This example means that access to this host is restricted to users whose "
"employeeType attribute is set to \"admin\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1889
+#: sssd-ldap.5.xml:1907
msgid ""
"Offline caching for this feature is limited to determining whether the "
"user's last online login was granted access permission. If they were granted "
@@ -4844,24 +5098,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1897 sssd-ldap.5.xml:1954
+#: sssd-ldap.5.xml:1915 sssd-ldap.5.xml:1972
msgid "Default: Empty"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1903
+#: sssd-ldap.5.xml:1921
msgid "ldap_account_expire_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1906
+#: sssd-ldap.5.xml:1924
msgid ""
"With this option a client side evaluation of access control attributes can "
"be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1910
+#: sssd-ldap.5.xml:1928
msgid ""
"Please note that it is always recommended to use server side access control, "
"i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -4869,19 +5123,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1917
+#: sssd-ldap.5.xml:1935
msgid "The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1920
+#: sssd-ldap.5.xml:1938
msgid ""
"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
"determine if the account is expired."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1925
+#: sssd-ldap.5.xml:1943
msgid ""
"<emphasis>ad</emphasis>: use the value of the 32bit field "
"ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -4890,7 +5144,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1932
+#: sssd-ldap.5.xml:1950
msgid ""
"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
"emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -4898,7 +5152,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1938
+#: sssd-ldap.5.xml:1956
msgid ""
"<emphasis>nds</emphasis>: the values of "
"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -4907,7 +5161,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1947
+#: sssd-ldap.5.xml:1965
msgid ""
"Please note that the ldap_access_order configuration option <emphasis>must</"
"emphasis> include <quote>expire</quote> in order for the "
@@ -4915,22 +5169,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1960
+#: sssd-ldap.5.xml:1978
msgid "ldap_access_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1963
+#: sssd-ldap.5.xml:1981
msgid "Comma separated list of access control options. Allowed values are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1967
+#: sssd-ldap.5.xml:1985
msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1970
+#: sssd-ldap.5.xml:1988
msgid ""
"<emphasis>lockout</emphasis>: use account locking. If set, this option "
"denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -4940,14 +5194,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1980
+#: sssd-ldap.5.xml:1998
msgid ""
"<emphasis> Please note that this option is superseded by the <quote>ppolicy</"
"quote> option and might be removed in a future release. </emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1987
+#: sssd-ldap.5.xml:2005
msgid ""
"<emphasis>ppolicy</emphasis>: use account locking. If set, this option "
"denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -4960,12 +5214,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2004
+#: sssd-ldap.5.xml:2022
msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2008
+#: sssd-ldap.5.xml:2026
msgid ""
"<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, "
"pwd_expire_policy_renew: </emphasis> These options are useful if users are "
@@ -4975,7 +5229,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2018
+#: sssd-ldap.5.xml:2036
msgid ""
"The difference between these options is the action taken if user password is "
"expired: pwd_expire_policy_reject - user is denied to log in, "
@@ -4985,49 +5239,49 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2026
+#: sssd-ldap.5.xml:2044
msgid ""
"Note If user password is expired no explicit message is prompted by SSSD."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2030
+#: sssd-ldap.5.xml:2048
msgid ""
"Please note that 'access_provider = ldap' must be set for this feature to "
"work. Also 'ldap_pwd_policy' must be set to an appropriate password policy."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2035
+#: sssd-ldap.5.xml:2053
msgid ""
"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
"to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2040
+#: sssd-ldap.5.xml:2058
msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2044
+#: sssd-ldap.5.xml:2062
msgid "Default: filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2047
+#: sssd-ldap.5.xml:2065
msgid ""
"Please note that it is a configuration error if a value is used more than "
"once."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2054
+#: sssd-ldap.5.xml:2072
msgid "ldap_pwdlockout_dn (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2057
+#: sssd-ldap.5.xml:2075
msgid ""
"This option specifies the DN of password policy entry on LDAP server. Please "
"note that absence of this option in sssd.conf in case of enabled account "
@@ -5036,74 +5290,74 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2065
+#: sssd-ldap.5.xml:2083
msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2068
+#: sssd-ldap.5.xml:2086
msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2074
+#: sssd-ldap.5.xml:2092
msgid "ldap_deref (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2077
+#: sssd-ldap.5.xml:2095
msgid ""
"Specifies how alias dereferencing is done when performing a search. The "
"following options are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2082
+#: sssd-ldap.5.xml:2100
msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2086
+#: sssd-ldap.5.xml:2104
msgid ""
"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
"the base object, but not in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2091
+#: sssd-ldap.5.xml:2109
msgid ""
"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
"the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2096
+#: sssd-ldap.5.xml:2114
msgid ""
"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
"in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2101
+#: sssd-ldap.5.xml:2119
msgid ""
"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
"client libraries)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2109
+#: sssd-ldap.5.xml:2127
msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2112
+#: sssd-ldap.5.xml:2130
msgid ""
"Allows to retain local users as members of an LDAP group for servers that "
"use the RFC2307 schema."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2116
+#: sssd-ldap.5.xml:2134
msgid ""
"In some environments where the RFC2307 schema is used, local users are made "
"members of LDAP groups by adding their names to the memberUid attribute. "
@@ -5114,7 +5368,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2127
+#: sssd-ldap.5.xml:2145
msgid ""
"This option falls back to checking if local users are referenced, and caches "
"them so that later initgroups() calls will augment the local users with the "
@@ -5122,24 +5376,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2139 sssd-ifp.5.xml:136
+#: sssd-ldap.5.xml:2157 sssd-ifp.5.xml:136
msgid "wildcart_limit (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2142
+#: sssd-ldap.5.xml:2160
msgid ""
"Specifies an upper limit on the number of entries that are downloaded during "
"a wildcard lookup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2146
+#: sssd-ldap.5.xml:2164
msgid "At the moment, only the InfoPipe responder supports wildcard lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2150
+#: sssd-ldap.5.xml:2168
msgid "Default: 1000 (often the size of one page)"
msgstr ""
@@ -5154,12 +5408,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2160
+#: sssd-ldap.5.xml:2178
msgid "SUDO OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2162
+#: sssd-ldap.5.xml:2180
msgid ""
"The detailed instructions for configuration of sudo_provider are in the "
"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -5167,208 +5421,208 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2173
+#: sssd-ldap.5.xml:2191
msgid "ldap_sudorule_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2176
+#: sssd-ldap.5.xml:2194
msgid "The object class of a sudo rule entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2179
+#: sssd-ldap.5.xml:2197
msgid "Default: sudoRole"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2185
+#: sssd-ldap.5.xml:2203
msgid "ldap_sudorule_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2188
+#: sssd-ldap.5.xml:2206
msgid "The LDAP attribute that corresponds to the sudo rule name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2198
+#: sssd-ldap.5.xml:2216
msgid "ldap_sudorule_command (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2201
+#: sssd-ldap.5.xml:2219
msgid "The LDAP attribute that corresponds to the command name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2205
+#: sssd-ldap.5.xml:2223
msgid "Default: sudoCommand"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2211
+#: sssd-ldap.5.xml:2229
msgid "ldap_sudorule_host (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2214
+#: sssd-ldap.5.xml:2232
msgid ""
"The LDAP attribute that corresponds to the host name (or host IP address, "
"host IP network, or host netgroup)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2219
+#: sssd-ldap.5.xml:2237
msgid "Default: sudoHost"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2225
+#: sssd-ldap.5.xml:2243
msgid "ldap_sudorule_user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2228
+#: sssd-ldap.5.xml:2246
msgid ""
"The LDAP attribute that corresponds to the user name (or UID, group name or "
"user's netgroup)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2232
+#: sssd-ldap.5.xml:2250
msgid "Default: sudoUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2238
+#: sssd-ldap.5.xml:2256
msgid "ldap_sudorule_option (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2241
+#: sssd-ldap.5.xml:2259
msgid "The LDAP attribute that corresponds to the sudo options."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2245
+#: sssd-ldap.5.xml:2263
msgid "Default: sudoOption"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2251
+#: sssd-ldap.5.xml:2269
msgid "ldap_sudorule_runasuser (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2254
+#: sssd-ldap.5.xml:2272
msgid ""
"The LDAP attribute that corresponds to the user name that commands may be "
"run as."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2258
+#: sssd-ldap.5.xml:2276
msgid "Default: sudoRunAsUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2264
+#: sssd-ldap.5.xml:2282
msgid "ldap_sudorule_runasgroup (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2267
+#: sssd-ldap.5.xml:2285
msgid ""
"The LDAP attribute that corresponds to the group name or group GID that "
"commands may be run as."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2271
+#: sssd-ldap.5.xml:2289
msgid "Default: sudoRunAsGroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2277
+#: sssd-ldap.5.xml:2295
msgid "ldap_sudorule_notbefore (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2280
+#: sssd-ldap.5.xml:2298
msgid ""
"The LDAP attribute that corresponds to the start date/time for when the sudo "
"rule is valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2284
+#: sssd-ldap.5.xml:2302
msgid "Default: sudoNotBefore"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2290
+#: sssd-ldap.5.xml:2308
msgid "ldap_sudorule_notafter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2293
+#: sssd-ldap.5.xml:2311
msgid ""
"The LDAP attribute that corresponds to the expiration date/time, after which "
"the sudo rule will no longer be valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2298
+#: sssd-ldap.5.xml:2316
msgid "Default: sudoNotAfter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2304
+#: sssd-ldap.5.xml:2322
msgid "ldap_sudorule_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2307
+#: sssd-ldap.5.xml:2325
msgid "The LDAP attribute that corresponds to the ordering index of the rule."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2311
+#: sssd-ldap.5.xml:2329
msgid "Default: sudoOrder"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2317
+#: sssd-ldap.5.xml:2335
msgid "ldap_sudo_full_refresh_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2320
+#: sssd-ldap.5.xml:2338
msgid ""
"How many seconds SSSD will wait between executing a full refresh of sudo "
"rules (which downloads all rules that are stored on the server)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2325
+#: sssd-ldap.5.xml:2343
msgid ""
"The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
"emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2330
+#: sssd-ldap.5.xml:2348
msgid "Default: 21600 (6 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2336
+#: sssd-ldap.5.xml:2354
msgid "ldap_sudo_smart_refresh_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2339
+#: sssd-ldap.5.xml:2357
msgid ""
"How many seconds SSSD has to wait before executing a smart refresh of sudo "
"rules (which downloads all rules that have USN higher than the highest USN "
@@ -5376,101 +5630,101 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2345
+#: sssd-ldap.5.xml:2363
msgid ""
"If USN attributes are not supported by the server, the modifyTimestamp "
"attribute is used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2355
+#: sssd-ldap.5.xml:2373
msgid "ldap_sudo_use_host_filter (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2358
+#: sssd-ldap.5.xml:2376
msgid ""
"If true, SSSD will download only rules that are applicable to this machine "
"(using the IPv4 or IPv6 host/network addresses and hostnames)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2369
+#: sssd-ldap.5.xml:2387
msgid "ldap_sudo_hostnames (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2372
+#: sssd-ldap.5.xml:2390
msgid ""
"Space separated list of hostnames or fully qualified domain names that "
"should be used to filter the rules."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2377
+#: sssd-ldap.5.xml:2395
msgid ""
"If this option is empty, SSSD will try to discover the hostname and the "
"fully qualified domain name automatically."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2382 sssd-ldap.5.xml:2405 sssd-ldap.5.xml:2423
-#: sssd-ldap.5.xml:2441
+#: sssd-ldap.5.xml:2400 sssd-ldap.5.xml:2423 sssd-ldap.5.xml:2441
+#: sssd-ldap.5.xml:2459
msgid ""
"If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
"emphasis> then this option has no effect."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2387 sssd-ldap.5.xml:2410
+#: sssd-ldap.5.xml:2405 sssd-ldap.5.xml:2428
msgid "Default: not specified"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2393
+#: sssd-ldap.5.xml:2411
msgid "ldap_sudo_ip (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2396
+#: sssd-ldap.5.xml:2414
msgid ""
"Space separated list of IPv4 or IPv6 host/network addresses that should be "
"used to filter the rules."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2401
+#: sssd-ldap.5.xml:2419
msgid ""
"If this option is empty, SSSD will try to discover the addresses "
"automatically."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2416
+#: sssd-ldap.5.xml:2434
msgid "ldap_sudo_include_netgroups (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2419
+#: sssd-ldap.5.xml:2437
msgid ""
"If true then SSSD will download every rule that contains a netgroup in "
"sudoHost attribute."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2434
+#: sssd-ldap.5.xml:2452
msgid "ldap_sudo_include_regexp (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2437
+#: sssd-ldap.5.xml:2455
msgid ""
"If true then SSSD will download every rule that contains a wildcard in "
"sudoHost attribute."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2453
+#: sssd-ldap.5.xml:2471
msgid ""
"This manual page only describes attribute name mapping. For detailed "
"explanation of sudo related attribute semantics, see <citerefentry> "
@@ -5479,110 +5733,110 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2463
+#: sssd-ldap.5.xml:2481
msgid "AUTOFS OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2465
+#: sssd-ldap.5.xml:2483
msgid ""
"Some of the defaults for the parameters below are dependent on the LDAP "
"schema."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2471
+#: sssd-ldap.5.xml:2489
msgid "ldap_autofs_map_master_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2474
+#: sssd-ldap.5.xml:2492
msgid "The name of the automount master map in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2477
+#: sssd-ldap.5.xml:2495
msgid "Default: auto.master"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2484
+#: sssd-ldap.5.xml:2502
msgid "ldap_autofs_map_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2487
+#: sssd-ldap.5.xml:2505
msgid "The object class of an automount map entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2490
+#: sssd-ldap.5.xml:2508
msgid "Default: automountMap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2497
+#: sssd-ldap.5.xml:2515
msgid "ldap_autofs_map_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2500
+#: sssd-ldap.5.xml:2518
msgid "The name of an automount map entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2503
+#: sssd-ldap.5.xml:2521
msgid "Default: ou (rfc2307), automountMapName (rfc2307bis, ipa, ad)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2511
+#: sssd-ldap.5.xml:2529
msgid "ldap_autofs_entry_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2514
+#: sssd-ldap.5.xml:2532
msgid ""
"The object class of an automount entry in LDAP. The entry usually "
"corresponds to a mount point."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2519
+#: sssd-ldap.5.xml:2537
#, fuzzy
#| msgid "Default: root"
msgid "Default: automount"
msgstr "По умолчанию: root"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2526
+#: sssd-ldap.5.xml:2544
msgid "ldap_autofs_entry_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2529 sssd-ldap.5.xml:2544
+#: sssd-ldap.5.xml:2547 sssd-ldap.5.xml:2562
msgid ""
"The key of an automount entry in LDAP. The entry usually corresponds to a "
"mount point."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2533
+#: sssd-ldap.5.xml:2551
msgid "Default: cn (rfc2307), automountKey (rfc2307bis, ipa, ad)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2541
+#: sssd-ldap.5.xml:2559
msgid "ldap_autofs_entry_value (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2548
+#: sssd-ldap.5.xml:2566
msgid "Default: automountInformation"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2469
+#: sssd-ldap.5.xml:2487
msgid ""
"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
@@ -5591,32 +5845,32 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2558
+#: sssd-ldap.5.xml:2576
msgid "ADVANCED OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2565
+#: sssd-ldap.5.xml:2583
msgid "ldap_netgroup_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2570
+#: sssd-ldap.5.xml:2588
msgid "ldap_user_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2575
+#: sssd-ldap.5.xml:2593
msgid "ldap_group_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><note>
-#: sssd-ldap.5.xml:2580
+#: sssd-ldap.5.xml:2598
msgid "<note>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para>
-#: sssd-ldap.5.xml:2582
+#: sssd-ldap.5.xml:2600
msgid ""
"If the option <quote>ldap_use_tokengroups</quote> is enabled. The searches "
"against Active Directory will not be restricted and return all groups "
@@ -5625,22 +5879,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist>
-#: sssd-ldap.5.xml:2589
+#: sssd-ldap.5.xml:2607
msgid "</note>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2591
+#: sssd-ldap.5.xml:2609
msgid "ldap_sudo_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2596
+#: sssd-ldap.5.xml:2614
msgid "ldap_autofs_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2560
+#: sssd-ldap.5.xml:2578
msgid ""
"These options are supported by LDAP domains, but they should be used with "
"caution. Please include them in your configuration only if you know what you "
@@ -5649,7 +5903,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2613
+#: sssd-ldap.5.xml:2631
msgid ""
"The following example assumes that SSSD is correctly configured and LDAP is "
"set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -5657,7 +5911,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2619
+#: sssd-ldap.5.xml:2637
#, no-wrap
msgid ""
"[domain/LDAP]\n"
@@ -5670,26 +5924,26 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: sssd-ldap.5.xml:2618 sssd-ldap.5.xml:2636 sssd-simple.5.xml:139
-#: sssd-ipa.5.xml:725 sssd-ad.5.xml:897 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98
+#: sssd-ldap.5.xml:2636 sssd-ldap.5.xml:2654 sssd-simple.5.xml:139
+#: sssd-ipa.5.xml:725 sssd-ad.5.xml:973 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98
#: sssd-krb5.5.xml:573 include/ldap_id_mapping.xml:105
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2630
+#: sssd-ldap.5.xml:2648
msgid "LDAP ACCESS FILTER EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2632
+#: sssd-ldap.5.xml:2650
msgid ""
"The following example assumes that SSSD is correctly configured and to use "
"the ldap_access_order=lockout."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2637
+#: sssd-ldap.5.xml:2655
#, no-wrap
msgid ""
"[domain/LDAP]\n"
@@ -5705,13 +5959,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2652 sssd_krb5_locator_plugin.8.xml:61
-#: sssd-simple.5.xml:148 sssd-ad.5.xml:912 sssd.8.xml:195 sss_seed.8.xml:163
+#: sssd-ldap.5.xml:2670 sssd_krb5_locator_plugin.8.xml:61
+#: sssd-simple.5.xml:148 sssd-ad.5.xml:988 sssd.8.xml:195 sss_seed.8.xml:163
msgid "NOTES"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2654
+#: sssd-ldap.5.xml:2672
msgid ""
"The descriptions of some of the configuration options in this manual page "
"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -5746,11 +6000,12 @@ msgid ""
"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </"
"arg> <arg choice='opt'> <replaceable>ignore_unknown_user</replaceable> </"
"arg> <arg choice='opt'> <replaceable>ignore_authinfo_unavail</replaceable> </"
-"arg> <arg choice='opt'> <replaceable>domains=X</replaceable> </arg>"
+"arg> <arg choice='opt'> <replaceable>domains=X</replaceable> </arg> <arg "
+"choice='opt'> <replaceable>allow_missing_name</replaceable> </arg>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:54
+#: pam_sss.8.xml:57
msgid ""
"<command>pam_sss.so</command> is the PAM interface to the System Security "
"Services daemon (SSSD). Errors and results are logged through "
@@ -5758,34 +6013,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:64
+#: pam_sss.8.xml:67
msgid "<option>quiet</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:67
+#: pam_sss.8.xml:70
msgid "Suppress log messages for unknown users."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:72
+#: pam_sss.8.xml:75
msgid "<option>forward_pass</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:75
+#: pam_sss.8.xml:78
msgid ""
"If <option>forward_pass</option> is set the entered password is put on the "
"stack for other PAM modules to use."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:82
+#: pam_sss.8.xml:85
msgid "<option>use_first_pass</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:85
+#: pam_sss.8.xml:88
msgid ""
"The argument use_first_pass forces the module to use a previous stacked "
"modules password and will never prompt the user - if no password is "
@@ -5793,31 +6048,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:93
+#: pam_sss.8.xml:96
msgid "<option>use_authtok</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:96
+#: pam_sss.8.xml:99
msgid ""
"When password changing enforce the module to set the new password to the one "
"provided by a previously stacked password module."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:103
+#: pam_sss.8.xml:106
msgid "<option>retry=N</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:106
+#: pam_sss.8.xml:109
msgid ""
"If specified the user is asked another N times for a password if "
"authentication fails. Default is 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:108
+#: pam_sss.8.xml:111
msgid ""
"Please note that this option might not work as expected if the application "
"calling PAM handles the user dialog on its own. A typical example is "
@@ -5825,36 +6080,36 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:117
+#: pam_sss.8.xml:120
msgid "<option>ignore_unknown_user</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:120
+#: pam_sss.8.xml:123
msgid ""
"If this option is specified and the user does not exist, the PAM module will "
"return PAM_IGNORE. This causes the PAM framework to ignore this module."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:127
+#: pam_sss.8.xml:130
msgid "<option>ignore_authinfo_unavail</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:131
+#: pam_sss.8.xml:134
msgid ""
"Specifies that the PAM module should return PAM_IGNORE if it cannot contact "
"the SSSD daemon. This causes the PAM framework to ignore this module."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:138
+#: pam_sss.8.xml:141
msgid "<option>domains</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:142
+#: pam_sss.8.xml:145
msgid ""
"Allows the administrator to restrict the domains a particular PAM service is "
"allowed to authenticate against. The format is a comma-separated list of "
@@ -5862,7 +6117,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:148
+#: pam_sss.8.xml:151
msgid ""
"NOTE: Must be used in conjunction with the <quote>pam_trusted_users</quote> "
"and <quote>pam_public_domains</quote> options. Please see the "
@@ -5871,25 +6126,56 @@ msgid ""
"responder options."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:165
+msgid "<option>allow_missing_name</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:169
+msgid ""
+"The main purpose of this option is to let SSSD determine the user name based "
+"on additional information, e.g. the certificate from a Smartcard."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
+#: pam_sss.8.xml:179
+#, no-wrap
+msgid ""
+" auth sufficient pam_sss.so allow_missing_name\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:174
+msgid ""
+"The current use case are login managers which can monitor a Smartcard reader "
+"for card events. In case a Smartcard is inserted the login manager will call "
+"a PAM stack which includes a line like <placeholder type=\"programlisting\" "
+"id=\"0\"/> In this case SSSD will try to determine the user name based on "
+"the content of the Smartcard, returns it to pam_sss which will finally put "
+"it on the PAM stack."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:164
+#: pam_sss.8.xml:191
msgid "MODULE TYPES PROVIDED"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:165
+#: pam_sss.8.xml:192
msgid ""
"All module types (<option>account</option>, <option>auth</option>, "
"<option>password</option> and <option>session</option>) are provided."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:171
+#: pam_sss.8.xml:198
msgid "FILES"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:172
+#: pam_sss.8.xml:199
msgid ""
"If a password reset by root fails, because the corresponding SSSD provider "
"does not support password resets, an individual message can be displayed. "
@@ -5897,7 +6183,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:177
+#: pam_sss.8.xml:204
msgid ""
"The message is read from the file <filename>pam_sss_pw_reset_message.LOC</"
"filename> where LOC stands for a locale string returned by <citerefentry> "
@@ -5909,7 +6195,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:187
+#: pam_sss.8.xml:214
msgid ""
"These files are searched in the directory <filename>/etc/sssd/customize/"
"DOMAIN_NAME/</filename>. If no matching file is present a generic message is "
@@ -6068,7 +6354,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:89
+#: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:90
msgid ""
"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -6216,7 +6502,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:116 sssd-ad.5.xml:714
+#: sssd-ipa.5.xml:116 sssd-ad.5.xml:790
msgid "dyndns_update (boolean)"
msgstr ""
@@ -6224,14 +6510,14 @@ msgstr ""
#: sssd-ipa.5.xml:119
msgid ""
"Optional. This option tells SSSD to automatically update the DNS server "
-"built into FreeIPA v2 with the IP address of this client. The update is "
-"secured using GSS-TSIG. The IP address of the IPA LDAP connection is used "
-"for the updates, if it is not otherwise specified by using the "
-"<quote>dyndns_iface</quote> option."
+"built into FreeIPA with the IP address of this client. The update is secured "
+"using GSS-TSIG. The IP address of the IPA LDAP connection is used for the "
+"updates, if it is not otherwise specified by using the <quote>dyndns_iface</"
+"quote> option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:128 sssd-ad.5.xml:728
+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:804
msgid ""
"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
"the default Kerberos realm must be set properly in /etc/krb5.conf"
@@ -6246,12 +6532,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:145 sssd-ad.5.xml:739
+#: sssd-ipa.5.xml:145 sssd-ad.5.xml:815
msgid "dyndns_ttl (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:148 sssd-ad.5.xml:742
+#: sssd-ipa.5.xml:148 sssd-ad.5.xml:818
msgid ""
"The TTL to apply to the client DNS record when updating it. If "
"dyndns_update is false this has no effect. This will override the TTL "
@@ -6272,12 +6558,12 @@ msgid "Default: 1200 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:165 sssd-ad.5.xml:753
+#: sssd-ipa.5.xml:165 sssd-ad.5.xml:829
msgid "dyndns_iface (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168 sssd-ad.5.xml:756
+#: sssd-ipa.5.xml:168 sssd-ad.5.xml:832
msgid ""
"Optional. Applicable only when dyndns_update is true. Choose the interface "
"or a list of interfaces whose IP addresses should be used for dynamic DNS "
@@ -6301,7 +6587,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:185 sssd-ad.5.xml:767
+#: sssd-ipa.5.xml:185 sssd-ad.5.xml:843
msgid "Example: dyndns_iface = em1, vnet1, vnet2"
msgstr ""
@@ -6311,7 +6597,7 @@ msgid "ipa_enable_dns_sites (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:194 sssd-ad.5.xml:152
+#: sssd-ipa.5.xml:194 sssd-ad.5.xml:160
msgid "Enables DNS sites - location based service discovery."
msgstr ""
@@ -6328,12 +6614,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:217 sssd-ad.5.xml:773
+#: sssd-ipa.5.xml:217 sssd-ad.5.xml:849
msgid "dyndns_refresh_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:220 sssd-ad.5.xml:776
+#: sssd-ipa.5.xml:220 sssd-ad.5.xml:852
msgid ""
"How often should the back end perform periodic DNS update in addition to the "
"automatic update performed when the back end goes online. This option is "
@@ -6341,12 +6627,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:233 sssd-ad.5.xml:789
+#: sssd-ipa.5.xml:233 sssd-ad.5.xml:865
msgid "dyndns_update_ptr (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:236 sssd-ad.5.xml:792
+#: sssd-ipa.5.xml:236 sssd-ad.5.xml:868
msgid ""
"Whether the PTR record should also be explicitly updated when updating the "
"client's DNS records. Applicable only when dyndns_update is true."
@@ -6365,50 +6651,50 @@ msgid "Default: False (disabled)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:253 sssd-ad.5.xml:803
+#: sssd-ipa.5.xml:253 sssd-ad.5.xml:879
msgid "dyndns_force_tcp (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:256 sssd-ad.5.xml:806
+#: sssd-ipa.5.xml:256 sssd-ad.5.xml:882
msgid ""
"Whether the nsupdate utility should default to using TCP for communicating "
"with the DNS server."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:260 sssd-ad.5.xml:810
+#: sssd-ipa.5.xml:260 sssd-ad.5.xml:886
msgid "Default: False (let nsupdate choose the protocol)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:266 sssd-ad.5.xml:816
+#: sssd-ipa.5.xml:266 sssd-ad.5.xml:892
msgid "dyndns_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:269 sssd-ad.5.xml:819
+#: sssd-ipa.5.xml:269 sssd-ad.5.xml:895
msgid ""
"The DNS server to use when performing a DNS update. In most setups, it's "
"recommended to leave this option unset."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:274 sssd-ad.5.xml:824
+#: sssd-ipa.5.xml:274 sssd-ad.5.xml:900
msgid ""
"Setting this option makes sense for environments where the DNS server is "
"different from the identity server."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:279 sssd-ad.5.xml:829
+#: sssd-ipa.5.xml:279 sssd-ad.5.xml:905
msgid ""
"Please note that this option will be only used in fallback attempt when "
"previous attempt using autodetected settings failed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:284 sssd-ad.5.xml:834
+#: sssd-ipa.5.xml:284 sssd-ad.5.xml:910
msgid "Default: None (let nsupdate choose the server)"
msgstr ""
@@ -6518,7 +6804,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:408 sssd-ad.5.xml:855
+#: sssd-ipa.5.xml:408 sssd-ad.5.xml:931
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
@@ -6592,26 +6878,26 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:480 sssd-ad.5.xml:862
+#: sssd-ipa.5.xml:480 sssd-ad.5.xml:938
msgid "krb5_confd_path (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:483 sssd-ad.5.xml:865
+#: sssd-ipa.5.xml:483 sssd-ad.5.xml:941
msgid ""
"Absolute path of a directory where SSSD should place Kerberos configuration "
"snippets."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:487 sssd-ad.5.xml:869
+#: sssd-ipa.5.xml:487 sssd-ad.5.xml:945
msgid ""
"To disable the creation of the configuration snippets set the parameter to "
"'none'."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:491 sssd-ad.5.xml:873
+#: sssd-ipa.5.xml:491 sssd-ad.5.xml:949
msgid ""
"Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
msgstr ""
@@ -6630,7 +6916,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:508 sssd-ipa.5.xml:524 sssd-ad.5.xml:347
+#: sssd-ipa.5.xml:508 sssd-ipa.5.xml:524 sssd-ad.5.xml:355
msgid "Default: 5 (seconds)"
msgstr ""
@@ -6928,13 +7214,14 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ad.5.xml:45
msgid ""
-"The AD provider is able to provide identity information and authentication "
-"for entities from trusted domains as well. Currently only trusted domains in "
-"the same forest are recognized."
+"The AD provider can be used to get user information and authenticate users "
+"from trusted domains. Currently only trusted domains in the same forest are "
+"recognized. In addition servers from trusted domains are always auto-"
+"discovered."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:50
+#: sssd-ad.5.xml:51
msgid ""
"The AD provider accepts the same options used by the <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -6944,15 +7231,15 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:62
+#: sssd-ad.5.xml:63
msgid ""
"However, it is neither necessary nor recommended to set these options. The "
-"AD provider can also be used as an access, chpass and sudo provider. No "
-"configuration of the access provider is required on the client side."
+"AD provider can also be used as an access, chpass, sudo and autofs provider. "
+"No configuration of the access provider is required on the client side."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:74
+#: sssd-ad.5.xml:75
#, no-wrap
msgid ""
"ldap_id_mapping = False\n"
@@ -6960,7 +7247,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:68
+#: sssd-ad.5.xml:69
msgid ""
"By default, the AD provider will map UID and GID values from the objectSID "
"parameter in Active Directory. For details on this, see the <quote>ID "
@@ -6973,7 +7260,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:81
+#: sssd-ad.5.xml:82
msgid ""
"Users, groups and other entities served by SSSD are always treated as case-"
"insensitive in the AD provider for compatibility with Active Directory's "
@@ -6981,53 +7268,65 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:96
+#: sssd-ad.5.xml:97
msgid "ad_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:99
+#: sssd-ad.5.xml:100
msgid ""
"Specifies the name of the Active Directory domain. This is optional. If not "
"provided, the configuration domain name is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:104
+#: sssd-ad.5.xml:105
msgid ""
"For proper operation, this option should be specified as the lower-case "
"version of the long version of the Active Directory domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:109
+#: sssd-ad.5.xml:110
msgid ""
"The short domain name (also known as the NetBIOS or the flat name) is "
"autodetected by the SSSD."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:116
+#: sssd-ad.5.xml:117
msgid "ad_server, ad_backup_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:119
+#: sssd-ad.5.xml:120
msgid ""
"The comma-separated list of hostnames of the AD servers to which SSSD should "
"connect in order of preference. For more information on failover and server "
-"redundancy, see the <quote>FAILOVER</quote> section. This is optional if "
-"autodiscovery is enabled. For more information on service discovery, refer "
-"to the <quote>SERVICE DISCOVERY</quote> section."
+"redundancy, see the <quote>FAILOVER</quote> section."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:127
+msgid ""
+"This is optional if autodiscovery is enabled. For more information on "
+"service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ad.5.xml:132
+msgid ""
+"Note: Trusted domains will always auto-discover servers even if the primary "
+"server is explicitly defined in the ad_server option."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:140
msgid "ad_hostname (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:135
+#: sssd-ad.5.xml:143
msgid ""
"Optional. May be set on machines where the hostname(5) does not reflect the "
"fully qualified name used in the Active Directory domain to identify this "
@@ -7035,19 +7334,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:141
+#: sssd-ad.5.xml:149
msgid ""
"This field is used to determine the host principal in use in the keytab. It "
"must match the hostname for which the keytab was issued."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:149
+#: sssd-ad.5.xml:157
msgid "ad_enable_dns_sites (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:156
+#: sssd-ad.5.xml:164
msgid ""
"If true and service discovery (see Service Discovery paragraph at the bottom "
"of the man page) is enabled, the SSSD will first attempt to discover the "
@@ -7058,12 +7357,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:172
+#: sssd-ad.5.xml:180
msgid "ad_access_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:175
+#: sssd-ad.5.xml:183
msgid ""
"This option specifies LDAP access control filter that the user must match in "
"order to be allowed access. Please note that the <quote>access_provider</"
@@ -7072,7 +7371,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:183
+#: sssd-ad.5.xml:191
msgid ""
"The option also supports specifying different filters per domain or forest. "
"This extended filter would consist of: <quote>KEYWORD:NAME:FILTER</quote>. "
@@ -7081,7 +7380,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:191
+#: sssd-ad.5.xml:199
msgid ""
"If the keyword equals to <quote>DOM</quote> or is missing, then <quote>NAME</"
"quote> specifies the domain or subdomain the filter applies to. If the "
@@ -7090,14 +7389,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:199
+#: sssd-ad.5.xml:207
msgid ""
"Multiple filters can be separated with the <quote>?</quote> character, "
"similarly to how search bases work."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:204
+#: sssd-ad.5.xml:212
msgid ""
"The most specific match is always used. For example, if the option specified "
"filter for a domain the user is a member of and a global filter, the per-"
@@ -7106,7 +7405,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ad.5.xml:215
+#: sssd-ad.5.xml:223
#, no-wrap
msgid ""
"# apply filter on domain called dom1 only:\n"
@@ -7121,29 +7420,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:225 sssd-ad.5.xml:239
+#: sssd-ad.5.xml:233 sssd-ad.5.xml:247
msgid "Default: Not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:231
+#: sssd-ad.5.xml:239
msgid "ad_site (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:234
+#: sssd-ad.5.xml:242
msgid ""
"Specify AD site to which client should try to connect. If this option is "
"not provided, the AD site will be auto-discovered."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:245
+#: sssd-ad.5.xml:253
msgid "ad_enable_gc (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:248
+#: sssd-ad.5.xml:256
msgid ""
"By default, the SSSD connects to the Global Catalog first to retrieve users "
"from trusted domains and uses the LDAP port to retrieve group memberships or "
@@ -7152,7 +7451,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:256
+#: sssd-ad.5.xml:264
msgid ""
"Please note that disabling Global Catalog support does not disable "
"retrieving users from trusted domains. The SSSD would connect to the LDAP "
@@ -7161,12 +7460,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:270
+#: sssd-ad.5.xml:278
msgid "ad_gpo_access_control (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:273
+#: sssd-ad.5.xml:281
msgid ""
"This option specifies the operation mode for GPO-based access control "
"functionality: whether it operates in disabled mode, enforcing mode, or "
@@ -7176,14 +7475,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:282
+#: sssd-ad.5.xml:290
msgid ""
"GPO-based access control functionality uses GPO policy settings to determine "
"whether or not a particular user is allowed to logon to a particular host."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:288
+#: sssd-ad.5.xml:296
msgid ""
"NOTE: If the operation mode is set to enforcing, it is possible that users "
"that were previously allowed logon access will now be denied logon access "
@@ -7196,23 +7495,23 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:301
+#: sssd-ad.5.xml:309
msgid "There are three supported values for this option:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:305
+#: sssd-ad.5.xml:313
msgid ""
"disabled: GPO-based access control rules are neither evaluated nor enforced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:311
+#: sssd-ad.5.xml:319
msgid "enforcing: GPO-based access control rules are evaluated and enforced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:317
+#: sssd-ad.5.xml:325
msgid ""
"permissive: GPO-based access control rules are evaluated, but not enforced. "
"Instead, a syslog message will be emitted indicating that the user would "
@@ -7220,22 +7519,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:328
+#: sssd-ad.5.xml:336
msgid "Default: permissive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:331
+#: sssd-ad.5.xml:339
msgid "Default: enforcing"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:337
+#: sssd-ad.5.xml:345
msgid "ad_gpo_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:340
+#: sssd-ad.5.xml:348
msgid ""
"The amount of time between lookups of GPO policy files against the AD "
"server. This will reduce the latency and load on the AD server if there are "
@@ -7243,12 +7542,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:353
+#: sssd-ad.5.xml:361
msgid "ad_gpo_map_interactive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:356
+#: sssd-ad.5.xml:364
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the InteractiveLogonRight and "
@@ -7256,14 +7555,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:362
+#: sssd-ad.5.xml:370
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on locally\" and \"Deny log on locally\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:376
+#: sssd-ad.5.xml:384
#, no-wrap
msgid ""
"ad_gpo_map_interactive = +my_pam_service, -login\n"
@@ -7271,7 +7570,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:367
+#: sssd-ad.5.xml:375
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7283,53 +7582,78 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:380 sssd-ad.5.xml:451 sssd-ad.5.xml:492 sssd-ad.5.xml:537
-#: sssd-ad.5.xml:603
+#: sssd-ad.5.xml:388 sssd-ad.5.xml:484 sssd-ad.5.xml:530 sssd-ad.5.xml:575
+#: sssd-ad.5.xml:641
msgid "Default: the default set of PAM service names includes:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:384
+#: sssd-ad.5.xml:392
msgid "login"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:389
+#: sssd-ad.5.xml:397
msgid "su"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:394
+#: sssd-ad.5.xml:402
msgid "su-l"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:399
+#: sssd-ad.5.xml:407
msgid "gdm-fingerprint"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:404
+#: sssd-ad.5.xml:412
msgid "gdm-password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:409
+#: sssd-ad.5.xml:417
msgid "gdm-smartcard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:414
+#: sssd-ad.5.xml:422
msgid "kdm"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:427
+msgid "lightdm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:432
+msgid "lxdm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:437
+msgid "sddm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:442
+msgid "unity"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:447
+msgid "xdm"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:423
+#: sssd-ad.5.xml:456
msgid "ad_gpo_map_remote_interactive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:426
+#: sssd-ad.5.xml:459
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the RemoteInteractiveLogonRight and "
@@ -7337,7 +7661,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:432
+#: sssd-ad.5.xml:465
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on through Remote Desktop Services\" and \"Deny log on through Remote "
@@ -7345,7 +7669,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:447
+#: sssd-ad.5.xml:480
#, no-wrap
msgid ""
"ad_gpo_map_remote_interactive = +my_pam_service, -sshd\n"
@@ -7353,7 +7677,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:438
+#: sssd-ad.5.xml:471
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7365,17 +7689,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:455
+#: sssd-ad.5.xml:488
msgid "sshd"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:493
+msgid "cockpit"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:464
+#: sssd-ad.5.xml:502
msgid "ad_gpo_map_network (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:467
+#: sssd-ad.5.xml:505
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the NetworkLogonRight and "
@@ -7383,7 +7712,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:473
+#: sssd-ad.5.xml:511
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Access "
"this computer from the network\" and \"Deny access to this computer from the "
@@ -7391,7 +7720,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:488
+#: sssd-ad.5.xml:526
#, no-wrap
msgid ""
"ad_gpo_map_network = +my_pam_service, -ftp\n"
@@ -7399,7 +7728,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:479
+#: sssd-ad.5.xml:517
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7411,22 +7740,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:496
+#: sssd-ad.5.xml:534
msgid "ftp"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:501
+#: sssd-ad.5.xml:539
msgid "samba"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:510
+#: sssd-ad.5.xml:548
msgid "ad_gpo_map_batch (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:513
+#: sssd-ad.5.xml:551
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the BatchLogonRight and DenyBatchLogonRight "
@@ -7434,14 +7763,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:519
+#: sssd-ad.5.xml:557
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on as a batch job\" and \"Deny log on as a batch job\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:533
+#: sssd-ad.5.xml:571
#, no-wrap
msgid ""
"ad_gpo_map_batch = +my_pam_service, -crond\n"
@@ -7449,7 +7778,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:524
+#: sssd-ad.5.xml:562
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7461,17 +7790,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:541
+#: sssd-ad.5.xml:579
msgid "crond"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:550
+#: sssd-ad.5.xml:588
msgid "ad_gpo_map_service (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:553
+#: sssd-ad.5.xml:591
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the ServiceLogonRight and "
@@ -7479,14 +7808,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:559
+#: sssd-ad.5.xml:597
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on as a service\" and \"Deny log on as a service\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:572
+#: sssd-ad.5.xml:610
#, no-wrap
msgid ""
"ad_gpo_map_service = +my_pam_service\n"
@@ -7494,7 +7823,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:564 sssd-ad.5.xml:634
+#: sssd-ad.5.xml:602 sssd-ad.5.xml:677
msgid ""
"It is possible to add a PAM service name to the default set by using <quote>"
"+service_name</quote>. Since the default set is empty, it is not possible "
@@ -7505,19 +7834,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:582
+#: sssd-ad.5.xml:620
msgid "ad_gpo_map_permit (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:585
+#: sssd-ad.5.xml:623
msgid ""
"A comma-separated list of PAM service names for which GPO-based access is "
"always granted, regardless of any GPO Logon Rights."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:599
+#: sssd-ad.5.xml:637
#, no-wrap
msgid ""
"ad_gpo_map_permit = +my_pam_service, -sudo\n"
@@ -7525,7 +7854,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:590
+#: sssd-ad.5.xml:628
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7537,34 +7866,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:607
+#: sssd-ad.5.xml:645
+msgid "polkit-1"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:650
msgid "sudo"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:612
+#: sssd-ad.5.xml:655
msgid "sudo-i"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:617
+#: sssd-ad.5.xml:660
msgid "systemd-user"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:626
+#: sssd-ad.5.xml:669
msgid "ad_gpo_map_deny (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:629
+#: sssd-ad.5.xml:672
msgid ""
"A comma-separated list of PAM service names for which GPO-based access is "
"always denied, regardless of any GPO Logon Rights."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:642
+#: sssd-ad.5.xml:685
#, no-wrap
msgid ""
"ad_gpo_map_deny = +my_pam_service\n"
@@ -7572,12 +7906,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:652
+#: sssd-ad.5.xml:695
msgid "ad_gpo_default_right (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:655
+#: sssd-ad.5.xml:698
msgid ""
"This option defines how access control is evaluated for PAM service names "
"that are not explicitly listed in one of the ad_gpo_map_* options. This "
@@ -7590,52 +7924,92 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:668
+#: sssd-ad.5.xml:711
msgid "Supported values for this option include:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:672
+#: sssd-ad.5.xml:715
msgid "interactive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:677
+#: sssd-ad.5.xml:720
msgid "remote_interactive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:682
+#: sssd-ad.5.xml:725
msgid "network"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:687
+#: sssd-ad.5.xml:730
msgid "batch"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:692
+#: sssd-ad.5.xml:735
msgid "service"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:697
+#: sssd-ad.5.xml:740
msgid "permit"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:702
+#: sssd-ad.5.xml:745
msgid "deny"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:708
+#: sssd-ad.5.xml:751
msgid "Default: deny"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:757
+msgid "ad_maximum_machine_account_password_age (integer)"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:717
+#: sssd-ad.5.xml:760
+msgid ""
+"SSSD will check once a day if the machine account password is older than the "
+"given age in days and try to renew it. A value of 0 will disable the renewal "
+"attempt."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:766
+#, fuzzy
+#| msgid "Default: 3"
+msgid "Default: 30 days"
+msgstr "По умолчанию: 3"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:772
+msgid "ad_machine_account_password_renewal_opts (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:775
+msgid ""
+"This option should only be used to test the machine account renewal task. "
+"The option expect 2 integers seperated by a colon (':'). The first integer "
+"defines the interval in seconds how often the task is run. The second "
+"specifies the inital timeout in seconds before the task is run for the first "
+"time after startup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:784
+msgid "Default: 86400:750 (24h and 15m)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:793
msgid ""
"Optional. This option tells SSSD to automatically update the Active "
"Directory DNS server with the IP address of this client. The update is "
@@ -7646,36 +8020,36 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:747
+#: sssd-ad.5.xml:823
msgid "Default: 3600 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:763
+#: sssd-ad.5.xml:839
msgid ""
"Default: Use the IP addresses of the interface which is used for AD LDAP "
"connection"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:797 sss_rpcidmapd.5.xml:76
+#: sssd-ad.5.xml:873 sss_rpcidmapd.5.xml:76
msgid "Default: True"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:843 sssd-krb5.5.xml:505
+#: sssd-ad.5.xml:919 sssd-krb5.5.xml:505
msgid "krb5_use_enterprise_principal (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:846 sssd-krb5.5.xml:508
+#: sssd-ad.5.xml:922 sssd-krb5.5.xml:508
msgid ""
"Specifies if the user principal should be treated as enterprise principal. "
"See section 5 of RFC 6806 for more details about enterprise principals."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:891
+#: sssd-ad.5.xml:967
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -7683,7 +8057,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:898
+#: sssd-ad.5.xml:974
#, no-wrap
msgid ""
"[domain/EXAMPLE]\n"
@@ -7698,7 +8072,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:918
+#: sssd-ad.5.xml:994
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -7707,7 +8081,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:914
+#: sssd-ad.5.xml:990
msgid ""
"The AD access control provider checks if the account is expired. It has the "
"same effect as the following configuration of the LDAP provider: "
@@ -7715,7 +8089,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:924
+#: sssd-ad.5.xml:1000
msgid ""
"However, unless the <quote>ad</quote> access control provider is explicitly "
"configured, the default access provider is <quote>permit</quote>. Please "
@@ -7724,6 +8098,14 @@ msgid ""
"encryption details) manually."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ad.5.xml:1008
+msgid ""
+"When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema "
+"attribute mapping (nisMap, nisObject, ...) is used, because these attributes "
+"are included in the default Active Directory schema."
+msgstr ""
+
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16
msgid "sssd-sudo"
@@ -8182,7 +8564,7 @@ msgid "The password to obfuscate will be read from standard input."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:80
+#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:70
#: sss_ssh_knownhostsproxy.1.xml:78
msgid ""
"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
@@ -8241,17 +8623,22 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_override.8.xml:37
msgid ""
-"Overrides data are stored in SSSD cache. If the cache is deleted all local "
-"overrides are lost."
+"Overrides data are stored in the SSSD cache. If the cache is deleted, all "
+"local overrides are lost. Please note that after the first override is "
+"created using any of the following <emphasis>user-add</emphasis>, "
+"<emphasis>group-add</emphasis>, <emphasis>user-import</emphasis> or "
+"<emphasis>group-import</emphasis> command. SSSD needs to be restarted to "
+"take effect. <emphasis>sss_override</emphasis> prints message when a "
+"restart is required."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_override.8.xml:43
+#: sss_override.8.xml:50
msgid "AVAILABLE COMMANDS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_override.8.xml:45
+#: sss_override.8.xml:52
msgid ""
"Argument <emphasis>NAME</emphasis> is the name of original object in all "
"commands. It is not possible to override <emphasis>uid</emphasis> or "
@@ -8259,50 +8646,80 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:52
+#: sss_override.8.xml:59
msgid ""
"<option>user-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--"
"name</option> NAME</optional> <optional><option>-u,--uid</option> UID</"
"optional> <optional><option>-g,--gid</option> GID</optional> "
"<optional><option>-h,--home</option> HOME</optional> <optional><option>-s,--"
"shell</option> SHELL</optional> <optional><option>-c,--gecos</option> GECOS</"
-"optional>"
+"optional> <optional><option>-x,--certificate</option> BASE64 ENCODED "
+"CERTIFICATE</optional>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:63
-msgid "Override attributes of an user."
+#: sss_override.8.xml:72
+msgid ""
+"Override attributes of an user. Please be aware that calling this command "
+"will replace any previous override for the (NAMEd) user."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:69
+#: sss_override.8.xml:80
msgid "<option>user-del</option> <emphasis>NAME</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:74
-msgid "Remove user overrides."
+#: sss_override.8.xml:85
+msgid ""
+"Remove user overrides. However be aware that overridden attributes might be "
+"returned from memory cache. Please see SSSD option "
+"<emphasis>memcache_timeout</emphasis> for more details."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:94
+msgid ""
+"<option>user-find</option> <optional><option>-d,--domain</option> DOMAIN</"
+"optional>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:99
+msgid ""
+"List all users with set overrides. If <emphasis>DOMAIN</emphasis> parameter "
+"is set, only users from the domain are listed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:80
+#: sss_override.8.xml:107
+msgid "<option>user-show</option> <emphasis>NAME</emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:112
+msgid "Show user overrides."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:118
msgid "<option>user-import</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:85
+#: sss_override.8.xml:123
msgid ""
"Import user overrides from <emphasis>FILE</emphasis>. Data format is "
"similar to standard passwd file. The format is:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:90
-msgid "original_name:name:uid:gid:gecos:home:shell"
+#: sss_override.8.xml:128
+msgid "original_name:name:uid:gid:gecos:home:shell:base64_encoded_certificate"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:93
+#: sss_override.8.xml:131
msgid ""
"where original_name is original name of the user whose attributes should be "
"overridden. The rest of fields correspond to new values. You can omit a "
@@ -8310,29 +8727,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:102
+#: sss_override.8.xml:140
msgid "ckent:superman::::::"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:105
-msgid "ckent@krypton.com::501:501:Superman:/home/earth:/bin/bash"
+#: sss_override.8.xml:143
+msgid "ckent@krypton.com::501:501:Superman:/home/earth:/bin/bash:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:111
+#: sss_override.8.xml:149
msgid "<option>user-export</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:116
+#: sss_override.8.xml:154
msgid ""
"Export all overridden attributes and store them in <emphasis>FILE</"
"emphasis>. See <emphasis>user-import</emphasis> for data format."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:124
+#: sss_override.8.xml:162
msgid ""
"<option>group-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--"
"name</option> NAME</optional> <optional><option>-g,--gid</option> GID</"
@@ -8340,39 +8757,68 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:131
-msgid "Override attributes of a group."
+#: sss_override.8.xml:169
+msgid ""
+"Override attributes of a group. Please be aware that calling this command "
+"will replace any previous override for the (NAMEd) group."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:137
+#: sss_override.8.xml:177
msgid "<option>group-del</option> <emphasis>NAME</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:142
-msgid "Remove group overrides."
+#: sss_override.8.xml:182
+msgid ""
+"Remove group overrides. However be aware that overridden attributes might be "
+"returned from memory cache. Please see SSSD option "
+"<emphasis>memcache_timeout</emphasis> for more details."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:191
+msgid ""
+"<option>group-find</option> <optional><option>-d,--domain</option> DOMAIN</"
+"optional>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:196
+msgid ""
+"List all groups with set overrides. If <emphasis>DOMAIN</emphasis> "
+"parameter is set, only groups from the domain are listed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:204
+msgid "<option>group-show</option> <emphasis>NAME</emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:209
+msgid "Show group overrides."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:148
+#: sss_override.8.xml:215
msgid "<option>group-import</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:153
+#: sss_override.8.xml:220
msgid ""
"Import group overrides from <emphasis>FILE</emphasis>. Data format is "
"similar to standard group file. The format is:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:158
+#: sss_override.8.xml:225
msgid "original_name:name:gid"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:161
+#: sss_override.8.xml:228
msgid ""
"where original_name is original name of the group whose attributes should be "
"overridden. The rest of fields correspond to new values. You can omit a "
@@ -8380,41 +8826,41 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:170
+#: sss_override.8.xml:237
msgid "admins:administrators:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:173
+#: sss_override.8.xml:240
msgid "Domain Users:Users:501"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:179
+#: sss_override.8.xml:246
msgid "<option>group-export</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:184
+#: sss_override.8.xml:251
msgid ""
"Export all overridden attributes and store them in <emphasis>FILE</"
"emphasis>. See <emphasis>group-import</emphasis> for data format."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_override.8.xml:194
+#: sss_override.8.xml:261
#, fuzzy
#| msgid "CONFIGURATION OPTIONS"
msgid "COMMON OPTIONS"
msgstr "ПАРАМЕТРЫ КОНФИГУРАЦИИ"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_override.8.xml:196
+#: sss_override.8.xml:263
msgid "Those options are available with all commands."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:201
+#: sss_override.8.xml:268
msgid "<option>--debug</option> <replaceable>LEVEL</replaceable>"
msgstr ""
@@ -9556,12 +10002,36 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_cache.8.xml:185
msgid ""
-"<option>-d</option>,<option>--domain</option> <replaceable>domain</"
+"<option>-r</option>,<option>--sudo-rule</option> <replaceable>rule</"
"replaceable>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_cache.8.xml:190
+msgid "Invalidate particular sudo rule."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:196
+msgid "<option>-R</option>,<option>--sudo-rules</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:200
+msgid ""
+"Invalidate all cached sudo rules. This option overrides invalidation of "
+"specific sudo rule if it was also set."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:208
+msgid ""
+"<option>-d</option>,<option>--domain</option> <replaceable>domain</"
+"replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:213
msgid "Restrict invalidation process only to a particular domain."
msgstr ""
@@ -10041,13 +10511,13 @@ msgid ""
"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
"citerefentry> can be configured to use <command>sss_ssh_authorizedkeys</"
"command> for public key user authentication if it is compiled with support "
-"for either <quote>AuthorizedKeysCommand</quote> or <quote>PubkeyAgent</"
-"quote> <citerefentry> <refentrytitle>sshd_config</refentrytitle> "
-"<manvolnum>5</manvolnum></citerefentry> options."
+"for <quote>AuthorizedKeysCommand</quote> option. Please refer to the "
+"<citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</"
+"manvolnum></citerefentry> man page for more details about this option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sss_ssh_authorizedkeys.1.xml:58
+#: sss_ssh_authorizedkeys.1.xml:59
#, no-wrap
msgid ""
" AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n"
@@ -10055,7 +10525,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:51
+#: sss_ssh_authorizedkeys.1.xml:52
msgid ""
"If <quote>AuthorizedKeysCommand</quote> is supported, "
"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
@@ -10065,36 +10535,19 @@ msgid ""
"\" id=\"0\"/>"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sss_ssh_authorizedkeys.1.xml:70
-#, no-wrap
-msgid "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:63
-msgid ""
-"If <quote>PubkeyAgent</quote> is supported, "
-"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
-"citerefentry> can be configured to use it by using the following directive "
-"for <citerefentry> <refentrytitle>sshd</refentrytitle> <manvolnum>8</"
-"manvolnum></citerefentry> configuration: <placeholder type=\"programlisting"
-"\" id=\"0\"/>"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_ssh_authorizedkeys.1.xml:85
+#: sss_ssh_authorizedkeys.1.xml:75
msgid ""
"Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_ssh_authorizedkeys.1.xml:94 sss_ssh_knownhostsproxy.1.xml:92
+#: sss_ssh_authorizedkeys.1.xml:84 sss_ssh_knownhostsproxy.1.xml:92
msgid "EXIT STATUS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:96 sss_ssh_knownhostsproxy.1.xml:94
+#: sss_ssh_authorizedkeys.1.xml:86 sss_ssh_knownhostsproxy.1.xml:94
msgid ""
"In case of success, an exit value of 0 is returned. Otherwise, 1 is returned."
msgstr ""
@@ -10481,7 +10934,7 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:137 include/ldap_id_mapping.xml:189
+#: include/ldap_id_mapping.xml:137 include/ldap_id_mapping.xml:191
msgid "Default: 200000"
msgstr ""
@@ -10538,11 +10991,12 @@ msgstr ""
msgid ""
"For example, if your most recently-added Active Directory user has "
"objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, "
-"<quote>ldap_idmap_range_size</quote> must be at least 1107."
+"<quote>ldap_idmap_range_size</quote> must be at least 1108 as range size is "
+"equal to maximal SID minus minimal SID plus one (e.g. 1108 = 1107 - 0 + 1)."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:184
+#: include/ldap_id_mapping.xml:186
msgid ""
"It is important to plan ahead for future expansion, as changing this value "
"will result in changing all of the ID mappings on the system, leading to "
@@ -10550,12 +11004,12 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:194
+#: include/ldap_id_mapping.xml:196
msgid "ldap_idmap_default_domain_sid (string)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:197
+#: include/ldap_id_mapping.xml:199
msgid ""
"Specify the domain SID of the default domain. This will guarantee that this "
"domain will always be assigned to slice zero in the ID map, bypassing the "
@@ -10563,36 +11017,36 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:208
+#: include/ldap_id_mapping.xml:210
msgid "ldap_idmap_default_domain (string)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:211
+#: include/ldap_id_mapping.xml:213
msgid "Specify the name of the default domain."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:219
+#: include/ldap_id_mapping.xml:221
msgid "ldap_idmap_autorid_compat (boolean)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:222
+#: include/ldap_id_mapping.xml:224
msgid ""
"Changes the behavior of the ID-mapping algorithm to behave more similarly to "
"winbind's <quote>idmap_autorid</quote> algorithm."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:227
+#: include/ldap_id_mapping.xml:229
msgid ""
"When this option is configured, domains will be allocated starting with "
"slice zero and increasing monatomically with each additional domain."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:232
+#: include/ldap_id_mapping.xml:234
msgid ""
"NOTE: This algorithm is non-deterministic (it depends on the order that "
"users and groups are requested). If this mode is required for compatibility "
@@ -10601,13 +11055,34 @@ msgid ""
"least one domain is consistently allocated to slice zero."
msgstr ""
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:249
+msgid "ldap_idmap_helper_table_size (integer)"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:252
+msgid ""
+"Maximal number of secondary slices that is tried when performing mapping "
+"from UNIX id to SID."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:256
+msgid ""
+"Note: Additional secondary slices might be generated when SID is being "
+"mapped to UNIX id and RID part of SID is out of range for secondary slices "
+"generated so far. If value of ldap_idmap_helper_table_size is equal to 0 "
+"then no additional secondary slices are generated."
+msgstr ""
+
#. type: Content of: <refsect1><refsect2><title>
-#: include/ldap_id_mapping.xml:251
+#: include/ldap_id_mapping.xml:273
msgid "Well-Known SIDs"
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:253
+#: include/ldap_id_mapping.xml:275
msgid ""
"SSSD supports to look up the names of Well-Known SIDs, i.e. SIDs with a "
"special hardcoded meaning. Since the generic users and groups related to "
@@ -10616,51 +11091,51 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:259
+#: include/ldap_id_mapping.xml:281
msgid ""
"The SID name space is organized in authorities which can be seen as "
"different domains. The authorities for the Well-Known SIDs are"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:262
+#: include/ldap_id_mapping.xml:284
msgid "Null Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:263
+#: include/ldap_id_mapping.xml:285
msgid "World Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:264
+#: include/ldap_id_mapping.xml:286
msgid "Local Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:265
+#: include/ldap_id_mapping.xml:287
msgid "Creator Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:266
+#: include/ldap_id_mapping.xml:288
msgid "NT Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:267
+#: include/ldap_id_mapping.xml:289
msgid "Built-in"
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:269
+#: include/ldap_id_mapping.xml:291
msgid ""
"The capitalized version of these names are used as domain names when "
"returning the fully qualified name of a Well-Known SID."
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:273
+#: include/ldap_id_mapping.xml:295
msgid ""
"Since some utilities allow to modify SID based access control information "
"with the help of a name instead of using the SID directly SSSD supports to "
diff --git a/src/man/po/sssd-docs.pot b/src/man/po/sssd-docs.pot
index bccbdd58e..3795f678d 100644
--- a/src/man/po/sssd-docs.pot
+++ b/src/man/po/sssd-docs.pot
@@ -6,9 +6,9 @@
#, fuzzy
msgid ""
msgstr ""
-"Project-Id-Version: sssd-docs 1.13.1\n"
+"Project-Id-Version: sssd-docs 1.13.90\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2015-09-30 11:58+0200\n"
+"POT-Creation-Date: 2016-06-20 21:22+0200\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@@ -46,7 +46,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:53 sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21 sssd-ad.5.xml:21 sssd-sudo.5.xml:21 sssd.8.xml:29 sss_obfuscate.8.xml:30 sss_override.8.xml:30 sss_useradd.8.xml:30 sssd-krb5.5.xml:21 sss_groupadd.8.xml:30 sss_userdel.8.xml:30 sss_groupdel.8.xml:30 sss_groupshow.8.xml:30 sss_usermod.8.xml:30 sss_cache.8.xml:29 sss_debuglevel.8.xml:30 sss_seed.8.xml:31 sssd-ifp.5.xml:21 sss_ssh_authorizedkeys.1.xml:30 sss_ssh_knownhostsproxy.1.xml:31
+#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:56 sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21 sssd-ad.5.xml:21 sssd-sudo.5.xml:21 sssd.8.xml:29 sss_obfuscate.8.xml:30 sss_override.8.xml:30 sss_useradd.8.xml:30 sssd-krb5.5.xml:21 sss_groupadd.8.xml:30 sss_userdel.8.xml:30 sss_groupdel.8.xml:30 sss_groupshow.8.xml:30 sss_usermod.8.xml:30 sss_cache.8.xml:29 sss_debuglevel.8.xml:30 sss_seed.8.xml:31 sssd-ifp.5.xml:21 sss_ssh_authorizedkeys.1.xml:30 sss_ssh_knownhostsproxy.1.xml:31
msgid "DESCRIPTION"
msgstr ""
@@ -58,7 +58,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:39 pam_sss.8.xml:60 sssd.8.xml:42 sss_obfuscate.8.xml:58 sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39 sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39 sss_cache.8.xml:38 sss_debuglevel.8.xml:38 sss_seed.8.xml:42 sss_ssh_authorizedkeys.1.xml:76 sss_ssh_knownhostsproxy.1.xml:62
+#: sss_groupmod.8.xml:39 pam_sss.8.xml:63 sssd.8.xml:42 sss_obfuscate.8.xml:58 sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39 sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39 sss_cache.8.xml:38 sss_debuglevel.8.xml:38 sss_seed.8.xml:42 sss_ssh_authorizedkeys.1.xml:66 sss_ssh_knownhostsproxy.1.xml:62
msgid "OPTIONS"
msgstr ""
@@ -186,104 +186,118 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:73
-msgid "debug_timestamps (bool)"
+msgid "debug (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:76
msgid ""
+"SSSD 1.14 and later also includes the <replaceable>debug</replaceable> alias "
+"for <replaceable>debug_level</replaceable> as a convenience feature. If both "
+"are specified, the value of <replaceable>debug_level</replaceable> will be "
+"used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:86
+msgid "debug_timestamps (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:89
+msgid ""
"Add a timestamp to the debug messages. If journald is enabled for SSSD "
"debug logging this option is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:81 sssd.conf.5.xml:605 sssd.conf.5.xml:1081 sssd-ldap.5.xml:1647 sssd-ldap.5.xml:1744 sssd-ldap.5.xml:1806 sssd-ldap.5.xml:2363 sssd-ldap.5.xml:2428 sssd-ldap.5.xml:2446 sssd-ipa.5.xml:405 sssd-ipa.5.xml:440 sssd-ad.5.xml:166 sssd-ad.5.xml:264 sssd-ad.5.xml:733 sssd-ad.5.xml:852 sssd-krb5.5.xml:499
+#: sssd.conf.5.xml:94 sssd.conf.5.xml:672 sssd.conf.5.xml:1207 sssd-ldap.5.xml:1665 sssd-ldap.5.xml:1762 sssd-ldap.5.xml:1824 sssd-ldap.5.xml:2381 sssd-ldap.5.xml:2446 sssd-ldap.5.xml:2464 sssd-ipa.5.xml:405 sssd-ipa.5.xml:440 sssd-ad.5.xml:174 sssd-ad.5.xml:272 sssd-ad.5.xml:809 sssd-ad.5.xml:928 sssd-krb5.5.xml:499
msgid "Default: true"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:86
+#: sssd.conf.5.xml:99
msgid "debug_microseconds (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:89
+#: sssd.conf.5.xml:102
msgid ""
"Add microseconds to the timestamp in debug messages. If journald is enabled "
"for SSSD debug logging this option is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:94 sssd.conf.5.xml:1035 sssd.conf.5.xml:2164 sssd-ldap.5.xml:692 sssd-ldap.5.xml:1521 sssd-ldap.5.xml:1540 sssd-ldap.5.xml:1716 sssd-ldap.5.xml:2133 sssd-ipa.5.xml:139 sssd-ipa.5.xml:211 sssd-ipa.5.xml:542 sssd-krb5.5.xml:266 sssd-krb5.5.xml:300 sssd-krb5.5.xml:471
+#: sssd.conf.5.xml:107 sssd.conf.5.xml:1161 sssd.conf.5.xml:2456 sssd-ldap.5.xml:692 sssd-ldap.5.xml:1539 sssd-ldap.5.xml:1558 sssd-ldap.5.xml:1734 sssd-ldap.5.xml:2151 sssd-ipa.5.xml:139 sssd-ipa.5.xml:211 sssd-ipa.5.xml:542 sssd-krb5.5.xml:266 sssd-krb5.5.xml:300 sssd-krb5.5.xml:471
msgid "Default: false"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:67 sssd.conf.5.xml:105 sssd-ldap.5.xml:2171
+#: sssd.conf.5.xml:67 sssd.conf.5.xml:118 sssd-ldap.5.xml:2189
msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:103
+#: sssd.conf.5.xml:116
msgid "Options usable in SERVICE and DOMAIN sections"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:107
+#: sssd.conf.5.xml:120
msgid "timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:110
+#: sssd.conf.5.xml:123
msgid ""
"Timeout in seconds between heartbeats for this service. This is used to "
"ensure that the process is alive and capable of answering requests."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:115 sssd.conf.5.xml:999 sssd-ldap.5.xml:1392
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:128 sssd.conf.5.xml:1125 sssd-ldap.5.xml:1410 include/ldap_id_mapping.xml:264
msgid "Default: 10"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:125
+#: sssd.conf.5.xml:138
msgid "SPECIAL SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:128
+#: sssd.conf.5.xml:141
msgid "The [sssd] section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:137 sssd.conf.5.xml:2272
+#: sssd.conf.5.xml:150 sssd.conf.5.xml:2472
msgid "Section parameters"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:139
+#: sssd.conf.5.xml:152
msgid "config_file_version (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:142
+#: sssd.conf.5.xml:155
msgid ""
"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use "
"version 2."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:148
+#: sssd.conf.5.xml:161
msgid "services"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:151
+#: sssd.conf.5.xml:164
msgid "Comma separated list of services that are started when sssd itself starts."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:155
+#: sssd.conf.5.xml:168
msgid ""
"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> "
"<phrase condition=\"with_autofs\">, autofs</phrase> <phrase "
@@ -293,29 +307,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:165 sssd.conf.5.xml:390
+#: sssd.conf.5.xml:178 sssd.conf.5.xml:468
msgid "reconnection_retries (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:168 sssd.conf.5.xml:393
+#: sssd.conf.5.xml:181 sssd.conf.5.xml:471
msgid ""
"Number of times services should attempt to reconnect in the event of a Data "
"Provider crash or restart before they give up"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:173 sssd.conf.5.xml:398
+#: sssd.conf.5.xml:186 sssd.conf.5.xml:476
msgid "Default: 3"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:178
+#: sssd.conf.5.xml:191
msgid "domains"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:181
+#: sssd.conf.5.xml:194
msgid ""
"A domain is a database containing user information. SSSD can use more "
"domains at the same time, but at least one must be configured or SSSD won't "
@@ -325,19 +339,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:193 sssd.conf.5.xml:1947
+#: sssd.conf.5.xml:206 sssd.conf.5.xml:2105
msgid "re_expression (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:196
+#: sssd.conf.5.xml:209
msgid ""
"Default regular expression that describes how to parse the string containing "
"user name and domain into these components."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:201
+#: sssd.conf.5.xml:214
msgid ""
"Each domain can have an individual regular expression configured. For some "
"ID providers there are also default regular expressions. See DOMAIN "
@@ -345,12 +359,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:210 sssd.conf.5.xml:1998
+#: sssd.conf.5.xml:223 sssd.conf.5.xml:2156
msgid "full_name_format (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:213 sssd.conf.5.xml:2001
+#: sssd.conf.5.xml:226 sssd.conf.5.xml:2159
msgid ""
"A <citerefentry> <refentrytitle>printf</refentrytitle> "
"<manvolnum>3</manvolnum> </citerefentry>-compatible format that describes "
@@ -359,58 +373,58 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:224 sssd.conf.5.xml:2012
+#: sssd.conf.5.xml:237 sssd.conf.5.xml:2170
msgid "%1$s"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:225 sssd.conf.5.xml:2013
+#: sssd.conf.5.xml:238 sssd.conf.5.xml:2171
msgid "user name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:228 sssd.conf.5.xml:2016
+#: sssd.conf.5.xml:241 sssd.conf.5.xml:2174
msgid "%2$s"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:231 sssd.conf.5.xml:2019
+#: sssd.conf.5.xml:244 sssd.conf.5.xml:2177
msgid "domain name as specified in the SSSD config file."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:237 sssd.conf.5.xml:2025
+#: sssd.conf.5.xml:250 sssd.conf.5.xml:2183
msgid "%3$s"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:240 sssd.conf.5.xml:2028
+#: sssd.conf.5.xml:253 sssd.conf.5.xml:2186
msgid ""
"domain flat name. Mostly usable for Active Directory domains, both directly "
"configured or discovered via IPA trusts."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:221 sssd.conf.5.xml:2009
+#: sssd.conf.5.xml:234 sssd.conf.5.xml:2167
msgid ""
"The following expansions are supported: <placeholder type=\"variablelist\" "
"id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:250
+#: sssd.conf.5.xml:263
msgid ""
"Each domain can have an individual format string configured. see DOMAIN "
"SECTIONS for more info on this option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:256
+#: sssd.conf.5.xml:269
msgid "try_inotify (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:259
+#: sssd.conf.5.xml:272
msgid ""
"SSSD monitors the state of resolv.conf to identify when it needs to update "
"its internal DNS resolver. By default, we will attempt to use inotify for "
@@ -419,7 +433,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:267
+#: sssd.conf.5.xml:280
msgid ""
"There are some limited situations where it is preferred that we should skip "
"even trying to use inotify. In these rare cases, this option should be set "
@@ -427,69 +441,69 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:273
+#: sssd.conf.5.xml:286
msgid ""
"Default: true on platforms where inotify is supported. False on other "
"platforms."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:277
+#: sssd.conf.5.xml:290
msgid ""
"Note: this option will have no effect on platforms where inotify is "
"unavailable. On these platforms, polling will always be used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:284
+#: sssd.conf.5.xml:297
msgid "krb5_rcache_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:287
+#: sssd.conf.5.xml:300
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:291
+#: sssd.conf.5.xml:304
msgid ""
"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct "
"SSSD to let libkrb5 decide the appropriate location for the replay cache."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:297
+#: sssd.conf.5.xml:310
msgid ""
"Default: Distribution-specific and specified at "
"build-time. (__LIBKRB5_DEFAULTS__ if not configured)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:304
+#: sssd.conf.5.xml:317
msgid "user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:307
+#: sssd.conf.5.xml:320
msgid ""
"The user to drop the privileges to where appropriate to avoid running as the "
"root user."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:312
+#: sssd.conf.5.xml:325
msgid "Default: not set, process will run as root"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:317
+#: sssd.conf.5.xml:330
msgid "default_domain_suffix (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:320
+#: sssd.conf.5.xml:333
msgid ""
"This string will be used as a default domain name for all names without a "
"domain name component. The main use case is environments where the primary "
@@ -499,7 +513,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:330
+#: sssd.conf.5.xml:343
msgid ""
"Please note that if this option is set all users from the primary domain "
"have to use their fully qualified name, e.g. user@domain.name, to log "
@@ -509,17 +523,17 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:339 sssd-ldap.5.xml:663 sssd-ldap.5.xml:1480 sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1574 sssd-ad.5.xml:576 sssd-ad.5.xml:646 sssd-krb5.5.xml:410 sssd-krb5.5.xml:550 include/ldap_id_mapping.xml:203 include/ldap_id_mapping.xml:214
+#: sssd.conf.5.xml:352 sssd-ldap.5.xml:663 sssd-ldap.5.xml:1498 sssd-ldap.5.xml:1510 sssd-ldap.5.xml:1592 sssd-ad.5.xml:614 sssd-ad.5.xml:689 sssd-krb5.5.xml:410 sssd-krb5.5.xml:550 include/ldap_id_mapping.xml:205 include/ldap_id_mapping.xml:216
msgid "Default: not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:344
+#: sssd.conf.5.xml:357
msgid "override_space (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:347
+#: sssd.conf.5.xml:360
msgid ""
"This parameter will replace spaces (space bar) with the given character for "
"user and group names. e.g. (_). User name &quot;john doe&quot; will be "
@@ -529,7 +543,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:356
+#: sssd.conf.5.xml:369
msgid ""
"Please note it is a configuration error to use a replacement character that "
"might be used in user or group names. If a name contains the replacement "
@@ -538,12 +552,96 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:364
+#: sssd.conf.5.xml:377
msgid "Default: not set (spaces will not be replaced)"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:382
+msgid "certificate_verification (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:390
+msgid "no_ocsp"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:392
+msgid ""
+"Disables Online Certificate Status Protocol (OCSP) checks. This might be "
+"needed if the OCSP servers defined in the certificate are not reachable from "
+"the client."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:400
+msgid "no_verification"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:402
+msgid ""
+"Disables verification completely. This option should only be used for "
+"testing."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:408
+msgid "ocsp_default_responder=URL"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:410
+msgid ""
+"Sets the OCSP default responder which should be used instead of the one "
+"mentioned in the certificate. URL must be replaced with the URL of the OCSP "
+"default responder e.g. http://example.com:80/ocsp."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:416
+msgid "This option must be used together with ocsp_default_responder_signing_cert."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:424
+msgid "ocsp_default_responder_signing_cert=NAME"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:426
+msgid ""
+"The nickname of the cert to trust (expected) to sign the OCSP responses. "
+"The certificate with the given nickname must be availble in the systems NSS "
+"database."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:431
+msgid "This option must be used together with ocsp_default_responder."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:385
+msgid ""
+"With this parameter the certificate verification can be tuned with a comma "
+"separated list of options. Supported options are: <placeholder "
+"type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:438
+msgid "Unknown options are reported but ignored."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:441
+msgid "Default: not set, i.e. do not restrict certificate vertification"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:130
+#: sssd.conf.5.xml:143
msgid ""
"Individual pieces of SSSD functionality are provided by special SSSD "
"services that are started and stopped together with SSSD. The services are "
@@ -554,12 +652,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:375
+#: sssd.conf.5.xml:453
msgid "SERVICES SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:377
+#: sssd.conf.5.xml:455
msgid ""
"Settings that can be used to configure different services are described in "
"this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -568,22 +666,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:384
+#: sssd.conf.5.xml:462
msgid "General service configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:386
+#: sssd.conf.5.xml:464
msgid "These options can be used to configure any service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:403
+#: sssd.conf.5.xml:481
msgid "fd_limit"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:406
+#: sssd.conf.5.xml:484
msgid ""
"This option specifies the maximum number of file descriptors that may be "
"opened at one time by this SSSD process. On systems where SSSD is granted "
@@ -593,17 +691,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:415
+#: sssd.conf.5.xml:493
msgid "Default: 8192 (or limits.conf \"hard\" limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:420
+#: sssd.conf.5.xml:498
msgid "client_idle_timeout"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:423
+#: sssd.conf.5.xml:501
msgid ""
"This option specifies the number of seconds that a client of an SSSD process "
"can hold onto a file descriptor without communicating on it. This value is "
@@ -611,17 +709,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:430 sssd.conf.5.xml:446 sssd.conf.5.xml:478 sssd.conf.5.xml:736 sssd.conf.5.xml:922 sssd.conf.5.xml:1289 sssd-ldap.5.xml:1219
+#: sssd.conf.5.xml:508 sssd.conf.5.xml:524 sssd.conf.5.xml:556 sssd.conf.5.xml:803 sssd.conf.5.xml:995 sssd.conf.5.xml:1428 sssd-ldap.5.xml:1237
msgid "Default: 60"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:435 sssd.conf.5.xml:1278
+#: sssd.conf.5.xml:513 sssd.conf.5.xml:1417
msgid "force_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:438 sssd.conf.5.xml:1281
+#: sssd.conf.5.xml:516 sssd.conf.5.xml:1420
msgid ""
"If a service is not responding to ping checks (see the "
"<quote>timeout</quote> option), it is first sent the SIGTERM signal that "
@@ -631,12 +729,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:451
+#: sssd.conf.5.xml:529
msgid "offline_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:454
+#: sssd.conf.5.xml:532
msgid ""
"When SSSD switches to offline mode the amount of time before it tries to go "
"back online will increase based upon the time spent disconnected. This "
@@ -644,117 +742,66 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:461
+#: sssd.conf.5.xml:539
msgid "offline_timeout + random_offset"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:464
+#: sssd.conf.5.xml:542
msgid ""
"The random offset can increment up to 30 seconds. After each unsuccessful "
"attempt to go online, the new interval is recalculated by the following:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:469
+#: sssd.conf.5.xml:547
msgid "new_interval = old_interval*2 + random_offset"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:472
+#: sssd.conf.5.xml:550
msgid ""
"Note that the maximum length of each interval is currently limited to one "
"hour. If the calculated length of new_interval is greater than an hour, it "
"will be forced to one hour."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:483
-msgid "subdomain_inherit (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:486
-msgid ""
-"Specifies a list of configuration parameters that should be inherited by a "
-"subdomain. Please note that only selected parameters can be inherited. "
-"Currently the following options can be inherited:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:492
-msgid "ignore_group_members"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:495
-msgid "ldap_purge_cache_timeout"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:498 sssd-ldap.5.xml:1036
-msgid "ldap_use_tokengroups"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:501
-msgid "ldap_user_principal"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:506
-#, no-wrap
-msgid ""
-"subdomain_inherit = ldap_purge_cache_timeout\n"
-" "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:504
-msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:510 sssd.conf.5.xml:966 sssd.conf.5.xml:987 sssd.conf.5.xml:1272 sssd-ldap.5.xml:1775
-msgid "Default: none"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:518
+#: sssd.conf.5.xml:564
msgid "NSS configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:520
+#: sssd.conf.5.xml:566
msgid ""
"These options can be used to configure the Name Service Switch (NSS) "
"service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:525
+#: sssd.conf.5.xml:571
msgid "enum_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:528
+#: sssd.conf.5.xml:574
msgid ""
"How many seconds should nss_sss cache enumerations (requests for info about "
"all users)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:532
+#: sssd.conf.5.xml:578
msgid "Default: 120"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:537
+#: sssd.conf.5.xml:583
msgid "entry_cache_nowait_percentage (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
+#: sssd.conf.5.xml:586
msgid ""
"The entry cache can be set to automatically update entries in the background "
"if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -762,7 +809,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:546
+#: sssd.conf.5.xml:592
msgid ""
"For example, if the domain's entry_cache_timeout is set to 30s and "
"entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -772,7 +819,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:556
+#: sssd.conf.5.xml:602
msgid ""
"Valid values for this option are 0-99 and represent a percentage of the "
"entry_cache_timeout for each domain. For performance reasons, this "
@@ -781,17 +828,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:564
+#: sssd.conf.5.xml:610
msgid "Default: 50"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:569
+#: sssd.conf.5.xml:615
msgid "entry_negative_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:572
+#: sssd.conf.5.xml:618
msgid ""
"Specifies for how many seconds nss_sss should cache negative cache hits "
"(that is, queries for invalid database entries, like nonexistent ones) "
@@ -799,58 +846,84 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:578 sssd.conf.5.xml:1059
+#: sssd.conf.5.xml:624 sssd.conf.5.xml:1185
msgid "Default: 15"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:583
+#: sssd.conf.5.xml:629
+msgid "local_negative_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:632
+msgid ""
+"Specifies for how many seconds nss_sss should keep local users and groups in "
+"negative cache before trying to look it up in the back end again."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:637 sssd.conf.5.xml:983 sssd.conf.5.xml:2406 sssd.8.xml:79
+msgid "Default: 0"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:642
msgid "filter_users, filter_groups (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:586
+#: sssd.conf.5.xml:645
msgid ""
-"Exclude certain users from being fetched from the sss NSS database. This is "
-"particularly useful for system accounts. This option can also be set "
-"per-domain or include fully-qualified names to filter only users from the "
-"particular domain."
+"Exclude certain users or groups from being fetched from the sss NSS "
+"database. This is particularly useful for system accounts. This option can "
+"also be set per-domain or include fully-qualified names to filter only users "
+"from the particular domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:593
+#: sssd.conf.5.xml:652
+msgid ""
+"NOTE: The filter_groups option doesn't affect inheritance of nested group "
+"members, since filtering happens after they are propagated for returning via "
+"NSS. E.g. a group having a member group filtered out will still have the "
+"member users of the latter listed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:660
msgid "Default: root"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:598
+#: sssd.conf.5.xml:665
msgid "filter_users_in_groups (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:601
+#: sssd.conf.5.xml:668
msgid "If you want filtered user still be group members set this option to false."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:612
+#: sssd.conf.5.xml:679
msgid "fallback_homedir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:615
+#: sssd.conf.5.xml:682
msgid ""
"Set a default template for a user's home directory if one is not specified "
"explicitly by the domain's data provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:620
+#: sssd.conf.5.xml:687
msgid "The available values for this option are the same as for override_homedir."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:626
+#: sssd.conf.5.xml:693
#, no-wrap
msgid ""
"fallback_homedir = /home/%u\n"
@@ -858,22 +931,22 @@ msgid ""
msgstr ""
#. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:624 sssd.conf.5.xml:981 sssd-krb5.5.xml:533 include/override_homedir.xml:55
+#: sssd.conf.5.xml:691 sssd.conf.5.xml:1062 sssd.conf.5.xml:1081 sssd-krb5.5.xml:533 include/override_homedir.xml:55
msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:630
+#: sssd.conf.5.xml:697
msgid "Default: not set (no substitution for unset home directories)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:636
+#: sssd.conf.5.xml:703
msgid "override_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:639
+#: sssd.conf.5.xml:706
msgid ""
"Override the login shell for all users. This option supersedes any other "
"shell options if it takes effect and can be set either in the [nss] section "
@@ -881,46 +954,46 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:645
+#: sssd.conf.5.xml:712
msgid "Default: not set (SSSD will use the value retrieved from LDAP)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:651
+#: sssd.conf.5.xml:718
msgid "allowed_shells (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:654
+#: sssd.conf.5.xml:721
msgid "Restrict user shell to one of the listed values. The order of evaluation is:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:657
+#: sssd.conf.5.xml:724
msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:661
+#: sssd.conf.5.xml:728
msgid ""
"2. If the shell is in the allowed_shells list but not in "
"<quote>/etc/shells</quote>, use the value of the shell_fallback parameter."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:666
+#: sssd.conf.5.xml:733
msgid ""
"3. If the shell is not in the allowed_shells list and not in "
"<quote>/etc/shells</quote>, a nologin shell is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:671
+#: sssd.conf.5.xml:738
msgid "The wildcard (*) can be used to allow any shell."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:674
+#: sssd.conf.5.xml:741
msgid ""
"The (*) is useful if you want to use shell_fallback in case that user's "
"shell is not in <quote>/etc/shells</quote> and maintaining list of all "
@@ -928,56 +1001,56 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:681
+#: sssd.conf.5.xml:748
msgid "An empty string for shell is passed as-is to libc."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:684
+#: sssd.conf.5.xml:751
msgid ""
"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
"that a restart of the SSSD is required in case a new shell is installed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:688
+#: sssd.conf.5.xml:755
msgid "Default: Not set. The user shell is automatically used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:693
+#: sssd.conf.5.xml:760
msgid "vetoed_shells (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:696
+#: sssd.conf.5.xml:763
msgid "Replace any instance of these shells with the shell_fallback"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:701
+#: sssd.conf.5.xml:768
msgid "shell_fallback (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:704
+#: sssd.conf.5.xml:771
msgid ""
"The default shell to use if an allowed shell is not installed on the "
"machine."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:708
+#: sssd.conf.5.xml:775
msgid "Default: /bin/sh"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:713
+#: sssd.conf.5.xml:780
msgid "default_shell"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:716
+#: sssd.conf.5.xml:783
msgid ""
"The default shell to use if the provider does not return one during "
"lookup. This option can be specified globally in the [nss] section or "
@@ -985,48 +1058,55 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:722
+#: sssd.conf.5.xml:789
msgid ""
"Default: not set (Return NULL if no shell is specified and rely on libc to "
"substitute something sensible when necessary, usually /bin/sh)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:729 sssd.conf.5.xml:915
+#: sssd.conf.5.xml:796 sssd.conf.5.xml:988
msgid "get_domains_timeout (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:732 sssd.conf.5.xml:918
+#: sssd.conf.5.xml:799 sssd.conf.5.xml:991
msgid ""
"Specifies time in seconds for which the list of subdomains will be "
"considered valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:741
+#: sssd.conf.5.xml:808
msgid "memcache_timeout (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:744
+#: sssd.conf.5.xml:811
msgid ""
"Specifies time in seconds for which records in the in-memory cache will be "
-"valid"
+"valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:748 sssd-ldap.5.xml:706
+#: sssd.conf.5.xml:815 sssd.conf.5.xml:1299 sssd-ldap.5.xml:706
msgid "Default: 300"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:818
+msgid ""
+"NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", "
+"client applications will not use the fast in-memory cache."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:753 sssd-ifp.5.xml:74
+#: sssd.conf.5.xml:826 sssd-ifp.5.xml:74
msgid "user_attributes (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:829
msgid ""
"Some of the additional NSS responder requests can return more attributes "
"than just the POSIX ones defined by the NSS interface. The list of "
@@ -1038,72 +1118,72 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:769
+#: sssd.conf.5.xml:842
msgid ""
"To make configuration more easy the NSS responder will check the InfoPipe "
"option if it is not set for the NSS responder."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:774
+#: sssd.conf.5.xml:847
msgid "Default: not set, fallback to InfoPipe option"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:781
+#: sssd.conf.5.xml:854
msgid "PAM configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:856
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:788
+#: sssd.conf.5.xml:861
msgid "offline_credentials_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:791
+#: sssd.conf.5.xml:864
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:796 sssd.conf.5.xml:809
+#: sssd.conf.5.xml:869 sssd.conf.5.xml:882
msgid "Default: 0 (No limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:802
+#: sssd.conf.5.xml:875
msgid "offline_failed_login_attempts (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:805
+#: sssd.conf.5.xml:878
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:815
+#: sssd.conf.5.xml:888
msgid "offline_failed_login_delay (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:818
+#: sssd.conf.5.xml:891
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:823
+#: sssd.conf.5.xml:896
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -1111,59 +1191,59 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:829 sssd.conf.5.xml:882
+#: sssd.conf.5.xml:902 sssd.conf.5.xml:955
msgid "Default: 5"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:835
+#: sssd.conf.5.xml:908
msgid "pam_verbosity (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:838
+#: sssd.conf.5.xml:911
msgid ""
"Controls what kind of messages are shown to the user during "
"authentication. The higher the number to more messages are displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:843
+#: sssd.conf.5.xml:916
msgid "Currently sssd supports the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:846
+#: sssd.conf.5.xml:919
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:849
+#: sssd.conf.5.xml:922
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:853
+#: sssd.conf.5.xml:926
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:856
+#: sssd.conf.5.xml:929
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:860 sssd.8.xml:63
+#: sssd.conf.5.xml:933 sssd.8.xml:63
msgid "Default: 1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:865
+#: sssd.conf.5.xml:938
msgid "pam_id_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:941
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -1171,7 +1251,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:874
+#: sssd.conf.5.xml:947
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a "
@@ -1181,17 +1261,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:888
+#: sssd.conf.5.xml:961
msgid "pam_pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:891 sssd.conf.5.xml:1492
+#: sssd.conf.5.xml:964 sssd.conf.5.xml:1631
msgid "Display a warning N days before the password expires."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:894
+#: sssd.conf.5.xml:967
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -1199,7 +1279,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:900 sssd.conf.5.xml:1495
+#: sssd.conf.5.xml:973 sssd.conf.5.xml:1634
msgid ""
"If zero is set, then this filter is not applied, i.e. if the expiration "
"warning was received from backend server, it will automatically be "
@@ -1207,109 +1287,172 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:905
+#: sssd.conf.5.xml:978
msgid ""
"This setting can be overridden by setting "
"<emphasis>pwd_expiration_warning</emphasis> for a particular domain."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:910 sssd.conf.5.xml:2224 sssd.8.xml:79
-msgid "Default: 0"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:927
+#: sssd.conf.5.xml:1000
msgid "pam_trusted_users (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:930
+#: sssd.conf.5.xml:1003
msgid ""
"Specifies the comma-separated list of UID values or user names that are "
-"allowed to access the PAM responder. User names are resolved to UIDs at "
+"allowed to run PAM conversations against trusted domains. Users not "
+"included in this list can only access domains marked as public with "
+"<quote>pam_public_domains</quote>. User names are resolved to UIDs at "
"startup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:936
-msgid "Default: all (All users are allowed to access the PAM responder)"
+#: sssd.conf.5.xml:1013
+msgid "Default: All users are considered trusted by default"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940
+#: sssd.conf.5.xml:1017
msgid ""
"Please note that UID 0 is always allowed to access the PAM responder even in "
"case it is not in the pam_trusted_users list."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:947
+#: sssd.conf.5.xml:1024
msgid "pam_public_domains (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:950
+#: sssd.conf.5.xml:1027
msgid ""
"Specifies the comma-separated list of domain names that are accessible even "
"to untrusted users."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:954
+#: sssd.conf.5.xml:1031
msgid "Two special values for pam_public_domains option are defined:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:958
+#: sssd.conf.5.xml:1035
msgid "all (Untrusted users are allowed to access all domains in PAM responder.)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:962
+#: sssd.conf.5.xml:1039
msgid ""
"none (Untrusted users are not allowed to access any domains PAM in "
"responder.)"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1043 sssd.conf.5.xml:1068 sssd.conf.5.xml:1087 sssd.conf.5.xml:1411 sssd.conf.5.xml:2342 sssd-ldap.5.xml:1793
+msgid "Default: none"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:971
+#: sssd.conf.5.xml:1048
msgid "pam_account_expired_message (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:974
+#: sssd.conf.5.xml:1051
+msgid ""
+"Allows a custom expiration message to be set, replacing the default "
+"'Permission denied' message."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1056
msgid ""
-"If user is authenticating using SSH keys and account is expired then by "
-"default 'Permission denied' is output. This output will be changed to "
-"content of this variable if it is set."
+"Note: Please be aware that message is only printed for the SSH service "
+"unless pam_verbostiy is set to 3 (show all messages and debug information)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:983
+#: sssd.conf.5.xml:1064
#, no-wrap
msgid ""
-"pam_account_expired_message = Account expired, please call help desk.\n"
+"pam_account_expired_message = Account expired, please contact help desk.\n"
" "
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:992
+#: sssd.conf.5.xml:1073
+msgid "pam_account_locked_message (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1076
+msgid ""
+"Allows a custom lockout message to be set, replacing the default 'Permission "
+"denied' message."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd.conf.5.xml:1083
+#, no-wrap
+msgid ""
+"pam_account_locked_message = Account locked, please contact help desk.\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1092
+msgid "pam_cert_auth (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1095
+msgid ""
+"Enable certificate based Smartcard authentication. Since this requires "
+"additional communication with the Smartcard which will delay the "
+"authentication process this option is disabled by default."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1101 sssd-ldap.5.xml:1021 sssd-ldap.5.xml:1048 sssd-ldap.5.xml:1339 sssd-ldap.5.xml:1360 sssd-ldap.5.xml:1866 include/ldap_id_mapping.xml:244
+msgid "Default: False"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1106
+msgid "pam_cert_db_path (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1109
+msgid ""
+"The path to the certificate database which contain the PKCS#11 modules to "
+"access the Smartcard."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1113
+msgid "Default: /etc/pki/nssdb (NSS version)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1118
msgid "p11_child_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:995
+#: sssd.conf.5.xml:1121
msgid "How many seconds will pam_sss wait for p11_child to finish."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1008
+#: sssd.conf.5.xml:1134
msgid "SUDO configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1010
+#: sssd.conf.5.xml:1136
msgid ""
"These options can be used to configure the sudo service. The detailed "
"instructions for configuration of <citerefentry> "
@@ -1321,34 +1464,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1027
+#: sssd.conf.5.xml:1153
msgid "sudo_timed (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1030
+#: sssd.conf.5.xml:1156
msgid ""
"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
"that implement time-dependent sudoers entries."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1043
+#: sssd.conf.5.xml:1169
msgid "AUTOFS configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1045
+#: sssd.conf.5.xml:1171
msgid "These options can be used to configure the autofs service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1049
+#: sssd.conf.5.xml:1175
msgid "autofs_negative_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1052
+#: sssd.conf.5.xml:1178
msgid ""
"Specifies for how many seconds should the autofs responder negative cache "
"hits (that is, queries for invalid map entries, like nonexistent ones) "
@@ -1356,68 +1499,68 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1068
+#: sssd.conf.5.xml:1194
msgid "SSH configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1070
+#: sssd.conf.5.xml:1196
msgid "These options can be used to configure the SSH service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1074
+#: sssd.conf.5.xml:1200
msgid "ssh_hash_known_hosts (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1077
+#: sssd.conf.5.xml:1203
msgid ""
"Whether or not to hash host names and addresses in the managed known_hosts "
"file."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1086
+#: sssd.conf.5.xml:1212
msgid "ssh_known_hosts_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1089
+#: sssd.conf.5.xml:1215
msgid ""
"How many seconds to keep a host in the managed known_hosts file after its "
"host keys were requested."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1093
+#: sssd.conf.5.xml:1219
msgid "Default: 180"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1098
+#: sssd.conf.5.xml:1224
msgid "ca_db (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1101
+#: sssd.conf.5.xml:1227
msgid ""
"Path to a storage of trusted CA certificates. The option is used to validate "
"user certificates before deriving public ssh keys from them."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1106
+#: sssd.conf.5.xml:1232
msgid "Default: /etc/pki/nssdb"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1114
+#: sssd.conf.5.xml:1240
msgid "PAC responder configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1116
+#: sssd.conf.5.xml:1242
msgid ""
"The PAC responder works together with the authorization data plugin for MIT "
"Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the "
@@ -1429,7 +1572,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1125
+#: sssd.conf.5.xml:1251
msgid ""
"If the remote user does not exist in the cache, it is created. The uid is "
"determined with the help of the SID, trusted domains will have UPGs and the "
@@ -1440,24 +1583,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1133
+#: sssd.conf.5.xml:1259
msgid ""
"If there are SIDs of groups from domains sssd knows about, the user will be "
"added to those groups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1139
+#: sssd.conf.5.xml:1265
msgid "These options can be used to configure the PAC responder."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1143 sssd-ifp.5.xml:50
+#: sssd.conf.5.xml:1269 sssd-ifp.5.xml:50
msgid "allowed_uids (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1146
+#: sssd.conf.5.xml:1272
msgid ""
"Specifies the comma-separated list of UID values or user names that are "
"allowed to access the PAC responder. User names are resolved to UIDs at "
@@ -1465,12 +1608,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1152
+#: sssd.conf.5.xml:1278
msgid "Default: 0 (only the root user is allowed to access the PAC responder)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1156
+#: sssd.conf.5.xml:1282
msgid ""
"Please note that although the UID 0 is used as the default it will be "
"overwritten with this option. If you still want to allow the root user to "
@@ -1478,25 +1621,37 @@ msgid ""
"to the list of allowed UIDs as well."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1291
+msgid "pac_lifetime (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1294
+msgid ""
+"Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC "
+"data can be used to determine the group memberships of a user."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1170
+#: sssd.conf.5.xml:1309
msgid "DOMAIN SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1177
+#: sssd.conf.5.xml:1316
msgid "min_id,max_id (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1180
+#: sssd.conf.5.xml:1319
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1185
+#: sssd.conf.5.xml:1324
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For "
@@ -1505,46 +1660,46 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1192
+#: sssd.conf.5.xml:1331
msgid ""
"These ID limits affect even saving entries to cache, not only returning them "
"by name or ID."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1196
+#: sssd.conf.5.xml:1335
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1202
+#: sssd.conf.5.xml:1341
msgid "enumerate (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1205
+#: sssd.conf.5.xml:1344
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1209
+#: sssd.conf.5.xml:1348
msgid "TRUE = Users and groups are enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1212
+#: sssd.conf.5.xml:1351
msgid "FALSE = No enumerations for this domain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1215 sssd.conf.5.xml:1447 sssd.conf.5.xml:1614
+#: sssd.conf.5.xml:1354 sssd.conf.5.xml:1586 sssd.conf.5.xml:1753
msgid "Default: FALSE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1218
+#: sssd.conf.5.xml:1357
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -1556,14 +1711,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1231
+#: sssd.conf.5.xml:1370
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1236
+#: sssd.conf.5.xml:1375
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -1572,39 +1727,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1244
+#: sssd.conf.5.xml:1383
msgid ""
"For the reasons cited above, enabling enumeration is not recommended, "
"especially in large environments."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1252
+#: sssd.conf.5.xml:1391
msgid "subdomain_enumerate (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1259
+#: sssd.conf.5.xml:1398
msgid "all"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1260
+#: sssd.conf.5.xml:1399
msgid "All discovered trusted domains will be enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1263
+#: sssd.conf.5.xml:1402
msgid "none"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1264
+#: sssd.conf.5.xml:1403
msgid "No discovered trusted domains will be enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1255
+#: sssd.conf.5.xml:1394
msgid ""
"Whether any of autodetected trusted domains should be enumerated. The "
"supported values are: <placeholder type=\"variablelist\" id=\"0\"/> "
@@ -1613,19 +1768,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1295
+#: sssd.conf.5.xml:1434
msgid "entry_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1298
+#: sssd.conf.5.xml:1437
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1302
+#: sssd.conf.5.xml:1441
msgid ""
"The cache expiration timestamps are stored as attributes of individual "
"objects in the cache. Therefore, changing the cache timeout only has effect "
@@ -1636,150 +1791,150 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1315
+#: sssd.conf.5.xml:1454
msgid "Default: 5400"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1321
+#: sssd.conf.5.xml:1460
msgid "entry_cache_user_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1324
+#: sssd.conf.5.xml:1463
msgid ""
"How many seconds should nss_sss consider user entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1328 sssd.conf.5.xml:1341 sssd.conf.5.xml:1354 sssd.conf.5.xml:1367 sssd.conf.5.xml:1380 sssd.conf.5.xml:1394 sssd.conf.5.xml:1408
+#: sssd.conf.5.xml:1467 sssd.conf.5.xml:1480 sssd.conf.5.xml:1493 sssd.conf.5.xml:1506 sssd.conf.5.xml:1519 sssd.conf.5.xml:1533 sssd.conf.5.xml:1547
msgid "Default: entry_cache_timeout"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1334
+#: sssd.conf.5.xml:1473
msgid "entry_cache_group_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1337
+#: sssd.conf.5.xml:1476
msgid ""
"How many seconds should nss_sss consider group entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1347
+#: sssd.conf.5.xml:1486
msgid "entry_cache_netgroup_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1350
+#: sssd.conf.5.xml:1489
msgid ""
"How many seconds should nss_sss consider netgroup entries valid before "
"asking the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1360
+#: sssd.conf.5.xml:1499
msgid "entry_cache_service_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1363
+#: sssd.conf.5.xml:1502
msgid ""
"How many seconds should nss_sss consider service entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1373
+#: sssd.conf.5.xml:1512
msgid "entry_cache_sudo_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1376
+#: sssd.conf.5.xml:1515
msgid ""
"How many seconds should sudo consider rules valid before asking the backend "
"again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1386
+#: sssd.conf.5.xml:1525
msgid "entry_cache_autofs_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1389
+#: sssd.conf.5.xml:1528
msgid ""
"How many seconds should the autofs service consider automounter maps valid "
"before asking the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1400
+#: sssd.conf.5.xml:1539
msgid "entry_cache_ssh_host_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1403
+#: sssd.conf.5.xml:1542
msgid ""
"How many seconds to keep a host ssh key after refresh. IE how long to cache "
"the host key for."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1414
+#: sssd.conf.5.xml:1553
msgid "refresh_expired_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1417
+#: sssd.conf.5.xml:1556
msgid ""
"Specifies how many seconds SSSD has to wait before triggering a background "
"refresh task which will refresh all expired or nearly expired records."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1422
+#: sssd.conf.5.xml:1561
msgid ""
"The background refresh will process users, groups and netgroups in the "
"cache."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1426
+#: sssd.conf.5.xml:1565
msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1430 sssd-ldap.5.xml:730 sssd-ipa.5.xml:227
+#: sssd.conf.5.xml:1569 sssd-ldap.5.xml:730 sssd-ipa.5.xml:227
msgid "Default: 0 (disabled)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1436
+#: sssd.conf.5.xml:1575
msgid "cache_credentials (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1439
+#: sssd.conf.5.xml:1578
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1443
+#: sssd.conf.5.xml:1582
msgid "User credentials are stored in a SHA512 hash, not in plaintext"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1453
+#: sssd.conf.5.xml:1592
msgid "cache_credentials_minimal_first_factor_length (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1456
+#: sssd.conf.5.xml:1595
msgid ""
"If 2-Factor-Authentication (2FA) is used and credentials should be saved "
"this value determines the minimal length the first authentication factor "
@@ -1787,24 +1942,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1463
+#: sssd.conf.5.xml:1602
msgid ""
"This should avoid that the short PINs of a PIN based 2FA scheme are saved in "
"the cache which would make them easy targets for brute-force attacks."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1468
+#: sssd.conf.5.xml:1607
msgid "Default: 8"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1474
+#: sssd.conf.5.xml:1613
msgid "account_cache_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1477
+#: sssd.conf.5.xml:1616
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -1813,17 +1968,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1484
+#: sssd.conf.5.xml:1623
msgid "Default: 0 (unlimited)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1489
+#: sssd.conf.5.xml:1628
msgid "pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1500
+#: sssd.conf.5.xml:1639
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -1832,34 +1987,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1507
+#: sssd.conf.5.xml:1646
msgid "Default: 7 (Kerberos), 0 (LDAP)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1513
+#: sssd.conf.5.xml:1652
msgid "id_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1516
+#: sssd.conf.5.xml:1655
msgid ""
"The identification provider used for the domain. Supported ID providers "
"are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1520
+#: sssd.conf.5.xml:1659
msgid "<quote>proxy</quote>: Support a legacy NSS provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1523 sssd.conf.5.xml:1660
+#: sssd.conf.5.xml:1662 sssd.conf.5.xml:1799
msgid "<quote>local</quote>: SSSD internal provider for local users"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1527
+#: sssd.conf.5.xml:1666
msgid ""
"<quote>ldap</quote>: LDAP provider. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> "
@@ -1867,7 +2022,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1535 sssd.conf.5.xml:1640 sssd.conf.5.xml:1695 sssd.conf.5.xml:1748
+#: sssd.conf.5.xml:1674 sssd.conf.5.xml:1779 sssd.conf.5.xml:1834 sssd.conf.5.xml:1897
msgid ""
"<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management "
"provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
@@ -1876,7 +2031,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1544 sssd.conf.5.xml:1649 sssd.conf.5.xml:1704 sssd.conf.5.xml:1757
+#: sssd.conf.5.xml:1683 sssd.conf.5.xml:1788 sssd.conf.5.xml:1843 sssd.conf.5.xml:1906
msgid ""
"<quote>ad</quote>: Active Directory provider. See <citerefentry> "
"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> "
@@ -1884,19 +2039,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1555
+#: sssd.conf.5.xml:1694
msgid "use_fully_qualified_names (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1558
+#: sssd.conf.5.xml:1697
msgid ""
"Use the full name and domain (as formatted by the domain's full_name_format) "
"as the user's login name reported to NSS."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1563
+#: sssd.conf.5.xml:1702
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified "
"names. For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -1905,7 +2060,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1571
+#: sssd.conf.5.xml:1710
msgid ""
"NOTE: This option has no effect on netgroup lookups due to their tendency to "
"include nested netgroups without qualified names. For netgroups, all domains "
@@ -1913,22 +2068,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1578
+#: sssd.conf.5.xml:1717
msgid "Default: FALSE (TRUE if default_domain_suffix is used)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1584
+#: sssd.conf.5.xml:1723
msgid "ignore_group_members (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1587
+#: sssd.conf.5.xml:1726
msgid "Do not return group members for group lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1590
+#: sssd.conf.5.xml:1729
msgid ""
"If set to TRUE, the group membership attribute is not requested from the "
"ldap server, and group members are not returned when processing group lookup "
@@ -1940,7 +2095,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1608
+#: sssd.conf.5.xml:1747
msgid ""
"Enabling this option can also make access provider checks for group "
"membership significantly faster, especially for groups containing many "
@@ -1948,19 +2103,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1619
+#: sssd.conf.5.xml:1758
msgid "auth_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1622
+#: sssd.conf.5.xml:1761
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1626 sssd.conf.5.xml:1688
+#: sssd.conf.5.xml:1765 sssd.conf.5.xml:1827
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> "
@@ -1968,7 +2123,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1633
+#: sssd.conf.5.xml:1772
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> "
@@ -1976,29 +2131,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1657
+#: sssd.conf.5.xml:1796
msgid "<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1664
+#: sssd.conf.5.xml:1803
msgid "<quote>none</quote> disables authentication explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1667
+#: sssd.conf.5.xml:1806
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1673
+#: sssd.conf.5.xml:1812
msgid "access_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1676
+#: sssd.conf.5.xml:1815
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -2006,19 +2161,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1682
+#: sssd.conf.5.xml:1821
msgid ""
"<quote>permit</quote> always allow access. It's the only permitted access "
"provider for a local domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1685
+#: sssd.conf.5.xml:1824
msgid "<quote>deny</quote> always deny access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1712
+#: sssd.conf.5.xml:1851
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> "
@@ -2027,24 +2182,38 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1719
+#: sssd.conf.5.xml:1858
+msgid ""
+"<quote>krb5</quote>: .k5login based access control. See <citerefentry> "
+"<refentrytitle>sssd-krb5</refentrytitle> "
+"<manvolnum>5</manvolnum></citerefentry> for more information on configuring "
+"Kerberos."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1865
+msgid "<quote>proxy</quote> for relaying access control to another PAM module."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1868
msgid "Default: <quote>permit</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1724
+#: sssd.conf.5.xml:1873
msgid "chpass_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1727
+#: sssd.conf.5.xml:1876
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1732
+#: sssd.conf.5.xml:1881
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> "
@@ -2053,7 +2222,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1740
+#: sssd.conf.5.xml:1889
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> "
@@ -2061,34 +2230,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1765
+#: sssd.conf.5.xml:1914
msgid "<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1769
+#: sssd.conf.5.xml:1918
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1772
+#: sssd.conf.5.xml:1921
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1779
+#: sssd.conf.5.xml:1928
msgid "sudo_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1782
+#: sssd.conf.5.xml:1931
msgid "The SUDO provider used for the domain. Supported SUDO providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1786
+#: sssd.conf.5.xml:1935
msgid ""
"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> "
@@ -2096,31 +2265,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1794
+#: sssd.conf.5.xml:1943
msgid ""
"<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default "
"settings."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1798
+#: sssd.conf.5.xml:1947
msgid ""
"<quote>ad</quote> the same as <quote>ldap</quote> but with AD default "
"settings."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1802
+#: sssd.conf.5.xml:1951
msgid "<quote>none</quote> disables SUDO explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1805 sssd.conf.5.xml:1883 sssd.conf.5.xml:1915 sssd.conf.5.xml:1940
+#: sssd.conf.5.xml:1954 sssd.conf.5.xml:2032 sssd.conf.5.xml:2073 sssd.conf.5.xml:2098
msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1809
+#: sssd.conf.5.xml:1958
msgid ""
"The detailed instructions for configuration of sudo_provider are in the "
"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -2131,12 +2300,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1826
+#: sssd.conf.5.xml:1975
msgid "selinux_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1829
+#: sssd.conf.5.xml:1978
msgid ""
"The provider which should handle loading of selinux settings. Note that this "
"provider will be called right after access provider ends. Supported selinux "
@@ -2144,7 +2313,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1835
+#: sssd.conf.5.xml:1984
msgid ""
"<quote>ipa</quote> to load selinux settings from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
@@ -2153,31 +2322,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1843
+#: sssd.conf.5.xml:1992
msgid "<quote>none</quote> disallows fetching selinux settings explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1846
+#: sssd.conf.5.xml:1995
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"selinux loading requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1852
+#: sssd.conf.5.xml:2001
msgid "subdomains_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1855
+#: sssd.conf.5.xml:2004
msgid ""
"The provider which should handle fetching of subdomains. This value should "
"be always the same as id_provider. Supported subdomain providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1861
+#: sssd.conf.5.xml:2010
msgid ""
"<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
@@ -2186,7 +2355,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1870
+#: sssd.conf.5.xml:2019
msgid ""
"<quote>ad</quote> to load a list of subdomains from an Active Directory "
"server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> "
@@ -2195,22 +2364,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1879
+#: sssd.conf.5.xml:2028
msgid "<quote>none</quote> disallows fetching subdomains explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1890
+#: sssd.conf.5.xml:2039
msgid "autofs_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1893
+#: sssd.conf.5.xml:2042
msgid "The autofs provider used for the domain. Supported autofs providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1897
+#: sssd.conf.5.xml:2046
msgid ""
"<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> "
@@ -2218,7 +2387,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1904
+#: sssd.conf.5.xml:2053
msgid ""
"<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> "
@@ -2226,24 +2395,32 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1912
+#: sssd.conf.5.xml:2061
+msgid ""
+"<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> "
+"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> "
+"</citerefentry> for more information on configuring the AD provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2070
msgid "<quote>none</quote> disables autofs explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1922
+#: sssd.conf.5.xml:2080
msgid "hostid_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1925
+#: sssd.conf.5.xml:2083
msgid ""
"The provider used for retrieving host identity information. Supported "
"hostid providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1929
+#: sssd.conf.5.xml:2087
msgid ""
"<quote>ipa</quote> to load host identity stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
@@ -2252,12 +2429,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1937
+#: sssd.conf.5.xml:2095
msgid "<quote>none</quote> disables hostid explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1950
+#: sssd.conf.5.xml:2108
msgid ""
"Regular expression for this domain that describes how to parse the string "
"containing user name and domain into these components. The \"domain\" can "
@@ -2267,7 +2444,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1959
+#: sssd.conf.5.xml:2117
msgid ""
"Default for the AD and IPA provider: "
"<quote>(((?P&lt;domain&gt;[^\\\\]+)\\\\(?P&lt;name&gt;.+$))|((?P&lt;name&gt;[^@]+)@(?P&lt;domain&gt;.+$))|(^(?P&lt;name&gt;[^@\\\\]+)$))</quote> "
@@ -2275,29 +2452,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1964
+#: sssd.conf.5.xml:2122
msgid "username"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1967
+#: sssd.conf.5.xml:2125
msgid "username@domain.name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1970
+#: sssd.conf.5.xml:2128
msgid "domain\\username"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1973
+#: sssd.conf.5.xml:2131
msgid ""
"While the first two correspond to the general default the third one is "
"introduced to allow easy integration of users from Windows domains."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1978
+#: sssd.conf.5.xml:2136
msgid ""
"Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
"which translates to \"the name is everything up to the <quote>@</quote> "
@@ -2305,7 +2482,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1984
+#: sssd.conf.5.xml:2142
msgid ""
"PLEASE NOTE: the support for non-unique named subpatterns is not available "
"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
@@ -2313,66 +2490,66 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1991
+#: sssd.conf.5.xml:2149
msgid ""
"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax "
"(?P&lt;name&gt;) to label subpatterns."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2038
+#: sssd.conf.5.xml:2196
msgid "Default: <quote>%1$s@%2$s</quote>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2044
+#: sssd.conf.5.xml:2202
msgid "lookup_family_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2047
+#: sssd.conf.5.xml:2205
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2051
+#: sssd.conf.5.xml:2209
msgid "Supported values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2054
+#: sssd.conf.5.xml:2212
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2057
+#: sssd.conf.5.xml:2215
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2060
+#: sssd.conf.5.xml:2218
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2063
+#: sssd.conf.5.xml:2221
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2066
+#: sssd.conf.5.xml:2224
msgid "Default: ipv4_first"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2072
+#: sssd.conf.5.xml:2230
msgid "dns_resolver_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2075
+#: sssd.conf.5.xml:2233
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -2380,69 +2557,69 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2081 sssd-ldap.5.xml:1203 sssd-ldap.5.xml:1245 sssd-ldap.5.xml:1263 sssd-krb5.5.xml:248
+#: sssd.conf.5.xml:2239 sssd-ldap.5.xml:1221 sssd-ldap.5.xml:1263 sssd-ldap.5.xml:1281 sssd-krb5.5.xml:248
msgid "Default: 6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2087
+#: sssd.conf.5.xml:2245
msgid "dns_discovery_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2090
+#: sssd.conf.5.xml:2248
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2094
+#: sssd.conf.5.xml:2252
msgid "Default: Use the domain part of machine's hostname"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2100
+#: sssd.conf.5.xml:2258
msgid "override_gid (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2103
+#: sssd.conf.5.xml:2261
msgid "Override the primary GID value with the one specified."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2109
+#: sssd.conf.5.xml:2267
msgid "case_sensitive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2117
+#: sssd.conf.5.xml:2275
msgid "True"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2120
+#: sssd.conf.5.xml:2278
msgid "Case sensitive. This value is invalid for AD provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2126
+#: sssd.conf.5.xml:2284
msgid "False"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2128
+#: sssd.conf.5.xml:2286
msgid "Case insensitive."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2132
+#: sssd.conf.5.xml:2290
msgid "Preserving"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2135
+#: sssd.conf.5.xml:2293
msgid ""
"Same as False (case insensitive), but does not lowercase names in the result "
"of NSS operations. Note that name aliases (and in case of services also "
@@ -2450,7 +2627,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2112
+#: sssd.conf.5.xml:2270
msgid ""
"Treat user and group names as case sensitive. At the moment, this option is "
"not supported in the local provider. Possible option values are: "
@@ -2458,41 +2635,85 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2147
+#: sssd.conf.5.xml:2305
msgid "Default: True (False for AD provider)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2153
-msgid "proxy_fast_alias (boolean)"
+#: sssd.conf.5.xml:2311
+msgid "subdomain_inherit (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2156
+#: sssd.conf.5.xml:2314
msgid ""
-"When a user or group is looked up by name in the proxy provider, a second "
-"lookup by ID is performed to \"canonicalize\" the name in case the requested "
-"name was an alias. Setting this option to true would cause the SSSD to "
-"perform the ID lookup from cache for performance reasons."
+"Specifies a list of configuration parameters that should be inherited by a "
+"subdomain. Please note that only selected parameters can be inherited. "
+"Currently the following options can be inherited:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2320
+msgid "ignore_group_members"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2323
+msgid "ldap_purge_cache_timeout"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2170
+#: sssd.conf.5.xml:2326 sssd-ldap.5.xml:1054
+msgid "ldap_use_tokengroups"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2329
+msgid "ldap_user_principal"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2332
+msgid ""
+"ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab "
+"is not set explicitly)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd.conf.5.xml:2338
+#, no-wrap
+msgid ""
+"subdomain_inherit = ldap_purge_cache_timeout\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2336
+msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2345
+msgid "Note: This option only works with the IPA and AD provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2352
msgid "subdomain_homedir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2181
+#: sssd.conf.5.xml:2363
msgid "%F"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2182
+#: sssd.conf.5.xml:2364
msgid "flat (NetBIOS) name of a subdomain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2173
+#: sssd.conf.5.xml:2355
msgid ""
"Use this homedir as default value for all subdomains within this domain in "
"IPA AD trust. See <emphasis>override_homedir</emphasis> for info about "
@@ -2502,32 +2723,32 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2187
+#: sssd.conf.5.xml:2369
msgid "The value can be overridden by <emphasis>override_homedir</emphasis> option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2191
+#: sssd.conf.5.xml:2373
msgid "Default: <filename>/home/%d/%u</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2196
+#: sssd.conf.5.xml:2378
msgid "realmd_tags (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2199
+#: sssd.conf.5.xml:2381
msgid "Various tags stored by the realmd configuration service for this domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2205
+#: sssd.conf.5.xml:2387
msgid "cached_auth_timeout (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2208
+#: sssd.conf.5.xml:2390
msgid ""
"Specifies time in seconds since last successful online authentication for "
"which user will be authenticated using cached credentials while SSSD is in "
@@ -2535,12 +2756,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2214
+#: sssd.conf.5.xml:2396
msgid "Special value 0 implies that this feature is disabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2218
+#: sssd.conf.5.xml:2400
msgid ""
"Please note that if <quote>cached_auth_timeout</quote> is longer than "
"<quote>pam_id_timeout</quote> then the back end could be called to handle "
@@ -2548,7 +2769,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1172
+#: sssd.conf.5.xml:1311
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called "
@@ -2557,49 +2778,63 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2236
+#: sssd.conf.5.xml:2418
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2239
+#: sssd.conf.5.xml:2421
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2242
+#: sssd.conf.5.xml:2424
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2250
+#: sssd.conf.5.xml:2432
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2253
+#: sssd.conf.5.xml:2435
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
"for example _nss_files_getpwent."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2445
+msgid "proxy_fast_alias (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2448
+msgid ""
+"When a user or group is looked up by name in the proxy provider, a second "
+"lookup by ID is performed to \"canonicalize\" the name in case the requested "
+"name was an alias. Setting this option to true would cause the SSSD to "
+"perform the ID lookup from cache for performance reasons."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2232
+#: sssd.conf.5.xml:2414
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" "
"id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2265
+#: sssd.conf.5.xml:2465
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2267
+#: sssd.conf.5.xml:2467
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -2607,73 +2842,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2274
+#: sssd.conf.5.xml:2474
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2277
+#: sssd.conf.5.xml:2477
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2281
+#: sssd.conf.5.xml:2481
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2286
+#: sssd.conf.5.xml:2486
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2289
+#: sssd.conf.5.xml:2489
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2294
+#: sssd.conf.5.xml:2494
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2299
+#: sssd.conf.5.xml:2499
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2302
+#: sssd.conf.5.xml:2502
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2306 sssd.conf.5.xml:2318
+#: sssd.conf.5.xml:2506 sssd.conf.5.xml:2518
msgid "Default: TRUE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2311
+#: sssd.conf.5.xml:2511
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2314
+#: sssd.conf.5.xml:2514
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2323
+#: sssd.conf.5.xml:2523
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2326
+#: sssd.conf.5.xml:2526
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -2681,17 +2916,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2334
+#: sssd.conf.5.xml:2534
msgid "Default: 077"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2339
+#: sssd.conf.5.xml:2539
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2342
+#: sssd.conf.5.xml:2542
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -2700,17 +2935,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2352
+#: sssd.conf.5.xml:2552
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2357
+#: sssd.conf.5.xml:2557
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2360
+#: sssd.conf.5.xml:2560
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -2718,17 +2953,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2367
+#: sssd.conf.5.xml:2567
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2372
+#: sssd.conf.5.xml:2572
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2375
+#: sssd.conf.5.xml:2575
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -2736,17 +2971,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2381
+#: sssd.conf.5.xml:2581
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:2391 sssd-ldap.5.xml:2611 sssd-simple.5.xml:131 sssd-ipa.5.xml:717 sssd-ad.5.xml:889 sssd-krb5.5.xml:564 sss_rpcidmapd.5.xml:98
+#: sssd.conf.5.xml:2591 sssd-ldap.5.xml:2629 sssd-simple.5.xml:131 sssd-ipa.5.xml:717 sssd-ad.5.xml:965 sssd-krb5.5.xml:564 sss_rpcidmapd.5.xml:98
msgid "EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:2397
+#: sssd.conf.5.xml:2597
#, no-wrap
msgid ""
"[sssd]\n"
@@ -2776,7 +3011,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2393
+#: sssd.conf.5.xml:2593
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -2823,7 +3058,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:88 sssd-krb5.5.xml:63 sssd-ifp.5.xml:44
+#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:89 sssd-krb5.5.xml:63 sssd-ifp.5.xml:44
msgid "CONFIGURATION OPTIONS"
msgstr ""
@@ -2922,7 +3157,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:646 sssd-ad.5.xml:212 sss_override.8.xml:99 sss_override.8.xml:167
+#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:646 sssd-ad.5.xml:220 sss_override.8.xml:137 sss_override.8.xml:234
msgid "Examples:"
msgstr ""
@@ -3211,14 +3446,14 @@ msgid "ldap_user_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:373 sssd-ldap.5.xml:914 sssd-ldap.5.xml:1119
+#: sssd-ldap.5.xml:373 sssd-ldap.5.xml:914 sssd-ldap.5.xml:1137
msgid ""
"The LDAP attribute that contains timestamp of the last modification of the "
"parent object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:377 sssd-ldap.5.xml:918 sssd-ldap.5.xml:1126
+#: sssd-ldap.5.xml:377 sssd-ldap.5.xml:918 sssd-ldap.5.xml:1144
msgid "Default: modifyTimestamp"
msgstr ""
@@ -3615,7 +3850,7 @@ msgid "The LDAP attribute that corresponds to the user's full name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:743 sssd-ldap.5.xml:850 sssd-ldap.5.xml:1077 sssd-ldap.5.xml:1151 sssd-ldap.5.xml:2192 sssd-ipa.5.xml:590
+#: sssd-ldap.5.xml:743 sssd-ldap.5.xml:850 sssd-ldap.5.xml:1095 sssd-ldap.5.xml:1169 sssd-ldap.5.xml:2210 sssd-ipa.5.xml:590
msgid "Default: cn"
msgstr ""
@@ -3819,19 +4054,36 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:945
-msgid "ldap_group_nesting_level (integer)"
+msgid "ldap_group_external_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:948
msgid ""
+"The LDAP attribute that references group members that are defined in an "
+"external domain. At the moment, only IPA's external members are supported."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:954
+msgid "Default: ipaExternalMember in the IPA provider, otherwise unset."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:961
+msgid "ldap_group_nesting_level (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:964
+msgid ""
"If ldap_schema is set to a schema format that supports nested groups "
"(e.g. RFC2307bis), then this option controls how many levels of nesting SSSD "
"will follow. This option has no effect on the RFC2307 schema."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:955
+#: sssd-ldap.5.xml:971
msgid ""
"Note: This option specifies the guaranteed level of nested groups to be "
"processed for any lookup. However, nested groups beyond this limit "
@@ -3841,26 +4093,27 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:964
+#: sssd-ldap.5.xml:980
msgid ""
"If ldap_group_nesting_level is set to 0 then no nested groups are processed "
-"at all. However, when connected to Active-Directory Server 2008 and later it "
-"is furthermore required to disable usage of Token-Groups by setting "
-"ldap_use_tokengroups to false."
+"at all. However, when connected to Active-Directory Server 2008 and later "
+"using <quote>id_provider=ad</quote> it is furthermore required to disable "
+"usage of Token-Groups by setting ldap_use_tokengroups to false in order to "
+"restrict group nesting."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:971
+#: sssd-ldap.5.xml:989
msgid "Default: 2"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:977
+#: sssd-ldap.5.xml:995
msgid "ldap_groups_use_matching_rule_in_chain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:980
+#: sssd-ldap.5.xml:998
msgid ""
"This option tells SSSD to take advantage of an Active Directory-specific "
"feature which may speed up group lookup operations on deployments with "
@@ -3868,14 +4121,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:986
+#: sssd-ldap.5.xml:1004
msgid ""
"In most common cases, it is best to leave this option disabled. It generally "
"only provides a performance increase on very complex nestings."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:991 sssd-ldap.5.xml:1018
+#: sssd-ldap.5.xml:1009 sssd-ldap.5.xml:1036
msgid ""
"If this option is enabled, SSSD will use it if it detects that the server "
"supports it during initial connection. So \"True\" here essentially means "
@@ -3883,7 +4136,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:997 sssd-ldap.5.xml:1024
+#: sssd-ldap.5.xml:1015 sssd-ldap.5.xml:1042
msgid ""
"Note: This feature is currently known to work only with Active Directory "
"2008 R1 and later. See <ulink "
@@ -3891,18 +4144,13 @@ msgid ""
"MSDN(TM) documentation</ulink> for more details."
msgstr ""
-#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1003 sssd-ldap.5.xml:1030 sssd-ldap.5.xml:1321 sssd-ldap.5.xml:1342 sssd-ldap.5.xml:1848 include/ldap_id_mapping.xml:242
-msgid "Default: False"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1009
+#: sssd-ldap.5.xml:1027
msgid "ldap_initgroups_use_matching_rule_in_chain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1012
+#: sssd-ldap.5.xml:1030
msgid ""
"This option tells SSSD to take advantage of an Active Directory-specific "
"feature which might speed up initgroups operations (most notably when "
@@ -3910,166 +4158,166 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1039
+#: sssd-ldap.5.xml:1057
msgid ""
"This options enables or disables use of Token-Groups attribute when "
"performing initgroup for users from Active Directory Server 2008 and later."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1044
+#: sssd-ldap.5.xml:1062
msgid "Default: True for AD and IPA otherwise False."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1050
+#: sssd-ldap.5.xml:1068
msgid "ldap_netgroup_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1053
+#: sssd-ldap.5.xml:1071
msgid "The object class of a netgroup entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1056
+#: sssd-ldap.5.xml:1074
msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1060
+#: sssd-ldap.5.xml:1078
msgid "Default: nisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1066
+#: sssd-ldap.5.xml:1084
msgid "ldap_netgroup_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1069
+#: sssd-ldap.5.xml:1087
msgid "The LDAP attribute that corresponds to the netgroup name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1073
+#: sssd-ldap.5.xml:1091
msgid "In IPA provider, ipa_netgroup_name should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1083
+#: sssd-ldap.5.xml:1101
msgid "ldap_netgroup_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1086
+#: sssd-ldap.5.xml:1104
msgid "The LDAP attribute that contains the names of the netgroup's members."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1090
+#: sssd-ldap.5.xml:1108
msgid "In IPA provider, ipa_netgroup_member should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1094
+#: sssd-ldap.5.xml:1112
msgid "Default: memberNisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1100
+#: sssd-ldap.5.xml:1118
msgid "ldap_netgroup_triple (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1103
+#: sssd-ldap.5.xml:1121
msgid "The LDAP attribute that contains the (host, user, domain) netgroup triples."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1107 sssd-ldap.5.xml:1123
+#: sssd-ldap.5.xml:1125 sssd-ldap.5.xml:1141
msgid "This option is not available in IPA provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1110
+#: sssd-ldap.5.xml:1128
msgid "Default: nisNetgroupTriple"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1116
+#: sssd-ldap.5.xml:1134
msgid "ldap_netgroup_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1132
+#: sssd-ldap.5.xml:1150
msgid "ldap_service_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1135
+#: sssd-ldap.5.xml:1153
msgid "The object class of a service entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1138
+#: sssd-ldap.5.xml:1156
msgid "Default: ipService"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1144
+#: sssd-ldap.5.xml:1162
msgid "ldap_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1147
+#: sssd-ldap.5.xml:1165
msgid ""
"The LDAP attribute that contains the name of service attributes and their "
"aliases."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1157
+#: sssd-ldap.5.xml:1175
msgid "ldap_service_port (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1160
+#: sssd-ldap.5.xml:1178
msgid "The LDAP attribute that contains the port managed by this service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1164
+#: sssd-ldap.5.xml:1182
msgid "Default: ipServicePort"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1170
+#: sssd-ldap.5.xml:1188
msgid "ldap_service_proto (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1173
+#: sssd-ldap.5.xml:1191
msgid "The LDAP attribute that contains the protocols understood by this service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1177
+#: sssd-ldap.5.xml:1195
msgid "Default: ipServiceProtocol"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1183
+#: sssd-ldap.5.xml:1201
msgid "ldap_service_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1188
+#: sssd-ldap.5.xml:1206
msgid "ldap_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1191
+#: sssd-ldap.5.xml:1209
msgid ""
"Specifies the timeout (in seconds) that ldap searches are allowed to run "
"before they are cancelled and cached results are returned (and offline mode "
@@ -4077,7 +4325,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1197
+#: sssd-ldap.5.xml:1215
msgid ""
"Note: this option is subject to change in future versions of the SSSD. It "
"will likely be replaced at some point by a series of timeouts for specific "
@@ -4085,12 +4333,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1209
+#: sssd-ldap.5.xml:1227
msgid "ldap_enumeration_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1212
+#: sssd-ldap.5.xml:1230
msgid ""
"Specifies the timeout (in seconds) that ldap searches for user and group "
"enumerations are allowed to run before they are cancelled and cached results "
@@ -4098,12 +4346,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1225
+#: sssd-ldap.5.xml:1243
msgid "ldap_network_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1228
+#: sssd-ldap.5.xml:1246
msgid ""
"Specifies the timeout (in seconds) after which the <citerefentry> "
"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> "
@@ -4114,12 +4362,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1251
+#: sssd-ldap.5.xml:1269
msgid "ldap_opt_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1254
+#: sssd-ldap.5.xml:1272
msgid ""
"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
"will abort if no response is received. Also controls the timeout when "
@@ -4128,12 +4376,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1269
+#: sssd-ldap.5.xml:1287
msgid "ldap_connection_expire_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1272
+#: sssd-ldap.5.xml:1290
msgid ""
"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
"maintained. After this time, the connection will be re-established. If used "
@@ -4142,34 +4390,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1280 sssd-ldap.5.xml:2349
+#: sssd-ldap.5.xml:1298 sssd-ldap.5.xml:2367
msgid "Default: 900 (15 minutes)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1286
+#: sssd-ldap.5.xml:1304
msgid "ldap_page_size (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1289
+#: sssd-ldap.5.xml:1307
msgid ""
"Specify the number of records to retrieve from LDAP in a single "
"request. Some LDAP servers enforce a maximum limit per-request."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1294
+#: sssd-ldap.5.xml:1312
msgid "Default: 1000"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1300
+#: sssd-ldap.5.xml:1318
msgid "ldap_disable_paging (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1303
+#: sssd-ldap.5.xml:1321
msgid ""
"Disable the LDAP paging control. This option should be used if the LDAP "
"server reports that it supports the LDAP paging control in its RootDSE but "
@@ -4177,7 +4425,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1309
+#: sssd-ldap.5.xml:1327
msgid ""
"Example: OpenLDAP servers with the paging control module installed on the "
"server but not enabled will report it in the RootDSE but be unable to use "
@@ -4185,7 +4433,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1315
+#: sssd-ldap.5.xml:1333
msgid ""
"Example: 389 DS has a bug where it can only support a one paging control at "
"a time on a single connection. On busy clients, this can result in some "
@@ -4193,17 +4441,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1327
+#: sssd-ldap.5.xml:1345
msgid "ldap_disable_range_retrieval (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1330
+#: sssd-ldap.5.xml:1348
msgid "Disable Active Directory range retrieval."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1333
+#: sssd-ldap.5.xml:1351
msgid ""
"Active Directory limits the number of members to be retrieved in a single "
"lookup using the MaxValRange policy (which defaults to 1500 members). If a "
@@ -4213,12 +4461,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1348
+#: sssd-ldap.5.xml:1366
msgid "ldap_sasl_minssf (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1351
+#: sssd-ldap.5.xml:1369
msgid ""
"When communicating with an LDAP server using SASL, specify the minimum "
"security level necessary to establish the connection. The values of this "
@@ -4226,17 +4474,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1357
+#: sssd-ldap.5.xml:1375
msgid "Default: Use the system default (usually specified by ldap.conf)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1364
+#: sssd-ldap.5.xml:1382
msgid "ldap_deref_threshold (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1367
+#: sssd-ldap.5.xml:1385
msgid ""
"Specify the number of group members that must be missing from the internal "
"cache in order to trigger a dereference lookup. If less members are missing, "
@@ -4244,12 +4492,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1373
+#: sssd-ldap.5.xml:1391
msgid "You can turn off dereference lookups completely by setting the value to 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1377
+#: sssd-ldap.5.xml:1395
msgid ""
"A dereference lookup is a means of fetching all group members in a single "
"LDAP call. Different LDAP servers may implement different dereference "
@@ -4258,7 +4506,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1385
+#: sssd-ldap.5.xml:1403
msgid ""
"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
"filter, then the dereference lookup performance enhancement will be disabled "
@@ -4266,26 +4514,26 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1398
+#: sssd-ldap.5.xml:1416
msgid "ldap_tls_reqcert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1401
+#: sssd-ldap.5.xml:1419
msgid ""
"Specifies what checks to perform on server certificates in a TLS session, if "
"any. It can be specified as one of the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1407
+#: sssd-ldap.5.xml:1425
msgid ""
"<emphasis>never</emphasis> = The client will not request or check any server "
"certificate."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1411
+#: sssd-ldap.5.xml:1429
msgid ""
"<emphasis>allow</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -4293,7 +4541,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1418
+#: sssd-ldap.5.xml:1436
msgid ""
"<emphasis>try</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -4301,7 +4549,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1424
+#: sssd-ldap.5.xml:1442
msgid ""
"<emphasis>demand</emphasis> = The server certificate is requested. If no "
"certificate is provided, or a bad certificate is provided, the session is "
@@ -4309,41 +4557,41 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1430
+#: sssd-ldap.5.xml:1448
msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1434
+#: sssd-ldap.5.xml:1452
msgid "Default: hard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1440
+#: sssd-ldap.5.xml:1458
msgid "ldap_tls_cacert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1443
+#: sssd-ldap.5.xml:1461
msgid ""
"Specifies the file that contains certificates for all of the Certificate "
"Authorities that <command>sssd</command> will recognize."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1448 sssd-ldap.5.xml:1466 sssd-ldap.5.xml:1507
+#: sssd-ldap.5.xml:1466 sssd-ldap.5.xml:1484 sssd-ldap.5.xml:1525
msgid ""
"Default: use OpenLDAP defaults, typically in "
"<filename>/etc/openldap/ldap.conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1455
+#: sssd-ldap.5.xml:1473
msgid "ldap_tls_cacertdir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1458
+#: sssd-ldap.5.xml:1476
msgid ""
"Specifies the path of a directory that contains Certificate Authority "
"certificates in separate individual files. Typically the file names need to "
@@ -4352,32 +4600,32 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1473
+#: sssd-ldap.5.xml:1491
msgid "ldap_tls_cert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1476
+#: sssd-ldap.5.xml:1494
msgid "Specifies the file that contains the certificate for the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1486
+#: sssd-ldap.5.xml:1504
msgid "ldap_tls_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1489
+#: sssd-ldap.5.xml:1507
msgid "Specifies the file that contains the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1498
+#: sssd-ldap.5.xml:1516
msgid "ldap_tls_cipher_suite (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1501
+#: sssd-ldap.5.xml:1519
msgid ""
"Specifies acceptable cipher suites. Typically this is a colon separated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -4385,24 +4633,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1514
+#: sssd-ldap.5.xml:1532
msgid "ldap_id_use_start_tls (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1517
+#: sssd-ldap.5.xml:1535
msgid ""
"Specifies that the id_provider connection must also use <systemitem "
"class=\"protocol\">tls</systemitem> to protect the channel."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1527
+#: sssd-ldap.5.xml:1545
msgid "ldap_id_mapping (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1530
+#: sssd-ldap.5.xml:1548
msgid ""
"Specifies that SSSD should attempt to map user and group IDs from the "
"ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
@@ -4410,17 +4658,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1536
+#: sssd-ldap.5.xml:1554
msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1546
+#: sssd-ldap.5.xml:1564
msgid "ldap_min_id, ldap_max_id (interger)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1549
+#: sssd-ldap.5.xml:1567
msgid ""
"In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
"set to true the allowed ID range for ldap_user_uid_number and "
@@ -4431,29 +4679,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1561
+#: sssd-ldap.5.xml:1579
msgid "Default: not set (both options are set to 0)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1567
+#: sssd-ldap.5.xml:1585
msgid "ldap_sasl_mech (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1570
+#: sssd-ldap.5.xml:1588
msgid ""
"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
"supported."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1580
+#: sssd-ldap.5.xml:1598
msgid "ldap_sasl_authid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1583
+#: sssd-ldap.5.xml:1601
msgid ""
"Specify the SASL authorization id to use. When GSSAPI is used, this "
"represents the Kerberos principal used for authentication to the directory. "
@@ -4463,17 +4711,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1591
+#: sssd-ldap.5.xml:1609
msgid "Default: host/hostname@REALM"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1597
+#: sssd-ldap.5.xml:1615
msgid "ldap_sasl_realm (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1600
+#: sssd-ldap.5.xml:1618
msgid ""
"Specify the SASL realm to use. When not specified, this option defaults to "
"the value of krb5_realm. If the ldap_sasl_authid contains the realm as "
@@ -4481,49 +4729,49 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1606
+#: sssd-ldap.5.xml:1624
msgid "Default: the value of krb5_realm."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1612
+#: sssd-ldap.5.xml:1630
msgid "ldap_sasl_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1615
+#: sssd-ldap.5.xml:1633
msgid ""
"If set to true, the LDAP library would perform a reverse lookup to "
"canonicalize the host name during a SASL bind."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1620
+#: sssd-ldap.5.xml:1638
msgid "Default: false;"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1626
+#: sssd-ldap.5.xml:1644
msgid "ldap_krb5_keytab (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1629
+#: sssd-ldap.5.xml:1647
msgid "Specify the keytab to use when using SASL/GSSAPI."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1632
+#: sssd-ldap.5.xml:1650
msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1638
+#: sssd-ldap.5.xml:1656
msgid "ldap_krb5_init_creds (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1641
+#: sssd-ldap.5.xml:1659
msgid ""
"Specifies that the id_provider should init Kerberos credentials (TGT). This "
"action is performed only if SASL is used and the mechanism selected is "
@@ -4531,27 +4779,27 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1653
+#: sssd-ldap.5.xml:1671
msgid "ldap_krb5_ticket_lifetime (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1656
+#: sssd-ldap.5.xml:1674
msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1660 sssd-ad.5.xml:783
+#: sssd-ldap.5.xml:1678 sssd-ad.5.xml:859
msgid "Default: 86400 (24 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1666 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1684 sssd-krb5.5.xml:74
msgid "krb5_server, krb5_backup_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1669
+#: sssd-ldap.5.xml:1687
msgid ""
"Specifies the comma-separated list of IP addresses or hostnames of the "
"Kerberos servers to which SSSD should connect in the order of "
@@ -4563,7 +4811,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1681 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1699 sssd-krb5.5.xml:89
msgid ""
"When using service discovery for KDC or kpasswd servers, SSSD first searches "
"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -4571,7 +4819,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1686 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1704 sssd-krb5.5.xml:94
msgid ""
"This option was named <quote>krb5_kdcip</quote> in earlier releases of "
"SSSD. While the legacy name is recognized for the time being, users are "
@@ -4580,39 +4828,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1695 sssd-ipa.5.xml:415 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1713 sssd-ipa.5.xml:415 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1698
+#: sssd-ldap.5.xml:1716
msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1701
+#: sssd-ldap.5.xml:1719
msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1707 sssd-ipa.5.xml:430 sssd-krb5.5.xml:462
+#: sssd-ldap.5.xml:1725 sssd-ipa.5.xml:430 sssd-krb5.5.xml:462
msgid "krb5_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1710
+#: sssd-ldap.5.xml:1728
msgid ""
"Specifies if the host principal should be canonicalized when connecting to "
"LDAP server. This feature is available with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1722 sssd-krb5.5.xml:477
+#: sssd-ldap.5.xml:1740 sssd-krb5.5.xml:477
msgid "krb5_use_kdcinfo (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1725 sssd-krb5.5.xml:480
+#: sssd-ldap.5.xml:1743 sssd-krb5.5.xml:480
msgid ""
"Specifies if the SSSD should instruct the Kerberos libraries what realm and "
"which KDCs to use. This option is on by default, if you disable it, you need "
@@ -4622,7 +4870,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1736 sssd-krb5.5.xml:491
+#: sssd-ldap.5.xml:1754 sssd-krb5.5.xml:491
msgid ""
"See the <citerefentry> "
"<refentrytitle>sssd_krb5_locator_plugin</refentrytitle> "
@@ -4631,26 +4879,26 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1750
+#: sssd-ldap.5.xml:1768
msgid "ldap_pwd_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1753
+#: sssd-ldap.5.xml:1771
msgid ""
"Select the policy to evaluate the password expiration on the client "
"side. The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1758
+#: sssd-ldap.5.xml:1776
msgid ""
"<emphasis>none</emphasis> - No evaluation on the client side. This option "
"cannot disable server-side password policies."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1763
+#: sssd-ldap.5.xml:1781
msgid ""
"<emphasis>shadow</emphasis> - Use "
"<citerefentry><refentrytitle>shadow</refentrytitle> "
@@ -4659,7 +4907,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1769
+#: sssd-ldap.5.xml:1787
msgid ""
"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
"to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -4667,31 +4915,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1778
+#: sssd-ldap.5.xml:1796
msgid ""
"<emphasis>Note</emphasis>: if a password policy is configured on server "
"side, it always takes precedence over policy set with this option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1786
+#: sssd-ldap.5.xml:1804
msgid "ldap_referrals (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1789
+#: sssd-ldap.5.xml:1807
msgid "Specifies whether automatic referral chasing should be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1793
+#: sssd-ldap.5.xml:1811
msgid ""
"Please note that sssd only supports referral chasing when it is compiled "
"with OpenLDAP version 2.4.13 or higher."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1798
+#: sssd-ldap.5.xml:1816
msgid ""
"Chasing referrals may incur a performance penalty in environments that use "
"them heavily, a notable example is Microsoft Active Directory. If your setup "
@@ -4700,56 +4948,56 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1812
+#: sssd-ldap.5.xml:1830
msgid "ldap_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1815
+#: sssd-ldap.5.xml:1833
msgid "Specifies the service name to use when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1819
+#: sssd-ldap.5.xml:1837
msgid "Default: ldap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1825
+#: sssd-ldap.5.xml:1843
msgid "ldap_chpass_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1828
+#: sssd-ldap.5.xml:1846
msgid ""
"Specifies the service name to use to find an LDAP server which allows "
"password changes when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1833
+#: sssd-ldap.5.xml:1851
msgid "Default: not set, i.e. service discovery is disabled"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1839
+#: sssd-ldap.5.xml:1857
msgid "ldap_chpass_update_last_change (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1842
+#: sssd-ldap.5.xml:1860
msgid ""
"Specifies whether to update the ldap_user_shadow_last_change attribute with "
"days since the Epoch after a password change operation."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1854
+#: sssd-ldap.5.xml:1872
msgid "ldap_access_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1857
+#: sssd-ldap.5.xml:1875
msgid ""
"If using access_provider = ldap and ldap_access_order = filter (default), "
"this option is mandatory. It specifies an LDAP search filter criteria that "
@@ -4766,12 +5014,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1877
+#: sssd-ldap.5.xml:1895
msgid "Example:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1880
+#: sssd-ldap.5.xml:1898
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -4780,14 +5028,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1884
+#: sssd-ldap.5.xml:1902
msgid ""
"This example means that access to this host is restricted to users whose "
"employeeType attribute is set to \"admin\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1889
+#: sssd-ldap.5.xml:1907
msgid ""
"Offline caching for this feature is limited to determining whether the "
"user's last online login was granted access permission. If they were granted "
@@ -4796,24 +5044,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1897 sssd-ldap.5.xml:1954
+#: sssd-ldap.5.xml:1915 sssd-ldap.5.xml:1972
msgid "Default: Empty"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1903
+#: sssd-ldap.5.xml:1921
msgid "ldap_account_expire_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1906
+#: sssd-ldap.5.xml:1924
msgid ""
"With this option a client side evaluation of access control attributes can "
"be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1910
+#: sssd-ldap.5.xml:1928
msgid ""
"Please note that it is always recommended to use server side access control, "
"i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -4821,19 +5069,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1917
+#: sssd-ldap.5.xml:1935
msgid "The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1920
+#: sssd-ldap.5.xml:1938
msgid ""
"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
"determine if the account is expired."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1925
+#: sssd-ldap.5.xml:1943
msgid ""
"<emphasis>ad</emphasis>: use the value of the 32bit field "
"ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -4842,7 +5090,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1932
+#: sssd-ldap.5.xml:1950
msgid ""
"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, "
"<emphasis>389ds</emphasis>: use the value of ldap_ns_account_lock to check "
@@ -4850,7 +5098,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1938
+#: sssd-ldap.5.xml:1956
msgid ""
"<emphasis>nds</emphasis>: the values of "
"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -4859,7 +5107,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1947
+#: sssd-ldap.5.xml:1965
msgid ""
"Please note that the ldap_access_order configuration option "
"<emphasis>must</emphasis> include <quote>expire</quote> in order for the "
@@ -4867,22 +5115,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1960
+#: sssd-ldap.5.xml:1978
msgid "ldap_access_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1963
+#: sssd-ldap.5.xml:1981
msgid "Comma separated list of access control options. Allowed values are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1967
+#: sssd-ldap.5.xml:1985
msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1970
+#: sssd-ldap.5.xml:1988
msgid ""
"<emphasis>lockout</emphasis>: use account locking. If set, this option "
"denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -4892,7 +5140,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1980
+#: sssd-ldap.5.xml:1998
msgid ""
"<emphasis> Please note that this option is superseded by the "
"<quote>ppolicy</quote> option and might be removed in a future release. "
@@ -4900,7 +5148,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1987
+#: sssd-ldap.5.xml:2005
msgid ""
"<emphasis>ppolicy</emphasis>: use account locking. If set, this option "
"denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -4913,12 +5161,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2004
+#: sssd-ldap.5.xml:2022
msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2008
+#: sssd-ldap.5.xml:2026
msgid ""
"<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, "
"pwd_expire_policy_renew: </emphasis> These options are useful if users are "
@@ -4928,7 +5176,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2018
+#: sssd-ldap.5.xml:2036
msgid ""
"The difference between these options is the action taken if user password is "
"expired: pwd_expire_policy_reject - user is denied to log in, "
@@ -4938,48 +5186,48 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2026
+#: sssd-ldap.5.xml:2044
msgid "Note If user password is expired no explicit message is prompted by SSSD."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2030
+#: sssd-ldap.5.xml:2048
msgid ""
"Please note that 'access_provider = ldap' must be set for this feature to "
"work. Also 'ldap_pwd_policy' must be set to an appropriate password policy."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2035
+#: sssd-ldap.5.xml:2053
msgid ""
"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
"to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2040
+#: sssd-ldap.5.xml:2058
msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2044
+#: sssd-ldap.5.xml:2062
msgid "Default: filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2047
+#: sssd-ldap.5.xml:2065
msgid ""
"Please note that it is a configuration error if a value is used more than "
"once."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2054
+#: sssd-ldap.5.xml:2072
msgid "ldap_pwdlockout_dn (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2057
+#: sssd-ldap.5.xml:2075
msgid ""
"This option specifies the DN of password policy entry on LDAP server. Please "
"note that absence of this option in sssd.conf in case of enabled account "
@@ -4988,74 +5236,74 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2065
+#: sssd-ldap.5.xml:2083
msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2068
+#: sssd-ldap.5.xml:2086
msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2074
+#: sssd-ldap.5.xml:2092
msgid "ldap_deref (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2077
+#: sssd-ldap.5.xml:2095
msgid ""
"Specifies how alias dereferencing is done when performing a search. The "
"following options are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2082
+#: sssd-ldap.5.xml:2100
msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2086
+#: sssd-ldap.5.xml:2104
msgid ""
"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
"the base object, but not in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2091
+#: sssd-ldap.5.xml:2109
msgid ""
"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
"the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2096
+#: sssd-ldap.5.xml:2114
msgid ""
"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
"in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2101
+#: sssd-ldap.5.xml:2119
msgid ""
"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
"client libraries)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2109
+#: sssd-ldap.5.xml:2127
msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2112
+#: sssd-ldap.5.xml:2130
msgid ""
"Allows to retain local users as members of an LDAP group for servers that "
"use the RFC2307 schema."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2116
+#: sssd-ldap.5.xml:2134
msgid ""
"In some environments where the RFC2307 schema is used, local users are made "
"members of LDAP groups by adding their names to the memberUid attribute. "
@@ -5066,7 +5314,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2127
+#: sssd-ldap.5.xml:2145
msgid ""
"This option falls back to checking if local users are referenced, and caches "
"them so that later initgroups() calls will augment the local users with the "
@@ -5074,24 +5322,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2139 sssd-ifp.5.xml:136
+#: sssd-ldap.5.xml:2157 sssd-ifp.5.xml:136
msgid "wildcart_limit (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2142
+#: sssd-ldap.5.xml:2160
msgid ""
"Specifies an upper limit on the number of entries that are downloaded during "
"a wildcard lookup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2146
+#: sssd-ldap.5.xml:2164
msgid "At the moment, only the InfoPipe responder supports wildcard lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2150
+#: sssd-ldap.5.xml:2168
msgid "Default: 1000 (often the size of one page)"
msgstr ""
@@ -5106,12 +5354,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2160
+#: sssd-ldap.5.xml:2178
msgid "SUDO OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2162
+#: sssd-ldap.5.xml:2180
msgid ""
"The detailed instructions for configuration of sudo_provider are in the "
"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -5119,208 +5367,208 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2173
+#: sssd-ldap.5.xml:2191
msgid "ldap_sudorule_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2176
+#: sssd-ldap.5.xml:2194
msgid "The object class of a sudo rule entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2179
+#: sssd-ldap.5.xml:2197
msgid "Default: sudoRole"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2185
+#: sssd-ldap.5.xml:2203
msgid "ldap_sudorule_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2188
+#: sssd-ldap.5.xml:2206
msgid "The LDAP attribute that corresponds to the sudo rule name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2198
+#: sssd-ldap.5.xml:2216
msgid "ldap_sudorule_command (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2201
+#: sssd-ldap.5.xml:2219
msgid "The LDAP attribute that corresponds to the command name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2205
+#: sssd-ldap.5.xml:2223
msgid "Default: sudoCommand"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2211
+#: sssd-ldap.5.xml:2229
msgid "ldap_sudorule_host (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2214
+#: sssd-ldap.5.xml:2232
msgid ""
"The LDAP attribute that corresponds to the host name (or host IP address, "
"host IP network, or host netgroup)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2219
+#: sssd-ldap.5.xml:2237
msgid "Default: sudoHost"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2225
+#: sssd-ldap.5.xml:2243
msgid "ldap_sudorule_user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2228
+#: sssd-ldap.5.xml:2246
msgid ""
"The LDAP attribute that corresponds to the user name (or UID, group name or "
"user's netgroup)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2232
+#: sssd-ldap.5.xml:2250
msgid "Default: sudoUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2238
+#: sssd-ldap.5.xml:2256
msgid "ldap_sudorule_option (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2241
+#: sssd-ldap.5.xml:2259
msgid "The LDAP attribute that corresponds to the sudo options."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2245
+#: sssd-ldap.5.xml:2263
msgid "Default: sudoOption"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2251
+#: sssd-ldap.5.xml:2269
msgid "ldap_sudorule_runasuser (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2254
+#: sssd-ldap.5.xml:2272
msgid ""
"The LDAP attribute that corresponds to the user name that commands may be "
"run as."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2258
+#: sssd-ldap.5.xml:2276
msgid "Default: sudoRunAsUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2264
+#: sssd-ldap.5.xml:2282
msgid "ldap_sudorule_runasgroup (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2267
+#: sssd-ldap.5.xml:2285
msgid ""
"The LDAP attribute that corresponds to the group name or group GID that "
"commands may be run as."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2271
+#: sssd-ldap.5.xml:2289
msgid "Default: sudoRunAsGroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2277
+#: sssd-ldap.5.xml:2295
msgid "ldap_sudorule_notbefore (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2280
+#: sssd-ldap.5.xml:2298
msgid ""
"The LDAP attribute that corresponds to the start date/time for when the sudo "
"rule is valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2284
+#: sssd-ldap.5.xml:2302
msgid "Default: sudoNotBefore"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2290
+#: sssd-ldap.5.xml:2308
msgid "ldap_sudorule_notafter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2293
+#: sssd-ldap.5.xml:2311
msgid ""
"The LDAP attribute that corresponds to the expiration date/time, after which "
"the sudo rule will no longer be valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2298
+#: sssd-ldap.5.xml:2316
msgid "Default: sudoNotAfter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2304
+#: sssd-ldap.5.xml:2322
msgid "ldap_sudorule_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2307
+#: sssd-ldap.5.xml:2325
msgid "The LDAP attribute that corresponds to the ordering index of the rule."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2311
+#: sssd-ldap.5.xml:2329
msgid "Default: sudoOrder"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2317
+#: sssd-ldap.5.xml:2335
msgid "ldap_sudo_full_refresh_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2320
+#: sssd-ldap.5.xml:2338
msgid ""
"How many seconds SSSD will wait between executing a full refresh of sudo "
"rules (which downloads all rules that are stored on the server)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2325
+#: sssd-ldap.5.xml:2343
msgid ""
"The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval "
"</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2330
+#: sssd-ldap.5.xml:2348
msgid "Default: 21600 (6 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2336
+#: sssd-ldap.5.xml:2354
msgid "ldap_sudo_smart_refresh_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2339
+#: sssd-ldap.5.xml:2357
msgid ""
"How many seconds SSSD has to wait before executing a smart refresh of sudo "
"rules (which downloads all rules that have USN higher than the highest USN "
@@ -5328,100 +5576,100 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2345
+#: sssd-ldap.5.xml:2363
msgid ""
"If USN attributes are not supported by the server, the modifyTimestamp "
"attribute is used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2355
+#: sssd-ldap.5.xml:2373
msgid "ldap_sudo_use_host_filter (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2358
+#: sssd-ldap.5.xml:2376
msgid ""
"If true, SSSD will download only rules that are applicable to this machine "
"(using the IPv4 or IPv6 host/network addresses and hostnames)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2369
+#: sssd-ldap.5.xml:2387
msgid "ldap_sudo_hostnames (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2372
+#: sssd-ldap.5.xml:2390
msgid ""
"Space separated list of hostnames or fully qualified domain names that "
"should be used to filter the rules."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2377
+#: sssd-ldap.5.xml:2395
msgid ""
"If this option is empty, SSSD will try to discover the hostname and the "
"fully qualified domain name automatically."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2382 sssd-ldap.5.xml:2405 sssd-ldap.5.xml:2423 sssd-ldap.5.xml:2441
+#: sssd-ldap.5.xml:2400 sssd-ldap.5.xml:2423 sssd-ldap.5.xml:2441 sssd-ldap.5.xml:2459
msgid ""
"If <emphasis>ldap_sudo_use_host_filter</emphasis> is "
"<emphasis>false</emphasis> then this option has no effect."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2387 sssd-ldap.5.xml:2410
+#: sssd-ldap.5.xml:2405 sssd-ldap.5.xml:2428
msgid "Default: not specified"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2393
+#: sssd-ldap.5.xml:2411
msgid "ldap_sudo_ip (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2396
+#: sssd-ldap.5.xml:2414
msgid ""
"Space separated list of IPv4 or IPv6 host/network addresses that should be "
"used to filter the rules."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2401
+#: sssd-ldap.5.xml:2419
msgid ""
"If this option is empty, SSSD will try to discover the addresses "
"automatically."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2416
+#: sssd-ldap.5.xml:2434
msgid "ldap_sudo_include_netgroups (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2419
+#: sssd-ldap.5.xml:2437
msgid ""
"If true then SSSD will download every rule that contains a netgroup in "
"sudoHost attribute."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2434
+#: sssd-ldap.5.xml:2452
msgid "ldap_sudo_include_regexp (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2437
+#: sssd-ldap.5.xml:2455
msgid ""
"If true then SSSD will download every rule that contains a wildcard in "
"sudoHost attribute."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2453
+#: sssd-ldap.5.xml:2471
msgid ""
"This manual page only describes attribute name mapping. For detailed "
"explanation of sudo related attribute semantics, see <citerefentry> "
@@ -5430,108 +5678,108 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2463
+#: sssd-ldap.5.xml:2481
msgid "AUTOFS OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2465
+#: sssd-ldap.5.xml:2483
msgid ""
"Some of the defaults for the parameters below are dependent on the LDAP "
"schema."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2471
+#: sssd-ldap.5.xml:2489
msgid "ldap_autofs_map_master_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2474
+#: sssd-ldap.5.xml:2492
msgid "The name of the automount master map in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2477
+#: sssd-ldap.5.xml:2495
msgid "Default: auto.master"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2484
+#: sssd-ldap.5.xml:2502
msgid "ldap_autofs_map_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2487
+#: sssd-ldap.5.xml:2505
msgid "The object class of an automount map entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2490
+#: sssd-ldap.5.xml:2508
msgid "Default: automountMap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2497
+#: sssd-ldap.5.xml:2515
msgid "ldap_autofs_map_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2500
+#: sssd-ldap.5.xml:2518
msgid "The name of an automount map entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2503
+#: sssd-ldap.5.xml:2521
msgid "Default: ou (rfc2307), automountMapName (rfc2307bis, ipa, ad)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2511
+#: sssd-ldap.5.xml:2529
msgid "ldap_autofs_entry_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2514
+#: sssd-ldap.5.xml:2532
msgid ""
"The object class of an automount entry in LDAP. The entry usually "
"corresponds to a mount point."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2519
+#: sssd-ldap.5.xml:2537
msgid "Default: automount"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2526
+#: sssd-ldap.5.xml:2544
msgid "ldap_autofs_entry_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2529 sssd-ldap.5.xml:2544
+#: sssd-ldap.5.xml:2547 sssd-ldap.5.xml:2562
msgid ""
"The key of an automount entry in LDAP. The entry usually corresponds to a "
"mount point."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2533
+#: sssd-ldap.5.xml:2551
msgid "Default: cn (rfc2307), automountKey (rfc2307bis, ipa, ad)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2541
+#: sssd-ldap.5.xml:2559
msgid "ldap_autofs_entry_value (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2548
+#: sssd-ldap.5.xml:2566
msgid "Default: automountInformation"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2469
+#: sssd-ldap.5.xml:2487
msgid ""
"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder "
"type=\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" "
@@ -5541,32 +5789,32 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2558
+#: sssd-ldap.5.xml:2576
msgid "ADVANCED OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2565
+#: sssd-ldap.5.xml:2583
msgid "ldap_netgroup_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2570
+#: sssd-ldap.5.xml:2588
msgid "ldap_user_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2575
+#: sssd-ldap.5.xml:2593
msgid "ldap_group_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><note>
-#: sssd-ldap.5.xml:2580
+#: sssd-ldap.5.xml:2598
msgid "<note>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para>
-#: sssd-ldap.5.xml:2582
+#: sssd-ldap.5.xml:2600
msgid ""
"If the option <quote>ldap_use_tokengroups</quote> is enabled. The searches "
"against Active Directory will not be restricted and return all groups "
@@ -5575,22 +5823,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist>
-#: sssd-ldap.5.xml:2589
+#: sssd-ldap.5.xml:2607
msgid "</note>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2591
+#: sssd-ldap.5.xml:2609
msgid "ldap_sudo_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2596
+#: sssd-ldap.5.xml:2614
msgid "ldap_autofs_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2560
+#: sssd-ldap.5.xml:2578
msgid ""
"These options are supported by LDAP domains, but they should be used with "
"caution. Please include them in your configuration only if you know what you "
@@ -5599,7 +5847,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2613
+#: sssd-ldap.5.xml:2631
msgid ""
"The following example assumes that SSSD is correctly configured and LDAP is "
"set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -5607,7 +5855,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2619
+#: sssd-ldap.5.xml:2637
#, no-wrap
msgid ""
"[domain/LDAP]\n"
@@ -5620,24 +5868,24 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: sssd-ldap.5.xml:2618 sssd-ldap.5.xml:2636 sssd-simple.5.xml:139 sssd-ipa.5.xml:725 sssd-ad.5.xml:897 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98 sssd-krb5.5.xml:573 include/ldap_id_mapping.xml:105
+#: sssd-ldap.5.xml:2636 sssd-ldap.5.xml:2654 sssd-simple.5.xml:139 sssd-ipa.5.xml:725 sssd-ad.5.xml:973 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98 sssd-krb5.5.xml:573 include/ldap_id_mapping.xml:105
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2630
+#: sssd-ldap.5.xml:2648
msgid "LDAP ACCESS FILTER EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2632
+#: sssd-ldap.5.xml:2650
msgid ""
"The following example assumes that SSSD is correctly configured and to use "
"the ldap_access_order=lockout."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2637
+#: sssd-ldap.5.xml:2655
#, no-wrap
msgid ""
"[domain/LDAP]\n"
@@ -5653,12 +5901,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2652 sssd_krb5_locator_plugin.8.xml:61 sssd-simple.5.xml:148 sssd-ad.5.xml:912 sssd.8.xml:195 sss_seed.8.xml:163
+#: sssd-ldap.5.xml:2670 sssd_krb5_locator_plugin.8.xml:61 sssd-simple.5.xml:148 sssd-ad.5.xml:988 sssd.8.xml:195 sss_seed.8.xml:163
msgid "NOTES"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2654
+#: sssd-ldap.5.xml:2672
msgid ""
"The descriptions of some of the configuration options in this manual page "
"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -5694,11 +5942,12 @@ msgid ""
"<replaceable>retry=N</replaceable> </arg> <arg choice='opt'> "
"<replaceable>ignore_unknown_user</replaceable> </arg> <arg choice='opt'> "
"<replaceable>ignore_authinfo_unavail</replaceable> </arg> <arg choice='opt'> "
-"<replaceable>domains=X</replaceable> </arg>"
+"<replaceable>domains=X</replaceable> </arg> <arg choice='opt'> "
+"<replaceable>allow_missing_name</replaceable> </arg>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:54
+#: pam_sss.8.xml:57
msgid ""
"<command>pam_sss.so</command> is the PAM interface to the System Security "
"Services daemon (SSSD). Errors and results are logged through "
@@ -5706,34 +5955,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:64
+#: pam_sss.8.xml:67
msgid "<option>quiet</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:67
+#: pam_sss.8.xml:70
msgid "Suppress log messages for unknown users."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:72
+#: pam_sss.8.xml:75
msgid "<option>forward_pass</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:75
+#: pam_sss.8.xml:78
msgid ""
"If <option>forward_pass</option> is set the entered password is put on the "
"stack for other PAM modules to use."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:82
+#: pam_sss.8.xml:85
msgid "<option>use_first_pass</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:85
+#: pam_sss.8.xml:88
msgid ""
"The argument use_first_pass forces the module to use a previous stacked "
"modules password and will never prompt the user - if no password is "
@@ -5742,31 +5991,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:93
+#: pam_sss.8.xml:96
msgid "<option>use_authtok</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:96
+#: pam_sss.8.xml:99
msgid ""
"When password changing enforce the module to set the new password to the one "
"provided by a previously stacked password module."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:103
+#: pam_sss.8.xml:106
msgid "<option>retry=N</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:106
+#: pam_sss.8.xml:109
msgid ""
"If specified the user is asked another N times for a password if "
"authentication fails. Default is 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:108
+#: pam_sss.8.xml:111
msgid ""
"Please note that this option might not work as expected if the application "
"calling PAM handles the user dialog on its own. A typical example is "
@@ -5774,36 +6023,36 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:117
+#: pam_sss.8.xml:120
msgid "<option>ignore_unknown_user</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:120
+#: pam_sss.8.xml:123
msgid ""
"If this option is specified and the user does not exist, the PAM module will "
"return PAM_IGNORE. This causes the PAM framework to ignore this module."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:127
+#: pam_sss.8.xml:130
msgid "<option>ignore_authinfo_unavail</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:131
+#: pam_sss.8.xml:134
msgid ""
"Specifies that the PAM module should return PAM_IGNORE if it cannot contact "
"the SSSD daemon. This causes the PAM framework to ignore this module."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:138
+#: pam_sss.8.xml:141
msgid "<option>domains</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:142
+#: pam_sss.8.xml:145
msgid ""
"Allows the administrator to restrict the domains a particular PAM service is "
"allowed to authenticate against. The format is a comma-separated list of "
@@ -5811,7 +6060,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:148
+#: pam_sss.8.xml:151
msgid ""
"NOTE: Must be used in conjunction with the <quote>pam_trusted_users</quote> "
"and <quote>pam_public_domains</quote> options. Please see the "
@@ -5820,25 +6069,56 @@ msgid ""
"these two PAM responder options."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:165
+msgid "<option>allow_missing_name</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:169
+msgid ""
+"The main purpose of this option is to let SSSD determine the user name based "
+"on additional information, e.g. the certificate from a Smartcard."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
+#: pam_sss.8.xml:179
+#, no-wrap
+msgid ""
+" auth sufficient pam_sss.so allow_missing_name\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:174
+msgid ""
+"The current use case are login managers which can monitor a Smartcard reader "
+"for card events. In case a Smartcard is inserted the login manager will call "
+"a PAM stack which includes a line like <placeholder type=\"programlisting\" "
+"id=\"0\"/> In this case SSSD will try to determine the user name based on "
+"the content of the Smartcard, returns it to pam_sss which will finally put "
+"it on the PAM stack."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:164
+#: pam_sss.8.xml:191
msgid "MODULE TYPES PROVIDED"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:165
+#: pam_sss.8.xml:192
msgid ""
"All module types (<option>account</option>, <option>auth</option>, "
"<option>password</option> and <option>session</option>) are provided."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:171
+#: pam_sss.8.xml:198
msgid "FILES"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:172
+#: pam_sss.8.xml:199
msgid ""
"If a password reset by root fails, because the corresponding SSSD provider "
"does not support password resets, an individual message can be "
@@ -5847,7 +6127,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:177
+#: pam_sss.8.xml:204
msgid ""
"The message is read from the file "
"<filename>pam_sss_pw_reset_message.LOC</filename> where LOC stands for a "
@@ -5860,7 +6140,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:187
+#: pam_sss.8.xml:214
msgid ""
"These files are searched in the directory "
"<filename>/etc/sssd/customize/DOMAIN_NAME/</filename>. If no matching file "
@@ -6019,7 +6299,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:89
+#: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:90
msgid ""
"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> "
@@ -6170,7 +6450,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:116 sssd-ad.5.xml:714
+#: sssd-ipa.5.xml:116 sssd-ad.5.xml:790
msgid "dyndns_update (boolean)"
msgstr ""
@@ -6178,14 +6458,14 @@ msgstr ""
#: sssd-ipa.5.xml:119
msgid ""
"Optional. This option tells SSSD to automatically update the DNS server "
-"built into FreeIPA v2 with the IP address of this client. The update is "
-"secured using GSS-TSIG. The IP address of the IPA LDAP connection is used "
-"for the updates, if it is not otherwise specified by using the "
+"built into FreeIPA with the IP address of this client. The update is secured "
+"using GSS-TSIG. The IP address of the IPA LDAP connection is used for the "
+"updates, if it is not otherwise specified by using the "
"<quote>dyndns_iface</quote> option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:128 sssd-ad.5.xml:728
+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:804
msgid ""
"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
"the default Kerberos realm must be set properly in /etc/krb5.conf"
@@ -6200,12 +6480,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:145 sssd-ad.5.xml:739
+#: sssd-ipa.5.xml:145 sssd-ad.5.xml:815
msgid "dyndns_ttl (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:148 sssd-ad.5.xml:742
+#: sssd-ipa.5.xml:148 sssd-ad.5.xml:818
msgid ""
"The TTL to apply to the client DNS record when updating it. If "
"dyndns_update is false this has no effect. This will override the TTL "
@@ -6226,12 +6506,12 @@ msgid "Default: 1200 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:165 sssd-ad.5.xml:753
+#: sssd-ipa.5.xml:165 sssd-ad.5.xml:829
msgid "dyndns_iface (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168 sssd-ad.5.xml:756
+#: sssd-ipa.5.xml:168 sssd-ad.5.xml:832
msgid ""
"Optional. Applicable only when dyndns_update is true. Choose the interface "
"or a list of interfaces whose IP addresses should be used for dynamic DNS "
@@ -6255,7 +6535,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:185 sssd-ad.5.xml:767
+#: sssd-ipa.5.xml:185 sssd-ad.5.xml:843
msgid "Example: dyndns_iface = em1, vnet1, vnet2"
msgstr ""
@@ -6265,7 +6545,7 @@ msgid "ipa_enable_dns_sites (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:194 sssd-ad.5.xml:152
+#: sssd-ipa.5.xml:194 sssd-ad.5.xml:160
msgid "Enables DNS sites - location based service discovery."
msgstr ""
@@ -6283,12 +6563,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:217 sssd-ad.5.xml:773
+#: sssd-ipa.5.xml:217 sssd-ad.5.xml:849
msgid "dyndns_refresh_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:220 sssd-ad.5.xml:776
+#: sssd-ipa.5.xml:220 sssd-ad.5.xml:852
msgid ""
"How often should the back end perform periodic DNS update in addition to the "
"automatic update performed when the back end goes online. This option is "
@@ -6296,12 +6576,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:233 sssd-ad.5.xml:789
+#: sssd-ipa.5.xml:233 sssd-ad.5.xml:865
msgid "dyndns_update_ptr (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:236 sssd-ad.5.xml:792
+#: sssd-ipa.5.xml:236 sssd-ad.5.xml:868
msgid ""
"Whether the PTR record should also be explicitly updated when updating the "
"client's DNS records. Applicable only when dyndns_update is true."
@@ -6320,50 +6600,50 @@ msgid "Default: False (disabled)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:253 sssd-ad.5.xml:803
+#: sssd-ipa.5.xml:253 sssd-ad.5.xml:879
msgid "dyndns_force_tcp (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:256 sssd-ad.5.xml:806
+#: sssd-ipa.5.xml:256 sssd-ad.5.xml:882
msgid ""
"Whether the nsupdate utility should default to using TCP for communicating "
"with the DNS server."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:260 sssd-ad.5.xml:810
+#: sssd-ipa.5.xml:260 sssd-ad.5.xml:886
msgid "Default: False (let nsupdate choose the protocol)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:266 sssd-ad.5.xml:816
+#: sssd-ipa.5.xml:266 sssd-ad.5.xml:892
msgid "dyndns_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:269 sssd-ad.5.xml:819
+#: sssd-ipa.5.xml:269 sssd-ad.5.xml:895
msgid ""
"The DNS server to use when performing a DNS update. In most setups, it's "
"recommended to leave this option unset."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:274 sssd-ad.5.xml:824
+#: sssd-ipa.5.xml:274 sssd-ad.5.xml:900
msgid ""
"Setting this option makes sense for environments where the DNS server is "
"different from the identity server."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:279 sssd-ad.5.xml:829
+#: sssd-ipa.5.xml:279 sssd-ad.5.xml:905
msgid ""
"Please note that this option will be only used in fallback attempt when "
"previous attempt using autodetected settings failed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:284 sssd-ad.5.xml:834
+#: sssd-ipa.5.xml:284 sssd-ad.5.xml:910
msgid "Default: None (let nsupdate choose the server)"
msgstr ""
@@ -6472,7 +6752,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:408 sssd-ad.5.xml:855
+#: sssd-ipa.5.xml:408 sssd-ad.5.xml:931
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
@@ -6546,26 +6826,26 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:480 sssd-ad.5.xml:862
+#: sssd-ipa.5.xml:480 sssd-ad.5.xml:938
msgid "krb5_confd_path (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:483 sssd-ad.5.xml:865
+#: sssd-ipa.5.xml:483 sssd-ad.5.xml:941
msgid ""
"Absolute path of a directory where SSSD should place Kerberos configuration "
"snippets."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:487 sssd-ad.5.xml:869
+#: sssd-ipa.5.xml:487 sssd-ad.5.xml:945
msgid ""
"To disable the creation of the configuration snippets set the parameter to "
"'none'."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:491 sssd-ad.5.xml:873
+#: sssd-ipa.5.xml:491 sssd-ad.5.xml:949
msgid "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
msgstr ""
@@ -6583,7 +6863,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:508 sssd-ipa.5.xml:524 sssd-ad.5.xml:347
+#: sssd-ipa.5.xml:508 sssd-ipa.5.xml:524 sssd-ad.5.xml:355
msgid "Default: 5 (seconds)"
msgstr ""
@@ -6882,13 +7162,14 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ad.5.xml:45
msgid ""
-"The AD provider is able to provide identity information and authentication "
-"for entities from trusted domains as well. Currently only trusted domains in "
-"the same forest are recognized."
+"The AD provider can be used to get user information and authenticate users "
+"from trusted domains. Currently only trusted domains in the same forest are "
+"recognized. In addition servers from trusted domains are always "
+"auto-discovered."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:50
+#: sssd-ad.5.xml:51
msgid ""
"The AD provider accepts the same options used by the <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> "
@@ -6899,15 +7180,16 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:62
+#: sssd-ad.5.xml:63
msgid ""
"However, it is neither necessary nor recommended to set these options. The "
-"AD provider can also be used as an access, chpass and sudo provider. No "
-"configuration of the access provider is required on the client side."
+"AD provider can also be used as an access, chpass, sudo and autofs "
+"provider. No configuration of the access provider is required on the client "
+"side."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:74
+#: sssd-ad.5.xml:75
#, no-wrap
msgid ""
"ldap_id_mapping = False\n"
@@ -6915,7 +7197,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:68
+#: sssd-ad.5.xml:69
msgid ""
"By default, the AD provider will map UID and GID values from the objectSID "
"parameter in Active Directory. For details on this, see the <quote>ID "
@@ -6928,7 +7210,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:81
+#: sssd-ad.5.xml:82
msgid ""
"Users, groups and other entities served by SSSD are always treated as "
"case-insensitive in the AD provider for compatibility with Active "
@@ -6936,53 +7218,65 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:96
+#: sssd-ad.5.xml:97
msgid "ad_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:99
+#: sssd-ad.5.xml:100
msgid ""
"Specifies the name of the Active Directory domain. This is optional. If not "
"provided, the configuration domain name is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:104
+#: sssd-ad.5.xml:105
msgid ""
"For proper operation, this option should be specified as the lower-case "
"version of the long version of the Active Directory domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:109
+#: sssd-ad.5.xml:110
msgid ""
"The short domain name (also known as the NetBIOS or the flat name) is "
"autodetected by the SSSD."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:116
+#: sssd-ad.5.xml:117
msgid "ad_server, ad_backup_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:119
+#: sssd-ad.5.xml:120
msgid ""
"The comma-separated list of hostnames of the AD servers to which SSSD should "
"connect in order of preference. For more information on failover and server "
-"redundancy, see the <quote>FAILOVER</quote> section. This is optional if "
-"autodiscovery is enabled. For more information on service discovery, refer "
-"to the <quote>SERVICE DISCOVERY</quote> section."
+"redundancy, see the <quote>FAILOVER</quote> section."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:127
+msgid ""
+"This is optional if autodiscovery is enabled. For more information on "
+"service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ad.5.xml:132
+msgid ""
+"Note: Trusted domains will always auto-discover servers even if the primary "
+"server is explicitly defined in the ad_server option."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:140
msgid "ad_hostname (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:135
+#: sssd-ad.5.xml:143
msgid ""
"Optional. May be set on machines where the hostname(5) does not reflect the "
"fully qualified name used in the Active Directory domain to identify this "
@@ -6990,19 +7284,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:141
+#: sssd-ad.5.xml:149
msgid ""
"This field is used to determine the host principal in use in the keytab. It "
"must match the hostname for which the keytab was issued."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:149
+#: sssd-ad.5.xml:157
msgid "ad_enable_dns_sites (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:156
+#: sssd-ad.5.xml:164
msgid ""
"If true and service discovery (see Service Discovery paragraph at the bottom "
"of the man page) is enabled, the SSSD will first attempt to discover the "
@@ -7013,12 +7307,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:172
+#: sssd-ad.5.xml:180
msgid "ad_access_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:175
+#: sssd-ad.5.xml:183
msgid ""
"This option specifies LDAP access control filter that the user must match in "
"order to be allowed access. Please note that the "
@@ -7027,7 +7321,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:183
+#: sssd-ad.5.xml:191
msgid ""
"The option also supports specifying different filters per domain or "
"forest. This extended filter would consist of: "
@@ -7036,7 +7330,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:191
+#: sssd-ad.5.xml:199
msgid ""
"If the keyword equals to <quote>DOM</quote> or is missing, then "
"<quote>NAME</quote> specifies the domain or subdomain the filter applies "
@@ -7045,14 +7339,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:199
+#: sssd-ad.5.xml:207
msgid ""
"Multiple filters can be separated with the <quote>?</quote> character, "
"similarly to how search bases work."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:204
+#: sssd-ad.5.xml:212
msgid ""
"The most specific match is always used. For example, if the option specified "
"filter for a domain the user is a member of and a global filter, the "
@@ -7061,7 +7355,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ad.5.xml:215
+#: sssd-ad.5.xml:223
#, no-wrap
msgid ""
"# apply filter on domain called dom1 only:\n"
@@ -7076,29 +7370,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:225 sssd-ad.5.xml:239
+#: sssd-ad.5.xml:233 sssd-ad.5.xml:247
msgid "Default: Not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:231
+#: sssd-ad.5.xml:239
msgid "ad_site (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:234
+#: sssd-ad.5.xml:242
msgid ""
"Specify AD site to which client should try to connect. If this option is "
"not provided, the AD site will be auto-discovered."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:245
+#: sssd-ad.5.xml:253
msgid "ad_enable_gc (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:248
+#: sssd-ad.5.xml:256
msgid ""
"By default, the SSSD connects to the Global Catalog first to retrieve users "
"from trusted domains and uses the LDAP port to retrieve group memberships or "
@@ -7107,7 +7401,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:256
+#: sssd-ad.5.xml:264
msgid ""
"Please note that disabling Global Catalog support does not disable "
"retrieving users from trusted domains. The SSSD would connect to the LDAP "
@@ -7116,12 +7410,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:270
+#: sssd-ad.5.xml:278
msgid "ad_gpo_access_control (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:273
+#: sssd-ad.5.xml:281
msgid ""
"This option specifies the operation mode for GPO-based access control "
"functionality: whether it operates in disabled mode, enforcing mode, or "
@@ -7131,14 +7425,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:282
+#: sssd-ad.5.xml:290
msgid ""
"GPO-based access control functionality uses GPO policy settings to determine "
"whether or not a particular user is allowed to logon to a particular host."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:288
+#: sssd-ad.5.xml:296
msgid ""
"NOTE: If the operation mode is set to enforcing, it is possible that users "
"that were previously allowed logon access will now be denied logon access "
@@ -7151,22 +7445,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:301
+#: sssd-ad.5.xml:309
msgid "There are three supported values for this option:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:305
+#: sssd-ad.5.xml:313
msgid "disabled: GPO-based access control rules are neither evaluated nor enforced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:311
+#: sssd-ad.5.xml:319
msgid "enforcing: GPO-based access control rules are evaluated and enforced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:317
+#: sssd-ad.5.xml:325
msgid ""
"permissive: GPO-based access control rules are evaluated, but not enforced. "
"Instead, a syslog message will be emitted indicating that the user would "
@@ -7174,22 +7468,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:328
+#: sssd-ad.5.xml:336
msgid "Default: permissive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:331
+#: sssd-ad.5.xml:339
msgid "Default: enforcing"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:337
+#: sssd-ad.5.xml:345
msgid "ad_gpo_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:340
+#: sssd-ad.5.xml:348
msgid ""
"The amount of time between lookups of GPO policy files against the AD "
"server. This will reduce the latency and load on the AD server if there are "
@@ -7197,12 +7491,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:353
+#: sssd-ad.5.xml:361
msgid "ad_gpo_map_interactive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:356
+#: sssd-ad.5.xml:364
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the InteractiveLogonRight and "
@@ -7210,14 +7504,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:362
+#: sssd-ad.5.xml:370
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on locally\" and \"Deny log on locally\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:376
+#: sssd-ad.5.xml:384
#, no-wrap
msgid ""
"ad_gpo_map_interactive = +my_pam_service, -login\n"
@@ -7225,7 +7519,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:367
+#: sssd-ad.5.xml:375
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7237,52 +7531,77 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:380 sssd-ad.5.xml:451 sssd-ad.5.xml:492 sssd-ad.5.xml:537 sssd-ad.5.xml:603
+#: sssd-ad.5.xml:388 sssd-ad.5.xml:484 sssd-ad.5.xml:530 sssd-ad.5.xml:575 sssd-ad.5.xml:641
msgid "Default: the default set of PAM service names includes:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:384
+#: sssd-ad.5.xml:392
msgid "login"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:389
+#: sssd-ad.5.xml:397
msgid "su"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:394
+#: sssd-ad.5.xml:402
msgid "su-l"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:399
+#: sssd-ad.5.xml:407
msgid "gdm-fingerprint"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:404
+#: sssd-ad.5.xml:412
msgid "gdm-password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:409
+#: sssd-ad.5.xml:417
msgid "gdm-smartcard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:414
+#: sssd-ad.5.xml:422
msgid "kdm"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:427
+msgid "lightdm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:432
+msgid "lxdm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:437
+msgid "sddm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:442
+msgid "unity"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:447
+msgid "xdm"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:423
+#: sssd-ad.5.xml:456
msgid "ad_gpo_map_remote_interactive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:426
+#: sssd-ad.5.xml:459
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the RemoteInteractiveLogonRight and "
@@ -7290,7 +7609,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:432
+#: sssd-ad.5.xml:465
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on through Remote Desktop Services\" and \"Deny log on through Remote "
@@ -7298,7 +7617,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:447
+#: sssd-ad.5.xml:480
#, no-wrap
msgid ""
"ad_gpo_map_remote_interactive = +my_pam_service, -sshd\n"
@@ -7306,7 +7625,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:438
+#: sssd-ad.5.xml:471
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7318,17 +7637,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:455
+#: sssd-ad.5.xml:488
msgid "sshd"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:493
+msgid "cockpit"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:464
+#: sssd-ad.5.xml:502
msgid "ad_gpo_map_network (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:467
+#: sssd-ad.5.xml:505
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the NetworkLogonRight and "
@@ -7336,7 +7660,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:473
+#: sssd-ad.5.xml:511
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Access "
"this computer from the network\" and \"Deny access to this computer from the "
@@ -7344,7 +7668,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:488
+#: sssd-ad.5.xml:526
#, no-wrap
msgid ""
"ad_gpo_map_network = +my_pam_service, -ftp\n"
@@ -7352,7 +7676,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:479
+#: sssd-ad.5.xml:517
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7364,22 +7688,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:496
+#: sssd-ad.5.xml:534
msgid "ftp"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:501
+#: sssd-ad.5.xml:539
msgid "samba"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:510
+#: sssd-ad.5.xml:548
msgid "ad_gpo_map_batch (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:513
+#: sssd-ad.5.xml:551
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the BatchLogonRight and DenyBatchLogonRight "
@@ -7387,14 +7711,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:519
+#: sssd-ad.5.xml:557
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on as a batch job\" and \"Deny log on as a batch job\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:533
+#: sssd-ad.5.xml:571
#, no-wrap
msgid ""
"ad_gpo_map_batch = +my_pam_service, -crond\n"
@@ -7402,7 +7726,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:524
+#: sssd-ad.5.xml:562
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7414,17 +7738,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:541
+#: sssd-ad.5.xml:579
msgid "crond"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:550
+#: sssd-ad.5.xml:588
msgid "ad_gpo_map_service (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:553
+#: sssd-ad.5.xml:591
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the ServiceLogonRight and "
@@ -7432,14 +7756,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:559
+#: sssd-ad.5.xml:597
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on as a service\" and \"Deny log on as a service\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:572
+#: sssd-ad.5.xml:610
#, no-wrap
msgid ""
"ad_gpo_map_service = +my_pam_service\n"
@@ -7447,7 +7771,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:564 sssd-ad.5.xml:634
+#: sssd-ad.5.xml:602 sssd-ad.5.xml:677
msgid ""
"It is possible to add a PAM service name to the default set by using "
"<quote>+service_name</quote>. Since the default set is empty, it is not "
@@ -7458,19 +7782,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:582
+#: sssd-ad.5.xml:620
msgid "ad_gpo_map_permit (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:585
+#: sssd-ad.5.xml:623
msgid ""
"A comma-separated list of PAM service names for which GPO-based access is "
"always granted, regardless of any GPO Logon Rights."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:599
+#: sssd-ad.5.xml:637
#, no-wrap
msgid ""
"ad_gpo_map_permit = +my_pam_service, -sudo\n"
@@ -7478,7 +7802,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:590
+#: sssd-ad.5.xml:628
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7490,34 +7814,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:607
+#: sssd-ad.5.xml:645
+msgid "polkit-1"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:650
msgid "sudo"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:612
+#: sssd-ad.5.xml:655
msgid "sudo-i"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:617
+#: sssd-ad.5.xml:660
msgid "systemd-user"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:626
+#: sssd-ad.5.xml:669
msgid "ad_gpo_map_deny (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:629
+#: sssd-ad.5.xml:672
msgid ""
"A comma-separated list of PAM service names for which GPO-based access is "
"always denied, regardless of any GPO Logon Rights."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:642
+#: sssd-ad.5.xml:685
#, no-wrap
msgid ""
"ad_gpo_map_deny = +my_pam_service\n"
@@ -7525,12 +7854,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:652
+#: sssd-ad.5.xml:695
msgid "ad_gpo_default_right (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:655
+#: sssd-ad.5.xml:698
msgid ""
"This option defines how access control is evaluated for PAM service names "
"that are not explicitly listed in one of the ad_gpo_map_* options. This "
@@ -7543,52 +7872,90 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:668
+#: sssd-ad.5.xml:711
msgid "Supported values for this option include:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:672
+#: sssd-ad.5.xml:715
msgid "interactive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:677
+#: sssd-ad.5.xml:720
msgid "remote_interactive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:682
+#: sssd-ad.5.xml:725
msgid "network"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:687
+#: sssd-ad.5.xml:730
msgid "batch"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:692
+#: sssd-ad.5.xml:735
msgid "service"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:697
+#: sssd-ad.5.xml:740
msgid "permit"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:702
+#: sssd-ad.5.xml:745
msgid "deny"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:708
+#: sssd-ad.5.xml:751
msgid "Default: deny"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:757
+msgid "ad_maximum_machine_account_password_age (integer)"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:717
+#: sssd-ad.5.xml:760
+msgid ""
+"SSSD will check once a day if the machine account password is older than the "
+"given age in days and try to renew it. A value of 0 will disable the renewal "
+"attempt."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:766
+msgid "Default: 30 days"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:772
+msgid "ad_machine_account_password_renewal_opts (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:775
+msgid ""
+"This option should only be used to test the machine account renewal "
+"task. The option expect 2 integers seperated by a colon (':'). The first "
+"integer defines the interval in seconds how often the task is run. The "
+"second specifies the inital timeout in seconds before the task is run for "
+"the first time after startup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:784
+msgid "Default: 86400:750 (24h and 15m)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:793
msgid ""
"Optional. This option tells SSSD to automatically update the Active "
"Directory DNS server with the IP address of this client. The update is "
@@ -7599,29 +7966,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:747
+#: sssd-ad.5.xml:823
msgid "Default: 3600 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:763
+#: sssd-ad.5.xml:839
msgid ""
"Default: Use the IP addresses of the interface which is used for AD LDAP "
"connection"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:797 sss_rpcidmapd.5.xml:76
+#: sssd-ad.5.xml:873 sss_rpcidmapd.5.xml:76
msgid "Default: True"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:843 sssd-krb5.5.xml:505
+#: sssd-ad.5.xml:919 sssd-krb5.5.xml:505
msgid "krb5_use_enterprise_principal (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:846 sssd-krb5.5.xml:508
+#: sssd-ad.5.xml:922 sssd-krb5.5.xml:508
msgid ""
"Specifies if the user principal should be treated as enterprise "
"principal. See section 5 of RFC 6806 for more details about enterprise "
@@ -7629,7 +7996,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:891
+#: sssd-ad.5.xml:967
msgid ""
"The following example assumes that SSSD is correctly configured and "
"example.com is one of the domains in the <replaceable>[sssd]</replaceable> "
@@ -7637,7 +8004,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:898
+#: sssd-ad.5.xml:974
#, no-wrap
msgid ""
"[domain/EXAMPLE]\n"
@@ -7652,7 +8019,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:918
+#: sssd-ad.5.xml:994
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -7661,7 +8028,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:914
+#: sssd-ad.5.xml:990
msgid ""
"The AD access control provider checks if the account is expired. It has the "
"same effect as the following configuration of the LDAP provider: "
@@ -7669,7 +8036,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:924
+#: sssd-ad.5.xml:1000
msgid ""
"However, unless the <quote>ad</quote> access control provider is explicitly "
"configured, the default access provider is <quote>permit</quote>. Please "
@@ -7678,6 +8045,14 @@ msgid ""
"encryption details) manually."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ad.5.xml:1008
+msgid ""
+"When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema "
+"attribute mapping (nisMap, nisObject, ...) is used, because these attributes "
+"are included in the default Active Directory schema."
+msgstr ""
+
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16
msgid "sssd-sudo"
@@ -8138,7 +8513,7 @@ msgid "The password to obfuscate will be read from standard input."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:80 sss_ssh_knownhostsproxy.1.xml:78
+#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:70 sss_ssh_knownhostsproxy.1.xml:78
msgid ""
"<option>-d</option>,<option>--domain</option> "
"<replaceable>DOMAIN</replaceable>"
@@ -8195,17 +8570,22 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_override.8.xml:37
msgid ""
-"Overrides data are stored in SSSD cache. If the cache is deleted all local "
-"overrides are lost."
+"Overrides data are stored in the SSSD cache. If the cache is deleted, all "
+"local overrides are lost. Please note that after the first override is "
+"created using any of the following <emphasis>user-add</emphasis>, "
+"<emphasis>group-add</emphasis>, <emphasis>user-import</emphasis> or "
+"<emphasis>group-import</emphasis> command. SSSD needs to be restarted to "
+"take effect. <emphasis>sss_override</emphasis> prints message when a "
+"restart is required."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_override.8.xml:43
+#: sss_override.8.xml:50
msgid "AVAILABLE COMMANDS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_override.8.xml:45
+#: sss_override.8.xml:52
msgid ""
"Argument <emphasis>NAME</emphasis> is the name of original object in all "
"commands. It is not possible to override <emphasis>uid</emphasis> or "
@@ -8213,7 +8593,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:52
+#: sss_override.8.xml:59
msgid ""
"<option>user-add</option> <emphasis>NAME</emphasis> "
"<optional><option>-n,--name</option> NAME</optional> "
@@ -8221,43 +8601,74 @@ msgid ""
"<optional><option>-g,--gid</option> GID</optional> "
"<optional><option>-h,--home</option> HOME</optional> "
"<optional><option>-s,--shell</option> SHELL</optional> "
-"<optional><option>-c,--gecos</option> GECOS</optional>"
+"<optional><option>-c,--gecos</option> GECOS</optional> "
+"<optional><option>-x,--certificate</option> BASE64 ENCODED "
+"CERTIFICATE</optional>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:63
-msgid "Override attributes of an user."
+#: sss_override.8.xml:72
+msgid ""
+"Override attributes of an user. Please be aware that calling this command "
+"will replace any previous override for the (NAMEd) user."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:69
+#: sss_override.8.xml:80
msgid "<option>user-del</option> <emphasis>NAME</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:74
-msgid "Remove user overrides."
+#: sss_override.8.xml:85
+msgid ""
+"Remove user overrides. However be aware that overridden attributes might be "
+"returned from memory cache. Please see SSSD option "
+"<emphasis>memcache_timeout</emphasis> for more details."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:80
+#: sss_override.8.xml:94
+msgid ""
+"<option>user-find</option> <optional><option>-d,--domain</option> "
+"DOMAIN</optional>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:99
+msgid ""
+"List all users with set overrides. If <emphasis>DOMAIN</emphasis> parameter "
+"is set, only users from the domain are listed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:107
+msgid "<option>user-show</option> <emphasis>NAME</emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:112
+msgid "Show user overrides."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:118
msgid "<option>user-import</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:85
+#: sss_override.8.xml:123
msgid ""
"Import user overrides from <emphasis>FILE</emphasis>. Data format is "
"similar to standard passwd file. The format is:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:90
-msgid "original_name:name:uid:gid:gecos:home:shell"
+#: sss_override.8.xml:128
+msgid "original_name:name:uid:gid:gecos:home:shell:base64_encoded_certificate"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:93
+#: sss_override.8.xml:131
msgid ""
"where original_name is original name of the user whose attributes should be "
"overridden. The rest of fields correspond to new values. You can omit a "
@@ -8265,22 +8676,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:102
+#: sss_override.8.xml:140
msgid "ckent:superman::::::"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:105
-msgid "ckent@krypton.com::501:501:Superman:/home/earth:/bin/bash"
+#: sss_override.8.xml:143
+msgid "ckent@krypton.com::501:501:Superman:/home/earth:/bin/bash:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:111
+#: sss_override.8.xml:149
msgid "<option>user-export</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:116
+#: sss_override.8.xml:154
msgid ""
"Export all overridden attributes and store them in "
"<emphasis>FILE</emphasis>. See <emphasis>user-import</emphasis> for data "
@@ -8288,7 +8699,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:124
+#: sss_override.8.xml:162
msgid ""
"<option>group-add</option> <emphasis>NAME</emphasis> "
"<optional><option>-n,--name</option> NAME</optional> "
@@ -8296,39 +8707,68 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:131
-msgid "Override attributes of a group."
+#: sss_override.8.xml:169
+msgid ""
+"Override attributes of a group. Please be aware that calling this command "
+"will replace any previous override for the (NAMEd) group."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:137
+#: sss_override.8.xml:177
msgid "<option>group-del</option> <emphasis>NAME</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:142
-msgid "Remove group overrides."
+#: sss_override.8.xml:182
+msgid ""
+"Remove group overrides. However be aware that overridden attributes might be "
+"returned from memory cache. Please see SSSD option "
+"<emphasis>memcache_timeout</emphasis> for more details."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:191
+msgid ""
+"<option>group-find</option> <optional><option>-d,--domain</option> "
+"DOMAIN</optional>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:196
+msgid ""
+"List all groups with set overrides. If <emphasis>DOMAIN</emphasis> "
+"parameter is set, only groups from the domain are listed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:148
+#: sss_override.8.xml:204
+msgid "<option>group-show</option> <emphasis>NAME</emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:209
+msgid "Show group overrides."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:215
msgid "<option>group-import</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:153
+#: sss_override.8.xml:220
msgid ""
"Import group overrides from <emphasis>FILE</emphasis>. Data format is "
"similar to standard group file. The format is:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:158
+#: sss_override.8.xml:225
msgid "original_name:name:gid"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:161
+#: sss_override.8.xml:228
msgid ""
"where original_name is original name of the group whose attributes should be "
"overridden. The rest of fields correspond to new values. You can omit a "
@@ -8336,22 +8776,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:170
+#: sss_override.8.xml:237
msgid "admins:administrators:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:173
+#: sss_override.8.xml:240
msgid "Domain Users:Users:501"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:179
+#: sss_override.8.xml:246
msgid "<option>group-export</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:184
+#: sss_override.8.xml:251
msgid ""
"Export all overridden attributes and store them in "
"<emphasis>FILE</emphasis>. See <emphasis>group-import</emphasis> for data "
@@ -8359,17 +8799,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_override.8.xml:194
+#: sss_override.8.xml:261
msgid "COMMON OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_override.8.xml:196
+#: sss_override.8.xml:263
msgid "Those options are available with all commands."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:201
+#: sss_override.8.xml:268
msgid "<option>--debug</option> <replaceable>LEVEL</replaceable>"
msgstr ""
@@ -9512,12 +9952,36 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_cache.8.xml:185
msgid ""
+"<option>-r</option>,<option>--sudo-rule</option> "
+"<replaceable>rule</replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:190
+msgid "Invalidate particular sudo rule."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:196
+msgid "<option>-R</option>,<option>--sudo-rules</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:200
+msgid ""
+"Invalidate all cached sudo rules. This option overrides invalidation of "
+"specific sudo rule if it was also set."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:208
+msgid ""
"<option>-d</option>,<option>--domain</option> "
"<replaceable>domain</replaceable>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_cache.8.xml:190
+#: sss_cache.8.xml:213
msgid "Restrict invalidation process only to a particular domain."
msgstr ""
@@ -9998,14 +10462,15 @@ msgid ""
"<citerefentry><refentrytitle>sshd</refentrytitle> "
"<manvolnum>8</manvolnum></citerefentry> can be configured to use "
"<command>sss_ssh_authorizedkeys</command> for public key user authentication "
-"if it is compiled with support for either "
-"<quote>AuthorizedKeysCommand</quote> or <quote>PubkeyAgent</quote> "
-"<citerefentry> <refentrytitle>sshd_config</refentrytitle> "
-"<manvolnum>5</manvolnum></citerefentry> options."
+"if it is compiled with support for <quote>AuthorizedKeysCommand</quote> "
+"option. Please refer to the <citerefentry> "
+"<refentrytitle>sshd_config</refentrytitle> "
+"<manvolnum>5</manvolnum></citerefentry> man page for more details about this "
+"option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sss_ssh_authorizedkeys.1.xml:58
+#: sss_ssh_authorizedkeys.1.xml:59
#, no-wrap
msgid ""
" AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n"
@@ -10013,7 +10478,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:51
+#: sss_ssh_authorizedkeys.1.xml:52
msgid ""
"If <quote>AuthorizedKeysCommand</quote> is supported, "
"<citerefentry><refentrytitle>sshd</refentrytitle> "
@@ -10024,37 +10489,20 @@ msgid ""
"type=\"programlisting\" id=\"0\"/>"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sss_ssh_authorizedkeys.1.xml:70
-#, no-wrap
-msgid "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:63
-msgid ""
-"If <quote>PubkeyAgent</quote> is supported, "
-"<citerefentry><refentrytitle>sshd</refentrytitle> "
-"<manvolnum>8</manvolnum></citerefentry> can be configured to use it by using "
-"the following directive for <citerefentry> "
-"<refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></citerefentry> "
-"configuration: <placeholder type=\"programlisting\" id=\"0\"/>"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_ssh_authorizedkeys.1.xml:85
+#: sss_ssh_authorizedkeys.1.xml:75
msgid ""
"Search for user public keys in SSSD domain "
"<replaceable>DOMAIN</replaceable>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_ssh_authorizedkeys.1.xml:94 sss_ssh_knownhostsproxy.1.xml:92
+#: sss_ssh_authorizedkeys.1.xml:84 sss_ssh_knownhostsproxy.1.xml:92
msgid "EXIT STATUS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:96 sss_ssh_knownhostsproxy.1.xml:94
+#: sss_ssh_authorizedkeys.1.xml:86 sss_ssh_knownhostsproxy.1.xml:94
msgid ""
"In case of success, an exit value of 0 is returned. Otherwise, 1 is "
"returned."
@@ -10444,7 +10892,7 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:137 include/ldap_id_mapping.xml:189
+#: include/ldap_id_mapping.xml:137 include/ldap_id_mapping.xml:191
msgid "Default: 200000"
msgstr ""
@@ -10502,11 +10950,12 @@ msgstr ""
msgid ""
"For example, if your most recently-added Active Directory user has "
"objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, "
-"<quote>ldap_idmap_range_size</quote> must be at least 1107."
+"<quote>ldap_idmap_range_size</quote> must be at least 1108 as range size is "
+"equal to maximal SID minus minimal SID plus one (e.g. 1108 = 1107 - 0 + 1)."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:184
+#: include/ldap_id_mapping.xml:186
msgid ""
"It is important to plan ahead for future expansion, as changing this value "
"will result in changing all of the ID mappings on the system, leading to "
@@ -10514,12 +10963,12 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:194
+#: include/ldap_id_mapping.xml:196
msgid "ldap_idmap_default_domain_sid (string)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:197
+#: include/ldap_id_mapping.xml:199
msgid ""
"Specify the domain SID of the default domain. This will guarantee that this "
"domain will always be assigned to slice zero in the ID map, bypassing the "
@@ -10527,36 +10976,36 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:208
+#: include/ldap_id_mapping.xml:210
msgid "ldap_idmap_default_domain (string)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:211
+#: include/ldap_id_mapping.xml:213
msgid "Specify the name of the default domain."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:219
+#: include/ldap_id_mapping.xml:221
msgid "ldap_idmap_autorid_compat (boolean)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:222
+#: include/ldap_id_mapping.xml:224
msgid ""
"Changes the behavior of the ID-mapping algorithm to behave more similarly to "
"winbind's <quote>idmap_autorid</quote> algorithm."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:227
+#: include/ldap_id_mapping.xml:229
msgid ""
"When this option is configured, domains will be allocated starting with "
"slice zero and increasing monatomically with each additional domain."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:232
+#: include/ldap_id_mapping.xml:234
msgid ""
"NOTE: This algorithm is non-deterministic (it depends on the order that "
"users and groups are requested). If this mode is required for compatibility "
@@ -10565,13 +11014,34 @@ msgid ""
"least one domain is consistently allocated to slice zero."
msgstr ""
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:249
+msgid "ldap_idmap_helper_table_size (integer)"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:252
+msgid ""
+"Maximal number of secondary slices that is tried when performing mapping "
+"from UNIX id to SID."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:256
+msgid ""
+"Note: Additional secondary slices might be generated when SID is being "
+"mapped to UNIX id and RID part of SID is out of range for secondary slices "
+"generated so far. If value of ldap_idmap_helper_table_size is equal to 0 "
+"then no additional secondary slices are generated."
+msgstr ""
+
#. type: Content of: <refsect1><refsect2><title>
-#: include/ldap_id_mapping.xml:251
+#: include/ldap_id_mapping.xml:273
msgid "Well-Known SIDs"
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:253
+#: include/ldap_id_mapping.xml:275
msgid ""
"SSSD supports to look up the names of Well-Known SIDs, i.e. SIDs with a "
"special hardcoded meaning. Since the generic users and groups related to "
@@ -10580,51 +11050,51 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:259
+#: include/ldap_id_mapping.xml:281
msgid ""
"The SID name space is organized in authorities which can be seen as "
"different domains. The authorities for the Well-Known SIDs are"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:262
+#: include/ldap_id_mapping.xml:284
msgid "Null Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:263
+#: include/ldap_id_mapping.xml:285
msgid "World Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:264
+#: include/ldap_id_mapping.xml:286
msgid "Local Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:265
+#: include/ldap_id_mapping.xml:287
msgid "Creator Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:266
+#: include/ldap_id_mapping.xml:288
msgid "NT Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:267
+#: include/ldap_id_mapping.xml:289
msgid "Built-in"
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:269
+#: include/ldap_id_mapping.xml:291
msgid ""
"The capitalized version of these names are used as domain names when "
"returning the fully qualified name of a Well-Known SID."
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:273
+#: include/ldap_id_mapping.xml:295
msgid ""
"Since some utilities allow to modify SID based access control information "
"with the help of a name instead of using the SID directly SSSD supports to "
diff --git a/src/man/po/tg.po b/src/man/po/tg.po
index f9ab8df87..006cc6b40 100644
--- a/src/man/po/tg.po
+++ b/src/man/po/tg.po
@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: sssd-docs 1.12.90\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2015-09-30 11:58+0200\n"
+"POT-Creation-Date: 2016-06-20 21:22+0200\n"
"PO-Revision-Date: 2014-06-04 02:04-0400\n"
"Last-Translator: jhrozek <jhrozek@redhat.com>\n"
"Language-Team: Tajik (http://www.transifex.com/projects/p/sssd/language/"
@@ -17,7 +17,7 @@ msgstr ""
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=2; plural=(n != 1);\n"
-"X-Generator: Zanata 3.7.2\n"
+"X-Generator: Zanata 3.8.4\n"
#. type: Content of: <reference><title>
#: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5
@@ -60,7 +60,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:53
+#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:56
#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21
#: sssd-ad.5.xml:21 sssd-sudo.5.xml:21 sssd.8.xml:29 sss_obfuscate.8.xml:30
#: sss_override.8.xml:30 sss_useradd.8.xml:30 sssd-krb5.5.xml:21
@@ -79,11 +79,11 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:39 pam_sss.8.xml:60 sssd.8.xml:42 sss_obfuscate.8.xml:58
+#: sss_groupmod.8.xml:39 pam_sss.8.xml:63 sssd.8.xml:42 sss_obfuscate.8.xml:58
#: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
#: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
#: sss_cache.8.xml:38 sss_debuglevel.8.xml:38 sss_seed.8.xml:42
-#: sss_ssh_authorizedkeys.1.xml:76 sss_ssh_knownhostsproxy.1.xml:62
+#: sss_ssh_authorizedkeys.1.xml:66 sss_ssh_knownhostsproxy.1.xml:62
msgid "OPTIONS"
msgstr "ИМКОНОТҲО"
@@ -214,113 +214,128 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:73
-msgid "debug_timestamps (bool)"
+msgid "debug (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:76
msgid ""
+"SSSD 1.14 and later also includes the <replaceable>debug</replaceable> alias "
+"for <replaceable>debug_level</replaceable> as a convenience feature. If both "
+"are specified, the value of <replaceable>debug_level</replaceable> will be "
+"used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:86
+msgid "debug_timestamps (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:89
+msgid ""
"Add a timestamp to the debug messages. If journald is enabled for SSSD "
"debug logging this option is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:81 sssd.conf.5.xml:605 sssd.conf.5.xml:1081
-#: sssd-ldap.5.xml:1647 sssd-ldap.5.xml:1744 sssd-ldap.5.xml:1806
-#: sssd-ldap.5.xml:2363 sssd-ldap.5.xml:2428 sssd-ldap.5.xml:2446
-#: sssd-ipa.5.xml:405 sssd-ipa.5.xml:440 sssd-ad.5.xml:166 sssd-ad.5.xml:264
-#: sssd-ad.5.xml:733 sssd-ad.5.xml:852 sssd-krb5.5.xml:499
+#: sssd.conf.5.xml:94 sssd.conf.5.xml:672 sssd.conf.5.xml:1207
+#: sssd-ldap.5.xml:1665 sssd-ldap.5.xml:1762 sssd-ldap.5.xml:1824
+#: sssd-ldap.5.xml:2381 sssd-ldap.5.xml:2446 sssd-ldap.5.xml:2464
+#: sssd-ipa.5.xml:405 sssd-ipa.5.xml:440 sssd-ad.5.xml:174 sssd-ad.5.xml:272
+#: sssd-ad.5.xml:809 sssd-ad.5.xml:928 sssd-krb5.5.xml:499
msgid "Default: true"
msgstr "Пешфарз: true"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:86
+#: sssd.conf.5.xml:99
msgid "debug_microseconds (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:89
+#: sssd.conf.5.xml:102
msgid ""
"Add microseconds to the timestamp in debug messages. If journald is enabled "
"for SSSD debug logging this option is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:94 sssd.conf.5.xml:1035 sssd.conf.5.xml:2164
-#: sssd-ldap.5.xml:692 sssd-ldap.5.xml:1521 sssd-ldap.5.xml:1540
-#: sssd-ldap.5.xml:1716 sssd-ldap.5.xml:2133 sssd-ipa.5.xml:139
+#: sssd.conf.5.xml:107 sssd.conf.5.xml:1161 sssd.conf.5.xml:2456
+#: sssd-ldap.5.xml:692 sssd-ldap.5.xml:1539 sssd-ldap.5.xml:1558
+#: sssd-ldap.5.xml:1734 sssd-ldap.5.xml:2151 sssd-ipa.5.xml:139
#: sssd-ipa.5.xml:211 sssd-ipa.5.xml:542 sssd-krb5.5.xml:266
#: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471
msgid "Default: false"
msgstr "Пешфарз: false"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:67 sssd.conf.5.xml:105 sssd-ldap.5.xml:2171
+#: sssd.conf.5.xml:67 sssd.conf.5.xml:118 sssd-ldap.5.xml:2189
msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:103
+#: sssd.conf.5.xml:116
msgid "Options usable in SERVICE and DOMAIN sections"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:107
+#: sssd.conf.5.xml:120
msgid "timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:110
+#: sssd.conf.5.xml:123
msgid ""
"Timeout in seconds between heartbeats for this service. This is used to "
"ensure that the process is alive and capable of answering requests."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:115 sssd.conf.5.xml:999 sssd-ldap.5.xml:1392
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:128 sssd.conf.5.xml:1125 sssd-ldap.5.xml:1410
+#: include/ldap_id_mapping.xml:264
msgid "Default: 10"
msgstr "Пешфарз: 10"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:125
+#: sssd.conf.5.xml:138
msgid "SPECIAL SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:128
+#: sssd.conf.5.xml:141
msgid "The [sssd] section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:137 sssd.conf.5.xml:2272
+#: sssd.conf.5.xml:150 sssd.conf.5.xml:2472
msgid "Section parameters"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:139
+#: sssd.conf.5.xml:152
msgid "config_file_version (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:142
+#: sssd.conf.5.xml:155
msgid ""
"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use "
"version 2."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:148
+#: sssd.conf.5.xml:161
msgid "services"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:151
+#: sssd.conf.5.xml:164
msgid ""
"Comma separated list of services that are started when sssd itself starts."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:155
+#: sssd.conf.5.xml:168
msgid ""
"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> "
"<phrase condition=\"with_autofs\">, autofs</phrase> <phrase condition="
@@ -329,29 +344,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:165 sssd.conf.5.xml:390
+#: sssd.conf.5.xml:178 sssd.conf.5.xml:468
msgid "reconnection_retries (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:168 sssd.conf.5.xml:393
+#: sssd.conf.5.xml:181 sssd.conf.5.xml:471
msgid ""
"Number of times services should attempt to reconnect in the event of a Data "
"Provider crash or restart before they give up"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:173 sssd.conf.5.xml:398
+#: sssd.conf.5.xml:186 sssd.conf.5.xml:476
msgid "Default: 3"
msgstr "Пешфарз: 3"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:178
+#: sssd.conf.5.xml:191
msgid "domains"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:181
+#: sssd.conf.5.xml:194
msgid ""
"A domain is a database containing user information. SSSD can use more "
"domains at the same time, but at least one must be configured or SSSD won't "
@@ -361,19 +376,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:193 sssd.conf.5.xml:1947
+#: sssd.conf.5.xml:206 sssd.conf.5.xml:2105
msgid "re_expression (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:196
+#: sssd.conf.5.xml:209
msgid ""
"Default regular expression that describes how to parse the string containing "
"user name and domain into these components."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:201
+#: sssd.conf.5.xml:214
msgid ""
"Each domain can have an individual regular expression configured. For some "
"ID providers there are also default regular expressions. See DOMAIN "
@@ -381,12 +396,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:210 sssd.conf.5.xml:1998
+#: sssd.conf.5.xml:223 sssd.conf.5.xml:2156
msgid "full_name_format (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:213 sssd.conf.5.xml:2001
+#: sssd.conf.5.xml:226 sssd.conf.5.xml:2159
msgid ""
"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
"manvolnum> </citerefentry>-compatible format that describes how to compose a "
@@ -394,58 +409,58 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:224 sssd.conf.5.xml:2012
+#: sssd.conf.5.xml:237 sssd.conf.5.xml:2170
msgid "%1$s"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:225 sssd.conf.5.xml:2013
+#: sssd.conf.5.xml:238 sssd.conf.5.xml:2171
msgid "user name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:228 sssd.conf.5.xml:2016
+#: sssd.conf.5.xml:241 sssd.conf.5.xml:2174
msgid "%2$s"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:231 sssd.conf.5.xml:2019
+#: sssd.conf.5.xml:244 sssd.conf.5.xml:2177
msgid "domain name as specified in the SSSD config file."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:237 sssd.conf.5.xml:2025
+#: sssd.conf.5.xml:250 sssd.conf.5.xml:2183
msgid "%3$s"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:240 sssd.conf.5.xml:2028
+#: sssd.conf.5.xml:253 sssd.conf.5.xml:2186
msgid ""
"domain flat name. Mostly usable for Active Directory domains, both directly "
"configured or discovered via IPA trusts."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:221 sssd.conf.5.xml:2009
+#: sssd.conf.5.xml:234 sssd.conf.5.xml:2167
msgid ""
"The following expansions are supported: <placeholder type=\"variablelist\" "
"id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:250
+#: sssd.conf.5.xml:263
msgid ""
"Each domain can have an individual format string configured. see DOMAIN "
"SECTIONS for more info on this option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:256
+#: sssd.conf.5.xml:269
msgid "try_inotify (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:259
+#: sssd.conf.5.xml:272
msgid ""
"SSSD monitors the state of resolv.conf to identify when it needs to update "
"its internal DNS resolver. By default, we will attempt to use inotify for "
@@ -454,7 +469,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:267
+#: sssd.conf.5.xml:280
msgid ""
"There are some limited situations where it is preferred that we should skip "
"even trying to use inotify. In these rare cases, this option should be set "
@@ -462,69 +477,69 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:273
+#: sssd.conf.5.xml:286
msgid ""
"Default: true on platforms where inotify is supported. False on other "
"platforms."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:277
+#: sssd.conf.5.xml:290
msgid ""
"Note: this option will have no effect on platforms where inotify is "
"unavailable. On these platforms, polling will always be used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:284
+#: sssd.conf.5.xml:297
msgid "krb5_rcache_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:287
+#: sssd.conf.5.xml:300
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:291
+#: sssd.conf.5.xml:304
msgid ""
"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct "
"SSSD to let libkrb5 decide the appropriate location for the replay cache."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:297
+#: sssd.conf.5.xml:310
msgid ""
"Default: Distribution-specific and specified at build-time. "
"(__LIBKRB5_DEFAULTS__ if not configured)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:304
+#: sssd.conf.5.xml:317
msgid "user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:307
+#: sssd.conf.5.xml:320
msgid ""
"The user to drop the privileges to where appropriate to avoid running as the "
"root user."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:312
+#: sssd.conf.5.xml:325
msgid "Default: not set, process will run as root"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:317
+#: sssd.conf.5.xml:330
msgid "default_domain_suffix (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:320
+#: sssd.conf.5.xml:333
msgid ""
"This string will be used as a default domain name for all names without a "
"domain name component. The main use case is environments where the primary "
@@ -534,7 +549,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:330
+#: sssd.conf.5.xml:343
msgid ""
"Please note that if this option is set all users from the primary domain "
"have to use their fully qualified name, e.g. user@domain.name, to log in. "
@@ -544,20 +559,20 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:339 sssd-ldap.5.xml:663 sssd-ldap.5.xml:1480
-#: sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1574 sssd-ad.5.xml:576
-#: sssd-ad.5.xml:646 sssd-krb5.5.xml:410 sssd-krb5.5.xml:550
-#: include/ldap_id_mapping.xml:203 include/ldap_id_mapping.xml:214
+#: sssd.conf.5.xml:352 sssd-ldap.5.xml:663 sssd-ldap.5.xml:1498
+#: sssd-ldap.5.xml:1510 sssd-ldap.5.xml:1592 sssd-ad.5.xml:614
+#: sssd-ad.5.xml:689 sssd-krb5.5.xml:410 sssd-krb5.5.xml:550
+#: include/ldap_id_mapping.xml:205 include/ldap_id_mapping.xml:216
msgid "Default: not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:344
+#: sssd.conf.5.xml:357
msgid "override_space (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:347
+#: sssd.conf.5.xml:360
msgid ""
"This parameter will replace spaces (space bar) with the given character for "
"user and group names. e.g. (_). User name &quot;john doe&quot; will be "
@@ -567,7 +582,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:356
+#: sssd.conf.5.xml:369
msgid ""
"Please note it is a configuration error to use a replacement character that "
"might be used in user or group names. If a name contains the replacement "
@@ -576,12 +591,97 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:364
+#: sssd.conf.5.xml:377
msgid "Default: not set (spaces will not be replaced)"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:382
+msgid "certificate_verification (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:390
+msgid "no_ocsp"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:392
+msgid ""
+"Disables Online Certificate Status Protocol (OCSP) checks. This might be "
+"needed if the OCSP servers defined in the certificate are not reachable from "
+"the client."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:400
+msgid "no_verification"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:402
+msgid ""
+"Disables verification completely. This option should only be used for "
+"testing."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:408
+msgid "ocsp_default_responder=URL"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:410
+msgid ""
+"Sets the OCSP default responder which should be used instead of the one "
+"mentioned in the certificate. URL must be replaced with the URL of the OCSP "
+"default responder e.g. http://example.com:80/ocsp."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:416
+msgid ""
+"This option must be used together with ocsp_default_responder_signing_cert."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:424
+msgid "ocsp_default_responder_signing_cert=NAME"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:426
+msgid ""
+"The nickname of the cert to trust (expected) to sign the OCSP responses. "
+"The certificate with the given nickname must be availble in the systems NSS "
+"database."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:431
+msgid "This option must be used together with ocsp_default_responder."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:385
+msgid ""
+"With this parameter the certificate verification can be tuned with a comma "
+"separated list of options. Supported options are: <placeholder type="
+"\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:438
+msgid "Unknown options are reported but ignored."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:441
+msgid "Default: not set, i.e. do not restrict certificate vertification"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:130
+#: sssd.conf.5.xml:143
msgid ""
"Individual pieces of SSSD functionality are provided by special SSSD "
"services that are started and stopped together with SSSD. The services are "
@@ -592,12 +692,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:375
+#: sssd.conf.5.xml:453
msgid "SERVICES SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:377
+#: sssd.conf.5.xml:455
msgid ""
"Settings that can be used to configure different services are described in "
"this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -606,22 +706,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:384
+#: sssd.conf.5.xml:462
msgid "General service configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:386
+#: sssd.conf.5.xml:464
msgid "These options can be used to configure any service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:403
+#: sssd.conf.5.xml:481
msgid "fd_limit"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:406
+#: sssd.conf.5.xml:484
msgid ""
"This option specifies the maximum number of file descriptors that may be "
"opened at one time by this SSSD process. On systems where SSSD is granted "
@@ -631,17 +731,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:415
+#: sssd.conf.5.xml:493
msgid "Default: 8192 (or limits.conf \"hard\" limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:420
+#: sssd.conf.5.xml:498
msgid "client_idle_timeout"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:423
+#: sssd.conf.5.xml:501
msgid ""
"This option specifies the number of seconds that a client of an SSSD process "
"can hold onto a file descriptor without communicating on it. This value is "
@@ -649,19 +749,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:430 sssd.conf.5.xml:446 sssd.conf.5.xml:478
-#: sssd.conf.5.xml:736 sssd.conf.5.xml:922 sssd.conf.5.xml:1289
-#: sssd-ldap.5.xml:1219
+#: sssd.conf.5.xml:508 sssd.conf.5.xml:524 sssd.conf.5.xml:556
+#: sssd.conf.5.xml:803 sssd.conf.5.xml:995 sssd.conf.5.xml:1428
+#: sssd-ldap.5.xml:1237
msgid "Default: 60"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:435 sssd.conf.5.xml:1278
+#: sssd.conf.5.xml:513 sssd.conf.5.xml:1417
msgid "force_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:438 sssd.conf.5.xml:1281
+#: sssd.conf.5.xml:516 sssd.conf.5.xml:1420
msgid ""
"If a service is not responding to ping checks (see the <quote>timeout</"
"quote> option), it is first sent the SIGTERM signal that instructs it to "
@@ -671,12 +771,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:451
+#: sssd.conf.5.xml:529
msgid "offline_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:454
+#: sssd.conf.5.xml:532
msgid ""
"When SSSD switches to offline mode the amount of time before it tries to go "
"back online will increase based upon the time spent disconnected. This "
@@ -684,117 +784,65 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:461
+#: sssd.conf.5.xml:539
msgid "offline_timeout + random_offset"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:464
+#: sssd.conf.5.xml:542
msgid ""
"The random offset can increment up to 30 seconds. After each unsuccessful "
"attempt to go online, the new interval is recalculated by the following:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:469
+#: sssd.conf.5.xml:547
msgid "new_interval = old_interval*2 + random_offset"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:472
+#: sssd.conf.5.xml:550
msgid ""
"Note that the maximum length of each interval is currently limited to one "
"hour. If the calculated length of new_interval is greater than an hour, it "
"will be forced to one hour."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:483
-msgid "subdomain_inherit (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:486
-msgid ""
-"Specifies a list of configuration parameters that should be inherited by a "
-"subdomain. Please note that only selected parameters can be inherited. "
-"Currently the following options can be inherited:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:492
-msgid "ignore_group_members"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:495
-msgid "ldap_purge_cache_timeout"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:498 sssd-ldap.5.xml:1036
-msgid "ldap_use_tokengroups"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:501
-msgid "ldap_user_principal"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:506
-#, no-wrap
-msgid ""
-"subdomain_inherit = ldap_purge_cache_timeout\n"
-" "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:504
-msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:510 sssd.conf.5.xml:966 sssd.conf.5.xml:987
-#: sssd.conf.5.xml:1272 sssd-ldap.5.xml:1775
-msgid "Default: none"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:518
+#: sssd.conf.5.xml:564
msgid "NSS configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:520
+#: sssd.conf.5.xml:566
msgid ""
"These options can be used to configure the Name Service Switch (NSS) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:525
+#: sssd.conf.5.xml:571
msgid "enum_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:528
+#: sssd.conf.5.xml:574
msgid ""
"How many seconds should nss_sss cache enumerations (requests for info about "
"all users)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:532
+#: sssd.conf.5.xml:578
msgid "Default: 120"
msgstr "Пешфарз: 120"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:537
+#: sssd.conf.5.xml:583
msgid "entry_cache_nowait_percentage (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
+#: sssd.conf.5.xml:586
msgid ""
"The entry cache can be set to automatically update entries in the background "
"if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -802,7 +850,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:546
+#: sssd.conf.5.xml:592
msgid ""
"For example, if the domain's entry_cache_timeout is set to 30s and "
"entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -812,7 +860,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:556
+#: sssd.conf.5.xml:602
msgid ""
"Valid values for this option are 0-99 and represent a percentage of the "
"entry_cache_timeout for each domain. For performance reasons, this "
@@ -821,17 +869,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:564
+#: sssd.conf.5.xml:610
msgid "Default: 50"
msgstr "Пешфарз: 50"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:569
+#: sssd.conf.5.xml:615
msgid "entry_negative_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:572
+#: sssd.conf.5.xml:618
msgid ""
"Specifies for how many seconds nss_sss should cache negative cache hits "
"(that is, queries for invalid database entries, like nonexistent ones) "
@@ -839,60 +887,86 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:578 sssd.conf.5.xml:1059
+#: sssd.conf.5.xml:624 sssd.conf.5.xml:1185
msgid "Default: 15"
msgstr "Пешфарз: 15"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:583
+#: sssd.conf.5.xml:629
+msgid "local_negative_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:632
+msgid ""
+"Specifies for how many seconds nss_sss should keep local users and groups in "
+"negative cache before trying to look it up in the back end again."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:637 sssd.conf.5.xml:983 sssd.conf.5.xml:2406 sssd.8.xml:79
+msgid "Default: 0"
+msgstr "Пешфарз: 0"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:642
msgid "filter_users, filter_groups (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:586
+#: sssd.conf.5.xml:645
msgid ""
-"Exclude certain users from being fetched from the sss NSS database. This is "
-"particularly useful for system accounts. This option can also be set per-"
-"domain or include fully-qualified names to filter only users from the "
-"particular domain."
+"Exclude certain users or groups from being fetched from the sss NSS "
+"database. This is particularly useful for system accounts. This option can "
+"also be set per-domain or include fully-qualified names to filter only users "
+"from the particular domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:593
+#: sssd.conf.5.xml:652
+msgid ""
+"NOTE: The filter_groups option doesn't affect inheritance of nested group "
+"members, since filtering happens after they are propagated for returning via "
+"NSS. E.g. a group having a member group filtered out will still have the "
+"member users of the latter listed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:660
msgid "Default: root"
msgstr "Пешфарз: root"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:598
+#: sssd.conf.5.xml:665
msgid "filter_users_in_groups (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:601
+#: sssd.conf.5.xml:668
msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:612
+#: sssd.conf.5.xml:679
msgid "fallback_homedir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:615
+#: sssd.conf.5.xml:682
msgid ""
"Set a default template for a user's home directory if one is not specified "
"explicitly by the domain's data provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:620
+#: sssd.conf.5.xml:687
msgid ""
"The available values for this option are the same as for override_homedir."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:626
+#: sssd.conf.5.xml:693
#, no-wrap
msgid ""
"fallback_homedir = /home/%u\n"
@@ -900,23 +974,23 @@ msgid ""
msgstr ""
#. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:624 sssd.conf.5.xml:981 sssd-krb5.5.xml:533
-#: include/override_homedir.xml:55
+#: sssd.conf.5.xml:691 sssd.conf.5.xml:1062 sssd.conf.5.xml:1081
+#: sssd-krb5.5.xml:533 include/override_homedir.xml:55
msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:630
+#: sssd.conf.5.xml:697
msgid "Default: not set (no substitution for unset home directories)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:636
+#: sssd.conf.5.xml:703
msgid "override_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:639
+#: sssd.conf.5.xml:706
msgid ""
"Override the login shell for all users. This option supersedes any other "
"shell options if it takes effect and can be set either in the [nss] section "
@@ -924,47 +998,47 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:645
+#: sssd.conf.5.xml:712
msgid "Default: not set (SSSD will use the value retrieved from LDAP)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:651
+#: sssd.conf.5.xml:718
msgid "allowed_shells (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:654
+#: sssd.conf.5.xml:721
msgid ""
"Restrict user shell to one of the listed values. The order of evaluation is:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:657
+#: sssd.conf.5.xml:724
msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:661
+#: sssd.conf.5.xml:728
msgid ""
"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
"quote>, use the value of the shell_fallback parameter."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:666
+#: sssd.conf.5.xml:733
msgid ""
"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
"shells</quote>, a nologin shell is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:671
+#: sssd.conf.5.xml:738
msgid "The wildcard (*) can be used to allow any shell."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:674
+#: sssd.conf.5.xml:741
msgid ""
"The (*) is useful if you want to use shell_fallback in case that user's "
"shell is not in <quote>/etc/shells</quote> and maintaining list of all "
@@ -972,103 +1046,110 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:681
+#: sssd.conf.5.xml:748
msgid "An empty string for shell is passed as-is to libc."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:684
+#: sssd.conf.5.xml:751
msgid ""
"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
"that a restart of the SSSD is required in case a new shell is installed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:688
+#: sssd.conf.5.xml:755
msgid "Default: Not set. The user shell is automatically used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:693
+#: sssd.conf.5.xml:760
msgid "vetoed_shells (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:696
+#: sssd.conf.5.xml:763
msgid "Replace any instance of these shells with the shell_fallback"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:701
+#: sssd.conf.5.xml:768
msgid "shell_fallback (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:704
+#: sssd.conf.5.xml:771
msgid ""
"The default shell to use if an allowed shell is not installed on the machine."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:708
+#: sssd.conf.5.xml:775
msgid "Default: /bin/sh"
msgstr "Пешфарз: /bin/sh"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:713
+#: sssd.conf.5.xml:780
msgid "default_shell"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:716
+#: sssd.conf.5.xml:783
msgid ""
"The default shell to use if the provider does not return one during lookup. "
"This option can be specified globally in the [nss] section or per-domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:722
+#: sssd.conf.5.xml:789
msgid ""
"Default: not set (Return NULL if no shell is specified and rely on libc to "
"substitute something sensible when necessary, usually /bin/sh)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:729 sssd.conf.5.xml:915
+#: sssd.conf.5.xml:796 sssd.conf.5.xml:988
msgid "get_domains_timeout (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:732 sssd.conf.5.xml:918
+#: sssd.conf.5.xml:799 sssd.conf.5.xml:991
msgid ""
"Specifies time in seconds for which the list of subdomains will be "
"considered valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:741
+#: sssd.conf.5.xml:808
msgid "memcache_timeout (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:744
+#: sssd.conf.5.xml:811
msgid ""
"Specifies time in seconds for which records in the in-memory cache will be "
-"valid"
+"valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:748 sssd-ldap.5.xml:706
+#: sssd.conf.5.xml:815 sssd.conf.5.xml:1299 sssd-ldap.5.xml:706
msgid "Default: 300"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:818
+msgid ""
+"NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", "
+"client applications will not use the fast in-memory cache."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:753 sssd-ifp.5.xml:74
+#: sssd.conf.5.xml:826 sssd-ifp.5.xml:74
msgid "user_attributes (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:829
msgid ""
"Some of the additional NSS responder requests can return more attributes "
"than just the POSIX ones defined by the NSS interface. The list of "
@@ -1079,72 +1160,72 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:769
+#: sssd.conf.5.xml:842
msgid ""
"To make configuration more easy the NSS responder will check the InfoPipe "
"option if it is not set for the NSS responder."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:774
+#: sssd.conf.5.xml:847
msgid "Default: not set, fallback to InfoPipe option"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:781
+#: sssd.conf.5.xml:854
msgid "PAM configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:856
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:788
+#: sssd.conf.5.xml:861
msgid "offline_credentials_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:791
+#: sssd.conf.5.xml:864
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:796 sssd.conf.5.xml:809
+#: sssd.conf.5.xml:869 sssd.conf.5.xml:882
msgid "Default: 0 (No limit)"
msgstr "Пешфарз: 0 (Номаҳдуд)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:802
+#: sssd.conf.5.xml:875
msgid "offline_failed_login_attempts (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:805
+#: sssd.conf.5.xml:878
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:815
+#: sssd.conf.5.xml:888
msgid "offline_failed_login_delay (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:818
+#: sssd.conf.5.xml:891
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:823
+#: sssd.conf.5.xml:896
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -1152,59 +1233,59 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:829 sssd.conf.5.xml:882
+#: sssd.conf.5.xml:902 sssd.conf.5.xml:955
msgid "Default: 5"
msgstr "Пешфарз: 5"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:835
+#: sssd.conf.5.xml:908
msgid "pam_verbosity (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:838
+#: sssd.conf.5.xml:911
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:843
+#: sssd.conf.5.xml:916
msgid "Currently sssd supports the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:846
+#: sssd.conf.5.xml:919
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:849
+#: sssd.conf.5.xml:922
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:853
+#: sssd.conf.5.xml:926
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:856
+#: sssd.conf.5.xml:929
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:860 sssd.8.xml:63
+#: sssd.conf.5.xml:933 sssd.8.xml:63
msgid "Default: 1"
msgstr "Пешфарз: 1"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:865
+#: sssd.conf.5.xml:938
msgid "pam_id_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:941
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -1212,7 +1293,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:874
+#: sssd.conf.5.xml:947
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
@@ -1221,17 +1302,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:888
+#: sssd.conf.5.xml:961
msgid "pam_pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:891 sssd.conf.5.xml:1492
+#: sssd.conf.5.xml:964 sssd.conf.5.xml:1631
msgid "Display a warning N days before the password expires."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:894
+#: sssd.conf.5.xml:967
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -1239,117 +1320,183 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:900 sssd.conf.5.xml:1495
+#: sssd.conf.5.xml:973 sssd.conf.5.xml:1634
msgid ""
"If zero is set, then this filter is not applied, i.e. if the expiration "
"warning was received from backend server, it will automatically be displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:905
+#: sssd.conf.5.xml:978
msgid ""
"This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
"emphasis> for a particular domain."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:910 sssd.conf.5.xml:2224 sssd.8.xml:79
-msgid "Default: 0"
-msgstr "Пешфарз: 0"
-
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:927
+#: sssd.conf.5.xml:1000
msgid "pam_trusted_users (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:930
+#: sssd.conf.5.xml:1003
msgid ""
"Specifies the comma-separated list of UID values or user names that are "
-"allowed to access the PAM responder. User names are resolved to UIDs at "
+"allowed to run PAM conversations against trusted domains. Users not "
+"included in this list can only access domains marked as public with "
+"<quote>pam_public_domains</quote>. User names are resolved to UIDs at "
"startup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:936
-msgid "Default: all (All users are allowed to access the PAM responder)"
+#: sssd.conf.5.xml:1013
+msgid "Default: All users are considered trusted by default"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940
+#: sssd.conf.5.xml:1017
msgid ""
"Please note that UID 0 is always allowed to access the PAM responder even in "
"case it is not in the pam_trusted_users list."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:947
+#: sssd.conf.5.xml:1024
msgid "pam_public_domains (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:950
+#: sssd.conf.5.xml:1027
msgid ""
"Specifies the comma-separated list of domain names that are accessible even "
"to untrusted users."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:954
+#: sssd.conf.5.xml:1031
msgid "Two special values for pam_public_domains option are defined:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:958
+#: sssd.conf.5.xml:1035
msgid ""
"all (Untrusted users are allowed to access all domains in PAM responder.)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:962
+#: sssd.conf.5.xml:1039
msgid ""
"none (Untrusted users are not allowed to access any domains PAM in "
"responder.)"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1043 sssd.conf.5.xml:1068 sssd.conf.5.xml:1087
+#: sssd.conf.5.xml:1411 sssd.conf.5.xml:2342 sssd-ldap.5.xml:1793
+msgid "Default: none"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:971
+#: sssd.conf.5.xml:1048
msgid "pam_account_expired_message (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:974
+#: sssd.conf.5.xml:1051
+msgid ""
+"Allows a custom expiration message to be set, replacing the default "
+"'Permission denied' message."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1056
+msgid ""
+"Note: Please be aware that message is only printed for the SSH service "
+"unless pam_verbostiy is set to 3 (show all messages and debug information)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd.conf.5.xml:1064
+#, no-wrap
+msgid ""
+"pam_account_expired_message = Account expired, please contact help desk.\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1073
+msgid "pam_account_locked_message (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1076
msgid ""
-"If user is authenticating using SSH keys and account is expired then by "
-"default 'Permission denied' is output. This output will be changed to "
-"content of this variable if it is set."
+"Allows a custom lockout message to be set, replacing the default 'Permission "
+"denied' message."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:983
+#: sssd.conf.5.xml:1083
#, no-wrap
msgid ""
-"pam_account_expired_message = Account expired, please call help desk.\n"
+"pam_account_locked_message = Account locked, please contact help desk.\n"
" "
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:992
+#: sssd.conf.5.xml:1092
+msgid "pam_cert_auth (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1095
+msgid ""
+"Enable certificate based Smartcard authentication. Since this requires "
+"additional communication with the Smartcard which will delay the "
+"authentication process this option is disabled by default."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1101 sssd-ldap.5.xml:1021 sssd-ldap.5.xml:1048
+#: sssd-ldap.5.xml:1339 sssd-ldap.5.xml:1360 sssd-ldap.5.xml:1866
+#: include/ldap_id_mapping.xml:244
+msgid "Default: False"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1106
+msgid "pam_cert_db_path (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1109
+msgid ""
+"The path to the certificate database which contain the PKCS#11 modules to "
+"access the Smartcard."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1113
+msgid "Default: /etc/pki/nssdb (NSS version)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1118
msgid "p11_child_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:995
+#: sssd.conf.5.xml:1121
msgid "How many seconds will pam_sss wait for p11_child to finish."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1008
+#: sssd.conf.5.xml:1134
msgid "SUDO configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1010
+#: sssd.conf.5.xml:1136
msgid ""
"These options can be used to configure the sudo service. The detailed "
"instructions for configuration of <citerefentry> <refentrytitle>sudo</"
@@ -1360,34 +1507,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1027
+#: sssd.conf.5.xml:1153
msgid "sudo_timed (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1030
+#: sssd.conf.5.xml:1156
msgid ""
"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
"that implement time-dependent sudoers entries."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1043
+#: sssd.conf.5.xml:1169
msgid "AUTOFS configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1045
+#: sssd.conf.5.xml:1171
msgid "These options can be used to configure the autofs service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1049
+#: sssd.conf.5.xml:1175
msgid "autofs_negative_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1052
+#: sssd.conf.5.xml:1178
msgid ""
"Specifies for how many seconds should the autofs responder negative cache "
"hits (that is, queries for invalid map entries, like nonexistent ones) "
@@ -1395,70 +1542,70 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1068
+#: sssd.conf.5.xml:1194
msgid "SSH configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1070
+#: sssd.conf.5.xml:1196
msgid "These options can be used to configure the SSH service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1074
+#: sssd.conf.5.xml:1200
msgid "ssh_hash_known_hosts (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1077
+#: sssd.conf.5.xml:1203
msgid ""
"Whether or not to hash host names and addresses in the managed known_hosts "
"file."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1086
+#: sssd.conf.5.xml:1212
msgid "ssh_known_hosts_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1089
+#: sssd.conf.5.xml:1215
msgid ""
"How many seconds to keep a host in the managed known_hosts file after its "
"host keys were requested."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1093
+#: sssd.conf.5.xml:1219
msgid "Default: 180"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1098
+#: sssd.conf.5.xml:1224
msgid "ca_db (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1101
+#: sssd.conf.5.xml:1227
msgid ""
"Path to a storage of trusted CA certificates. The option is used to validate "
"user certificates before deriving public ssh keys from them."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1106
+#: sssd.conf.5.xml:1232
#, fuzzy
#| msgid "Default: /bin/sh"
msgid "Default: /etc/pki/nssdb"
msgstr "Пешфарз: /bin/sh"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1114
+#: sssd.conf.5.xml:1240
msgid "PAC responder configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1116
+#: sssd.conf.5.xml:1242
msgid ""
"The PAC responder works together with the authorization data plugin for MIT "
"Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the "
@@ -1470,7 +1617,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1125
+#: sssd.conf.5.xml:1251
msgid ""
"If the remote user does not exist in the cache, it is created. The uid is "
"determined with the help of the SID, trusted domains will have UPGs and the "
@@ -1481,24 +1628,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1133
+#: sssd.conf.5.xml:1259
msgid ""
"If there are SIDs of groups from domains sssd knows about, the user will be "
"added to those groups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1139
+#: sssd.conf.5.xml:1265
msgid "These options can be used to configure the PAC responder."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1143 sssd-ifp.5.xml:50
+#: sssd.conf.5.xml:1269 sssd-ifp.5.xml:50
msgid "allowed_uids (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1146
+#: sssd.conf.5.xml:1272
msgid ""
"Specifies the comma-separated list of UID values or user names that are "
"allowed to access the PAC responder. User names are resolved to UIDs at "
@@ -1506,12 +1653,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1152
+#: sssd.conf.5.xml:1278
msgid "Default: 0 (only the root user is allowed to access the PAC responder)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1156
+#: sssd.conf.5.xml:1282
msgid ""
"Please note that although the UID 0 is used as the default it will be "
"overwritten with this option. If you still want to allow the root user to "
@@ -1519,25 +1666,37 @@ msgid ""
"to the list of allowed UIDs as well."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1291
+msgid "pac_lifetime (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1294
+msgid ""
+"Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC "
+"data can be used to determine the group memberships of a user."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1170
+#: sssd.conf.5.xml:1309
msgid "DOMAIN SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1177
+#: sssd.conf.5.xml:1316
msgid "min_id,max_id (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1180
+#: sssd.conf.5.xml:1319
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1185
+#: sssd.conf.5.xml:1324
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -1546,46 +1705,46 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1192
+#: sssd.conf.5.xml:1331
msgid ""
"These ID limits affect even saving entries to cache, not only returning them "
"by name or ID."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1196
+#: sssd.conf.5.xml:1335
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1202
+#: sssd.conf.5.xml:1341
msgid "enumerate (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1205
+#: sssd.conf.5.xml:1344
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1209
+#: sssd.conf.5.xml:1348
msgid "TRUE = Users and groups are enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1212
+#: sssd.conf.5.xml:1351
msgid "FALSE = No enumerations for this domain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1215 sssd.conf.5.xml:1447 sssd.conf.5.xml:1614
+#: sssd.conf.5.xml:1354 sssd.conf.5.xml:1586 sssd.conf.5.xml:1753
msgid "Default: FALSE"
msgstr "Пешфарз: FALSE"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1218
+#: sssd.conf.5.xml:1357
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -1597,14 +1756,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1231
+#: sssd.conf.5.xml:1370
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1236
+#: sssd.conf.5.xml:1375
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -1613,39 +1772,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1244
+#: sssd.conf.5.xml:1383
msgid ""
"For the reasons cited above, enabling enumeration is not recommended, "
"especially in large environments."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1252
+#: sssd.conf.5.xml:1391
msgid "subdomain_enumerate (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1259
+#: sssd.conf.5.xml:1398
msgid "all"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1260
+#: sssd.conf.5.xml:1399
msgid "All discovered trusted domains will be enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1263
+#: sssd.conf.5.xml:1402
msgid "none"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1264
+#: sssd.conf.5.xml:1403
msgid "No discovered trusted domains will be enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1255
+#: sssd.conf.5.xml:1394
msgid ""
"Whether any of autodetected trusted domains should be enumerated. The "
"supported values are: <placeholder type=\"variablelist\" id=\"0\"/> "
@@ -1654,19 +1813,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1295
+#: sssd.conf.5.xml:1434
msgid "entry_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1298
+#: sssd.conf.5.xml:1437
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1302
+#: sssd.conf.5.xml:1441
msgid ""
"The cache expiration timestamps are stored as attributes of individual "
"objects in the cache. Therefore, changing the cache timeout only has effect "
@@ -1677,151 +1836,151 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1315
+#: sssd.conf.5.xml:1454
msgid "Default: 5400"
msgstr "Пешфарз: 5400"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1321
+#: sssd.conf.5.xml:1460
msgid "entry_cache_user_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1324
+#: sssd.conf.5.xml:1463
msgid ""
"How many seconds should nss_sss consider user entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1328 sssd.conf.5.xml:1341 sssd.conf.5.xml:1354
-#: sssd.conf.5.xml:1367 sssd.conf.5.xml:1380 sssd.conf.5.xml:1394
-#: sssd.conf.5.xml:1408
+#: sssd.conf.5.xml:1467 sssd.conf.5.xml:1480 sssd.conf.5.xml:1493
+#: sssd.conf.5.xml:1506 sssd.conf.5.xml:1519 sssd.conf.5.xml:1533
+#: sssd.conf.5.xml:1547
msgid "Default: entry_cache_timeout"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1334
+#: sssd.conf.5.xml:1473
msgid "entry_cache_group_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1337
+#: sssd.conf.5.xml:1476
msgid ""
"How many seconds should nss_sss consider group entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1347
+#: sssd.conf.5.xml:1486
msgid "entry_cache_netgroup_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1350
+#: sssd.conf.5.xml:1489
msgid ""
"How many seconds should nss_sss consider netgroup entries valid before "
"asking the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1360
+#: sssd.conf.5.xml:1499
msgid "entry_cache_service_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1363
+#: sssd.conf.5.xml:1502
msgid ""
"How many seconds should nss_sss consider service entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1373
+#: sssd.conf.5.xml:1512
msgid "entry_cache_sudo_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1376
+#: sssd.conf.5.xml:1515
msgid ""
"How many seconds should sudo consider rules valid before asking the backend "
"again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1386
+#: sssd.conf.5.xml:1525
msgid "entry_cache_autofs_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1389
+#: sssd.conf.5.xml:1528
msgid ""
"How many seconds should the autofs service consider automounter maps valid "
"before asking the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1400
+#: sssd.conf.5.xml:1539
msgid "entry_cache_ssh_host_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1403
+#: sssd.conf.5.xml:1542
msgid ""
"How many seconds to keep a host ssh key after refresh. IE how long to cache "
"the host key for."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1414
+#: sssd.conf.5.xml:1553
msgid "refresh_expired_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1417
+#: sssd.conf.5.xml:1556
msgid ""
"Specifies how many seconds SSSD has to wait before triggering a background "
"refresh task which will refresh all expired or nearly expired records."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1422
+#: sssd.conf.5.xml:1561
msgid ""
"The background refresh will process users, groups and netgroups in the cache."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1426
+#: sssd.conf.5.xml:1565
msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1430 sssd-ldap.5.xml:730 sssd-ipa.5.xml:227
+#: sssd.conf.5.xml:1569 sssd-ldap.5.xml:730 sssd-ipa.5.xml:227
msgid "Default: 0 (disabled)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1436
+#: sssd.conf.5.xml:1575
msgid "cache_credentials (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1439
+#: sssd.conf.5.xml:1578
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1443
+#: sssd.conf.5.xml:1582
msgid "User credentials are stored in a SHA512 hash, not in plaintext"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1453
+#: sssd.conf.5.xml:1592
msgid "cache_credentials_minimal_first_factor_length (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1456
+#: sssd.conf.5.xml:1595
msgid ""
"If 2-Factor-Authentication (2FA) is used and credentials should be saved "
"this value determines the minimal length the first authentication factor "
@@ -1829,24 +1988,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1463
+#: sssd.conf.5.xml:1602
msgid ""
"This should avoid that the short PINs of a PIN based 2FA scheme are saved in "
"the cache which would make them easy targets for brute-force attacks."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1468
+#: sssd.conf.5.xml:1607
msgid "Default: 8"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1474
+#: sssd.conf.5.xml:1613
msgid "account_cache_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1477
+#: sssd.conf.5.xml:1616
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -1855,17 +2014,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1484
+#: sssd.conf.5.xml:1623
msgid "Default: 0 (unlimited)"
msgstr "Пешфарз: 0 (номаҳдуд)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1489
+#: sssd.conf.5.xml:1628
msgid "pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1500
+#: sssd.conf.5.xml:1639
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -1874,33 +2033,33 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1507
+#: sssd.conf.5.xml:1646
msgid "Default: 7 (Kerberos), 0 (LDAP)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1513
+#: sssd.conf.5.xml:1652
msgid "id_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1516
+#: sssd.conf.5.xml:1655
msgid ""
"The identification provider used for the domain. Supported ID providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1520
+#: sssd.conf.5.xml:1659
msgid "<quote>proxy</quote>: Support a legacy NSS provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1523 sssd.conf.5.xml:1660
+#: sssd.conf.5.xml:1662 sssd.conf.5.xml:1799
msgid "<quote>local</quote>: SSSD internal provider for local users"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1527
+#: sssd.conf.5.xml:1666
msgid ""
"<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-"
"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
@@ -1908,8 +2067,8 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1535 sssd.conf.5.xml:1640 sssd.conf.5.xml:1695
-#: sssd.conf.5.xml:1748
+#: sssd.conf.5.xml:1674 sssd.conf.5.xml:1779 sssd.conf.5.xml:1834
+#: sssd.conf.5.xml:1897
msgid ""
"<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management "
"provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
@@ -1918,8 +2077,8 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1544 sssd.conf.5.xml:1649 sssd.conf.5.xml:1704
-#: sssd.conf.5.xml:1757
+#: sssd.conf.5.xml:1683 sssd.conf.5.xml:1788 sssd.conf.5.xml:1843
+#: sssd.conf.5.xml:1906
msgid ""
"<quote>ad</quote>: Active Directory provider. See <citerefentry> "
"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1927,19 +2086,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1555
+#: sssd.conf.5.xml:1694
msgid "use_fully_qualified_names (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1558
+#: sssd.conf.5.xml:1697
msgid ""
"Use the full name and domain (as formatted by the domain's full_name_format) "
"as the user's login name reported to NSS."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1563
+#: sssd.conf.5.xml:1702
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -1948,7 +2107,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1571
+#: sssd.conf.5.xml:1710
msgid ""
"NOTE: This option has no effect on netgroup lookups due to their tendency to "
"include nested netgroups without qualified names. For netgroups, all domains "
@@ -1956,22 +2115,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1578
+#: sssd.conf.5.xml:1717
msgid "Default: FALSE (TRUE if default_domain_suffix is used)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1584
+#: sssd.conf.5.xml:1723
msgid "ignore_group_members (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1587
+#: sssd.conf.5.xml:1726
msgid "Do not return group members for group lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1590
+#: sssd.conf.5.xml:1729
msgid ""
"If set to TRUE, the group membership attribute is not requested from the "
"ldap server, and group members are not returned when processing group lookup "
@@ -1983,7 +2142,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1608
+#: sssd.conf.5.xml:1747
msgid ""
"Enabling this option can also make access provider checks for group "
"membership significantly faster, especially for groups containing many "
@@ -1991,19 +2150,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1619
+#: sssd.conf.5.xml:1758
msgid "auth_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1622
+#: sssd.conf.5.xml:1761
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1626 sssd.conf.5.xml:1688
+#: sssd.conf.5.xml:1765 sssd.conf.5.xml:1827
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2011,7 +2170,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1633
+#: sssd.conf.5.xml:1772
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2019,30 +2178,30 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1657
+#: sssd.conf.5.xml:1796
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1664
+#: sssd.conf.5.xml:1803
msgid "<quote>none</quote> disables authentication explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1667
+#: sssd.conf.5.xml:1806
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1673
+#: sssd.conf.5.xml:1812
msgid "access_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1676
+#: sssd.conf.5.xml:1815
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -2050,19 +2209,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1682
+#: sssd.conf.5.xml:1821
msgid ""
"<quote>permit</quote> always allow access. It's the only permitted access "
"provider for a local domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1685
+#: sssd.conf.5.xml:1824
msgid "<quote>deny</quote> always deny access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1712
+#: sssd.conf.5.xml:1851
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -2071,24 +2230,37 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1719
+#: sssd.conf.5.xml:1858
+msgid ""
+"<quote>krb5</quote>: .k5login based access control. See <citerefentry> "
+"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></"
+"citerefentry> for more information on configuring Kerberos."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1865
+msgid "<quote>proxy</quote> for relaying access control to another PAM module."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1868
msgid "Default: <quote>permit</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1724
+#: sssd.conf.5.xml:1873
msgid "chpass_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1727
+#: sssd.conf.5.xml:1876
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1732
+#: sssd.conf.5.xml:1881
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -2096,7 +2268,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1740
+#: sssd.conf.5.xml:1889
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2104,35 +2276,35 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1765
+#: sssd.conf.5.xml:1914
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1769
+#: sssd.conf.5.xml:1918
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1772
+#: sssd.conf.5.xml:1921
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1779
+#: sssd.conf.5.xml:1928
msgid "sudo_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1782
+#: sssd.conf.5.xml:1931
msgid "The SUDO provider used for the domain. Supported SUDO providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1786
+#: sssd.conf.5.xml:1935
msgid ""
"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2140,32 +2312,32 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1794
+#: sssd.conf.5.xml:1943
msgid ""
"<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default "
"settings."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1798
+#: sssd.conf.5.xml:1947
msgid ""
"<quote>ad</quote> the same as <quote>ldap</quote> but with AD default "
"settings."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1802
+#: sssd.conf.5.xml:1951
msgid "<quote>none</quote> disables SUDO explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1805 sssd.conf.5.xml:1883 sssd.conf.5.xml:1915
-#: sssd.conf.5.xml:1940
+#: sssd.conf.5.xml:1954 sssd.conf.5.xml:2032 sssd.conf.5.xml:2073
+#: sssd.conf.5.xml:2098
msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1809
+#: sssd.conf.5.xml:1958
msgid ""
"The detailed instructions for configuration of sudo_provider are in the "
"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -2176,12 +2348,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1826
+#: sssd.conf.5.xml:1975
msgid "selinux_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1829
+#: sssd.conf.5.xml:1978
msgid ""
"The provider which should handle loading of selinux settings. Note that this "
"provider will be called right after access provider ends. Supported selinux "
@@ -2189,7 +2361,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1835
+#: sssd.conf.5.xml:1984
msgid ""
"<quote>ipa</quote> to load selinux settings from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2197,31 +2369,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1843
+#: sssd.conf.5.xml:1992
msgid "<quote>none</quote> disallows fetching selinux settings explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1846
+#: sssd.conf.5.xml:1995
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"selinux loading requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1852
+#: sssd.conf.5.xml:2001
msgid "subdomains_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1855
+#: sssd.conf.5.xml:2004
msgid ""
"The provider which should handle fetching of subdomains. This value should "
"be always the same as id_provider. Supported subdomain providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1861
+#: sssd.conf.5.xml:2010
msgid ""
"<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2229,7 +2401,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1870
+#: sssd.conf.5.xml:2019
msgid ""
"<quote>ad</quote> to load a list of subdomains from an Active Directory "
"server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> "
@@ -2238,23 +2410,23 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1879
+#: sssd.conf.5.xml:2028
msgid "<quote>none</quote> disallows fetching subdomains explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1890
+#: sssd.conf.5.xml:2039
msgid "autofs_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1893
+#: sssd.conf.5.xml:2042
msgid ""
"The autofs provider used for the domain. Supported autofs providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1897
+#: sssd.conf.5.xml:2046
msgid ""
"<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2262,7 +2434,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1904
+#: sssd.conf.5.xml:2053
msgid ""
"<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2270,24 +2442,32 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1912
+#: sssd.conf.5.xml:2061
+msgid ""
+"<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> "
+"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> for more information on configuring the AD provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2070
msgid "<quote>none</quote> disables autofs explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1922
+#: sssd.conf.5.xml:2080
msgid "hostid_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1925
+#: sssd.conf.5.xml:2083
msgid ""
"The provider used for retrieving host identity information. Supported "
"hostid providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1929
+#: sssd.conf.5.xml:2087
msgid ""
"<quote>ipa</quote> to load host identity stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2295,12 +2475,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1937
+#: sssd.conf.5.xml:2095
msgid "<quote>none</quote> disables hostid explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1950
+#: sssd.conf.5.xml:2108
msgid ""
"Regular expression for this domain that describes how to parse the string "
"containing user name and domain into these components. The \"domain\" can "
@@ -2310,7 +2490,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1959
+#: sssd.conf.5.xml:2117
msgid ""
"Default for the AD and IPA provider: <quote>(((?P&lt;domain&gt;[^\\\\]+)\\"
"\\(?P&lt;name&gt;.+$))|((?P&lt;name&gt;[^@]+)@(?P&lt;domain&gt;.+$))|(^(?"
@@ -2319,29 +2499,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1964
+#: sssd.conf.5.xml:2122
msgid "username"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1967
+#: sssd.conf.5.xml:2125
msgid "username@domain.name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1970
+#: sssd.conf.5.xml:2128
msgid "domain\\username"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1973
+#: sssd.conf.5.xml:2131
msgid ""
"While the first two correspond to the general default the third one is "
"introduced to allow easy integration of users from Windows domains."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1978
+#: sssd.conf.5.xml:2136
msgid ""
"Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
"which translates to \"the name is everything up to the <quote>@</quote> "
@@ -2349,7 +2529,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1984
+#: sssd.conf.5.xml:2142
msgid ""
"PLEASE NOTE: the support for non-unique named subpatterns is not available "
"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
@@ -2357,66 +2537,66 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1991
+#: sssd.conf.5.xml:2149
msgid ""
"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
"P&lt;name&gt;) to label subpatterns."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2038
+#: sssd.conf.5.xml:2196
msgid "Default: <quote>%1$s@%2$s</quote>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2044
+#: sssd.conf.5.xml:2202
msgid "lookup_family_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2047
+#: sssd.conf.5.xml:2205
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2051
+#: sssd.conf.5.xml:2209
msgid "Supported values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2054
+#: sssd.conf.5.xml:2212
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2057
+#: sssd.conf.5.xml:2215
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2060
+#: sssd.conf.5.xml:2218
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2063
+#: sssd.conf.5.xml:2221
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2066
+#: sssd.conf.5.xml:2224
msgid "Default: ipv4_first"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2072
+#: sssd.conf.5.xml:2230
msgid "dns_resolver_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2075
+#: sssd.conf.5.xml:2233
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -2424,70 +2604,70 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2081 sssd-ldap.5.xml:1203 sssd-ldap.5.xml:1245
-#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:248
+#: sssd.conf.5.xml:2239 sssd-ldap.5.xml:1221 sssd-ldap.5.xml:1263
+#: sssd-ldap.5.xml:1281 sssd-krb5.5.xml:248
msgid "Default: 6"
msgstr "Пешфарз: 6"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2087
+#: sssd.conf.5.xml:2245
msgid "dns_discovery_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2090
+#: sssd.conf.5.xml:2248
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2094
+#: sssd.conf.5.xml:2252
msgid "Default: Use the domain part of machine's hostname"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2100
+#: sssd.conf.5.xml:2258
msgid "override_gid (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2103
+#: sssd.conf.5.xml:2261
msgid "Override the primary GID value with the one specified."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2109
+#: sssd.conf.5.xml:2267
msgid "case_sensitive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2117
+#: sssd.conf.5.xml:2275
msgid "True"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2120
+#: sssd.conf.5.xml:2278
msgid "Case sensitive. This value is invalid for AD provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2126
+#: sssd.conf.5.xml:2284
msgid "False"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2128
+#: sssd.conf.5.xml:2286
msgid "Case insensitive."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2132
+#: sssd.conf.5.xml:2290
msgid "Preserving"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2135
+#: sssd.conf.5.xml:2293
msgid ""
"Same as False (case insensitive), but does not lowercase names in the result "
"of NSS operations. Note that name aliases (and in case of services also "
@@ -2495,7 +2675,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2112
+#: sssd.conf.5.xml:2270
msgid ""
"Treat user and group names as case sensitive. At the moment, this option is "
"not supported in the local provider. Possible option values are: "
@@ -2503,41 +2683,85 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2147
+#: sssd.conf.5.xml:2305
msgid "Default: True (False for AD provider)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2153
-msgid "proxy_fast_alias (boolean)"
+#: sssd.conf.5.xml:2311
+msgid "subdomain_inherit (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2156
+#: sssd.conf.5.xml:2314
msgid ""
-"When a user or group is looked up by name in the proxy provider, a second "
-"lookup by ID is performed to \"canonicalize\" the name in case the requested "
-"name was an alias. Setting this option to true would cause the SSSD to "
-"perform the ID lookup from cache for performance reasons."
+"Specifies a list of configuration parameters that should be inherited by a "
+"subdomain. Please note that only selected parameters can be inherited. "
+"Currently the following options can be inherited:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2320
+msgid "ignore_group_members"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2323
+msgid "ldap_purge_cache_timeout"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2170
+#: sssd.conf.5.xml:2326 sssd-ldap.5.xml:1054
+msgid "ldap_use_tokengroups"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2329
+msgid "ldap_user_principal"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2332
+msgid ""
+"ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab "
+"is not set explicitly)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd.conf.5.xml:2338
+#, no-wrap
+msgid ""
+"subdomain_inherit = ldap_purge_cache_timeout\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2336
+msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2345
+msgid "Note: This option only works with the IPA and AD provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2352
msgid "subdomain_homedir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2181
+#: sssd.conf.5.xml:2363
msgid "%F"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2182
+#: sssd.conf.5.xml:2364
msgid "flat (NetBIOS) name of a subdomain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2173
+#: sssd.conf.5.xml:2355
msgid ""
"Use this homedir as default value for all subdomains within this domain in "
"IPA AD trust. See <emphasis>override_homedir</emphasis> for info about "
@@ -2547,34 +2771,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2187
+#: sssd.conf.5.xml:2369
msgid ""
"The value can be overridden by <emphasis>override_homedir</emphasis> option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2191
+#: sssd.conf.5.xml:2373
msgid "Default: <filename>/home/%d/%u</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2196
+#: sssd.conf.5.xml:2378
msgid "realmd_tags (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2199
+#: sssd.conf.5.xml:2381
msgid ""
"Various tags stored by the realmd configuration service for this domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2205
+#: sssd.conf.5.xml:2387
msgid "cached_auth_timeout (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2208
+#: sssd.conf.5.xml:2390
msgid ""
"Specifies time in seconds since last successful online authentication for "
"which user will be authenticated using cached credentials while SSSD is in "
@@ -2582,12 +2806,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2214
+#: sssd.conf.5.xml:2396
msgid "Special value 0 implies that this feature is disabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2218
+#: sssd.conf.5.xml:2400
msgid ""
"Please note that if <quote>cached_auth_timeout</quote> is longer than "
"<quote>pam_id_timeout</quote> then the back end could be called to handle "
@@ -2595,7 +2819,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1172
+#: sssd.conf.5.xml:1311
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -2603,49 +2827,63 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2236
+#: sssd.conf.5.xml:2418
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2239
+#: sssd.conf.5.xml:2421
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2242
+#: sssd.conf.5.xml:2424
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2250
+#: sssd.conf.5.xml:2432
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2253
+#: sssd.conf.5.xml:2435
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
"for example _nss_files_getpwent."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2445
+msgid "proxy_fast_alias (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2448
+msgid ""
+"When a user or group is looked up by name in the proxy provider, a second "
+"lookup by ID is performed to \"canonicalize\" the name in case the requested "
+"name was an alias. Setting this option to true would cause the SSSD to "
+"perform the ID lookup from cache for performance reasons."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2232
+#: sssd.conf.5.xml:2414
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2265
+#: sssd.conf.5.xml:2465
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2267
+#: sssd.conf.5.xml:2467
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -2653,73 +2891,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2274
+#: sssd.conf.5.xml:2474
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2277
+#: sssd.conf.5.xml:2477
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2281
+#: sssd.conf.5.xml:2481
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2286
+#: sssd.conf.5.xml:2486
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2289
+#: sssd.conf.5.xml:2489
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2294
+#: sssd.conf.5.xml:2494
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2299
+#: sssd.conf.5.xml:2499
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2302
+#: sssd.conf.5.xml:2502
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2306 sssd.conf.5.xml:2318
+#: sssd.conf.5.xml:2506 sssd.conf.5.xml:2518
msgid "Default: TRUE"
msgstr "Пешфарз: TRUE"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2311
+#: sssd.conf.5.xml:2511
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2314
+#: sssd.conf.5.xml:2514
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2323
+#: sssd.conf.5.xml:2523
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2326
+#: sssd.conf.5.xml:2526
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -2727,17 +2965,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2334
+#: sssd.conf.5.xml:2534
msgid "Default: 077"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2339
+#: sssd.conf.5.xml:2539
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2342
+#: sssd.conf.5.xml:2542
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -2746,17 +2984,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2352
+#: sssd.conf.5.xml:2552
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2357
+#: sssd.conf.5.xml:2557
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2360
+#: sssd.conf.5.xml:2560
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -2764,17 +3002,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2367
+#: sssd.conf.5.xml:2567
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2372
+#: sssd.conf.5.xml:2572
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2375
+#: sssd.conf.5.xml:2575
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -2782,19 +3020,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2381
+#: sssd.conf.5.xml:2581
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:2391 sssd-ldap.5.xml:2611 sssd-simple.5.xml:131
-#: sssd-ipa.5.xml:717 sssd-ad.5.xml:889 sssd-krb5.5.xml:564
+#: sssd.conf.5.xml:2591 sssd-ldap.5.xml:2629 sssd-simple.5.xml:131
+#: sssd-ipa.5.xml:717 sssd-ad.5.xml:965 sssd-krb5.5.xml:564
#: sss_rpcidmapd.5.xml:98
msgid "EXAMPLE"
msgstr "НАМУНА"
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:2397
+#: sssd.conf.5.xml:2597
#, no-wrap
msgid ""
"[sssd]\n"
@@ -2824,7 +3062,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2393
+#: sssd.conf.5.xml:2593
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -2870,7 +3108,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:88
+#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:89
#: sssd-krb5.5.xml:63 sssd-ifp.5.xml:44
msgid "CONFIGURATION OPTIONS"
msgstr ""
@@ -2970,8 +3208,8 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:646 sssd-ad.5.xml:212
-#: sss_override.8.xml:99 sss_override.8.xml:167
+#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:646 sssd-ad.5.xml:220
+#: sss_override.8.xml:137 sss_override.8.xml:234
msgid "Examples:"
msgstr "Намунаҳо:"
@@ -3260,14 +3498,14 @@ msgid "ldap_user_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:373 sssd-ldap.5.xml:914 sssd-ldap.5.xml:1119
+#: sssd-ldap.5.xml:373 sssd-ldap.5.xml:914 sssd-ldap.5.xml:1137
msgid ""
"The LDAP attribute that contains timestamp of the last modification of the "
"parent object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:377 sssd-ldap.5.xml:918 sssd-ldap.5.xml:1126
+#: sssd-ldap.5.xml:377 sssd-ldap.5.xml:918 sssd-ldap.5.xml:1144
msgid "Default: modifyTimestamp"
msgstr ""
@@ -3662,8 +3900,8 @@ msgid "The LDAP attribute that corresponds to the user's full name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:743 sssd-ldap.5.xml:850 sssd-ldap.5.xml:1077
-#: sssd-ldap.5.xml:1151 sssd-ldap.5.xml:2192 sssd-ipa.5.xml:590
+#: sssd-ldap.5.xml:743 sssd-ldap.5.xml:850 sssd-ldap.5.xml:1095
+#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:2210 sssd-ipa.5.xml:590
msgid "Default: cn"
msgstr ""
@@ -3867,19 +4105,36 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:945
-msgid "ldap_group_nesting_level (integer)"
+msgid "ldap_group_external_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:948
msgid ""
+"The LDAP attribute that references group members that are defined in an "
+"external domain. At the moment, only IPA's external members are supported."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:954
+msgid "Default: ipaExternalMember in the IPA provider, otherwise unset."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:961
+msgid "ldap_group_nesting_level (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:964
+msgid ""
"If ldap_schema is set to a schema format that supports nested groups (e.g. "
"RFC2307bis), then this option controls how many levels of nesting SSSD will "
"follow. This option has no effect on the RFC2307 schema."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:955
+#: sssd-ldap.5.xml:971
msgid ""
"Note: This option specifies the guaranteed level of nested groups to be "
"processed for any lookup. However, nested groups beyond this limit "
@@ -3889,26 +4144,27 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:964
+#: sssd-ldap.5.xml:980
msgid ""
"If ldap_group_nesting_level is set to 0 then no nested groups are processed "
-"at all. However, when connected to Active-Directory Server 2008 and later it "
-"is furthermore required to disable usage of Token-Groups by setting "
-"ldap_use_tokengroups to false."
+"at all. However, when connected to Active-Directory Server 2008 and later "
+"using <quote>id_provider=ad</quote> it is furthermore required to disable "
+"usage of Token-Groups by setting ldap_use_tokengroups to false in order to "
+"restrict group nesting."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:971
+#: sssd-ldap.5.xml:989
msgid "Default: 2"
msgstr "Пешфарз: 2"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:977
+#: sssd-ldap.5.xml:995
msgid "ldap_groups_use_matching_rule_in_chain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:980
+#: sssd-ldap.5.xml:998
msgid ""
"This option tells SSSD to take advantage of an Active Directory-specific "
"feature which may speed up group lookup operations on deployments with "
@@ -3916,14 +4172,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:986
+#: sssd-ldap.5.xml:1004
msgid ""
"In most common cases, it is best to leave this option disabled. It generally "
"only provides a performance increase on very complex nestings."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:991 sssd-ldap.5.xml:1018
+#: sssd-ldap.5.xml:1009 sssd-ldap.5.xml:1036
msgid ""
"If this option is enabled, SSSD will use it if it detects that the server "
"supports it during initial connection. So \"True\" here essentially means "
@@ -3931,7 +4187,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:997 sssd-ldap.5.xml:1024
+#: sssd-ldap.5.xml:1015 sssd-ldap.5.xml:1042
msgid ""
"Note: This feature is currently known to work only with Active Directory "
"2008 R1 and later. See <ulink url=\"http://msdn.microsoft.com/en-us/library/"
@@ -3939,19 +4195,13 @@ msgid ""
"for more details."
msgstr ""
-#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1003 sssd-ldap.5.xml:1030 sssd-ldap.5.xml:1321
-#: sssd-ldap.5.xml:1342 sssd-ldap.5.xml:1848 include/ldap_id_mapping.xml:242
-msgid "Default: False"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1009
+#: sssd-ldap.5.xml:1027
msgid "ldap_initgroups_use_matching_rule_in_chain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1012
+#: sssd-ldap.5.xml:1030
msgid ""
"This option tells SSSD to take advantage of an Active Directory-specific "
"feature which might speed up initgroups operations (most notably when "
@@ -3959,168 +4209,168 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1039
+#: sssd-ldap.5.xml:1057
msgid ""
"This options enables or disables use of Token-Groups attribute when "
"performing initgroup for users from Active Directory Server 2008 and later."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1044
+#: sssd-ldap.5.xml:1062
msgid "Default: True for AD and IPA otherwise False."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1050
+#: sssd-ldap.5.xml:1068
msgid "ldap_netgroup_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1053
+#: sssd-ldap.5.xml:1071
msgid "The object class of a netgroup entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1056
+#: sssd-ldap.5.xml:1074
msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1060
+#: sssd-ldap.5.xml:1078
msgid "Default: nisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1066
+#: sssd-ldap.5.xml:1084
msgid "ldap_netgroup_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1069
+#: sssd-ldap.5.xml:1087
msgid "The LDAP attribute that corresponds to the netgroup name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1073
+#: sssd-ldap.5.xml:1091
msgid "In IPA provider, ipa_netgroup_name should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1083
+#: sssd-ldap.5.xml:1101
msgid "ldap_netgroup_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1086
+#: sssd-ldap.5.xml:1104
msgid "The LDAP attribute that contains the names of the netgroup's members."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1090
+#: sssd-ldap.5.xml:1108
msgid "In IPA provider, ipa_netgroup_member should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1094
+#: sssd-ldap.5.xml:1112
msgid "Default: memberNisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1100
+#: sssd-ldap.5.xml:1118
msgid "ldap_netgroup_triple (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1103
+#: sssd-ldap.5.xml:1121
msgid ""
"The LDAP attribute that contains the (host, user, domain) netgroup triples."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1107 sssd-ldap.5.xml:1123
+#: sssd-ldap.5.xml:1125 sssd-ldap.5.xml:1141
msgid "This option is not available in IPA provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1110
+#: sssd-ldap.5.xml:1128
msgid "Default: nisNetgroupTriple"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1116
+#: sssd-ldap.5.xml:1134
msgid "ldap_netgroup_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1132
+#: sssd-ldap.5.xml:1150
msgid "ldap_service_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1135
+#: sssd-ldap.5.xml:1153
msgid "The object class of a service entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1138
+#: sssd-ldap.5.xml:1156
msgid "Default: ipService"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1144
+#: sssd-ldap.5.xml:1162
msgid "ldap_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1147
+#: sssd-ldap.5.xml:1165
msgid ""
"The LDAP attribute that contains the name of service attributes and their "
"aliases."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1157
+#: sssd-ldap.5.xml:1175
msgid "ldap_service_port (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1160
+#: sssd-ldap.5.xml:1178
msgid "The LDAP attribute that contains the port managed by this service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1164
+#: sssd-ldap.5.xml:1182
msgid "Default: ipServicePort"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1170
+#: sssd-ldap.5.xml:1188
msgid "ldap_service_proto (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1173
+#: sssd-ldap.5.xml:1191
msgid ""
"The LDAP attribute that contains the protocols understood by this service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1177
+#: sssd-ldap.5.xml:1195
msgid "Default: ipServiceProtocol"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1183
+#: sssd-ldap.5.xml:1201
msgid "ldap_service_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1188
+#: sssd-ldap.5.xml:1206
msgid "ldap_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1191
+#: sssd-ldap.5.xml:1209
msgid ""
"Specifies the timeout (in seconds) that ldap searches are allowed to run "
"before they are cancelled and cached results are returned (and offline mode "
@@ -4128,7 +4378,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1197
+#: sssd-ldap.5.xml:1215
msgid ""
"Note: this option is subject to change in future versions of the SSSD. It "
"will likely be replaced at some point by a series of timeouts for specific "
@@ -4136,12 +4386,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1209
+#: sssd-ldap.5.xml:1227
msgid "ldap_enumeration_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1212
+#: sssd-ldap.5.xml:1230
msgid ""
"Specifies the timeout (in seconds) that ldap searches for user and group "
"enumerations are allowed to run before they are cancelled and cached results "
@@ -4149,12 +4399,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1225
+#: sssd-ldap.5.xml:1243
msgid "ldap_network_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1228
+#: sssd-ldap.5.xml:1246
msgid ""
"Specifies the timeout (in seconds) after which the <citerefentry> "
"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
@@ -4165,12 +4415,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1251
+#: sssd-ldap.5.xml:1269
msgid "ldap_opt_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1254
+#: sssd-ldap.5.xml:1272
msgid ""
"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
"will abort if no response is received. Also controls the timeout when "
@@ -4179,12 +4429,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1269
+#: sssd-ldap.5.xml:1287
msgid "ldap_connection_expire_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1272
+#: sssd-ldap.5.xml:1290
msgid ""
"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
"maintained. After this time, the connection will be re-established. If used "
@@ -4193,34 +4443,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1280 sssd-ldap.5.xml:2349
+#: sssd-ldap.5.xml:1298 sssd-ldap.5.xml:2367
msgid "Default: 900 (15 minutes)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1286
+#: sssd-ldap.5.xml:1304
msgid "ldap_page_size (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1289
+#: sssd-ldap.5.xml:1307
msgid ""
"Specify the number of records to retrieve from LDAP in a single request. "
"Some LDAP servers enforce a maximum limit per-request."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1294
+#: sssd-ldap.5.xml:1312
msgid "Default: 1000"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1300
+#: sssd-ldap.5.xml:1318
msgid "ldap_disable_paging (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1303
+#: sssd-ldap.5.xml:1321
msgid ""
"Disable the LDAP paging control. This option should be used if the LDAP "
"server reports that it supports the LDAP paging control in its RootDSE but "
@@ -4228,14 +4478,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1309
+#: sssd-ldap.5.xml:1327
msgid ""
"Example: OpenLDAP servers with the paging control module installed on the "
"server but not enabled will report it in the RootDSE but be unable to use it."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1315
+#: sssd-ldap.5.xml:1333
msgid ""
"Example: 389 DS has a bug where it can only support a one paging control at "
"a time on a single connection. On busy clients, this can result in some "
@@ -4243,17 +4493,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1327
+#: sssd-ldap.5.xml:1345
msgid "ldap_disable_range_retrieval (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1330
+#: sssd-ldap.5.xml:1348
msgid "Disable Active Directory range retrieval."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1333
+#: sssd-ldap.5.xml:1351
msgid ""
"Active Directory limits the number of members to be retrieved in a single "
"lookup using the MaxValRange policy (which defaults to 1500 members). If a "
@@ -4263,12 +4513,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1348
+#: sssd-ldap.5.xml:1366
msgid "ldap_sasl_minssf (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1351
+#: sssd-ldap.5.xml:1369
msgid ""
"When communicating with an LDAP server using SASL, specify the minimum "
"security level necessary to establish the connection. The values of this "
@@ -4276,17 +4526,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1357
+#: sssd-ldap.5.xml:1375
msgid "Default: Use the system default (usually specified by ldap.conf)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1364
+#: sssd-ldap.5.xml:1382
msgid "ldap_deref_threshold (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1367
+#: sssd-ldap.5.xml:1385
msgid ""
"Specify the number of group members that must be missing from the internal "
"cache in order to trigger a dereference lookup. If less members are missing, "
@@ -4294,13 +4544,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1373
+#: sssd-ldap.5.xml:1391
msgid ""
"You can turn off dereference lookups completely by setting the value to 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1377
+#: sssd-ldap.5.xml:1395
msgid ""
"A dereference lookup is a means of fetching all group members in a single "
"LDAP call. Different LDAP servers may implement different dereference "
@@ -4309,7 +4559,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1385
+#: sssd-ldap.5.xml:1403
msgid ""
"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
"filter, then the dereference lookup performance enhancement will be disabled "
@@ -4317,26 +4567,26 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1398
+#: sssd-ldap.5.xml:1416
msgid "ldap_tls_reqcert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1401
+#: sssd-ldap.5.xml:1419
msgid ""
"Specifies what checks to perform on server certificates in a TLS session, if "
"any. It can be specified as one of the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1407
+#: sssd-ldap.5.xml:1425
msgid ""
"<emphasis>never</emphasis> = The client will not request or check any server "
"certificate."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1411
+#: sssd-ldap.5.xml:1429
msgid ""
"<emphasis>allow</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -4344,7 +4594,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1418
+#: sssd-ldap.5.xml:1436
msgid ""
"<emphasis>try</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -4352,7 +4602,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1424
+#: sssd-ldap.5.xml:1442
msgid ""
"<emphasis>demand</emphasis> = The server certificate is requested. If no "
"certificate is provided, or a bad certificate is provided, the session is "
@@ -4360,41 +4610,41 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1430
+#: sssd-ldap.5.xml:1448
msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1434
+#: sssd-ldap.5.xml:1452
msgid "Default: hard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1440
+#: sssd-ldap.5.xml:1458
msgid "ldap_tls_cacert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1443
+#: sssd-ldap.5.xml:1461
msgid ""
"Specifies the file that contains certificates for all of the Certificate "
"Authorities that <command>sssd</command> will recognize."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1448 sssd-ldap.5.xml:1466 sssd-ldap.5.xml:1507
+#: sssd-ldap.5.xml:1466 sssd-ldap.5.xml:1484 sssd-ldap.5.xml:1525
msgid ""
"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
"conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1455
+#: sssd-ldap.5.xml:1473
msgid "ldap_tls_cacertdir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1458
+#: sssd-ldap.5.xml:1476
msgid ""
"Specifies the path of a directory that contains Certificate Authority "
"certificates in separate individual files. Typically the file names need to "
@@ -4403,32 +4653,32 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1473
+#: sssd-ldap.5.xml:1491
msgid "ldap_tls_cert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1476
+#: sssd-ldap.5.xml:1494
msgid "Specifies the file that contains the certificate for the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1486
+#: sssd-ldap.5.xml:1504
msgid "ldap_tls_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1489
+#: sssd-ldap.5.xml:1507
msgid "Specifies the file that contains the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1498
+#: sssd-ldap.5.xml:1516
msgid "ldap_tls_cipher_suite (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1501
+#: sssd-ldap.5.xml:1519
msgid ""
"Specifies acceptable cipher suites. Typically this is a colon separated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -4436,24 +4686,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1514
+#: sssd-ldap.5.xml:1532
msgid "ldap_id_use_start_tls (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1517
+#: sssd-ldap.5.xml:1535
msgid ""
"Specifies that the id_provider connection must also use <systemitem class="
"\"protocol\">tls</systemitem> to protect the channel."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1527
+#: sssd-ldap.5.xml:1545
msgid "ldap_id_mapping (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1530
+#: sssd-ldap.5.xml:1548
msgid ""
"Specifies that SSSD should attempt to map user and group IDs from the "
"ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
@@ -4461,17 +4711,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1536
+#: sssd-ldap.5.xml:1554
msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1546
+#: sssd-ldap.5.xml:1564
msgid "ldap_min_id, ldap_max_id (interger)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1549
+#: sssd-ldap.5.xml:1567
msgid ""
"In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
"set to true the allowed ID range for ldap_user_uid_number and "
@@ -4482,29 +4732,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1561
+#: sssd-ldap.5.xml:1579
msgid "Default: not set (both options are set to 0)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1567
+#: sssd-ldap.5.xml:1585
msgid "ldap_sasl_mech (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1570
+#: sssd-ldap.5.xml:1588
msgid ""
"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
"supported."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1580
+#: sssd-ldap.5.xml:1598
msgid "ldap_sasl_authid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1583
+#: sssd-ldap.5.xml:1601
msgid ""
"Specify the SASL authorization id to use. When GSSAPI is used, this "
"represents the Kerberos principal used for authentication to the directory. "
@@ -4513,17 +4763,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1591
+#: sssd-ldap.5.xml:1609
msgid "Default: host/hostname@REALM"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1597
+#: sssd-ldap.5.xml:1615
msgid "ldap_sasl_realm (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1600
+#: sssd-ldap.5.xml:1618
msgid ""
"Specify the SASL realm to use. When not specified, this option defaults to "
"the value of krb5_realm. If the ldap_sasl_authid contains the realm as "
@@ -4531,49 +4781,49 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1606
+#: sssd-ldap.5.xml:1624
msgid "Default: the value of krb5_realm."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1612
+#: sssd-ldap.5.xml:1630
msgid "ldap_sasl_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1615
+#: sssd-ldap.5.xml:1633
msgid ""
"If set to true, the LDAP library would perform a reverse lookup to "
"canonicalize the host name during a SASL bind."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1620
+#: sssd-ldap.5.xml:1638
msgid "Default: false;"
msgstr "Пешфарз: false;"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1626
+#: sssd-ldap.5.xml:1644
msgid "ldap_krb5_keytab (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1629
+#: sssd-ldap.5.xml:1647
msgid "Specify the keytab to use when using SASL/GSSAPI."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1632
+#: sssd-ldap.5.xml:1650
msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1638
+#: sssd-ldap.5.xml:1656
msgid "ldap_krb5_init_creds (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1641
+#: sssd-ldap.5.xml:1659
msgid ""
"Specifies that the id_provider should init Kerberos credentials (TGT). This "
"action is performed only if SASL is used and the mechanism selected is "
@@ -4581,27 +4831,27 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1653
+#: sssd-ldap.5.xml:1671
msgid "ldap_krb5_ticket_lifetime (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1656
+#: sssd-ldap.5.xml:1674
msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1660 sssd-ad.5.xml:783
+#: sssd-ldap.5.xml:1678 sssd-ad.5.xml:859
msgid "Default: 86400 (24 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1666 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1684 sssd-krb5.5.xml:74
msgid "krb5_server, krb5_backup_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1669
+#: sssd-ldap.5.xml:1687
msgid ""
"Specifies the comma-separated list of IP addresses or hostnames of the "
"Kerberos servers to which SSSD should connect in the order of preference. "
@@ -4613,7 +4863,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1681 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1699 sssd-krb5.5.xml:89
msgid ""
"When using service discovery for KDC or kpasswd servers, SSSD first searches "
"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -4621,7 +4871,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1686 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1704 sssd-krb5.5.xml:94
msgid ""
"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
"While the legacy name is recognized for the time being, users are advised to "
@@ -4629,39 +4879,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1695 sssd-ipa.5.xml:415 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1713 sssd-ipa.5.xml:415 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1698
+#: sssd-ldap.5.xml:1716
msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1701
+#: sssd-ldap.5.xml:1719
msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1707 sssd-ipa.5.xml:430 sssd-krb5.5.xml:462
+#: sssd-ldap.5.xml:1725 sssd-ipa.5.xml:430 sssd-krb5.5.xml:462
msgid "krb5_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1710
+#: sssd-ldap.5.xml:1728
msgid ""
"Specifies if the host principal should be canonicalized when connecting to "
"LDAP server. This feature is available with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1722 sssd-krb5.5.xml:477
+#: sssd-ldap.5.xml:1740 sssd-krb5.5.xml:477
msgid "krb5_use_kdcinfo (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1725 sssd-krb5.5.xml:480
+#: sssd-ldap.5.xml:1743 sssd-krb5.5.xml:480
msgid ""
"Specifies if the SSSD should instruct the Kerberos libraries what realm and "
"which KDCs to use. This option is on by default, if you disable it, you need "
@@ -4671,7 +4921,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1736 sssd-krb5.5.xml:491
+#: sssd-ldap.5.xml:1754 sssd-krb5.5.xml:491
msgid ""
"See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
@@ -4679,26 +4929,26 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1750
+#: sssd-ldap.5.xml:1768
msgid "ldap_pwd_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1753
+#: sssd-ldap.5.xml:1771
msgid ""
"Select the policy to evaluate the password expiration on the client side. "
"The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1758
+#: sssd-ldap.5.xml:1776
msgid ""
"<emphasis>none</emphasis> - No evaluation on the client side. This option "
"cannot disable server-side password policies."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1763
+#: sssd-ldap.5.xml:1781
msgid ""
"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -4706,7 +4956,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1769
+#: sssd-ldap.5.xml:1787
msgid ""
"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
"to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -4714,31 +4964,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1778
+#: sssd-ldap.5.xml:1796
msgid ""
"<emphasis>Note</emphasis>: if a password policy is configured on server "
"side, it always takes precedence over policy set with this option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1786
+#: sssd-ldap.5.xml:1804
msgid "ldap_referrals (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1789
+#: sssd-ldap.5.xml:1807
msgid "Specifies whether automatic referral chasing should be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1793
+#: sssd-ldap.5.xml:1811
msgid ""
"Please note that sssd only supports referral chasing when it is compiled "
"with OpenLDAP version 2.4.13 or higher."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1798
+#: sssd-ldap.5.xml:1816
msgid ""
"Chasing referrals may incur a performance penalty in environments that use "
"them heavily, a notable example is Microsoft Active Directory. If your setup "
@@ -4747,56 +4997,56 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1812
+#: sssd-ldap.5.xml:1830
msgid "ldap_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1815
+#: sssd-ldap.5.xml:1833
msgid "Specifies the service name to use when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1819
+#: sssd-ldap.5.xml:1837
msgid "Default: ldap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1825
+#: sssd-ldap.5.xml:1843
msgid "ldap_chpass_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1828
+#: sssd-ldap.5.xml:1846
msgid ""
"Specifies the service name to use to find an LDAP server which allows "
"password changes when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1833
+#: sssd-ldap.5.xml:1851
msgid "Default: not set, i.e. service discovery is disabled"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1839
+#: sssd-ldap.5.xml:1857
msgid "ldap_chpass_update_last_change (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1842
+#: sssd-ldap.5.xml:1860
msgid ""
"Specifies whether to update the ldap_user_shadow_last_change attribute with "
"days since the Epoch after a password change operation."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1854
+#: sssd-ldap.5.xml:1872
msgid "ldap_access_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1857
+#: sssd-ldap.5.xml:1875
msgid ""
"If using access_provider = ldap and ldap_access_order = filter (default), "
"this option is mandatory. It specifies an LDAP search filter criteria that "
@@ -4812,12 +5062,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1877
+#: sssd-ldap.5.xml:1895
msgid "Example:"
msgstr "Намуна:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1880
+#: sssd-ldap.5.xml:1898
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -4826,14 +5076,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1884
+#: sssd-ldap.5.xml:1902
msgid ""
"This example means that access to this host is restricted to users whose "
"employeeType attribute is set to \"admin\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1889
+#: sssd-ldap.5.xml:1907
msgid ""
"Offline caching for this feature is limited to determining whether the "
"user's last online login was granted access permission. If they were granted "
@@ -4842,24 +5092,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1897 sssd-ldap.5.xml:1954
+#: sssd-ldap.5.xml:1915 sssd-ldap.5.xml:1972
msgid "Default: Empty"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1903
+#: sssd-ldap.5.xml:1921
msgid "ldap_account_expire_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1906
+#: sssd-ldap.5.xml:1924
msgid ""
"With this option a client side evaluation of access control attributes can "
"be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1910
+#: sssd-ldap.5.xml:1928
msgid ""
"Please note that it is always recommended to use server side access control, "
"i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -4867,19 +5117,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1917
+#: sssd-ldap.5.xml:1935
msgid "The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1920
+#: sssd-ldap.5.xml:1938
msgid ""
"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
"determine if the account is expired."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1925
+#: sssd-ldap.5.xml:1943
msgid ""
"<emphasis>ad</emphasis>: use the value of the 32bit field "
"ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -4888,7 +5138,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1932
+#: sssd-ldap.5.xml:1950
msgid ""
"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
"emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -4896,7 +5146,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1938
+#: sssd-ldap.5.xml:1956
msgid ""
"<emphasis>nds</emphasis>: the values of "
"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -4905,7 +5155,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1947
+#: sssd-ldap.5.xml:1965
msgid ""
"Please note that the ldap_access_order configuration option <emphasis>must</"
"emphasis> include <quote>expire</quote> in order for the "
@@ -4913,22 +5163,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1960
+#: sssd-ldap.5.xml:1978
msgid "ldap_access_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1963
+#: sssd-ldap.5.xml:1981
msgid "Comma separated list of access control options. Allowed values are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1967
+#: sssd-ldap.5.xml:1985
msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1970
+#: sssd-ldap.5.xml:1988
msgid ""
"<emphasis>lockout</emphasis>: use account locking. If set, this option "
"denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -4938,14 +5188,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1980
+#: sssd-ldap.5.xml:1998
msgid ""
"<emphasis> Please note that this option is superseded by the <quote>ppolicy</"
"quote> option and might be removed in a future release. </emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1987
+#: sssd-ldap.5.xml:2005
msgid ""
"<emphasis>ppolicy</emphasis>: use account locking. If set, this option "
"denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -4958,12 +5208,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2004
+#: sssd-ldap.5.xml:2022
msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2008
+#: sssd-ldap.5.xml:2026
msgid ""
"<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, "
"pwd_expire_policy_renew: </emphasis> These options are useful if users are "
@@ -4973,7 +5223,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2018
+#: sssd-ldap.5.xml:2036
msgid ""
"The difference between these options is the action taken if user password is "
"expired: pwd_expire_policy_reject - user is denied to log in, "
@@ -4983,49 +5233,49 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2026
+#: sssd-ldap.5.xml:2044
msgid ""
"Note If user password is expired no explicit message is prompted by SSSD."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2030
+#: sssd-ldap.5.xml:2048
msgid ""
"Please note that 'access_provider = ldap' must be set for this feature to "
"work. Also 'ldap_pwd_policy' must be set to an appropriate password policy."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2035
+#: sssd-ldap.5.xml:2053
msgid ""
"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
"to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2040
+#: sssd-ldap.5.xml:2058
msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2044
+#: sssd-ldap.5.xml:2062
msgid "Default: filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2047
+#: sssd-ldap.5.xml:2065
msgid ""
"Please note that it is a configuration error if a value is used more than "
"once."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2054
+#: sssd-ldap.5.xml:2072
msgid "ldap_pwdlockout_dn (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2057
+#: sssd-ldap.5.xml:2075
msgid ""
"This option specifies the DN of password policy entry on LDAP server. Please "
"note that absence of this option in sssd.conf in case of enabled account "
@@ -5034,74 +5284,74 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2065
+#: sssd-ldap.5.xml:2083
msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2068
+#: sssd-ldap.5.xml:2086
msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2074
+#: sssd-ldap.5.xml:2092
msgid "ldap_deref (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2077
+#: sssd-ldap.5.xml:2095
msgid ""
"Specifies how alias dereferencing is done when performing a search. The "
"following options are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2082
+#: sssd-ldap.5.xml:2100
msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2086
+#: sssd-ldap.5.xml:2104
msgid ""
"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
"the base object, but not in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2091
+#: sssd-ldap.5.xml:2109
msgid ""
"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
"the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2096
+#: sssd-ldap.5.xml:2114
msgid ""
"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
"in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2101
+#: sssd-ldap.5.xml:2119
msgid ""
"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
"client libraries)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2109
+#: sssd-ldap.5.xml:2127
msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2112
+#: sssd-ldap.5.xml:2130
msgid ""
"Allows to retain local users as members of an LDAP group for servers that "
"use the RFC2307 schema."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2116
+#: sssd-ldap.5.xml:2134
msgid ""
"In some environments where the RFC2307 schema is used, local users are made "
"members of LDAP groups by adding their names to the memberUid attribute. "
@@ -5112,7 +5362,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2127
+#: sssd-ldap.5.xml:2145
msgid ""
"This option falls back to checking if local users are referenced, and caches "
"them so that later initgroups() calls will augment the local users with the "
@@ -5120,24 +5370,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2139 sssd-ifp.5.xml:136
+#: sssd-ldap.5.xml:2157 sssd-ifp.5.xml:136
msgid "wildcart_limit (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2142
+#: sssd-ldap.5.xml:2160
msgid ""
"Specifies an upper limit on the number of entries that are downloaded during "
"a wildcard lookup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2146
+#: sssd-ldap.5.xml:2164
msgid "At the moment, only the InfoPipe responder supports wildcard lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2150
+#: sssd-ldap.5.xml:2168
msgid "Default: 1000 (often the size of one page)"
msgstr ""
@@ -5152,12 +5402,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2160
+#: sssd-ldap.5.xml:2178
msgid "SUDO OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2162
+#: sssd-ldap.5.xml:2180
msgid ""
"The detailed instructions for configuration of sudo_provider are in the "
"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -5165,208 +5415,208 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2173
+#: sssd-ldap.5.xml:2191
msgid "ldap_sudorule_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2176
+#: sssd-ldap.5.xml:2194
msgid "The object class of a sudo rule entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2179
+#: sssd-ldap.5.xml:2197
msgid "Default: sudoRole"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2185
+#: sssd-ldap.5.xml:2203
msgid "ldap_sudorule_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2188
+#: sssd-ldap.5.xml:2206
msgid "The LDAP attribute that corresponds to the sudo rule name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2198
+#: sssd-ldap.5.xml:2216
msgid "ldap_sudorule_command (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2201
+#: sssd-ldap.5.xml:2219
msgid "The LDAP attribute that corresponds to the command name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2205
+#: sssd-ldap.5.xml:2223
msgid "Default: sudoCommand"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2211
+#: sssd-ldap.5.xml:2229
msgid "ldap_sudorule_host (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2214
+#: sssd-ldap.5.xml:2232
msgid ""
"The LDAP attribute that corresponds to the host name (or host IP address, "
"host IP network, or host netgroup)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2219
+#: sssd-ldap.5.xml:2237
msgid "Default: sudoHost"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2225
+#: sssd-ldap.5.xml:2243
msgid "ldap_sudorule_user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2228
+#: sssd-ldap.5.xml:2246
msgid ""
"The LDAP attribute that corresponds to the user name (or UID, group name or "
"user's netgroup)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2232
+#: sssd-ldap.5.xml:2250
msgid "Default: sudoUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2238
+#: sssd-ldap.5.xml:2256
msgid "ldap_sudorule_option (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2241
+#: sssd-ldap.5.xml:2259
msgid "The LDAP attribute that corresponds to the sudo options."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2245
+#: sssd-ldap.5.xml:2263
msgid "Default: sudoOption"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2251
+#: sssd-ldap.5.xml:2269
msgid "ldap_sudorule_runasuser (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2254
+#: sssd-ldap.5.xml:2272
msgid ""
"The LDAP attribute that corresponds to the user name that commands may be "
"run as."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2258
+#: sssd-ldap.5.xml:2276
msgid "Default: sudoRunAsUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2264
+#: sssd-ldap.5.xml:2282
msgid "ldap_sudorule_runasgroup (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2267
+#: sssd-ldap.5.xml:2285
msgid ""
"The LDAP attribute that corresponds to the group name or group GID that "
"commands may be run as."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2271
+#: sssd-ldap.5.xml:2289
msgid "Default: sudoRunAsGroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2277
+#: sssd-ldap.5.xml:2295
msgid "ldap_sudorule_notbefore (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2280
+#: sssd-ldap.5.xml:2298
msgid ""
"The LDAP attribute that corresponds to the start date/time for when the sudo "
"rule is valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2284
+#: sssd-ldap.5.xml:2302
msgid "Default: sudoNotBefore"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2290
+#: sssd-ldap.5.xml:2308
msgid "ldap_sudorule_notafter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2293
+#: sssd-ldap.5.xml:2311
msgid ""
"The LDAP attribute that corresponds to the expiration date/time, after which "
"the sudo rule will no longer be valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2298
+#: sssd-ldap.5.xml:2316
msgid "Default: sudoNotAfter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2304
+#: sssd-ldap.5.xml:2322
msgid "ldap_sudorule_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2307
+#: sssd-ldap.5.xml:2325
msgid "The LDAP attribute that corresponds to the ordering index of the rule."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2311
+#: sssd-ldap.5.xml:2329
msgid "Default: sudoOrder"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2317
+#: sssd-ldap.5.xml:2335
msgid "ldap_sudo_full_refresh_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2320
+#: sssd-ldap.5.xml:2338
msgid ""
"How many seconds SSSD will wait between executing a full refresh of sudo "
"rules (which downloads all rules that are stored on the server)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2325
+#: sssd-ldap.5.xml:2343
msgid ""
"The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
"emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2330
+#: sssd-ldap.5.xml:2348
msgid "Default: 21600 (6 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2336
+#: sssd-ldap.5.xml:2354
msgid "ldap_sudo_smart_refresh_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2339
+#: sssd-ldap.5.xml:2357
msgid ""
"How many seconds SSSD has to wait before executing a smart refresh of sudo "
"rules (which downloads all rules that have USN higher than the highest USN "
@@ -5374,101 +5624,101 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2345
+#: sssd-ldap.5.xml:2363
msgid ""
"If USN attributes are not supported by the server, the modifyTimestamp "
"attribute is used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2355
+#: sssd-ldap.5.xml:2373
msgid "ldap_sudo_use_host_filter (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2358
+#: sssd-ldap.5.xml:2376
msgid ""
"If true, SSSD will download only rules that are applicable to this machine "
"(using the IPv4 or IPv6 host/network addresses and hostnames)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2369
+#: sssd-ldap.5.xml:2387
msgid "ldap_sudo_hostnames (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2372
+#: sssd-ldap.5.xml:2390
msgid ""
"Space separated list of hostnames or fully qualified domain names that "
"should be used to filter the rules."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2377
+#: sssd-ldap.5.xml:2395
msgid ""
"If this option is empty, SSSD will try to discover the hostname and the "
"fully qualified domain name automatically."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2382 sssd-ldap.5.xml:2405 sssd-ldap.5.xml:2423
-#: sssd-ldap.5.xml:2441
+#: sssd-ldap.5.xml:2400 sssd-ldap.5.xml:2423 sssd-ldap.5.xml:2441
+#: sssd-ldap.5.xml:2459
msgid ""
"If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
"emphasis> then this option has no effect."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2387 sssd-ldap.5.xml:2410
+#: sssd-ldap.5.xml:2405 sssd-ldap.5.xml:2428
msgid "Default: not specified"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2393
+#: sssd-ldap.5.xml:2411
msgid "ldap_sudo_ip (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2396
+#: sssd-ldap.5.xml:2414
msgid ""
"Space separated list of IPv4 or IPv6 host/network addresses that should be "
"used to filter the rules."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2401
+#: sssd-ldap.5.xml:2419
msgid ""
"If this option is empty, SSSD will try to discover the addresses "
"automatically."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2416
+#: sssd-ldap.5.xml:2434
msgid "ldap_sudo_include_netgroups (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2419
+#: sssd-ldap.5.xml:2437
msgid ""
"If true then SSSD will download every rule that contains a netgroup in "
"sudoHost attribute."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2434
+#: sssd-ldap.5.xml:2452
msgid "ldap_sudo_include_regexp (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2437
+#: sssd-ldap.5.xml:2455
msgid ""
"If true then SSSD will download every rule that contains a wildcard in "
"sudoHost attribute."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2453
+#: sssd-ldap.5.xml:2471
msgid ""
"This manual page only describes attribute name mapping. For detailed "
"explanation of sudo related attribute semantics, see <citerefentry> "
@@ -5477,110 +5727,110 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2463
+#: sssd-ldap.5.xml:2481
msgid "AUTOFS OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2465
+#: sssd-ldap.5.xml:2483
msgid ""
"Some of the defaults for the parameters below are dependent on the LDAP "
"schema."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2471
+#: sssd-ldap.5.xml:2489
msgid "ldap_autofs_map_master_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2474
+#: sssd-ldap.5.xml:2492
msgid "The name of the automount master map in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2477
+#: sssd-ldap.5.xml:2495
msgid "Default: auto.master"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2484
+#: sssd-ldap.5.xml:2502
msgid "ldap_autofs_map_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2487
+#: sssd-ldap.5.xml:2505
msgid "The object class of an automount map entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2490
+#: sssd-ldap.5.xml:2508
msgid "Default: automountMap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2497
+#: sssd-ldap.5.xml:2515
msgid "ldap_autofs_map_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2500
+#: sssd-ldap.5.xml:2518
msgid "The name of an automount map entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2503
+#: sssd-ldap.5.xml:2521
msgid "Default: ou (rfc2307), automountMapName (rfc2307bis, ipa, ad)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2511
+#: sssd-ldap.5.xml:2529
msgid "ldap_autofs_entry_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2514
+#: sssd-ldap.5.xml:2532
msgid ""
"The object class of an automount entry in LDAP. The entry usually "
"corresponds to a mount point."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2519
+#: sssd-ldap.5.xml:2537
#, fuzzy
#| msgid "Default: root"
msgid "Default: automount"
msgstr "Пешфарз: root"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2526
+#: sssd-ldap.5.xml:2544
msgid "ldap_autofs_entry_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2529 sssd-ldap.5.xml:2544
+#: sssd-ldap.5.xml:2547 sssd-ldap.5.xml:2562
msgid ""
"The key of an automount entry in LDAP. The entry usually corresponds to a "
"mount point."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2533
+#: sssd-ldap.5.xml:2551
msgid "Default: cn (rfc2307), automountKey (rfc2307bis, ipa, ad)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2541
+#: sssd-ldap.5.xml:2559
msgid "ldap_autofs_entry_value (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2548
+#: sssd-ldap.5.xml:2566
msgid "Default: automountInformation"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2469
+#: sssd-ldap.5.xml:2487
msgid ""
"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
@@ -5589,32 +5839,32 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2558
+#: sssd-ldap.5.xml:2576
msgid "ADVANCED OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2565
+#: sssd-ldap.5.xml:2583
msgid "ldap_netgroup_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2570
+#: sssd-ldap.5.xml:2588
msgid "ldap_user_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2575
+#: sssd-ldap.5.xml:2593
msgid "ldap_group_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><note>
-#: sssd-ldap.5.xml:2580
+#: sssd-ldap.5.xml:2598
msgid "<note>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para>
-#: sssd-ldap.5.xml:2582
+#: sssd-ldap.5.xml:2600
msgid ""
"If the option <quote>ldap_use_tokengroups</quote> is enabled. The searches "
"against Active Directory will not be restricted and return all groups "
@@ -5623,22 +5873,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist>
-#: sssd-ldap.5.xml:2589
+#: sssd-ldap.5.xml:2607
msgid "</note>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2591
+#: sssd-ldap.5.xml:2609
msgid "ldap_sudo_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2596
+#: sssd-ldap.5.xml:2614
msgid "ldap_autofs_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2560
+#: sssd-ldap.5.xml:2578
msgid ""
"These options are supported by LDAP domains, but they should be used with "
"caution. Please include them in your configuration only if you know what you "
@@ -5647,7 +5897,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2613
+#: sssd-ldap.5.xml:2631
msgid ""
"The following example assumes that SSSD is correctly configured and LDAP is "
"set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -5655,7 +5905,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2619
+#: sssd-ldap.5.xml:2637
#, no-wrap
msgid ""
"[domain/LDAP]\n"
@@ -5668,26 +5918,26 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: sssd-ldap.5.xml:2618 sssd-ldap.5.xml:2636 sssd-simple.5.xml:139
-#: sssd-ipa.5.xml:725 sssd-ad.5.xml:897 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98
+#: sssd-ldap.5.xml:2636 sssd-ldap.5.xml:2654 sssd-simple.5.xml:139
+#: sssd-ipa.5.xml:725 sssd-ad.5.xml:973 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98
#: sssd-krb5.5.xml:573 include/ldap_id_mapping.xml:105
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2630
+#: sssd-ldap.5.xml:2648
msgid "LDAP ACCESS FILTER EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2632
+#: sssd-ldap.5.xml:2650
msgid ""
"The following example assumes that SSSD is correctly configured and to use "
"the ldap_access_order=lockout."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2637
+#: sssd-ldap.5.xml:2655
#, no-wrap
msgid ""
"[domain/LDAP]\n"
@@ -5703,13 +5953,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2652 sssd_krb5_locator_plugin.8.xml:61
-#: sssd-simple.5.xml:148 sssd-ad.5.xml:912 sssd.8.xml:195 sss_seed.8.xml:163
+#: sssd-ldap.5.xml:2670 sssd_krb5_locator_plugin.8.xml:61
+#: sssd-simple.5.xml:148 sssd-ad.5.xml:988 sssd.8.xml:195 sss_seed.8.xml:163
msgid "NOTES"
msgstr "ЭЗОҲҲО"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2654
+#: sssd-ldap.5.xml:2672
msgid ""
"The descriptions of some of the configuration options in this manual page "
"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -5744,11 +5994,12 @@ msgid ""
"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </"
"arg> <arg choice='opt'> <replaceable>ignore_unknown_user</replaceable> </"
"arg> <arg choice='opt'> <replaceable>ignore_authinfo_unavail</replaceable> </"
-"arg> <arg choice='opt'> <replaceable>domains=X</replaceable> </arg>"
+"arg> <arg choice='opt'> <replaceable>domains=X</replaceable> </arg> <arg "
+"choice='opt'> <replaceable>allow_missing_name</replaceable> </arg>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:54
+#: pam_sss.8.xml:57
msgid ""
"<command>pam_sss.so</command> is the PAM interface to the System Security "
"Services daemon (SSSD). Errors and results are logged through "
@@ -5756,34 +6007,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:64
+#: pam_sss.8.xml:67
msgid "<option>quiet</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:67
+#: pam_sss.8.xml:70
msgid "Suppress log messages for unknown users."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:72
+#: pam_sss.8.xml:75
msgid "<option>forward_pass</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:75
+#: pam_sss.8.xml:78
msgid ""
"If <option>forward_pass</option> is set the entered password is put on the "
"stack for other PAM modules to use."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:82
+#: pam_sss.8.xml:85
msgid "<option>use_first_pass</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:85
+#: pam_sss.8.xml:88
msgid ""
"The argument use_first_pass forces the module to use a previous stacked "
"modules password and will never prompt the user - if no password is "
@@ -5791,31 +6042,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:93
+#: pam_sss.8.xml:96
msgid "<option>use_authtok</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:96
+#: pam_sss.8.xml:99
msgid ""
"When password changing enforce the module to set the new password to the one "
"provided by a previously stacked password module."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:103
+#: pam_sss.8.xml:106
msgid "<option>retry=N</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:106
+#: pam_sss.8.xml:109
msgid ""
"If specified the user is asked another N times for a password if "
"authentication fails. Default is 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:108
+#: pam_sss.8.xml:111
msgid ""
"Please note that this option might not work as expected if the application "
"calling PAM handles the user dialog on its own. A typical example is "
@@ -5823,36 +6074,36 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:117
+#: pam_sss.8.xml:120
msgid "<option>ignore_unknown_user</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:120
+#: pam_sss.8.xml:123
msgid ""
"If this option is specified and the user does not exist, the PAM module will "
"return PAM_IGNORE. This causes the PAM framework to ignore this module."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:127
+#: pam_sss.8.xml:130
msgid "<option>ignore_authinfo_unavail</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:131
+#: pam_sss.8.xml:134
msgid ""
"Specifies that the PAM module should return PAM_IGNORE if it cannot contact "
"the SSSD daemon. This causes the PAM framework to ignore this module."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:138
+#: pam_sss.8.xml:141
msgid "<option>domains</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:142
+#: pam_sss.8.xml:145
msgid ""
"Allows the administrator to restrict the domains a particular PAM service is "
"allowed to authenticate against. The format is a comma-separated list of "
@@ -5860,7 +6111,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:148
+#: pam_sss.8.xml:151
msgid ""
"NOTE: Must be used in conjunction with the <quote>pam_trusted_users</quote> "
"and <quote>pam_public_domains</quote> options. Please see the "
@@ -5869,25 +6120,56 @@ msgid ""
"responder options."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:165
+msgid "<option>allow_missing_name</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:169
+msgid ""
+"The main purpose of this option is to let SSSD determine the user name based "
+"on additional information, e.g. the certificate from a Smartcard."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
+#: pam_sss.8.xml:179
+#, no-wrap
+msgid ""
+" auth sufficient pam_sss.so allow_missing_name\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:174
+msgid ""
+"The current use case are login managers which can monitor a Smartcard reader "
+"for card events. In case a Smartcard is inserted the login manager will call "
+"a PAM stack which includes a line like <placeholder type=\"programlisting\" "
+"id=\"0\"/> In this case SSSD will try to determine the user name based on "
+"the content of the Smartcard, returns it to pam_sss which will finally put "
+"it on the PAM stack."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:164
+#: pam_sss.8.xml:191
msgid "MODULE TYPES PROVIDED"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:165
+#: pam_sss.8.xml:192
msgid ""
"All module types (<option>account</option>, <option>auth</option>, "
"<option>password</option> and <option>session</option>) are provided."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:171
+#: pam_sss.8.xml:198
msgid "FILES"
msgstr "ФАЙЛҲО"
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:172
+#: pam_sss.8.xml:199
msgid ""
"If a password reset by root fails, because the corresponding SSSD provider "
"does not support password resets, an individual message can be displayed. "
@@ -5895,7 +6177,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:177
+#: pam_sss.8.xml:204
msgid ""
"The message is read from the file <filename>pam_sss_pw_reset_message.LOC</"
"filename> where LOC stands for a locale string returned by <citerefentry> "
@@ -5907,7 +6189,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:187
+#: pam_sss.8.xml:214
msgid ""
"These files are searched in the directory <filename>/etc/sssd/customize/"
"DOMAIN_NAME/</filename>. If no matching file is present a generic message is "
@@ -6066,7 +6348,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:89
+#: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:90
msgid ""
"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -6214,7 +6496,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:116 sssd-ad.5.xml:714
+#: sssd-ipa.5.xml:116 sssd-ad.5.xml:790
msgid "dyndns_update (boolean)"
msgstr ""
@@ -6222,14 +6504,14 @@ msgstr ""
#: sssd-ipa.5.xml:119
msgid ""
"Optional. This option tells SSSD to automatically update the DNS server "
-"built into FreeIPA v2 with the IP address of this client. The update is "
-"secured using GSS-TSIG. The IP address of the IPA LDAP connection is used "
-"for the updates, if it is not otherwise specified by using the "
-"<quote>dyndns_iface</quote> option."
+"built into FreeIPA with the IP address of this client. The update is secured "
+"using GSS-TSIG. The IP address of the IPA LDAP connection is used for the "
+"updates, if it is not otherwise specified by using the <quote>dyndns_iface</"
+"quote> option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:128 sssd-ad.5.xml:728
+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:804
msgid ""
"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
"the default Kerberos realm must be set properly in /etc/krb5.conf"
@@ -6244,12 +6526,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:145 sssd-ad.5.xml:739
+#: sssd-ipa.5.xml:145 sssd-ad.5.xml:815
msgid "dyndns_ttl (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:148 sssd-ad.5.xml:742
+#: sssd-ipa.5.xml:148 sssd-ad.5.xml:818
msgid ""
"The TTL to apply to the client DNS record when updating it. If "
"dyndns_update is false this has no effect. This will override the TTL "
@@ -6270,12 +6552,12 @@ msgid "Default: 1200 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:165 sssd-ad.5.xml:753
+#: sssd-ipa.5.xml:165 sssd-ad.5.xml:829
msgid "dyndns_iface (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168 sssd-ad.5.xml:756
+#: sssd-ipa.5.xml:168 sssd-ad.5.xml:832
msgid ""
"Optional. Applicable only when dyndns_update is true. Choose the interface "
"or a list of interfaces whose IP addresses should be used for dynamic DNS "
@@ -6299,7 +6581,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:185 sssd-ad.5.xml:767
+#: sssd-ipa.5.xml:185 sssd-ad.5.xml:843
msgid "Example: dyndns_iface = em1, vnet1, vnet2"
msgstr ""
@@ -6309,7 +6591,7 @@ msgid "ipa_enable_dns_sites (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:194 sssd-ad.5.xml:152
+#: sssd-ipa.5.xml:194 sssd-ad.5.xml:160
msgid "Enables DNS sites - location based service discovery."
msgstr ""
@@ -6326,12 +6608,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:217 sssd-ad.5.xml:773
+#: sssd-ipa.5.xml:217 sssd-ad.5.xml:849
msgid "dyndns_refresh_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:220 sssd-ad.5.xml:776
+#: sssd-ipa.5.xml:220 sssd-ad.5.xml:852
msgid ""
"How often should the back end perform periodic DNS update in addition to the "
"automatic update performed when the back end goes online. This option is "
@@ -6339,12 +6621,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:233 sssd-ad.5.xml:789
+#: sssd-ipa.5.xml:233 sssd-ad.5.xml:865
msgid "dyndns_update_ptr (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:236 sssd-ad.5.xml:792
+#: sssd-ipa.5.xml:236 sssd-ad.5.xml:868
msgid ""
"Whether the PTR record should also be explicitly updated when updating the "
"client's DNS records. Applicable only when dyndns_update is true."
@@ -6363,50 +6645,50 @@ msgid "Default: False (disabled)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:253 sssd-ad.5.xml:803
+#: sssd-ipa.5.xml:253 sssd-ad.5.xml:879
msgid "dyndns_force_tcp (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:256 sssd-ad.5.xml:806
+#: sssd-ipa.5.xml:256 sssd-ad.5.xml:882
msgid ""
"Whether the nsupdate utility should default to using TCP for communicating "
"with the DNS server."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:260 sssd-ad.5.xml:810
+#: sssd-ipa.5.xml:260 sssd-ad.5.xml:886
msgid "Default: False (let nsupdate choose the protocol)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:266 sssd-ad.5.xml:816
+#: sssd-ipa.5.xml:266 sssd-ad.5.xml:892
msgid "dyndns_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:269 sssd-ad.5.xml:819
+#: sssd-ipa.5.xml:269 sssd-ad.5.xml:895
msgid ""
"The DNS server to use when performing a DNS update. In most setups, it's "
"recommended to leave this option unset."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:274 sssd-ad.5.xml:824
+#: sssd-ipa.5.xml:274 sssd-ad.5.xml:900
msgid ""
"Setting this option makes sense for environments where the DNS server is "
"different from the identity server."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:279 sssd-ad.5.xml:829
+#: sssd-ipa.5.xml:279 sssd-ad.5.xml:905
msgid ""
"Please note that this option will be only used in fallback attempt when "
"previous attempt using autodetected settings failed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:284 sssd-ad.5.xml:834
+#: sssd-ipa.5.xml:284 sssd-ad.5.xml:910
msgid "Default: None (let nsupdate choose the server)"
msgstr ""
@@ -6516,7 +6798,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:408 sssd-ad.5.xml:855
+#: sssd-ipa.5.xml:408 sssd-ad.5.xml:931
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
@@ -6590,26 +6872,26 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:480 sssd-ad.5.xml:862
+#: sssd-ipa.5.xml:480 sssd-ad.5.xml:938
msgid "krb5_confd_path (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:483 sssd-ad.5.xml:865
+#: sssd-ipa.5.xml:483 sssd-ad.5.xml:941
msgid ""
"Absolute path of a directory where SSSD should place Kerberos configuration "
"snippets."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:487 sssd-ad.5.xml:869
+#: sssd-ipa.5.xml:487 sssd-ad.5.xml:945
msgid ""
"To disable the creation of the configuration snippets set the parameter to "
"'none'."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:491 sssd-ad.5.xml:873
+#: sssd-ipa.5.xml:491 sssd-ad.5.xml:949
msgid ""
"Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
msgstr ""
@@ -6628,7 +6910,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:508 sssd-ipa.5.xml:524 sssd-ad.5.xml:347
+#: sssd-ipa.5.xml:508 sssd-ipa.5.xml:524 sssd-ad.5.xml:355
msgid "Default: 5 (seconds)"
msgstr ""
@@ -6926,13 +7208,14 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ad.5.xml:45
msgid ""
-"The AD provider is able to provide identity information and authentication "
-"for entities from trusted domains as well. Currently only trusted domains in "
-"the same forest are recognized."
+"The AD provider can be used to get user information and authenticate users "
+"from trusted domains. Currently only trusted domains in the same forest are "
+"recognized. In addition servers from trusted domains are always auto-"
+"discovered."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:50
+#: sssd-ad.5.xml:51
msgid ""
"The AD provider accepts the same options used by the <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -6942,15 +7225,15 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:62
+#: sssd-ad.5.xml:63
msgid ""
"However, it is neither necessary nor recommended to set these options. The "
-"AD provider can also be used as an access, chpass and sudo provider. No "
-"configuration of the access provider is required on the client side."
+"AD provider can also be used as an access, chpass, sudo and autofs provider. "
+"No configuration of the access provider is required on the client side."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:74
+#: sssd-ad.5.xml:75
#, no-wrap
msgid ""
"ldap_id_mapping = False\n"
@@ -6958,7 +7241,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:68
+#: sssd-ad.5.xml:69
msgid ""
"By default, the AD provider will map UID and GID values from the objectSID "
"parameter in Active Directory. For details on this, see the <quote>ID "
@@ -6971,7 +7254,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:81
+#: sssd-ad.5.xml:82
msgid ""
"Users, groups and other entities served by SSSD are always treated as case-"
"insensitive in the AD provider for compatibility with Active Directory's "
@@ -6979,53 +7262,65 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:96
+#: sssd-ad.5.xml:97
msgid "ad_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:99
+#: sssd-ad.5.xml:100
msgid ""
"Specifies the name of the Active Directory domain. This is optional. If not "
"provided, the configuration domain name is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:104
+#: sssd-ad.5.xml:105
msgid ""
"For proper operation, this option should be specified as the lower-case "
"version of the long version of the Active Directory domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:109
+#: sssd-ad.5.xml:110
msgid ""
"The short domain name (also known as the NetBIOS or the flat name) is "
"autodetected by the SSSD."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:116
+#: sssd-ad.5.xml:117
msgid "ad_server, ad_backup_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:119
+#: sssd-ad.5.xml:120
msgid ""
"The comma-separated list of hostnames of the AD servers to which SSSD should "
"connect in order of preference. For more information on failover and server "
-"redundancy, see the <quote>FAILOVER</quote> section. This is optional if "
-"autodiscovery is enabled. For more information on service discovery, refer "
-"to the <quote>SERVICE DISCOVERY</quote> section."
+"redundancy, see the <quote>FAILOVER</quote> section."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:127
+msgid ""
+"This is optional if autodiscovery is enabled. For more information on "
+"service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ad.5.xml:132
+msgid ""
+"Note: Trusted domains will always auto-discover servers even if the primary "
+"server is explicitly defined in the ad_server option."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:140
msgid "ad_hostname (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:135
+#: sssd-ad.5.xml:143
msgid ""
"Optional. May be set on machines where the hostname(5) does not reflect the "
"fully qualified name used in the Active Directory domain to identify this "
@@ -7033,19 +7328,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:141
+#: sssd-ad.5.xml:149
msgid ""
"This field is used to determine the host principal in use in the keytab. It "
"must match the hostname for which the keytab was issued."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:149
+#: sssd-ad.5.xml:157
msgid "ad_enable_dns_sites (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:156
+#: sssd-ad.5.xml:164
msgid ""
"If true and service discovery (see Service Discovery paragraph at the bottom "
"of the man page) is enabled, the SSSD will first attempt to discover the "
@@ -7056,12 +7351,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:172
+#: sssd-ad.5.xml:180
msgid "ad_access_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:175
+#: sssd-ad.5.xml:183
msgid ""
"This option specifies LDAP access control filter that the user must match in "
"order to be allowed access. Please note that the <quote>access_provider</"
@@ -7070,7 +7365,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:183
+#: sssd-ad.5.xml:191
msgid ""
"The option also supports specifying different filters per domain or forest. "
"This extended filter would consist of: <quote>KEYWORD:NAME:FILTER</quote>. "
@@ -7079,7 +7374,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:191
+#: sssd-ad.5.xml:199
msgid ""
"If the keyword equals to <quote>DOM</quote> or is missing, then <quote>NAME</"
"quote> specifies the domain or subdomain the filter applies to. If the "
@@ -7088,14 +7383,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:199
+#: sssd-ad.5.xml:207
msgid ""
"Multiple filters can be separated with the <quote>?</quote> character, "
"similarly to how search bases work."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:204
+#: sssd-ad.5.xml:212
msgid ""
"The most specific match is always used. For example, if the option specified "
"filter for a domain the user is a member of and a global filter, the per-"
@@ -7104,7 +7399,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ad.5.xml:215
+#: sssd-ad.5.xml:223
#, no-wrap
msgid ""
"# apply filter on domain called dom1 only:\n"
@@ -7119,29 +7414,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:225 sssd-ad.5.xml:239
+#: sssd-ad.5.xml:233 sssd-ad.5.xml:247
msgid "Default: Not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:231
+#: sssd-ad.5.xml:239
msgid "ad_site (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:234
+#: sssd-ad.5.xml:242
msgid ""
"Specify AD site to which client should try to connect. If this option is "
"not provided, the AD site will be auto-discovered."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:245
+#: sssd-ad.5.xml:253
msgid "ad_enable_gc (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:248
+#: sssd-ad.5.xml:256
msgid ""
"By default, the SSSD connects to the Global Catalog first to retrieve users "
"from trusted domains and uses the LDAP port to retrieve group memberships or "
@@ -7150,7 +7445,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:256
+#: sssd-ad.5.xml:264
msgid ""
"Please note that disabling Global Catalog support does not disable "
"retrieving users from trusted domains. The SSSD would connect to the LDAP "
@@ -7159,12 +7454,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:270
+#: sssd-ad.5.xml:278
msgid "ad_gpo_access_control (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:273
+#: sssd-ad.5.xml:281
msgid ""
"This option specifies the operation mode for GPO-based access control "
"functionality: whether it operates in disabled mode, enforcing mode, or "
@@ -7174,14 +7469,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:282
+#: sssd-ad.5.xml:290
msgid ""
"GPO-based access control functionality uses GPO policy settings to determine "
"whether or not a particular user is allowed to logon to a particular host."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:288
+#: sssd-ad.5.xml:296
msgid ""
"NOTE: If the operation mode is set to enforcing, it is possible that users "
"that were previously allowed logon access will now be denied logon access "
@@ -7194,23 +7489,23 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:301
+#: sssd-ad.5.xml:309
msgid "There are three supported values for this option:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:305
+#: sssd-ad.5.xml:313
msgid ""
"disabled: GPO-based access control rules are neither evaluated nor enforced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:311
+#: sssd-ad.5.xml:319
msgid "enforcing: GPO-based access control rules are evaluated and enforced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:317
+#: sssd-ad.5.xml:325
msgid ""
"permissive: GPO-based access control rules are evaluated, but not enforced. "
"Instead, a syslog message will be emitted indicating that the user would "
@@ -7218,22 +7513,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:328
+#: sssd-ad.5.xml:336
msgid "Default: permissive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:331
+#: sssd-ad.5.xml:339
msgid "Default: enforcing"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:337
+#: sssd-ad.5.xml:345
msgid "ad_gpo_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:340
+#: sssd-ad.5.xml:348
msgid ""
"The amount of time between lookups of GPO policy files against the AD "
"server. This will reduce the latency and load on the AD server if there are "
@@ -7241,12 +7536,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:353
+#: sssd-ad.5.xml:361
msgid "ad_gpo_map_interactive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:356
+#: sssd-ad.5.xml:364
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the InteractiveLogonRight and "
@@ -7254,14 +7549,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:362
+#: sssd-ad.5.xml:370
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on locally\" and \"Deny log on locally\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:376
+#: sssd-ad.5.xml:384
#, no-wrap
msgid ""
"ad_gpo_map_interactive = +my_pam_service, -login\n"
@@ -7269,7 +7564,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:367
+#: sssd-ad.5.xml:375
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7281,53 +7576,78 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:380 sssd-ad.5.xml:451 sssd-ad.5.xml:492 sssd-ad.5.xml:537
-#: sssd-ad.5.xml:603
+#: sssd-ad.5.xml:388 sssd-ad.5.xml:484 sssd-ad.5.xml:530 sssd-ad.5.xml:575
+#: sssd-ad.5.xml:641
msgid "Default: the default set of PAM service names includes:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:384
+#: sssd-ad.5.xml:392
msgid "login"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:389
+#: sssd-ad.5.xml:397
msgid "su"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:394
+#: sssd-ad.5.xml:402
msgid "su-l"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:399
+#: sssd-ad.5.xml:407
msgid "gdm-fingerprint"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:404
+#: sssd-ad.5.xml:412
msgid "gdm-password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:409
+#: sssd-ad.5.xml:417
msgid "gdm-smartcard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:414
+#: sssd-ad.5.xml:422
msgid "kdm"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:427
+msgid "lightdm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:432
+msgid "lxdm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:437
+msgid "sddm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:442
+msgid "unity"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:447
+msgid "xdm"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:423
+#: sssd-ad.5.xml:456
msgid "ad_gpo_map_remote_interactive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:426
+#: sssd-ad.5.xml:459
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the RemoteInteractiveLogonRight and "
@@ -7335,7 +7655,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:432
+#: sssd-ad.5.xml:465
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on through Remote Desktop Services\" and \"Deny log on through Remote "
@@ -7343,7 +7663,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:447
+#: sssd-ad.5.xml:480
#, no-wrap
msgid ""
"ad_gpo_map_remote_interactive = +my_pam_service, -sshd\n"
@@ -7351,7 +7671,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:438
+#: sssd-ad.5.xml:471
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7363,17 +7683,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:455
+#: sssd-ad.5.xml:488
msgid "sshd"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:493
+msgid "cockpit"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:464
+#: sssd-ad.5.xml:502
msgid "ad_gpo_map_network (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:467
+#: sssd-ad.5.xml:505
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the NetworkLogonRight and "
@@ -7381,7 +7706,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:473
+#: sssd-ad.5.xml:511
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Access "
"this computer from the network\" and \"Deny access to this computer from the "
@@ -7389,7 +7714,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:488
+#: sssd-ad.5.xml:526
#, no-wrap
msgid ""
"ad_gpo_map_network = +my_pam_service, -ftp\n"
@@ -7397,7 +7722,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:479
+#: sssd-ad.5.xml:517
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7409,22 +7734,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:496
+#: sssd-ad.5.xml:534
msgid "ftp"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:501
+#: sssd-ad.5.xml:539
msgid "samba"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:510
+#: sssd-ad.5.xml:548
msgid "ad_gpo_map_batch (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:513
+#: sssd-ad.5.xml:551
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the BatchLogonRight and DenyBatchLogonRight "
@@ -7432,14 +7757,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:519
+#: sssd-ad.5.xml:557
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on as a batch job\" and \"Deny log on as a batch job\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:533
+#: sssd-ad.5.xml:571
#, no-wrap
msgid ""
"ad_gpo_map_batch = +my_pam_service, -crond\n"
@@ -7447,7 +7772,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:524
+#: sssd-ad.5.xml:562
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7459,17 +7784,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:541
+#: sssd-ad.5.xml:579
msgid "crond"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:550
+#: sssd-ad.5.xml:588
msgid "ad_gpo_map_service (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:553
+#: sssd-ad.5.xml:591
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the ServiceLogonRight and "
@@ -7477,14 +7802,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:559
+#: sssd-ad.5.xml:597
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on as a service\" and \"Deny log on as a service\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:572
+#: sssd-ad.5.xml:610
#, no-wrap
msgid ""
"ad_gpo_map_service = +my_pam_service\n"
@@ -7492,7 +7817,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:564 sssd-ad.5.xml:634
+#: sssd-ad.5.xml:602 sssd-ad.5.xml:677
msgid ""
"It is possible to add a PAM service name to the default set by using <quote>"
"+service_name</quote>. Since the default set is empty, it is not possible "
@@ -7503,19 +7828,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:582
+#: sssd-ad.5.xml:620
msgid "ad_gpo_map_permit (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:585
+#: sssd-ad.5.xml:623
msgid ""
"A comma-separated list of PAM service names for which GPO-based access is "
"always granted, regardless of any GPO Logon Rights."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:599
+#: sssd-ad.5.xml:637
#, no-wrap
msgid ""
"ad_gpo_map_permit = +my_pam_service, -sudo\n"
@@ -7523,7 +7848,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:590
+#: sssd-ad.5.xml:628
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7535,34 +7860,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:607
+#: sssd-ad.5.xml:645
+msgid "polkit-1"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:650
msgid "sudo"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:612
+#: sssd-ad.5.xml:655
msgid "sudo-i"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:617
+#: sssd-ad.5.xml:660
msgid "systemd-user"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:626
+#: sssd-ad.5.xml:669
msgid "ad_gpo_map_deny (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:629
+#: sssd-ad.5.xml:672
msgid ""
"A comma-separated list of PAM service names for which GPO-based access is "
"always denied, regardless of any GPO Logon Rights."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:642
+#: sssd-ad.5.xml:685
#, no-wrap
msgid ""
"ad_gpo_map_deny = +my_pam_service\n"
@@ -7570,12 +7900,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:652
+#: sssd-ad.5.xml:695
msgid "ad_gpo_default_right (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:655
+#: sssd-ad.5.xml:698
msgid ""
"This option defines how access control is evaluated for PAM service names "
"that are not explicitly listed in one of the ad_gpo_map_* options. This "
@@ -7588,52 +7918,92 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:668
+#: sssd-ad.5.xml:711
msgid "Supported values for this option include:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:672
+#: sssd-ad.5.xml:715
msgid "interactive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:677
+#: sssd-ad.5.xml:720
msgid "remote_interactive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:682
+#: sssd-ad.5.xml:725
msgid "network"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:687
+#: sssd-ad.5.xml:730
msgid "batch"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:692
+#: sssd-ad.5.xml:735
msgid "service"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:697
+#: sssd-ad.5.xml:740
msgid "permit"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:702
+#: sssd-ad.5.xml:745
msgid "deny"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:708
+#: sssd-ad.5.xml:751
msgid "Default: deny"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:757
+msgid "ad_maximum_machine_account_password_age (integer)"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:717
+#: sssd-ad.5.xml:760
+msgid ""
+"SSSD will check once a day if the machine account password is older than the "
+"given age in days and try to renew it. A value of 0 will disable the renewal "
+"attempt."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:766
+#, fuzzy
+#| msgid "Default: 3"
+msgid "Default: 30 days"
+msgstr "Пешфарз: 3"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:772
+msgid "ad_machine_account_password_renewal_opts (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:775
+msgid ""
+"This option should only be used to test the machine account renewal task. "
+"The option expect 2 integers seperated by a colon (':'). The first integer "
+"defines the interval in seconds how often the task is run. The second "
+"specifies the inital timeout in seconds before the task is run for the first "
+"time after startup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:784
+msgid "Default: 86400:750 (24h and 15m)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:793
msgid ""
"Optional. This option tells SSSD to automatically update the Active "
"Directory DNS server with the IP address of this client. The update is "
@@ -7644,36 +8014,36 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:747
+#: sssd-ad.5.xml:823
msgid "Default: 3600 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:763
+#: sssd-ad.5.xml:839
msgid ""
"Default: Use the IP addresses of the interface which is used for AD LDAP "
"connection"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:797 sss_rpcidmapd.5.xml:76
+#: sssd-ad.5.xml:873 sss_rpcidmapd.5.xml:76
msgid "Default: True"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:843 sssd-krb5.5.xml:505
+#: sssd-ad.5.xml:919 sssd-krb5.5.xml:505
msgid "krb5_use_enterprise_principal (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:846 sssd-krb5.5.xml:508
+#: sssd-ad.5.xml:922 sssd-krb5.5.xml:508
msgid ""
"Specifies if the user principal should be treated as enterprise principal. "
"See section 5 of RFC 6806 for more details about enterprise principals."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:891
+#: sssd-ad.5.xml:967
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -7681,7 +8051,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:898
+#: sssd-ad.5.xml:974
#, no-wrap
msgid ""
"[domain/EXAMPLE]\n"
@@ -7696,7 +8066,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:918
+#: sssd-ad.5.xml:994
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -7705,7 +8075,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:914
+#: sssd-ad.5.xml:990
msgid ""
"The AD access control provider checks if the account is expired. It has the "
"same effect as the following configuration of the LDAP provider: "
@@ -7713,7 +8083,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:924
+#: sssd-ad.5.xml:1000
msgid ""
"However, unless the <quote>ad</quote> access control provider is explicitly "
"configured, the default access provider is <quote>permit</quote>. Please "
@@ -7722,6 +8092,14 @@ msgid ""
"encryption details) manually."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ad.5.xml:1008
+msgid ""
+"When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema "
+"attribute mapping (nisMap, nisObject, ...) is used, because these attributes "
+"are included in the default Active Directory schema."
+msgstr ""
+
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16
msgid "sssd-sudo"
@@ -8180,7 +8558,7 @@ msgid "The password to obfuscate will be read from standard input."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:80
+#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:70
#: sss_ssh_knownhostsproxy.1.xml:78
msgid ""
"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
@@ -8239,17 +8617,22 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_override.8.xml:37
msgid ""
-"Overrides data are stored in SSSD cache. If the cache is deleted all local "
-"overrides are lost."
+"Overrides data are stored in the SSSD cache. If the cache is deleted, all "
+"local overrides are lost. Please note that after the first override is "
+"created using any of the following <emphasis>user-add</emphasis>, "
+"<emphasis>group-add</emphasis>, <emphasis>user-import</emphasis> or "
+"<emphasis>group-import</emphasis> command. SSSD needs to be restarted to "
+"take effect. <emphasis>sss_override</emphasis> prints message when a "
+"restart is required."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_override.8.xml:43
+#: sss_override.8.xml:50
msgid "AVAILABLE COMMANDS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_override.8.xml:45
+#: sss_override.8.xml:52
msgid ""
"Argument <emphasis>NAME</emphasis> is the name of original object in all "
"commands. It is not possible to override <emphasis>uid</emphasis> or "
@@ -8257,50 +8640,80 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:52
+#: sss_override.8.xml:59
msgid ""
"<option>user-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--"
"name</option> NAME</optional> <optional><option>-u,--uid</option> UID</"
"optional> <optional><option>-g,--gid</option> GID</optional> "
"<optional><option>-h,--home</option> HOME</optional> <optional><option>-s,--"
"shell</option> SHELL</optional> <optional><option>-c,--gecos</option> GECOS</"
-"optional>"
+"optional> <optional><option>-x,--certificate</option> BASE64 ENCODED "
+"CERTIFICATE</optional>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:63
-msgid "Override attributes of an user."
+#: sss_override.8.xml:72
+msgid ""
+"Override attributes of an user. Please be aware that calling this command "
+"will replace any previous override for the (NAMEd) user."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:69
+#: sss_override.8.xml:80
msgid "<option>user-del</option> <emphasis>NAME</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:74
-msgid "Remove user overrides."
+#: sss_override.8.xml:85
+msgid ""
+"Remove user overrides. However be aware that overridden attributes might be "
+"returned from memory cache. Please see SSSD option "
+"<emphasis>memcache_timeout</emphasis> for more details."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:94
+msgid ""
+"<option>user-find</option> <optional><option>-d,--domain</option> DOMAIN</"
+"optional>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:99
+msgid ""
+"List all users with set overrides. If <emphasis>DOMAIN</emphasis> parameter "
+"is set, only users from the domain are listed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:80
+#: sss_override.8.xml:107
+msgid "<option>user-show</option> <emphasis>NAME</emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:112
+msgid "Show user overrides."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:118
msgid "<option>user-import</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:85
+#: sss_override.8.xml:123
msgid ""
"Import user overrides from <emphasis>FILE</emphasis>. Data format is "
"similar to standard passwd file. The format is:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:90
-msgid "original_name:name:uid:gid:gecos:home:shell"
+#: sss_override.8.xml:128
+msgid "original_name:name:uid:gid:gecos:home:shell:base64_encoded_certificate"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:93
+#: sss_override.8.xml:131
msgid ""
"where original_name is original name of the user whose attributes should be "
"overridden. The rest of fields correspond to new values. You can omit a "
@@ -8308,29 +8721,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:102
+#: sss_override.8.xml:140
msgid "ckent:superman::::::"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:105
-msgid "ckent@krypton.com::501:501:Superman:/home/earth:/bin/bash"
+#: sss_override.8.xml:143
+msgid "ckent@krypton.com::501:501:Superman:/home/earth:/bin/bash:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:111
+#: sss_override.8.xml:149
msgid "<option>user-export</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:116
+#: sss_override.8.xml:154
msgid ""
"Export all overridden attributes and store them in <emphasis>FILE</"
"emphasis>. See <emphasis>user-import</emphasis> for data format."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:124
+#: sss_override.8.xml:162
msgid ""
"<option>group-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--"
"name</option> NAME</optional> <optional><option>-g,--gid</option> GID</"
@@ -8338,39 +8751,68 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:131
-msgid "Override attributes of a group."
+#: sss_override.8.xml:169
+msgid ""
+"Override attributes of a group. Please be aware that calling this command "
+"will replace any previous override for the (NAMEd) group."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:137
+#: sss_override.8.xml:177
msgid "<option>group-del</option> <emphasis>NAME</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:142
-msgid "Remove group overrides."
+#: sss_override.8.xml:182
+msgid ""
+"Remove group overrides. However be aware that overridden attributes might be "
+"returned from memory cache. Please see SSSD option "
+"<emphasis>memcache_timeout</emphasis> for more details."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:191
+msgid ""
+"<option>group-find</option> <optional><option>-d,--domain</option> DOMAIN</"
+"optional>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:196
+msgid ""
+"List all groups with set overrides. If <emphasis>DOMAIN</emphasis> "
+"parameter is set, only groups from the domain are listed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:204
+msgid "<option>group-show</option> <emphasis>NAME</emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:209
+msgid "Show group overrides."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:148
+#: sss_override.8.xml:215
msgid "<option>group-import</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:153
+#: sss_override.8.xml:220
msgid ""
"Import group overrides from <emphasis>FILE</emphasis>. Data format is "
"similar to standard group file. The format is:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:158
+#: sss_override.8.xml:225
msgid "original_name:name:gid"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:161
+#: sss_override.8.xml:228
msgid ""
"where original_name is original name of the group whose attributes should be "
"overridden. The rest of fields correspond to new values. You can omit a "
@@ -8378,41 +8820,41 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:170
+#: sss_override.8.xml:237
msgid "admins:administrators:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:173
+#: sss_override.8.xml:240
msgid "Domain Users:Users:501"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:179
+#: sss_override.8.xml:246
msgid "<option>group-export</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:184
+#: sss_override.8.xml:251
msgid ""
"Export all overridden attributes and store them in <emphasis>FILE</"
"emphasis>. See <emphasis>group-import</emphasis> for data format."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_override.8.xml:194
+#: sss_override.8.xml:261
#, fuzzy
#| msgid "OPTIONS"
msgid "COMMON OPTIONS"
msgstr "ИМКОНОТҲО"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_override.8.xml:196
+#: sss_override.8.xml:263
msgid "Those options are available with all commands."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:201
+#: sss_override.8.xml:268
msgid "<option>--debug</option> <replaceable>LEVEL</replaceable>"
msgstr ""
@@ -9554,12 +9996,36 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_cache.8.xml:185
msgid ""
-"<option>-d</option>,<option>--domain</option> <replaceable>domain</"
+"<option>-r</option>,<option>--sudo-rule</option> <replaceable>rule</"
"replaceable>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_cache.8.xml:190
+msgid "Invalidate particular sudo rule."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:196
+msgid "<option>-R</option>,<option>--sudo-rules</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:200
+msgid ""
+"Invalidate all cached sudo rules. This option overrides invalidation of "
+"specific sudo rule if it was also set."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:208
+msgid ""
+"<option>-d</option>,<option>--domain</option> <replaceable>domain</"
+"replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:213
msgid "Restrict invalidation process only to a particular domain."
msgstr ""
@@ -10039,13 +10505,13 @@ msgid ""
"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
"citerefentry> can be configured to use <command>sss_ssh_authorizedkeys</"
"command> for public key user authentication if it is compiled with support "
-"for either <quote>AuthorizedKeysCommand</quote> or <quote>PubkeyAgent</"
-"quote> <citerefentry> <refentrytitle>sshd_config</refentrytitle> "
-"<manvolnum>5</manvolnum></citerefentry> options."
+"for <quote>AuthorizedKeysCommand</quote> option. Please refer to the "
+"<citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</"
+"manvolnum></citerefentry> man page for more details about this option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sss_ssh_authorizedkeys.1.xml:58
+#: sss_ssh_authorizedkeys.1.xml:59
#, no-wrap
msgid ""
" AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n"
@@ -10053,7 +10519,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:51
+#: sss_ssh_authorizedkeys.1.xml:52
msgid ""
"If <quote>AuthorizedKeysCommand</quote> is supported, "
"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
@@ -10063,36 +10529,19 @@ msgid ""
"\" id=\"0\"/>"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sss_ssh_authorizedkeys.1.xml:70
-#, no-wrap
-msgid "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:63
-msgid ""
-"If <quote>PubkeyAgent</quote> is supported, "
-"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
-"citerefentry> can be configured to use it by using the following directive "
-"for <citerefentry> <refentrytitle>sshd</refentrytitle> <manvolnum>8</"
-"manvolnum></citerefentry> configuration: <placeholder type=\"programlisting"
-"\" id=\"0\"/>"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_ssh_authorizedkeys.1.xml:85
+#: sss_ssh_authorizedkeys.1.xml:75
msgid ""
"Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_ssh_authorizedkeys.1.xml:94 sss_ssh_knownhostsproxy.1.xml:92
+#: sss_ssh_authorizedkeys.1.xml:84 sss_ssh_knownhostsproxy.1.xml:92
msgid "EXIT STATUS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:96 sss_ssh_knownhostsproxy.1.xml:94
+#: sss_ssh_authorizedkeys.1.xml:86 sss_ssh_knownhostsproxy.1.xml:94
msgid ""
"In case of success, an exit value of 0 is returned. Otherwise, 1 is returned."
msgstr ""
@@ -10479,7 +10928,7 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:137 include/ldap_id_mapping.xml:189
+#: include/ldap_id_mapping.xml:137 include/ldap_id_mapping.xml:191
msgid "Default: 200000"
msgstr ""
@@ -10536,11 +10985,12 @@ msgstr ""
msgid ""
"For example, if your most recently-added Active Directory user has "
"objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, "
-"<quote>ldap_idmap_range_size</quote> must be at least 1107."
+"<quote>ldap_idmap_range_size</quote> must be at least 1108 as range size is "
+"equal to maximal SID minus minimal SID plus one (e.g. 1108 = 1107 - 0 + 1)."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:184
+#: include/ldap_id_mapping.xml:186
msgid ""
"It is important to plan ahead for future expansion, as changing this value "
"will result in changing all of the ID mappings on the system, leading to "
@@ -10548,12 +10998,12 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:194
+#: include/ldap_id_mapping.xml:196
msgid "ldap_idmap_default_domain_sid (string)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:197
+#: include/ldap_id_mapping.xml:199
msgid ""
"Specify the domain SID of the default domain. This will guarantee that this "
"domain will always be assigned to slice zero in the ID map, bypassing the "
@@ -10561,36 +11011,36 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:208
+#: include/ldap_id_mapping.xml:210
msgid "ldap_idmap_default_domain (string)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:211
+#: include/ldap_id_mapping.xml:213
msgid "Specify the name of the default domain."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:219
+#: include/ldap_id_mapping.xml:221
msgid "ldap_idmap_autorid_compat (boolean)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:222
+#: include/ldap_id_mapping.xml:224
msgid ""
"Changes the behavior of the ID-mapping algorithm to behave more similarly to "
"winbind's <quote>idmap_autorid</quote> algorithm."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:227
+#: include/ldap_id_mapping.xml:229
msgid ""
"When this option is configured, domains will be allocated starting with "
"slice zero and increasing monatomically with each additional domain."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:232
+#: include/ldap_id_mapping.xml:234
msgid ""
"NOTE: This algorithm is non-deterministic (it depends on the order that "
"users and groups are requested). If this mode is required for compatibility "
@@ -10599,13 +11049,34 @@ msgid ""
"least one domain is consistently allocated to slice zero."
msgstr ""
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:249
+msgid "ldap_idmap_helper_table_size (integer)"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:252
+msgid ""
+"Maximal number of secondary slices that is tried when performing mapping "
+"from UNIX id to SID."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:256
+msgid ""
+"Note: Additional secondary slices might be generated when SID is being "
+"mapped to UNIX id and RID part of SID is out of range for secondary slices "
+"generated so far. If value of ldap_idmap_helper_table_size is equal to 0 "
+"then no additional secondary slices are generated."
+msgstr ""
+
#. type: Content of: <refsect1><refsect2><title>
-#: include/ldap_id_mapping.xml:251
+#: include/ldap_id_mapping.xml:273
msgid "Well-Known SIDs"
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:253
+#: include/ldap_id_mapping.xml:275
msgid ""
"SSSD supports to look up the names of Well-Known SIDs, i.e. SIDs with a "
"special hardcoded meaning. Since the generic users and groups related to "
@@ -10614,51 +11085,51 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:259
+#: include/ldap_id_mapping.xml:281
msgid ""
"The SID name space is organized in authorities which can be seen as "
"different domains. The authorities for the Well-Known SIDs are"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:262
+#: include/ldap_id_mapping.xml:284
msgid "Null Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:263
+#: include/ldap_id_mapping.xml:285
msgid "World Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:264
+#: include/ldap_id_mapping.xml:286
msgid "Local Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:265
+#: include/ldap_id_mapping.xml:287
msgid "Creator Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:266
+#: include/ldap_id_mapping.xml:288
msgid "NT Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:267
+#: include/ldap_id_mapping.xml:289
msgid "Built-in"
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:269
+#: include/ldap_id_mapping.xml:291
msgid ""
"The capitalized version of these names are used as domain names when "
"returning the fully qualified name of a Well-Known SID."
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:273
+#: include/ldap_id_mapping.xml:295
msgid ""
"Since some utilities allow to modify SID based access control information "
"with the help of a name instead of using the SID directly SSSD supports to "
diff --git a/src/man/po/uk.po b/src/man/po/uk.po
index 7516ead33..6ec905452 100644
--- a/src/man/po/uk.po
+++ b/src/man/po/uk.po
@@ -11,7 +11,7 @@ msgid ""
msgstr ""
"Project-Id-Version: sssd-docs 1.12.90\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2015-09-30 11:58+0200\n"
+"POT-Creation-Date: 2016-06-20 21:22+0200\n"
"PO-Revision-Date: 2015-06-26 04:33-0400\n"
"Last-Translator: Yuri Chornoivan <yurchor@ukr.net>\n"
"Language-Team: Ukrainian (http://www.transifex.com/projects/p/sssd/language/"
@@ -22,7 +22,7 @@ msgstr ""
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n"
"%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n"
-"X-Generator: Zanata 3.7.2\n"
+"X-Generator: Zanata 3.8.4\n"
#. type: Content of: <reference><title>
#: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5
@@ -68,7 +68,7 @@ msgstr ""
"arg>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:53
+#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:56
#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21
#: sssd-ad.5.xml:21 sssd-sudo.5.xml:21 sssd.8.xml:29 sss_obfuscate.8.xml:30
#: sss_override.8.xml:30 sss_useradd.8.xml:30 sssd-krb5.5.xml:21
@@ -89,11 +89,11 @@ msgstr ""
"внесених за допомогою командного рядка."
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:39 pam_sss.8.xml:60 sssd.8.xml:42 sss_obfuscate.8.xml:58
+#: sss_groupmod.8.xml:39 pam_sss.8.xml:63 sssd.8.xml:42 sss_obfuscate.8.xml:58
#: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
#: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
#: sss_cache.8.xml:38 sss_debuglevel.8.xml:38 sss_seed.8.xml:42
-#: sss_ssh_authorizedkeys.1.xml:76 sss_ssh_knownhostsproxy.1.xml:62
+#: sss_ssh_authorizedkeys.1.xml:66 sss_ssh_knownhostsproxy.1.xml:62
msgid "OPTIONS"
msgstr "ПАРАМЕТРИ"
@@ -253,11 +253,27 @@ msgstr "debug_level (ціле число)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:73
+#, fuzzy
+#| msgid "debug_level (integer)"
+msgid "debug (integer)"
+msgstr "debug_level (ціле число)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:76
+msgid ""
+"SSSD 1.14 and later also includes the <replaceable>debug</replaceable> alias "
+"for <replaceable>debug_level</replaceable> as a convenience feature. If both "
+"are specified, the value of <replaceable>debug_level</replaceable> will be "
+"used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:86
msgid "debug_timestamps (bool)"
msgstr "debug_timestamps (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:76
+#: sssd.conf.5.xml:89
msgid ""
"Add a timestamp to the debug messages. If journald is enabled for SSSD "
"debug logging this option is ignored."
@@ -267,21 +283,21 @@ msgstr ""
"проігноровано."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:81 sssd.conf.5.xml:605 sssd.conf.5.xml:1081
-#: sssd-ldap.5.xml:1647 sssd-ldap.5.xml:1744 sssd-ldap.5.xml:1806
-#: sssd-ldap.5.xml:2363 sssd-ldap.5.xml:2428 sssd-ldap.5.xml:2446
-#: sssd-ipa.5.xml:405 sssd-ipa.5.xml:440 sssd-ad.5.xml:166 sssd-ad.5.xml:264
-#: sssd-ad.5.xml:733 sssd-ad.5.xml:852 sssd-krb5.5.xml:499
+#: sssd.conf.5.xml:94 sssd.conf.5.xml:672 sssd.conf.5.xml:1207
+#: sssd-ldap.5.xml:1665 sssd-ldap.5.xml:1762 sssd-ldap.5.xml:1824
+#: sssd-ldap.5.xml:2381 sssd-ldap.5.xml:2446 sssd-ldap.5.xml:2464
+#: sssd-ipa.5.xml:405 sssd-ipa.5.xml:440 sssd-ad.5.xml:174 sssd-ad.5.xml:272
+#: sssd-ad.5.xml:809 sssd-ad.5.xml:928 sssd-krb5.5.xml:499
msgid "Default: true"
msgstr "Типове значення: true"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:86
+#: sssd.conf.5.xml:99
msgid "debug_microseconds (bool)"
msgstr "debug_microseconds (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:89
+#: sssd.conf.5.xml:102
msgid ""
"Add microseconds to the timestamp in debug messages. If journald is enabled "
"for SSSD debug logging this option is ignored."
@@ -291,31 +307,31 @@ msgstr ""
"journald, цей параметр буде проігноровано."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:94 sssd.conf.5.xml:1035 sssd.conf.5.xml:2164
-#: sssd-ldap.5.xml:692 sssd-ldap.5.xml:1521 sssd-ldap.5.xml:1540
-#: sssd-ldap.5.xml:1716 sssd-ldap.5.xml:2133 sssd-ipa.5.xml:139
+#: sssd.conf.5.xml:107 sssd.conf.5.xml:1161 sssd.conf.5.xml:2456
+#: sssd-ldap.5.xml:692 sssd-ldap.5.xml:1539 sssd-ldap.5.xml:1558
+#: sssd-ldap.5.xml:1734 sssd-ldap.5.xml:2151 sssd-ipa.5.xml:139
#: sssd-ipa.5.xml:211 sssd-ipa.5.xml:542 sssd-krb5.5.xml:266
#: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471
msgid "Default: false"
msgstr "Типове значення: false"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:67 sssd.conf.5.xml:105 sssd-ldap.5.xml:2171
+#: sssd.conf.5.xml:67 sssd.conf.5.xml:118 sssd-ldap.5.xml:2189
msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
msgstr "<placeholder type=\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:103
+#: sssd.conf.5.xml:116
msgid "Options usable in SERVICE and DOMAIN sections"
msgstr "Параметри які можна використовувати у розділах SERVICE та DOMAIN"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:107
+#: sssd.conf.5.xml:120
msgid "timeout (integer)"
msgstr "timeout (ціле число)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:110
+#: sssd.conf.5.xml:123
msgid ""
"Timeout in seconds between heartbeats for this service. This is used to "
"ensure that the process is alive and capable of answering requests."
@@ -323,33 +339,34 @@ msgstr ""
"Проміжок у секундах між циклами роботи цієї служби. Використовується для "
"перевірки працездатності процесу та його змоги відповідати на запити."
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:115 sssd.conf.5.xml:999 sssd-ldap.5.xml:1392
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:128 sssd.conf.5.xml:1125 sssd-ldap.5.xml:1410
+#: include/ldap_id_mapping.xml:264
msgid "Default: 10"
msgstr "Типове значення: 10"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:125
+#: sssd.conf.5.xml:138
msgid "SPECIAL SECTIONS"
msgstr "ОСОБЛИВІ РОЗДІЛИ"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:128
+#: sssd.conf.5.xml:141
msgid "The [sssd] section"
msgstr "Розділ [sssd]"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:137 sssd.conf.5.xml:2272
+#: sssd.conf.5.xml:150 sssd.conf.5.xml:2472
msgid "Section parameters"
msgstr "Параметри розділу"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:139
+#: sssd.conf.5.xml:152
msgid "config_file_version (integer)"
msgstr "config_file_version (ціле число)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:142
+#: sssd.conf.5.xml:155
msgid ""
"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use "
"version 2."
@@ -358,12 +375,12 @@ msgstr ""
"0.6.0 та пізніших слід використовувати версію 2."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:148
+#: sssd.conf.5.xml:161
msgid "services"
msgstr "services"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:151
+#: sssd.conf.5.xml:164
msgid ""
"Comma separated list of services that are started when sssd itself starts."
msgstr ""
@@ -371,7 +388,7 @@ msgstr ""
"запуску sssd."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:155
+#: sssd.conf.5.xml:168
msgid ""
"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> "
"<phrase condition=\"with_autofs\">, autofs</phrase> <phrase condition="
@@ -384,12 +401,12 @@ msgstr ""
"\">, pac</phrase> <phrase condition=\"with_ifp\">, ifp</phrase>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:165 sssd.conf.5.xml:390
+#: sssd.conf.5.xml:178 sssd.conf.5.xml:468
msgid "reconnection_retries (integer)"
msgstr "reconnection_retries (ціле число)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:168 sssd.conf.5.xml:393
+#: sssd.conf.5.xml:181 sssd.conf.5.xml:471
msgid ""
"Number of times services should attempt to reconnect in the event of a Data "
"Provider crash or restart before they give up"
@@ -399,17 +416,17 @@ msgstr ""
"визнання подальших спроб безнадійними."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:173 sssd.conf.5.xml:398
+#: sssd.conf.5.xml:186 sssd.conf.5.xml:476
msgid "Default: 3"
msgstr "Типове значення: 3"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:178
+#: sssd.conf.5.xml:191
msgid "domains"
msgstr "domains"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:181
+#: sssd.conf.5.xml:194
msgid ""
"A domain is a database containing user information. SSSD can use more "
"domains at the same time, but at least one must be configured or SSSD won't "
@@ -425,12 +442,12 @@ msgstr ""
"ASCII, дефісів, крапок та знаків підкреслювання."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:193 sssd.conf.5.xml:1947
+#: sssd.conf.5.xml:206 sssd.conf.5.xml:2105
msgid "re_expression (string)"
msgstr "re_expression (рядок)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:196
+#: sssd.conf.5.xml:209
msgid ""
"Default regular expression that describes how to parse the string containing "
"user name and domain into these components."
@@ -439,7 +456,7 @@ msgstr ""
"користувача і доменом на його частини."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:201
+#: sssd.conf.5.xml:214
msgid ""
"Each domain can have an individual regular expression configured. For some "
"ID providers there are also default regular expressions. See DOMAIN "
@@ -451,12 +468,12 @@ msgstr ""
"ДОМЕНІВ."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:210 sssd.conf.5.xml:1998
+#: sssd.conf.5.xml:223 sssd.conf.5.xml:2156
msgid "full_name_format (string)"
msgstr "full_name_format (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:213 sssd.conf.5.xml:2001
+#: sssd.conf.5.xml:226 sssd.conf.5.xml:2159
msgid ""
"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
"manvolnum> </citerefentry>-compatible format that describes how to compose a "
@@ -468,32 +485,32 @@ msgstr ""
"домену."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:224 sssd.conf.5.xml:2012
+#: sssd.conf.5.xml:237 sssd.conf.5.xml:2170
msgid "%1$s"
msgstr "%1$s"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:225 sssd.conf.5.xml:2013
+#: sssd.conf.5.xml:238 sssd.conf.5.xml:2171
msgid "user name"
msgstr "ім’я користувача"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:228 sssd.conf.5.xml:2016
+#: sssd.conf.5.xml:241 sssd.conf.5.xml:2174
msgid "%2$s"
msgstr "%2$s"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:231 sssd.conf.5.xml:2019
+#: sssd.conf.5.xml:244 sssd.conf.5.xml:2177
msgid "domain name as specified in the SSSD config file."
msgstr "назва домену у форматі, вказаному у файлі налаштувань SSSD."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:237 sssd.conf.5.xml:2025
+#: sssd.conf.5.xml:250 sssd.conf.5.xml:2183
msgid "%3$s"
msgstr "%3$s"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:240 sssd.conf.5.xml:2028
+#: sssd.conf.5.xml:253 sssd.conf.5.xml:2186
msgid ""
"domain flat name. Mostly usable for Active Directory domains, both directly "
"configured or discovered via IPA trusts."
@@ -502,7 +519,7 @@ msgstr ""
"Directory, налаштованих та автоматично виявлених за зв’язками довіри IPA."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:221 sssd.conf.5.xml:2009
+#: sssd.conf.5.xml:234 sssd.conf.5.xml:2167
msgid ""
"The following expansions are supported: <placeholder type=\"variablelist\" "
"id=\"0\"/>"
@@ -511,7 +528,7 @@ msgstr ""
"\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:250
+#: sssd.conf.5.xml:263
msgid ""
"Each domain can have an individual format string configured. see DOMAIN "
"SECTIONS for more info on this option."
@@ -520,12 +537,12 @@ msgstr ""
"про ці рядки можна дізнатися з довідки до РОЗДІЛІВ ДОМЕНІВ."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:256
+#: sssd.conf.5.xml:269
msgid "try_inotify (boolean)"
msgstr "try_inotify (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:259
+#: sssd.conf.5.xml:272
msgid ""
"SSSD monitors the state of resolv.conf to identify when it needs to update "
"its internal DNS resolver. By default, we will attempt to use inotify for "
@@ -538,7 +555,7 @@ msgstr ""
"виконуватиметься опитування resolv.conf кожні п’ять секунд."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:267
+#: sssd.conf.5.xml:280
msgid ""
"There are some limited situations where it is preferred that we should skip "
"even trying to use inotify. In these rare cases, this option should be set "
@@ -548,7 +565,7 @@ msgstr ""
"рідкісних випадках слід встановити для цього параметра значення «false»."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:273
+#: sssd.conf.5.xml:286
msgid ""
"Default: true on platforms where inotify is supported. False on other "
"platforms."
@@ -557,7 +574,7 @@ msgstr ""
"інших платформах."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:277
+#: sssd.conf.5.xml:290
msgid ""
"Note: this option will have no effect on platforms where inotify is "
"unavailable. On these platforms, polling will always be used."
@@ -567,12 +584,12 @@ msgstr ""
"опитування файла."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:284
+#: sssd.conf.5.xml:297
msgid "krb5_rcache_dir (string)"
msgstr "krb5_rcache_dir (рядок)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:287
+#: sssd.conf.5.xml:300
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
@@ -581,7 +598,7 @@ msgstr ""
"Kerberos."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:291
+#: sssd.conf.5.xml:304
msgid ""
"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct "
"SSSD to let libkrb5 decide the appropriate location for the replay cache."
@@ -591,7 +608,7 @@ msgstr ""
"для кешу відтворення."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:297
+#: sssd.conf.5.xml:310
msgid ""
"Default: Distribution-specific and specified at build-time. "
"(__LIBKRB5_DEFAULTS__ if not configured)"
@@ -600,12 +617,12 @@ msgstr ""
"(__LIBKRB5_DEFAULTS__, якщо не вказано)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:304
+#: sssd.conf.5.xml:317
msgid "user (string)"
msgstr "user (рядок)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:307
+#: sssd.conf.5.xml:320
msgid ""
"The user to drop the privileges to where appropriate to avoid running as the "
"root user."
@@ -614,17 +631,17 @@ msgstr ""
"щоб уникнути роботи від імені користувача root."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:312
+#: sssd.conf.5.xml:325
msgid "Default: not set, process will run as root"
msgstr "Типове значення: не встановлено, процес буде запущено від імені root"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:317
+#: sssd.conf.5.xml:330
msgid "default_domain_suffix (string)"
msgstr "default_domain_suffix (рядок)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:320
+#: sssd.conf.5.xml:333
msgid ""
"This string will be used as a default domain name for all names without a "
"domain name component. The main use case is environments where the primary "
@@ -640,7 +657,7 @@ msgstr ""
"лише імені користувача без додавання до нього назви домену."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:330
+#: sssd.conf.5.xml:343
msgid ""
"Please note that if this option is set all users from the primary domain "
"have to use their fully qualified name, e.g. user@domain.name, to log in. "
@@ -656,20 +673,20 @@ msgstr ""
"use_fully_qualified_names рівним False."
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:339 sssd-ldap.5.xml:663 sssd-ldap.5.xml:1480
-#: sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1574 sssd-ad.5.xml:576
-#: sssd-ad.5.xml:646 sssd-krb5.5.xml:410 sssd-krb5.5.xml:550
-#: include/ldap_id_mapping.xml:203 include/ldap_id_mapping.xml:214
+#: sssd.conf.5.xml:352 sssd-ldap.5.xml:663 sssd-ldap.5.xml:1498
+#: sssd-ldap.5.xml:1510 sssd-ldap.5.xml:1592 sssd-ad.5.xml:614
+#: sssd-ad.5.xml:689 sssd-krb5.5.xml:410 sssd-krb5.5.xml:550
+#: include/ldap_id_mapping.xml:205 include/ldap_id_mapping.xml:216
msgid "Default: not set"
msgstr "Типове значення: not set"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:344
+#: sssd.conf.5.xml:357
msgid "override_space (string)"
msgstr "override_space (рядок)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:347
+#: sssd.conf.5.xml:360
msgid ""
"This parameter will replace spaces (space bar) with the given character for "
"user and group names. e.g. (_). User name &quot;john doe&quot; will be "
@@ -684,7 +701,7 @@ msgstr ""
"через типовий роздільник полів у оболонці."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:356
+#: sssd.conf.5.xml:369
msgid ""
"Please note it is a configuration error to use a replacement character that "
"might be used in user or group names. If a name contains the replacement "
@@ -697,12 +714,112 @@ msgstr ""
"але, загалом, результат пошуку буде невизначеним."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:364
+#: sssd.conf.5.xml:377
msgid "Default: not set (spaces will not be replaced)"
msgstr "Типове значення: не встановлено (пробіли не замінятимуться)"
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:382
+#, fuzzy
+#| msgid "ldap_user_certificate (string)"
+msgid "certificate_verification (string)"
+msgstr "ldap_user_certificate (рядок)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:390
+msgid "no_ocsp"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:392
+msgid ""
+"Disables Online Certificate Status Protocol (OCSP) checks. This might be "
+"needed if the OCSP servers defined in the certificate are not reachable from "
+"the client."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:400
+msgid "no_verification"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:402
+msgid ""
+"Disables verification completely. This option should only be used for "
+"testing."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:408
+msgid "ocsp_default_responder=URL"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:410
+msgid ""
+"Sets the OCSP default responder which should be used instead of the one "
+"mentioned in the certificate. URL must be replaced with the URL of the OCSP "
+"default responder e.g. http://example.com:80/ocsp."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:416
+msgid ""
+"This option must be used together with ocsp_default_responder_signing_cert."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:424
+msgid "ocsp_default_responder_signing_cert=NAME"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:426
+msgid ""
+"The nickname of the cert to trust (expected) to sign the OCSP responses. "
+"The certificate with the given nickname must be availble in the systems NSS "
+"database."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:431
+#, fuzzy
+#| msgid "These options can be used to configure the InfoPipe responder."
+msgid "This option must be used together with ocsp_default_responder."
+msgstr ""
+"Цими параметрами можна скористатися для налаштовування відповідача InfoPipe."
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:385
+#, fuzzy
+#| msgid ""
+#| "Treat user and group names as case sensitive. At the moment, this option "
+#| "is not supported in the local provider. Possible option values are: "
+#| "<placeholder type=\"variablelist\" id=\"0\"/>"
+msgid ""
+"With this parameter the certificate verification can be tuned with a comma "
+"separated list of options. Supported options are: <placeholder type="
+"\"variablelist\" id=\"0\"/>"
+msgstr ""
+"Враховувати регістр записів імен користувачів та назв груп. У поточній "
+"версії підтримку передбачено лише для локальних надавачів даних. Можливі "
+"значення параметра: <placeholder type=\"variablelist\" id=\"0\"/>"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:438
+msgid "Unknown options are reported but ignored."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:441
+#, fuzzy
+#| msgid "Default: not set, i.e. service discovery is disabled"
+msgid "Default: not set, i.e. do not restrict certificate vertification"
+msgstr "Типове значення: не встановлено, тобто пошук служб вимкнено"
+
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:130
+#: sssd.conf.5.xml:143
msgid ""
"Individual pieces of SSSD functionality are provided by special SSSD "
"services that are started and stopped together with SSSD. The services are "
@@ -718,12 +835,12 @@ msgstr ""
"профілів. <placeholder type=\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:375
+#: sssd.conf.5.xml:453
msgid "SERVICES SECTIONS"
msgstr "РОЗДІЛИ СЛУЖБ"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:377
+#: sssd.conf.5.xml:455
msgid ""
"Settings that can be used to configure different services are described in "
"this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -736,22 +853,22 @@ msgstr ""
"у розділі <quote>[nss]</quote>"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:384
+#: sssd.conf.5.xml:462
msgid "General service configuration options"
msgstr "Загальні параметри налаштування служб"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:386
+#: sssd.conf.5.xml:464
msgid "These options can be used to configure any service."
msgstr "Цими параметрами можна скористатися для налаштування будь-яких служб."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:403
+#: sssd.conf.5.xml:481
msgid "fd_limit"
msgstr "fd_limit"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:406
+#: sssd.conf.5.xml:484
msgid ""
"This option specifies the maximum number of file descriptors that may be "
"opened at one time by this SSSD process. On systems where SSSD is granted "
@@ -767,17 +884,17 @@ msgstr ""
"цього параметра і обмеженням \"hard\" у limits.conf."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:415
+#: sssd.conf.5.xml:493
msgid "Default: 8192 (or limits.conf \"hard\" limit)"
msgstr "Типове значення: 8192 (або обмеження у limits.conf \"hard\")"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:420
+#: sssd.conf.5.xml:498
msgid "client_idle_timeout"
msgstr "client_idle_timeout"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:423
+#: sssd.conf.5.xml:501
msgid ""
"This option specifies the number of seconds that a client of an SSSD process "
"can hold onto a file descriptor without communicating on it. This value is "
@@ -789,19 +906,19 @@ msgstr ""
"вичерпання ресурсів системи."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:430 sssd.conf.5.xml:446 sssd.conf.5.xml:478
-#: sssd.conf.5.xml:736 sssd.conf.5.xml:922 sssd.conf.5.xml:1289
-#: sssd-ldap.5.xml:1219
+#: sssd.conf.5.xml:508 sssd.conf.5.xml:524 sssd.conf.5.xml:556
+#: sssd.conf.5.xml:803 sssd.conf.5.xml:995 sssd.conf.5.xml:1428
+#: sssd-ldap.5.xml:1237
msgid "Default: 60"
msgstr "Типове значення: 60"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:435 sssd.conf.5.xml:1278
+#: sssd.conf.5.xml:513 sssd.conf.5.xml:1417
msgid "force_timeout (integer)"
msgstr "force_timeout (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:438 sssd.conf.5.xml:1281
+#: sssd.conf.5.xml:516 sssd.conf.5.xml:1420
msgid ""
"If a service is not responding to ping checks (see the <quote>timeout</"
"quote> option), it is first sent the SIGTERM signal that instructs it to "
@@ -817,12 +934,12 @@ msgstr ""
"сигналу SIGKILL."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:451
+#: sssd.conf.5.xml:529
msgid "offline_timeout (integer)"
msgstr "offline_timeout (ціле число)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:454
+#: sssd.conf.5.xml:532
msgid ""
"When SSSD switches to offline mode the amount of time before it tries to go "
"back online will increase based upon the time spent disconnected. This "
@@ -834,12 +951,12 @@ msgstr ""
"значення вказується у секундах і обчислюється за такою формулою:"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:461
+#: sssd.conf.5.xml:539
msgid "offline_timeout + random_offset"
msgstr "час_очікування_для_переходу_у_автономний_режим + випадковий_зсув"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:464
+#: sssd.conf.5.xml:542
msgid ""
"The random offset can increment up to 30 seconds. After each unsuccessful "
"attempt to go online, the new interval is recalculated by the following:"
@@ -849,12 +966,12 @@ msgstr ""
"таким чином:"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:469
+#: sssd.conf.5.xml:547
msgid "new_interval = old_interval*2 + random_offset"
msgstr "новий_інтервал = старий_інтервал*2 + випадковий_зсув"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:472
+#: sssd.conf.5.xml:550
msgid ""
"Note that the maximum length of each interval is currently limited to one "
"hour. If the calculated length of new_interval is greater than an hour, it "
@@ -864,71 +981,13 @@ msgstr ""
"обмежено однією годиною. Якщо обчислена тривалість нового інтервалу "
"перевищує годину, буде встановлено інтервал у одну годину."
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:483
-msgid "subdomain_inherit (string)"
-msgstr "subdomain_inherit (рядок)"
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:486
-msgid ""
-"Specifies a list of configuration parameters that should be inherited by a "
-"subdomain. Please note that only selected parameters can be inherited. "
-"Currently the following options can be inherited:"
-msgstr ""
-"Визначає список параметрів налаштування, які слід успадковувати для "
-"піддомену. Будь ласка, зауважте, що успадковуватимуться лише вказані "
-"параметри. У поточній версії передбачено можливість успадковування таких "
-"параметрів:"
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:492
-msgid "ignore_group_members"
-msgstr "ignore_group_members"
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:495
-msgid "ldap_purge_cache_timeout"
-msgstr "ldap_purge_cache_timeout"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:498 sssd-ldap.5.xml:1036
-msgid "ldap_use_tokengroups"
-msgstr "ldap_use_tokengroups"
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:501
-msgid "ldap_user_principal"
-msgstr "ldap_user_principal"
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:506
-#, no-wrap
-msgid ""
-"subdomain_inherit = ldap_purge_cache_timeout\n"
-" "
-msgstr ""
-"subdomain_inherit = ldap_purge_cache_timeout\n"
-" "
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:504
-msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
-msgstr "Приклад: <placeholder type=\"programlisting\" id=\"0\"/>"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:510 sssd.conf.5.xml:966 sssd.conf.5.xml:987
-#: sssd.conf.5.xml:1272 sssd-ldap.5.xml:1775
-msgid "Default: none"
-msgstr "Типове значення: none"
-
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:518
+#: sssd.conf.5.xml:564
msgid "NSS configuration options"
msgstr "Параметри налаштування NSS"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:520
+#: sssd.conf.5.xml:566
msgid ""
"These options can be used to configure the Name Service Switch (NSS) service."
msgstr ""
@@ -936,12 +995,12 @@ msgstr ""
"Switch (NSS або перемикання служби визначення назв)."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:525
+#: sssd.conf.5.xml:571
msgid "enum_cache_timeout (integer)"
msgstr "enum_cache_timeout (ціле число)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:528
+#: sssd.conf.5.xml:574
msgid ""
"How many seconds should nss_sss cache enumerations (requests for info about "
"all users)"
@@ -950,17 +1009,17 @@ msgstr ""
"кеші nss_sss у секундах"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:532
+#: sssd.conf.5.xml:578
msgid "Default: 120"
msgstr "Типове значення: 120"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:537
+#: sssd.conf.5.xml:583
msgid "entry_cache_nowait_percentage (integer)"
msgstr "entry_cache_nowait_percentage (ціле число)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
+#: sssd.conf.5.xml:586
msgid ""
"The entry cache can be set to automatically update entries in the background "
"if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -971,7 +1030,7 @@ msgstr ""
"entry_cache_timeout для домену період часу."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:546
+#: sssd.conf.5.xml:592
msgid ""
"For example, if the domain's entry_cache_timeout is set to 30s and "
"entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -986,7 +1045,7 @@ msgstr ""
"розблокування після оновлення кешу."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:556
+#: sssd.conf.5.xml:602
msgid ""
"Valid values for this option are 0-99 and represent a percentage of the "
"entry_cache_timeout for each domain. For performance reasons, this "
@@ -1000,17 +1059,17 @@ msgstr ""
"можливість."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:564
+#: sssd.conf.5.xml:610
msgid "Default: 50"
msgstr "Типове значення: 50"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:569
+#: sssd.conf.5.xml:615
msgid "entry_negative_timeout (integer)"
msgstr "entry_negative_timeout (ціле число)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:572
+#: sssd.conf.5.xml:618
msgid ""
"Specifies for how many seconds nss_sss should cache negative cache hits "
"(that is, queries for invalid database entries, like nonexistent ones) "
@@ -1021,22 +1080,55 @@ msgstr ""
"даних, зокрема неіснуючих) перед повторним запитом до сервера обробки."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:578 sssd.conf.5.xml:1059
+#: sssd.conf.5.xml:624 sssd.conf.5.xml:1185
msgid "Default: 15"
msgstr "Типове значення: 15"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:583
+#: sssd.conf.5.xml:629
+#, fuzzy
+#| msgid "autofs_negative_timeout (integer)"
+msgid "local_negative_timeout (integer)"
+msgstr "autofs_negative_timeout (ціле число)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:632
+#, fuzzy
+#| msgid ""
+#| "Specifies for how many seconds nss_sss should cache negative cache hits "
+#| "(that is, queries for invalid database entries, like nonexistent ones) "
+#| "before asking the back end again."
+msgid ""
+"Specifies for how many seconds nss_sss should keep local users and groups in "
+"negative cache before trying to look it up in the back end again."
+msgstr ""
+"Визначає кількість секунд, протягом яких nss_sss має кешувати негативні "
+"результати пошуку у кеші (тобто запити щодо некоректних записів у базі "
+"даних, зокрема неіснуючих) перед повторним запитом до сервера обробки."
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:637 sssd.conf.5.xml:983 sssd.conf.5.xml:2406 sssd.8.xml:79
+msgid "Default: 0"
+msgstr "Типове значення: 0"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:642
msgid "filter_users, filter_groups (string)"
msgstr "filter_users, filter_groups (рядок)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:586
+#: sssd.conf.5.xml:645
+#, fuzzy
+#| msgid ""
+#| "Exclude certain users from being fetched from the sss NSS database. This "
+#| "is particularly useful for system accounts. This option can also be set "
+#| "per-domain or include fully-qualified names to filter only users from the "
+#| "particular domain."
msgid ""
-"Exclude certain users from being fetched from the sss NSS database. This is "
-"particularly useful for system accounts. This option can also be set per-"
-"domain or include fully-qualified names to filter only users from the "
-"particular domain."
+"Exclude certain users or groups from being fetched from the sss NSS "
+"database. This is particularly useful for system accounts. This option can "
+"also be set per-domain or include fully-qualified names to filter only users "
+"from the particular domain."
msgstr ""
"Виключити певних користувачів зі списку отримання даних з бази даних NSS "
"sss. Таке виключення може бути корисним для облікових записів керування "
@@ -1045,17 +1137,26 @@ msgstr ""
"списку користувачами лише з певного домену."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:593
+#: sssd.conf.5.xml:652
+msgid ""
+"NOTE: The filter_groups option doesn't affect inheritance of nested group "
+"members, since filtering happens after they are propagated for returning via "
+"NSS. E.g. a group having a member group filtered out will still have the "
+"member users of the latter listed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:660
msgid "Default: root"
msgstr "Типове значення: root"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:598
+#: sssd.conf.5.xml:665
msgid "filter_users_in_groups (bool)"
msgstr "filter_users_in_groups (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:601
+#: sssd.conf.5.xml:668
msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
@@ -1063,12 +1164,12 @@ msgstr ""
"встановіть для цього параметра значення «false»."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:612
+#: sssd.conf.5.xml:679
msgid "fallback_homedir (string)"
msgstr "fallback_homedir (рядок)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:615
+#: sssd.conf.5.xml:682
msgid ""
"Set a default template for a user's home directory if one is not specified "
"explicitly by the domain's data provider."
@@ -1077,7 +1178,7 @@ msgstr ""
"каталог не вказано явним чином засобом надання даних домену."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:620
+#: sssd.conf.5.xml:687
msgid ""
"The available values for this option are the same as for override_homedir."
msgstr ""
@@ -1085,7 +1186,7 @@ msgstr ""
"для параметра override_homedir."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:626
+#: sssd.conf.5.xml:693
#, no-wrap
msgid ""
"fallback_homedir = /home/%u\n"
@@ -1095,25 +1196,25 @@ msgstr ""
" "
#. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:624 sssd.conf.5.xml:981 sssd-krb5.5.xml:533
-#: include/override_homedir.xml:55
+#: sssd.conf.5.xml:691 sssd.conf.5.xml:1062 sssd.conf.5.xml:1081
+#: sssd-krb5.5.xml:533 include/override_homedir.xml:55
msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
msgstr "приклад: <placeholder type=\"programlisting\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:630
+#: sssd.conf.5.xml:697
msgid "Default: not set (no substitution for unset home directories)"
msgstr ""
"Типове значення: не встановлено (без замін для невстановлених домашніх "
"каталогів)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:636
+#: sssd.conf.5.xml:703
msgid "override_shell (string)"
msgstr "override_shell (рядок)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:639
+#: sssd.conf.5.xml:706
msgid ""
"Override the login shell for all users. This option supersedes any other "
"shell options if it takes effect and can be set either in the [nss] section "
@@ -1125,19 +1226,19 @@ msgstr ""
"або для кожного з доменів окремо."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:645
+#: sssd.conf.5.xml:712
msgid "Default: not set (SSSD will use the value retrieved from LDAP)"
msgstr ""
"Типове значення: не встановлено (SSSD використовуватиме значення, отримане "
"від LDAP)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:651
+#: sssd.conf.5.xml:718
msgid "allowed_shells (string)"
msgstr "allowed_shells (рядок)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:654
+#: sssd.conf.5.xml:721
msgid ""
"Restrict user shell to one of the listed values. The order of evaluation is:"
msgstr ""
@@ -1145,13 +1246,13 @@ msgstr ""
"визначення оболонки є таким:"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:657
+#: sssd.conf.5.xml:724
msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
msgstr ""
"1. Якщо оболонку вказано у <quote>/etc/shells</quote>, її буде використано."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:661
+#: sssd.conf.5.xml:728
msgid ""
"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
"quote>, use the value of the shell_fallback parameter."
@@ -1161,7 +1262,7 @@ msgstr ""
"shell_fallback."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:666
+#: sssd.conf.5.xml:733
msgid ""
"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
"shells</quote>, a nologin shell is used."
@@ -1170,14 +1271,14 @@ msgstr ""
"<quote>/etc/shells</quote>, буде використано оболонку nologin."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:671
+#: sssd.conf.5.xml:738
msgid "The wildcard (*) can be used to allow any shell."
msgstr ""
"Для визначення будь-якої командної оболонки можна скористатися шаблоном "
"заміни (*)."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:674
+#: sssd.conf.5.xml:741
msgid ""
"The (*) is useful if you want to use shell_fallback in case that user's "
"shell is not in <quote>/etc/shells</quote> and maintaining list of all "
@@ -1189,12 +1290,12 @@ msgstr ""
"справою."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:681
+#: sssd.conf.5.xml:748
msgid "An empty string for shell is passed as-is to libc."
msgstr "Порожній рядок оболонки буде передано без обробки до libc."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:684
+#: sssd.conf.5.xml:751
msgid ""
"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
"that a restart of the SSSD is required in case a new shell is installed."
@@ -1203,29 +1304,29 @@ msgstr ""
"тобто у разі встановлення нової оболонки слід перезапустити SSSD."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:688
+#: sssd.conf.5.xml:755
msgid "Default: Not set. The user shell is automatically used."
msgstr ""
"Типове значення: не встановлено. Автоматично використовується оболонка "
"користувача."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:693
+#: sssd.conf.5.xml:760
msgid "vetoed_shells (string)"
msgstr "vetoed_shells (рядок)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:696
+#: sssd.conf.5.xml:763
msgid "Replace any instance of these shells with the shell_fallback"
msgstr "Замінити всі записи цих оболонок на shell_fallback"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:701
+#: sssd.conf.5.xml:768
msgid "shell_fallback (string)"
msgstr "shell_fallback (рядок)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:704
+#: sssd.conf.5.xml:771
msgid ""
"The default shell to use if an allowed shell is not installed on the machine."
msgstr ""
@@ -1233,17 +1334,17 @@ msgstr ""
"системі не встановлено."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:708
+#: sssd.conf.5.xml:775
msgid "Default: /bin/sh"
msgstr "Типове значення: /bin/sh"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:713
+#: sssd.conf.5.xml:780
msgid "default_shell"
msgstr "default_shell"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:716
+#: sssd.conf.5.xml:783
msgid ""
"The default shell to use if the provider does not return one during lookup. "
"This option can be specified globally in the [nss] section or per-domain."
@@ -1253,7 +1354,7 @@ msgstr ""
"або на загальному рівні у розділі [nss], або окремо для кожного з доменів."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:722
+#: sssd.conf.5.xml:789
msgid ""
"Default: not set (Return NULL if no shell is specified and rely on libc to "
"substitute something sensible when necessary, usually /bin/sh)"
@@ -1263,12 +1364,12 @@ msgstr ""
"зазвичай /bin/sh)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:729 sssd.conf.5.xml:915
+#: sssd.conf.5.xml:796 sssd.conf.5.xml:988
msgid "get_domains_timeout (int)"
msgstr "get_domains_timeout (ціле число)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:732 sssd.conf.5.xml:918
+#: sssd.conf.5.xml:799 sssd.conf.5.xml:991
msgid ""
"Specifies time in seconds for which the list of subdomains will be "
"considered valid."
@@ -1277,31 +1378,48 @@ msgstr ""
"чинним."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:741
+#: sssd.conf.5.xml:808
msgid "memcache_timeout (int)"
msgstr "memcache_timeout (ціле число)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:744
+#: sssd.conf.5.xml:811
+#, fuzzy
+#| msgid ""
+#| "Specifies time in seconds for which records in the in-memory cache will "
+#| "be valid"
msgid ""
"Specifies time in seconds for which records in the in-memory cache will be "
-"valid"
+"valid."
msgstr ""
"Визначає час у секундах, протягом якого список піддоменів вважатиметься "
"чинним."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:748 sssd-ldap.5.xml:706
+#: sssd.conf.5.xml:815 sssd.conf.5.xml:1299 sssd-ldap.5.xml:706
msgid "Default: 300"
msgstr "Типове значення: 300"
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:818
+#, fuzzy
+#| msgid ""
+#| "If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client "
+#| "applications will not use the fast in memory cache."
+msgid ""
+"NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", "
+"client applications will not use the fast in-memory cache."
+msgstr ""
+"Якщо для змінної середовища SSS_NSS_USE_MEMCACHE встановлено значення «NO», "
+"клієнтські програми не використовуватимуть fast у кеші у пам’яті."
+
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:753 sssd-ifp.5.xml:74
+#: sssd.conf.5.xml:826 sssd-ifp.5.xml:74
msgid "user_attributes (string)"
msgstr "user_attributes (рядок)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:829
#, fuzzy
#| msgid ""
#| "Some of the additional NSS responder requests can return more attributes "
@@ -1326,7 +1444,7 @@ msgstr ""
"manvolnum> </citerefentry>, щоб дізнатися більше), але без типових значень."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:769
+#: sssd.conf.5.xml:842
msgid ""
"To make configuration more easy the NSS responder will check the InfoPipe "
"option if it is not set for the NSS responder."
@@ -1335,19 +1453,19 @@ msgstr ""
"на те, чи не встановлено його для відповідача NSS."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:774
+#: sssd.conf.5.xml:847
msgid "Default: not set, fallback to InfoPipe option"
msgstr ""
"Типове значення: не встановлено, резервне значення визначається за "
"параметром InfoPipe"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:781
+#: sssd.conf.5.xml:854
msgid "PAM configuration options"
msgstr "Параметри налаштування PAM"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:856
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
@@ -1356,12 +1474,12 @@ msgstr ""
"Authentication Module (PAM або блокового модуля розпізнавання)."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:788
+#: sssd.conf.5.xml:861
msgid "offline_credentials_expiration (integer)"
msgstr "offline_credentials_expiration (ціле число)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:791
+#: sssd.conf.5.xml:864
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
@@ -1371,17 +1489,17 @@ msgstr ""
"входу до системи)."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:796 sssd.conf.5.xml:809
+#: sssd.conf.5.xml:869 sssd.conf.5.xml:882
msgid "Default: 0 (No limit)"
msgstr "Типове значення: 0 (без обмежень)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:802
+#: sssd.conf.5.xml:875
msgid "offline_failed_login_attempts (integer)"
msgstr "offline_failed_login_attempts (ціле число)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:805
+#: sssd.conf.5.xml:878
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
@@ -1390,12 +1508,12 @@ msgstr ""
"дозволену кількість спроб входу з визначенням помилкового пароля."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:815
+#: sssd.conf.5.xml:888
msgid "offline_failed_login_delay (integer)"
msgstr "offline_failed_login_delay (ціле число)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:818
+#: sssd.conf.5.xml:891
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
@@ -1405,7 +1523,7 @@ msgstr ""
"системи."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:823
+#: sssd.conf.5.xml:896
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -1417,17 +1535,17 @@ msgstr ""
"увімкнути можливість автономного розпізнавання."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:829 sssd.conf.5.xml:882
+#: sssd.conf.5.xml:902 sssd.conf.5.xml:955
msgid "Default: 5"
msgstr "Типове значення: 5"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:835
+#: sssd.conf.5.xml:908
msgid "pam_verbosity (integer)"
msgstr "pam_verbosity (ціле число)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:838
+#: sssd.conf.5.xml:911
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
@@ -1436,43 +1554,43 @@ msgstr ""
"розпізнавання. Чим більшим є значення, тим більше повідомлень буде показано."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:843
+#: sssd.conf.5.xml:916
msgid "Currently sssd supports the following values:"
msgstr "У поточній версії sssd передбачено підтримку таких значень:"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:846
+#: sssd.conf.5.xml:919
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr "<emphasis>0</emphasis>: не показувати жодних повідомлень"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:849
+#: sssd.conf.5.xml:922
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr "<emphasis>1</emphasis>: показувати лише важливі повідомлення"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:853
+#: sssd.conf.5.xml:926
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr "<emphasis>2</emphasis>: показувати всі інформаційні повідомлення"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:856
+#: sssd.conf.5.xml:929
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
"<emphasis>3</emphasis>: показувати всі повідомлення та діагностичні дані"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:860 sssd.8.xml:63
+#: sssd.conf.5.xml:933 sssd.8.xml:63
msgid "Default: 1"
msgstr "Типове значення: 1"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:865
+#: sssd.conf.5.xml:938
msgid "pam_id_timeout (integer)"
msgstr "pam_id_timeout (ціле число)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:941
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -1483,7 +1601,7 @@ msgstr ""
"що розпізнавання виконується на основі найсвіжіших даних."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:874
+#: sssd.conf.5.xml:947
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
@@ -1497,18 +1615,18 @@ msgstr ""
"надання даних профілів."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:888
+#: sssd.conf.5.xml:961
msgid "pam_pwd_expiration_warning (integer)"
msgstr "pam_pwd_expiration_warning (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:891 sssd.conf.5.xml:1492
+#: sssd.conf.5.xml:964 sssd.conf.5.xml:1631
msgid "Display a warning N days before the password expires."
msgstr ""
"Показати попередження за вказану кількість днів перед завершенням дії пароля."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:894
+#: sssd.conf.5.xml:967
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -1519,7 +1637,7 @@ msgstr ""
"попередження."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:900 sssd.conf.5.xml:1495
+#: sssd.conf.5.xml:973 sssd.conf.5.xml:1634
msgid ""
"If zero is set, then this filter is not applied, i.e. if the expiration "
"warning was received from backend server, it will automatically be displayed."
@@ -1529,7 +1647,7 @@ msgstr ""
"буде автоматично показано."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:905
+#: sssd.conf.5.xml:978
msgid ""
"This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
"emphasis> for a particular domain."
@@ -1537,36 +1655,39 @@ msgstr ""
"Цей параметр може бути перевизначено встановленням параметра "
"<emphasis>pwd_expiration_warning</emphasis> для окремого домену."
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:910 sssd.conf.5.xml:2224 sssd.8.xml:79
-msgid "Default: 0"
-msgstr "Типове значення: 0"
-
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:927
+#: sssd.conf.5.xml:1000
msgid "pam_trusted_users (string)"
msgstr "pam_trusted_users (рядок)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:930
+#: sssd.conf.5.xml:1003
+#, fuzzy
+#| msgid ""
+#| "Specifies the comma-separated list of UID values or user names that are "
+#| "allowed to access the InfoPipe responder. User names are resolved to UIDs "
+#| "at startup."
msgid ""
"Specifies the comma-separated list of UID values or user names that are "
-"allowed to access the PAM responder. User names are resolved to UIDs at "
+"allowed to run PAM conversations against trusted domains. Users not "
+"included in this list can only access domains marked as public with "
+"<quote>pam_public_domains</quote>. User names are resolved to UIDs at "
"startup."
msgstr ""
-"Визначає список значень UID або імен користувачів, відокремлених комами. \n"
-"Користувачам з цього списку буде дозволено доступ до відповідача PAM. UID "
-"за \n"
-"іменами користувачів визначатимуться під час запуску."
+"Визначає список значень UID або імен користувачів, відокремлених комами. "
+"Користувачам з цього списку буде дозволено доступ до відповідача InfoPipe. "
+"UID за іменами користувачів визначатимуться під час запуску."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:936
-msgid "Default: all (All users are allowed to access the PAM responder)"
+#: sssd.conf.5.xml:1013
+#, fuzzy
+#| msgid "Default: all (All users are allowed to access the PAM responder)"
+msgid "Default: All users are considered trusted by default"
msgstr ""
"Типове значення: all (Доступ до відповідача PAM отримують усі користувачі)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940
+#: sssd.conf.5.xml:1017
msgid ""
"Please note that UID 0 is always allowed to access the PAM responder even in "
"case it is not in the pam_trusted_users list."
@@ -1575,12 +1696,12 @@ msgstr ""
"відповідача PAM, навіть якщо користувача немає у списку pam_trusted_users."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:947
+#: sssd.conf.5.xml:1024
msgid "pam_public_domains (string)"
msgstr "pam_public_domains (рядок)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:950
+#: sssd.conf.5.xml:1027
msgid ""
"Specifies the comma-separated list of domain names that are accessible even "
"to untrusted users."
@@ -1589,12 +1710,12 @@ msgstr ""
"отримувати навіть ненадійні користувачі."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:954
+#: sssd.conf.5.xml:1031
msgid "Two special values for pam_public_domains option are defined:"
msgstr "Визначено два спеціальних значення параметра pam_public_domains:"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:958
+#: sssd.conf.5.xml:1035
msgid ""
"all (Untrusted users are allowed to access all domains in PAM responder.)"
msgstr ""
@@ -1602,7 +1723,7 @@ msgstr ""
"PAM.)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:962
+#: sssd.conf.5.xml:1039
msgid ""
"none (Untrusted users are not allowed to access any domains PAM in "
"responder.)"
@@ -1610,52 +1731,131 @@ msgstr ""
"none (Ненадійним користувачам заборонено доступ до усіх доменів PAM у "
"відповідачі.)"
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1043 sssd.conf.5.xml:1068 sssd.conf.5.xml:1087
+#: sssd.conf.5.xml:1411 sssd.conf.5.xml:2342 sssd-ldap.5.xml:1793
+msgid "Default: none"
+msgstr "Типове значення: none"
+
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:971
+#: sssd.conf.5.xml:1048
msgid "pam_account_expired_message (string)"
msgstr "pam_account_expired_message (рядок)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:974
+#: sssd.conf.5.xml:1051
msgid ""
-"If user is authenticating using SSH keys and account is expired then by "
-"default 'Permission denied' is output. This output will be changed to "
-"content of this variable if it is set."
+"Allows a custom expiration message to be set, replacing the default "
+"'Permission denied' message."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1056
+msgid ""
+"Note: Please be aware that message is only printed for the SSH service "
+"unless pam_verbostiy is set to 3 (show all messages and debug information)."
msgstr ""
-"Якщо користувач проходить розпізнавання за допомогою ключів SSH, а строк дії "
-"облікового запису вичерпано, буде виведено типове повідомлення про заборону "
-"доступу («Permission denied»). Це повідомлення буде змінено на вміст "
-"змінної, якщо її значення буде встановлено."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:983
-#, no-wrap
+#: sssd.conf.5.xml:1064
+#, fuzzy, no-wrap
+#| msgid ""
+#| "pam_account_expired_message = Account expired, please call help desk.\n"
+#| " "
msgid ""
+"pam_account_expired_message = Account expired, please contact help desk.\n"
+" "
+msgstr ""
"pam_account_expired_message = Account expired, please call help desk.\n"
" "
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1073
+#, fuzzy
+#| msgid "pam_account_expired_message (string)"
+msgid "pam_account_locked_message (string)"
+msgstr "pam_account_expired_message (рядок)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1076
+msgid ""
+"Allows a custom lockout message to be set, replacing the default 'Permission "
+"denied' message."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd.conf.5.xml:1083
+#, fuzzy, no-wrap
+#| msgid ""
+#| "pam_account_expired_message = Account expired, please call help desk.\n"
+#| " "
+msgid ""
+"pam_account_locked_message = Account locked, please contact help desk.\n"
+" "
msgstr ""
"pam_account_expired_message = Account expired, please call help desk.\n"
" "
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:992
+#: sssd.conf.5.xml:1092
+#, fuzzy
+#| msgid "enumerate (bool)"
+msgid "pam_cert_auth (bool)"
+msgstr "enumerate (булеве значення)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1095
+msgid ""
+"Enable certificate based Smartcard authentication. Since this requires "
+"additional communication with the Smartcard which will delay the "
+"authentication process this option is disabled by default."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1101 sssd-ldap.5.xml:1021 sssd-ldap.5.xml:1048
+#: sssd-ldap.5.xml:1339 sssd-ldap.5.xml:1360 sssd-ldap.5.xml:1866
+#: include/ldap_id_mapping.xml:244
+msgid "Default: False"
+msgstr "Типове значення: False"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1106
+#, fuzzy
+#| msgid "krb5_confd_path (string)"
+msgid "pam_cert_db_path (string)"
+msgstr "krb5_confd_path (рядок)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1109
+msgid ""
+"The path to the certificate database which contain the PKCS#11 modules to "
+"access the Smartcard."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1113
+msgid "Default: /etc/pki/nssdb (NSS version)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1118
#, fuzzy
#| msgid "pam_id_timeout (integer)"
msgid "p11_child_timeout (integer)"
msgstr "pam_id_timeout (ціле число)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:995
+#: sssd.conf.5.xml:1121
msgid "How many seconds will pam_sss wait for p11_child to finish."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1008
+#: sssd.conf.5.xml:1134
msgid "SUDO configuration options"
msgstr "Параметри налаштування SUDO"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1010
+#: sssd.conf.5.xml:1136
msgid ""
"These options can be used to configure the sudo service. The detailed "
"instructions for configuration of <citerefentry> <refentrytitle>sudo</"
@@ -1673,12 +1873,12 @@ msgstr ""
"citerefentry>."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1027
+#: sssd.conf.5.xml:1153
msgid "sudo_timed (bool)"
msgstr "sudo_timed (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1030
+#: sssd.conf.5.xml:1156
msgid ""
"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
"that implement time-dependent sudoers entries."
@@ -1687,22 +1887,22 @@ msgstr ""
"призначені для визначення часових обмежень для записів sudoers."
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1043
+#: sssd.conf.5.xml:1169
msgid "AUTOFS configuration options"
msgstr "Параметри налаштування AUTOFS"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1045
+#: sssd.conf.5.xml:1171
msgid "These options can be used to configure the autofs service."
msgstr "Цими параметрами можна скористатися для налаштування служби autofs."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1049
+#: sssd.conf.5.xml:1175
msgid "autofs_negative_timeout (integer)"
msgstr "autofs_negative_timeout (ціле число)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1052
+#: sssd.conf.5.xml:1178
msgid ""
"Specifies for how many seconds should the autofs responder negative cache "
"hits (that is, queries for invalid map entries, like nonexistent ones) "
@@ -1713,22 +1913,22 @@ msgstr ""
"базі даних, зокрема неіснуючих) перед повторним запитом до сервера обробки."
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1068
+#: sssd.conf.5.xml:1194
msgid "SSH configuration options"
msgstr "Параметри налаштувань SSH"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1070
+#: sssd.conf.5.xml:1196
msgid "These options can be used to configure the SSH service."
msgstr "Цими параметрами можна скористатися для налаштування служби SSH."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1074
+#: sssd.conf.5.xml:1200
msgid "ssh_hash_known_hosts (bool)"
msgstr "ssh_hash_known_hosts (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1077
+#: sssd.conf.5.xml:1203
msgid ""
"Whether or not to hash host names and addresses in the managed known_hosts "
"file."
@@ -1736,12 +1936,12 @@ msgstr ""
"Чи слід хешувати назви та адреси вузлів у керованому файлі known_hosts."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1086
+#: sssd.conf.5.xml:1212
msgid "ssh_known_hosts_timeout (integer)"
msgstr "ssh_known_hosts_timeout (ціле число)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1089
+#: sssd.conf.5.xml:1215
msgid ""
"How many seconds to keep a host in the managed known_hosts file after its "
"host keys were requested."
@@ -1750,38 +1950,38 @@ msgstr ""
"файлі known_hosts після надсилання запиту щодо ключів вузла."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1093
+#: sssd.conf.5.xml:1219
msgid "Default: 180"
msgstr "Типове значення: 180"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1098
+#: sssd.conf.5.xml:1224
#, fuzzy
#| msgid "mail_dir (string)"
msgid "ca_db (string)"
msgstr "mail_dir (рядок)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1101
+#: sssd.conf.5.xml:1227
msgid ""
"Path to a storage of trusted CA certificates. The option is used to validate "
"user certificates before deriving public ssh keys from them."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1106
+#: sssd.conf.5.xml:1232
#, fuzzy
#| msgid "Default: /etc/krb5.keytab"
msgid "Default: /etc/pki/nssdb"
msgstr "Типове значення: /etc/krb5.keytab"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1114
+#: sssd.conf.5.xml:1240
msgid "PAC responder configuration options"
msgstr "Параметри налаштування відповідача PAC"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1116
+#: sssd.conf.5.xml:1242
msgid ""
"The PAC responder works together with the authorization data plugin for MIT "
"Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the "
@@ -1800,7 +2000,7 @@ msgstr ""
"декодовано і визначено, виконуються деякі з таких дій:"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1125
+#: sssd.conf.5.xml:1251
msgid ""
"If the remote user does not exist in the cache, it is created. The uid is "
"determined with the help of the SID, trusted domains will have UPGs and the "
@@ -1818,7 +2018,7 @@ msgstr ""
"параметра default_shell."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1133
+#: sssd.conf.5.xml:1259
msgid ""
"If there are SIDs of groups from domains sssd knows about, the user will be "
"added to those groups."
@@ -1827,18 +2027,18 @@ msgstr ""
"додано до цих груп."
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1139
+#: sssd.conf.5.xml:1265
msgid "These options can be used to configure the PAC responder."
msgstr ""
"Цими параметрами можна скористатися для налаштовування відповідача PAC."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1143 sssd-ifp.5.xml:50
+#: sssd.conf.5.xml:1269 sssd-ifp.5.xml:50
msgid "allowed_uids (string)"
msgstr "allowed_uids (рядок)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1146
+#: sssd.conf.5.xml:1272
msgid ""
"Specifies the comma-separated list of UID values or user names that are "
"allowed to access the PAC responder. User names are resolved to UIDs at "
@@ -1849,14 +2049,14 @@ msgstr ""
"іменами користувачів визначатимуться під час запуску."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1152
+#: sssd.conf.5.xml:1278
msgid "Default: 0 (only the root user is allowed to access the PAC responder)"
msgstr ""
"Типове значення: 0 (доступ до відповідача PAC має лише адміністративний "
"користувач (root))"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1156
+#: sssd.conf.5.xml:1282
msgid ""
"Please note that although the UID 0 is used as the default it will be "
"overwritten with this option. If you still want to allow the root user to "
@@ -1869,18 +2069,32 @@ msgstr ""
"бути типовим варіантом, вам слід додати до списку UID з правами доступу "
"запис 0."
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1291
+#, fuzzy
+#| msgid "pam_id_timeout (integer)"
+msgid "pac_lifetime (integer)"
+msgstr "pam_id_timeout (ціле число)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1294
+msgid ""
+"Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC "
+"data can be used to determine the group memberships of a user."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1170
+#: sssd.conf.5.xml:1309
msgid "DOMAIN SECTIONS"
msgstr "РОЗДІЛИ ДОМЕНІВ"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1177
+#: sssd.conf.5.xml:1316
msgid "min_id,max_id (integer)"
msgstr "min_id,max_id (ціле значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1180
+#: sssd.conf.5.xml:1319
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
@@ -1889,7 +2103,7 @@ msgstr ""
"відповідає цим обмеженням, його буде проігноровано."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1185
+#: sssd.conf.5.xml:1324
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -1902,7 +2116,7 @@ msgstr ""
"основної групи і належать діапазону, буде виведено у звичайному режимі."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1192
+#: sssd.conf.5.xml:1331
msgid ""
"These ID limits affect even saving entries to cache, not only returning them "
"by name or ID."
@@ -1911,17 +2125,17 @@ msgstr ""
"лише повернення записів за назвою або ідентифікатором."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1196
+#: sssd.conf.5.xml:1335
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr "Типові значення: 1 для min_id, 0 (без обмежень) для max_id"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1202
+#: sssd.conf.5.xml:1341
msgid "enumerate (bool)"
msgstr "enumerate (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1205
+#: sssd.conf.5.xml:1344
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
@@ -1930,22 +2144,22 @@ msgstr ""
"значень:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1209
+#: sssd.conf.5.xml:1348
msgid "TRUE = Users and groups are enumerated"
msgstr "TRUE = користувачі і групи нумеруються"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1212
+#: sssd.conf.5.xml:1351
msgid "FALSE = No enumerations for this domain"
msgstr "FALSE = не використовувати нумерацію для цього домену"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1215 sssd.conf.5.xml:1447 sssd.conf.5.xml:1614
+#: sssd.conf.5.xml:1354 sssd.conf.5.xml:1586 sssd.conf.5.xml:1753
msgid "Default: FALSE"
msgstr "Типове значення: FALSE"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1218
+#: sssd.conf.5.xml:1357
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -1964,7 +2178,7 @@ msgstr ""
"повторне визначення параметрів участі також іноді є складним завданням."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1231
+#: sssd.conf.5.xml:1370
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
@@ -1974,7 +2188,7 @@ msgstr ""
"завершено."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1236
+#: sssd.conf.5.xml:1375
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -1988,7 +2202,7 @@ msgstr ""
"відповідного використаного засобу обробки ідентифікаторів (id_provider)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1244
+#: sssd.conf.5.xml:1383
msgid ""
"For the reasons cited above, enabling enumeration is not recommended, "
"especially in large environments."
@@ -1997,32 +2211,32 @@ msgstr ""
"об’ємних середовищах."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1252
+#: sssd.conf.5.xml:1391
msgid "subdomain_enumerate (string)"
msgstr "subdomain_enumerate (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1259
+#: sssd.conf.5.xml:1398
msgid "all"
msgstr "all"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1260
+#: sssd.conf.5.xml:1399
msgid "All discovered trusted domains will be enumerated"
msgstr "Усі виявлені надійні домени буде пронумеровано"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1263
+#: sssd.conf.5.xml:1402
msgid "none"
msgstr "none"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1264
+#: sssd.conf.5.xml:1403
msgid "No discovered trusted domains will be enumerated"
msgstr "Нумерація виявлених надійних доменів не виконуватиметься"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1255
+#: sssd.conf.5.xml:1394
msgid ""
"Whether any of autodetected trusted domains should be enumerated. The "
"supported values are: <placeholder type=\"variablelist\" id=\"0\"/> "
@@ -2035,12 +2249,12 @@ msgstr ""
"доменів, для яких буде увімкнено нумерацію."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1295
+#: sssd.conf.5.xml:1434
msgid "entry_cache_timeout (integer)"
msgstr "entry_cache_timeout (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1298
+#: sssd.conf.5.xml:1437
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
@@ -2049,7 +2263,7 @@ msgstr ""
"надсилати повторний запит до сервера"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1302
+#: sssd.conf.5.xml:1441
msgid ""
"The cache expiration timestamps are stored as attributes of individual "
"objects in the cache. Therefore, changing the cache timeout only has effect "
@@ -2066,17 +2280,17 @@ msgstr ""
"<manvolnum>8</manvolnum> </citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1315
+#: sssd.conf.5.xml:1454
msgid "Default: 5400"
msgstr "Типове значення: 5400"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1321
+#: sssd.conf.5.xml:1460
msgid "entry_cache_user_timeout (integer)"
msgstr "entry_cache_user_timeout (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1324
+#: sssd.conf.5.xml:1463
msgid ""
"How many seconds should nss_sss consider user entries valid before asking "
"the backend again"
@@ -2085,19 +2299,19 @@ msgstr ""
"чинними, перш ніж надсилати повторний запит до сервера"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1328 sssd.conf.5.xml:1341 sssd.conf.5.xml:1354
-#: sssd.conf.5.xml:1367 sssd.conf.5.xml:1380 sssd.conf.5.xml:1394
-#: sssd.conf.5.xml:1408
+#: sssd.conf.5.xml:1467 sssd.conf.5.xml:1480 sssd.conf.5.xml:1493
+#: sssd.conf.5.xml:1506 sssd.conf.5.xml:1519 sssd.conf.5.xml:1533
+#: sssd.conf.5.xml:1547
msgid "Default: entry_cache_timeout"
msgstr "Типове значення: entry_cache_timeout"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1334
+#: sssd.conf.5.xml:1473
msgid "entry_cache_group_timeout (integer)"
msgstr "entry_cache_group_timeout (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1337
+#: sssd.conf.5.xml:1476
msgid ""
"How many seconds should nss_sss consider group entries valid before asking "
"the backend again"
@@ -2106,12 +2320,12 @@ msgstr ""
"ніж надсилати повторний запит до сервера"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1347
+#: sssd.conf.5.xml:1486
msgid "entry_cache_netgroup_timeout (integer)"
msgstr "entry_cache_netgroup_timeout (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1350
+#: sssd.conf.5.xml:1489
msgid ""
"How many seconds should nss_sss consider netgroup entries valid before "
"asking the backend again"
@@ -2120,12 +2334,12 @@ msgstr ""
"чинними, перш ніж надсилати повторний запит до сервера"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1360
+#: sssd.conf.5.xml:1499
msgid "entry_cache_service_timeout (integer)"
msgstr "entry_cache_service_timeout (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1363
+#: sssd.conf.5.xml:1502
msgid ""
"How many seconds should nss_sss consider service entries valid before asking "
"the backend again"
@@ -2134,12 +2348,12 @@ msgstr ""
"ніж надсилати повторний запит до сервера"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1373
+#: sssd.conf.5.xml:1512
msgid "entry_cache_sudo_timeout (integer)"
msgstr "entry_cache_sudo_timeout (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1376
+#: sssd.conf.5.xml:1515
msgid ""
"How many seconds should sudo consider rules valid before asking the backend "
"again"
@@ -2148,12 +2362,12 @@ msgstr ""
"надсилати повторний запит до сервера"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1386
+#: sssd.conf.5.xml:1525
msgid "entry_cache_autofs_timeout (integer)"
msgstr "entry_cache_autofs_timeout (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1389
+#: sssd.conf.5.xml:1528
msgid ""
"How many seconds should the autofs service consider automounter maps valid "
"before asking the backend again"
@@ -2162,12 +2376,12 @@ msgstr ""
"чинними, перш ніж надсилати повторний запит до сервера"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1400
+#: sssd.conf.5.xml:1539
msgid "entry_cache_ssh_host_timeout (integer)"
msgstr "entry_cache_ssh_host_timeout (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1403
+#: sssd.conf.5.xml:1542
msgid ""
"How many seconds to keep a host ssh key after refresh. IE how long to cache "
"the host key for."
@@ -2177,12 +2391,12 @@ msgstr ""
"вузла у кеші."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1414
+#: sssd.conf.5.xml:1553
msgid "refresh_expired_interval (integer)"
msgstr "refresh_expired_interval (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1417
+#: sssd.conf.5.xml:1556
msgid ""
"Specifies how many seconds SSSD has to wait before triggering a background "
"refresh task which will refresh all expired or nearly expired records."
@@ -2192,7 +2406,7 @@ msgstr ""
"вичерпано або майже вичерпано."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1422
+#: sssd.conf.5.xml:1561
msgid ""
"The background refresh will process users, groups and netgroups in the cache."
msgstr ""
@@ -2200,42 +2414,42 @@ msgstr ""
"груп та мережевих груп у кеші."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1426
+#: sssd.conf.5.xml:1565
msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
msgstr ""
"Варто визначити для цього параметра значення 3/4 * entry_cache_timeout."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1430 sssd-ldap.5.xml:730 sssd-ipa.5.xml:227
+#: sssd.conf.5.xml:1569 sssd-ldap.5.xml:730 sssd-ipa.5.xml:227
msgid "Default: 0 (disabled)"
msgstr "Типове значення: 0 (вимкнено)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1436
+#: sssd.conf.5.xml:1575
msgid "cache_credentials (bool)"
msgstr "cache_credentials (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1439
+#: sssd.conf.5.xml:1578
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
"Визначає, чи слід також кешувати реєстраційні дані користувача у локальному "
"кеші LDB"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1443
+#: sssd.conf.5.xml:1582
msgid "User credentials are stored in a SHA512 hash, not in plaintext"
msgstr ""
"Реєстраційні дані користувача зберігаються у форматі хешу SHA512, а не у "
"форматі звичайного тексту"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1453
+#: sssd.conf.5.xml:1592
msgid "cache_credentials_minimal_first_factor_length (int)"
msgstr "cache_credentials_minimal_first_factor_length (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1456
+#: sssd.conf.5.xml:1595
#, fuzzy
#| msgid ""
#| "If 2-Factor-Authentication (2FA) is used and credentials should be saved "
@@ -2252,7 +2466,7 @@ msgstr ""
"контрольної суми SHA512 у кеші."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1463
+#: sssd.conf.5.xml:1602
msgid ""
"This should avoid that the short PINs of a PIN based 2FA scheme are saved in "
"the cache which would make them easy targets for brute-force attacks."
@@ -2262,17 +2476,17 @@ msgstr ""
"мішенню атак із перебиранням паролів."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1468
+#: sssd.conf.5.xml:1607
msgid "Default: 8"
msgstr "Типове значення: 8"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1474
+#: sssd.conf.5.xml:1613
msgid "account_cache_expiration (integer)"
msgstr "account_cache_expiration (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1477
+#: sssd.conf.5.xml:1616
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -2285,17 +2499,17 @@ msgstr ""
"offline_credentials_expiration."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1484
+#: sssd.conf.5.xml:1623
msgid "Default: 0 (unlimited)"
msgstr "Типове значення: 0 (без обмежень)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1489
+#: sssd.conf.5.xml:1628
msgid "pwd_expiration_warning (integer)"
msgstr "pwd_expiration_warning (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1500
+#: sssd.conf.5.xml:1639
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -2308,17 +2522,17 @@ msgstr ""
"даних розпізнавання."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1507
+#: sssd.conf.5.xml:1646
msgid "Default: 7 (Kerberos), 0 (LDAP)"
msgstr "Типове значення: 7 (Kerberos), 0 (LDAP)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1513
+#: sssd.conf.5.xml:1652
msgid "id_provider (string)"
msgstr "id_provider (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1516
+#: sssd.conf.5.xml:1655
msgid ""
"The identification provider used for the domain. Supported ID providers are:"
msgstr ""
@@ -2326,17 +2540,17 @@ msgstr ""
"Серед підтримуваних засобів такі:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1520
+#: sssd.conf.5.xml:1659
msgid "<quote>proxy</quote>: Support a legacy NSS provider"
msgstr "«proxy»: підтримка застарілого модуля надання даних NSS"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1523 sssd.conf.5.xml:1660
+#: sssd.conf.5.xml:1662 sssd.conf.5.xml:1799
msgid "<quote>local</quote>: SSSD internal provider for local users"
msgstr "<quote>local</quote>: вбудований засіб SSSD для локальних користувачів"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1527
+#: sssd.conf.5.xml:1666
msgid ""
"<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-"
"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
@@ -2347,8 +2561,8 @@ msgstr ""
"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1535 sssd.conf.5.xml:1640 sssd.conf.5.xml:1695
-#: sssd.conf.5.xml:1748
+#: sssd.conf.5.xml:1674 sssd.conf.5.xml:1779 sssd.conf.5.xml:1834
+#: sssd.conf.5.xml:1897
msgid ""
"<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management "
"provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
@@ -2361,8 +2575,8 @@ msgstr ""
"manvolnum> </citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1544 sssd.conf.5.xml:1649 sssd.conf.5.xml:1704
-#: sssd.conf.5.xml:1757
+#: sssd.conf.5.xml:1683 sssd.conf.5.xml:1788 sssd.conf.5.xml:1843
+#: sssd.conf.5.xml:1906
msgid ""
"<quote>ad</quote>: Active Directory provider. See <citerefentry> "
"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2374,12 +2588,12 @@ msgstr ""
"citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1555
+#: sssd.conf.5.xml:1694
msgid "use_fully_qualified_names (bool)"
msgstr "use_fully_qualified_names (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1558
+#: sssd.conf.5.xml:1697
msgid ""
"Use the full name and domain (as formatted by the domain's full_name_format) "
"as the user's login name reported to NSS."
@@ -2389,7 +2603,7 @@ msgstr ""
"NSS."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1563
+#: sssd.conf.5.xml:1702
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -2402,7 +2616,7 @@ msgstr ""
"не покаже користувача, а <command>getent passwd test@LOCAL</command> покаже."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1571
+#: sssd.conf.5.xml:1710
msgid ""
"NOTE: This option has no effect on netgroup lookups due to their tendency to "
"include nested netgroups without qualified names. For netgroups, all domains "
@@ -2413,22 +2627,22 @@ msgstr ""
"груп, якщо задано неповну назву, буде виконано пошук у всіх доменах."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1578
+#: sssd.conf.5.xml:1717
msgid "Default: FALSE (TRUE if default_domain_suffix is used)"
msgstr "Типове значення: FALSE (TRUE, якщо використано default_domain_suffix)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1584
+#: sssd.conf.5.xml:1723
msgid "ignore_group_members (bool)"
msgstr "ignore_group_members (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1587
+#: sssd.conf.5.xml:1726
msgid "Do not return group members for group lookups."
msgstr "Не повертати записи учасників груп для пошуків груп."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1590
+#: sssd.conf.5.xml:1729
msgid ""
"If set to TRUE, the group membership attribute is not requested from the "
"ldap server, and group members are not returned when processing group lookup "
@@ -2447,7 +2661,7 @@ msgstr ""
"$groupname</quote> поверне запитану групу так, наче вона була порожня."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1608
+#: sssd.conf.5.xml:1747
msgid ""
"Enabling this option can also make access provider checks for group "
"membership significantly faster, especially for groups containing many "
@@ -2458,12 +2672,12 @@ msgstr ""
"учасників."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1619
+#: sssd.conf.5.xml:1758
msgid "auth_provider (string)"
msgstr "auth_provider (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1622
+#: sssd.conf.5.xml:1761
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
@@ -2472,7 +2686,7 @@ msgstr ""
"служб розпізнавання:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1626 sssd.conf.5.xml:1688
+#: sssd.conf.5.xml:1765 sssd.conf.5.xml:1827
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2484,7 +2698,7 @@ msgstr ""
"citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1633
+#: sssd.conf.5.xml:1772
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2496,18 +2710,18 @@ msgstr ""
"citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1657
+#: sssd.conf.5.xml:1796
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr "<quote>proxy</quote> — трансльоване розпізнавання у іншій системі PAM."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1664
+#: sssd.conf.5.xml:1803
msgid "<quote>none</quote> disables authentication explicitly."
msgstr "<quote>none</quote> — вимкнути розпізнавання повністю."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1667
+#: sssd.conf.5.xml:1806
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
@@ -2516,12 +2730,12 @@ msgstr ""
"спосіб встановлено і можлива обробка запитів щодо розпізнавання."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1673
+#: sssd.conf.5.xml:1812
msgid "access_provider (string)"
msgstr "access_provider (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1676
+#: sssd.conf.5.xml:1815
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -2532,7 +2746,7 @@ msgstr ""
"Вбудованими програмами є:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1682
+#: sssd.conf.5.xml:1821
msgid ""
"<quote>permit</quote> always allow access. It's the only permitted access "
"provider for a local domain."
@@ -2541,12 +2755,12 @@ msgstr ""
"доступу для локального домену."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1685
+#: sssd.conf.5.xml:1824
msgid "<quote>deny</quote> always deny access."
msgstr "<quote>deny</quote> — завжди забороняти доступ."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1712
+#: sssd.conf.5.xml:1851
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -2559,17 +2773,43 @@ msgstr ""
"refentrytitle> <manvolnum>5</manvolnum></citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1719
+#: sssd.conf.5.xml:1858
+#, fuzzy
+#| msgid ""
+#| "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
+#| "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
+#| "citerefentry> for more information on configuring Kerberos."
+msgid ""
+"<quote>krb5</quote>: .k5login based access control. See <citerefentry> "
+"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></"
+"citerefentry> for more information on configuring Kerberos."
+msgstr ""
+"<quote>krb5</quote> — вбудоване розпізнавання Kerberos. Докладніші відомості "
+"щодо налаштовування Kerberos викладено у довіднику з <citerefentry> "
+"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum></manvolnum> </"
+"citerefentry>."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1865
+#, fuzzy
+#| msgid ""
+#| "<quote>proxy</quote> for relaying password changes to some other PAM "
+#| "target."
+msgid "<quote>proxy</quote> for relaying access control to another PAM module."
+msgstr "<quote>proxy</quote> — трансльована зміна пароля у іншій системі PAM."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1868
msgid "Default: <quote>permit</quote>"
msgstr "Типове значення: <quote>permit</quote>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1724
+#: sssd.conf.5.xml:1873
msgid "chpass_provider (string)"
msgstr "chpass_provider (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1727
+#: sssd.conf.5.xml:1876
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
@@ -2578,7 +2818,7 @@ msgstr ""
"підтримку таких систем зміни паролів:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1732
+#: sssd.conf.5.xml:1881
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -2590,7 +2830,7 @@ msgstr ""
"manvolnum> </citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1740
+#: sssd.conf.5.xml:1889
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2602,18 +2842,18 @@ msgstr ""
"citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1765
+#: sssd.conf.5.xml:1914
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr "<quote>proxy</quote> — трансльована зміна пароля у іншій системі PAM."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1769
+#: sssd.conf.5.xml:1918
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr "<quote>none</quote> — явно вимкнути можливість зміни пароля."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1772
+#: sssd.conf.5.xml:1921
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
@@ -2622,19 +2862,19 @@ msgstr ""
"цього параметра і якщо система здатна обробляти запити щодо паролів."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1779
+#: sssd.conf.5.xml:1928
msgid "sudo_provider (string)"
msgstr "sudo_provider (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1782
+#: sssd.conf.5.xml:1931
msgid "The SUDO provider used for the domain. Supported SUDO providers are:"
msgstr ""
"Служба SUDO, яку використано для цього домену. Серед підтримуваних служб "
"SUDO:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1786
+#: sssd.conf.5.xml:1935
msgid ""
"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2646,7 +2886,7 @@ msgstr ""
"citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1794
+#: sssd.conf.5.xml:1943
msgid ""
"<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default "
"settings."
@@ -2655,7 +2895,7 @@ msgstr ""
"параметрами IPA."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1798
+#: sssd.conf.5.xml:1947
msgid ""
"<quote>ad</quote> the same as <quote>ldap</quote> but with AD default "
"settings."
@@ -2664,20 +2904,20 @@ msgstr ""
"параметрами AD."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1802
+#: sssd.conf.5.xml:1951
msgid "<quote>none</quote> disables SUDO explicitly."
msgstr "<quote>none</quote> явним чином вимикає SUDO."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1805 sssd.conf.5.xml:1883 sssd.conf.5.xml:1915
-#: sssd.conf.5.xml:1940
+#: sssd.conf.5.xml:1954 sssd.conf.5.xml:2032 sssd.conf.5.xml:2073
+#: sssd.conf.5.xml:2098
msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
msgstr ""
"Типове значення: використовується значення <quote>id_provider</quote>, якщо "
"його встановлено."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1809
+#: sssd.conf.5.xml:1958
msgid ""
"The detailed instructions for configuration of sudo_provider are in the "
"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -2696,12 +2936,12 @@ msgstr ""
"citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1826
+#: sssd.conf.5.xml:1975
msgid "selinux_provider (string)"
msgstr "selinux_provider (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1829
+#: sssd.conf.5.xml:1978
msgid ""
"The provider which should handle loading of selinux settings. Note that this "
"provider will be called right after access provider ends. Supported selinux "
@@ -2712,7 +2952,7 @@ msgstr ""
"доступу. Передбачено підтримку таких засобів надання даних SELinux:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1835
+#: sssd.conf.5.xml:1984
msgid ""
"<quote>ipa</quote> to load selinux settings from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2724,14 +2964,14 @@ msgstr ""
"manvolnum> </citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1843
+#: sssd.conf.5.xml:1992
msgid "<quote>none</quote> disallows fetching selinux settings explicitly."
msgstr ""
"<quote>none</quote> явним чином забороняє отримання даних щодо параметрів "
"SELinux."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1846
+#: sssd.conf.5.xml:1995
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"selinux loading requests."
@@ -2740,12 +2980,12 @@ msgstr ""
"спосіб встановлено і можлива обробка запитів щодо завантаження SELinux."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1852
+#: sssd.conf.5.xml:2001
msgid "subdomains_provider (string)"
msgstr "subdomains_provider (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1855
+#: sssd.conf.5.xml:2004
msgid ""
"The provider which should handle fetching of subdomains. This value should "
"be always the same as id_provider. Supported subdomain providers are:"
@@ -2755,7 +2995,7 @@ msgstr ""
"підтримку таких засобів надання даних піддоменів:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1861
+#: sssd.conf.5.xml:2010
msgid ""
"<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2767,7 +3007,7 @@ msgstr ""
"manvolnum> </citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1870
+#: sssd.conf.5.xml:2019
msgid ""
"<quote>ad</quote> to load a list of subdomains from an Active Directory "
"server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> "
@@ -2780,17 +3020,17 @@ msgstr ""
"налаштовування засобу надання даних AD."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1879
+#: sssd.conf.5.xml:2028
msgid "<quote>none</quote> disallows fetching subdomains explicitly."
msgstr "<quote>none</quote> забороняє ячним чином отримання даних піддоменів."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1890
+#: sssd.conf.5.xml:2039
msgid "autofs_provider (string)"
msgstr "autofs_provider (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1893
+#: sssd.conf.5.xml:2042
msgid ""
"The autofs provider used for the domain. Supported autofs providers are:"
msgstr ""
@@ -2798,7 +3038,7 @@ msgstr ""
"autofs:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1897
+#: sssd.conf.5.xml:2046
msgid ""
"<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2810,7 +3050,7 @@ msgstr ""
"citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1904
+#: sssd.conf.5.xml:2053
msgid ""
"<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2822,17 +3062,34 @@ msgstr ""
"manvolnum> </citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1912
+#: sssd.conf.5.xml:2061
+#, fuzzy
+#| msgid ""
+#| "<quote>ipa</quote> to load maps stored in an IPA server. See "
+#| "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
+#| "manvolnum> </citerefentry> for more information on configuring IPA."
+msgid ""
+"<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> "
+"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> for more information on configuring the AD provider."
+msgstr ""
+"<quote>ipa</quote> — завантажити карти, що зберігається на сервері IPA. "
+"Докладніші відомості щодо налаштовування IPA викладено у довіднику з "
+"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum></"
+"manvolnum> </citerefentry>."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2070
msgid "<quote>none</quote> disables autofs explicitly."
msgstr "<quote>none</quote> вимикає autofs повністю."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1922
+#: sssd.conf.5.xml:2080
msgid "hostid_provider (string)"
msgstr "hostid_provider (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1925
+#: sssd.conf.5.xml:2083
msgid ""
"The provider used for retrieving host identity information. Supported "
"hostid providers are:"
@@ -2841,7 +3098,7 @@ msgstr ""
"вузла. Серед підтримуваних засобів надання hostid:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1929
+#: sssd.conf.5.xml:2087
msgid ""
"<quote>ipa</quote> to load host identity stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2853,12 +3110,12 @@ msgstr ""
"manvolnum> </citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1937
+#: sssd.conf.5.xml:2095
msgid "<quote>none</quote> disables hostid explicitly."
msgstr "<quote>none</quote> вимикає hostid повністю."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1950
+#: sssd.conf.5.xml:2108
msgid ""
"Regular expression for this domain that describes how to parse the string "
"containing user name and domain into these components. The \"domain\" can "
@@ -2872,7 +3129,7 @@ msgstr ""
"IPA та доменів Active Directory, простій назві (NetBIOS) домену."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1959
+#: sssd.conf.5.xml:2117
msgid ""
"Default for the AD and IPA provider: <quote>(((?P&lt;domain&gt;[^\\\\]+)\\"
"\\(?P&lt;name&gt;.+$))|((?P&lt;name&gt;[^@]+)@(?P&lt;domain&gt;.+$))|(^(?"
@@ -2885,22 +3142,22 @@ msgstr ""
"різні стилі запису імен користувачів:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1964
+#: sssd.conf.5.xml:2122
msgid "username"
msgstr "користувач"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1967
+#: sssd.conf.5.xml:2125
msgid "username@domain.name"
msgstr "користувач@назва.домену"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1970
+#: sssd.conf.5.xml:2128
msgid "domain\\username"
msgstr "домен\\користувач"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1973
+#: sssd.conf.5.xml:2131
msgid ""
"While the first two correspond to the general default the third one is "
"introduced to allow easy integration of users from Windows domains."
@@ -2909,7 +3166,7 @@ msgstr ""
"того, щоб полегшити інтеграцію користувачів з доменів Windows."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1978
+#: sssd.conf.5.xml:2136
msgid ""
"Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
"which translates to \"the name is everything up to the <quote>@</quote> "
@@ -2920,7 +3177,7 @@ msgstr ""
"домену — все після цього символу."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1984
+#: sssd.conf.5.xml:2142
msgid ""
"PLEASE NOTE: the support for non-unique named subpatterns is not available "
"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
@@ -2932,7 +3189,7 @@ msgstr ""
"платформах з версією libpcre 7."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1991
+#: sssd.conf.5.xml:2149
msgid ""
"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
"P&lt;name&gt;) to label subpatterns."
@@ -2942,17 +3199,17 @@ msgstr ""
"підшаблонів."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2038
+#: sssd.conf.5.xml:2196
msgid "Default: <quote>%1$s@%2$s</quote>."
msgstr "Типове значення: <quote>%1$s@%2$s</quote>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2044
+#: sssd.conf.5.xml:2202
msgid "lookup_family_order (string)"
msgstr "lookup_family_order (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2047
+#: sssd.conf.5.xml:2205
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
@@ -2961,48 +3218,48 @@ msgstr ""
"під час виконання пошуків у DNS."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2051
+#: sssd.conf.5.xml:2209
msgid "Supported values:"
msgstr "Передбачено підтримку таких значень:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2054
+#: sssd.conf.5.xml:2212
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
"ipv4_first: спробувати визначити адресу у форматі IPv4, у разі невдачі "
"спробувати формат IPv6"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2057
+#: sssd.conf.5.xml:2215
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr ""
"ipv4_only: намагатися визначити назви вузлів лише у форматі адрес IPv4."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2060
+#: sssd.conf.5.xml:2218
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
"ipv6_first: спробувати визначити адресу у форматі IPv6, у разі невдачі "
"спробувати формат IPv4"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2063
+#: sssd.conf.5.xml:2221
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr ""
"ipv6_only: намагатися визначити назви вузлів лише у форматі адрес IPv6."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2066
+#: sssd.conf.5.xml:2224
msgid "Default: ipv4_first"
msgstr "Типове значення: ipv4_first"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2072
+#: sssd.conf.5.xml:2230
msgid "dns_resolver_timeout (integer)"
msgstr "dns_resolver_timeout (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2075
+#: sssd.conf.5.xml:2233
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -3013,18 +3270,18 @@ msgstr ""
"очікування буде перевищено, домен продовжуватиме роботу у автономному режимі."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2081 sssd-ldap.5.xml:1203 sssd-ldap.5.xml:1245
-#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:248
+#: sssd.conf.5.xml:2239 sssd-ldap.5.xml:1221 sssd-ldap.5.xml:1263
+#: sssd-ldap.5.xml:1281 sssd-krb5.5.xml:248
msgid "Default: 6"
msgstr "Типове значення: 6"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2087
+#: sssd.conf.5.xml:2245
msgid "dns_discovery_domain (string)"
msgstr "dns_discovery_domain (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2090
+#: sssd.conf.5.xml:2248
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
@@ -3033,54 +3290,54 @@ msgstr ""
"частину запиту визначення служб DNS."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2094
+#: sssd.conf.5.xml:2252
msgid "Default: Use the domain part of machine's hostname"
msgstr ""
"Типова поведінка: використовувати назву домену з назви вузла комп’ютера."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2100
+#: sssd.conf.5.xml:2258
msgid "override_gid (integer)"
msgstr "override_gid (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2103
+#: sssd.conf.5.xml:2261
msgid "Override the primary GID value with the one specified."
msgstr "Замірити значення основного GID на вказане."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2109
+#: sssd.conf.5.xml:2267
msgid "case_sensitive (string)"
msgstr "case_sensitive (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2117
+#: sssd.conf.5.xml:2275
msgid "True"
msgstr "True"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2120
+#: sssd.conf.5.xml:2278
msgid "Case sensitive. This value is invalid for AD provider."
msgstr ""
"Враховується регістр. Це значення є некоректним для засобу надання даних AD."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2126
+#: sssd.conf.5.xml:2284
msgid "False"
msgstr "False"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2128
+#: sssd.conf.5.xml:2286
msgid "Case insensitive."
msgstr "Без врахування регістру."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2132
+#: sssd.conf.5.xml:2290
msgid "Preserving"
msgstr "Preserving"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2135
+#: sssd.conf.5.xml:2293
msgid ""
"Same as False (case insensitive), but does not lowercase names in the result "
"of NSS operations. Note that name aliases (and in case of services also "
@@ -3092,7 +3349,7 @@ msgstr ""
"буде переведено у нижній регістр."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2112
+#: sssd.conf.5.xml:2270
msgid ""
"Treat user and group names as case sensitive. At the moment, this option is "
"not supported in the local provider. Possible option values are: "
@@ -3103,47 +3360,93 @@ msgstr ""
"значення параметра: <placeholder type=\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2147
+#: sssd.conf.5.xml:2305
msgid "Default: True (False for AD provider)"
msgstr "Типове значення: True (False для засобу надання даних AD)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2153
-msgid "proxy_fast_alias (boolean)"
-msgstr "proxy_fast_alias (булеве значення)"
+#: sssd.conf.5.xml:2311
+msgid "subdomain_inherit (string)"
+msgstr "subdomain_inherit (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2156
+#: sssd.conf.5.xml:2314
msgid ""
-"When a user or group is looked up by name in the proxy provider, a second "
-"lookup by ID is performed to \"canonicalize\" the name in case the requested "
-"name was an alias. Setting this option to true would cause the SSSD to "
-"perform the ID lookup from cache for performance reasons."
+"Specifies a list of configuration parameters that should be inherited by a "
+"subdomain. Please note that only selected parameters can be inherited. "
+"Currently the following options can be inherited:"
msgstr ""
-"Під час пошуку запису користувача чи групи за назвою у системі надання даних "
-"переадресації виконується вторинний пошук за ідентифікатором з метою "
-"визначення «канонічної» форми назви, якщо результат знайдено за "
-"альтернативною назвою (псевдонімом). Встановлення для цього параметра "
-"значення «true» призведе до того, що SSSD виконуватиме пошук ідентифікатора "
-"у кеші, щоб пришвидшити надання результатів."
+"Визначає список параметрів налаштування, які слід успадковувати для "
+"піддомену. Будь ласка, зауважте, що успадковуватимуться лише вказані "
+"параметри. У поточній версії передбачено можливість успадковування таких "
+"параметрів:"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2320
+msgid "ignore_group_members"
+msgstr "ignore_group_members"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2323
+msgid "ldap_purge_cache_timeout"
+msgstr "ldap_purge_cache_timeout"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2326 sssd-ldap.5.xml:1054
+msgid "ldap_use_tokengroups"
+msgstr "ldap_use_tokengroups"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2329
+msgid "ldap_user_principal"
+msgstr "ldap_user_principal"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2332
+msgid ""
+"ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab "
+"is not set explicitly)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd.conf.5.xml:2338
+#, no-wrap
+msgid ""
+"subdomain_inherit = ldap_purge_cache_timeout\n"
+" "
+msgstr ""
+"subdomain_inherit = ldap_purge_cache_timeout\n"
+" "
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2336
+msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr "Приклад: <placeholder type=\"programlisting\" id=\"0\"/>"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2345
+#, fuzzy
+#| msgid "This option is not available in IPA provider."
+msgid "Note: This option only works with the IPA and AD provider."
+msgstr "Цим параметром не можна скористатися у надавачі даних IPA."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2170
+#: sssd.conf.5.xml:2352
msgid "subdomain_homedir (string)"
msgstr "subdomain_homedir (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2181
+#: sssd.conf.5.xml:2363
msgid "%F"
msgstr "%F"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2182
+#: sssd.conf.5.xml:2364
msgid "flat (NetBIOS) name of a subdomain."
msgstr "спрощена (NetBIOS) назва піддомену."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2173
+#: sssd.conf.5.xml:2355
msgid ""
"Use this homedir as default value for all subdomains within this domain in "
"IPA AD trust. See <emphasis>override_homedir</emphasis> for info about "
@@ -3158,7 +3461,7 @@ msgstr ""
"emphasis>. <placeholder type=\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2187
+#: sssd.conf.5.xml:2369
msgid ""
"The value can be overridden by <emphasis>override_homedir</emphasis> option."
msgstr ""
@@ -3166,17 +3469,17 @@ msgstr ""
"emphasis>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2191
+#: sssd.conf.5.xml:2373
msgid "Default: <filename>/home/%d/%u</filename>"
msgstr "Типове значення: <filename>/home/%d/%u</filename>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2196
+#: sssd.conf.5.xml:2378
msgid "realmd_tags (string)"
msgstr "realmd_tags (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2199
+#: sssd.conf.5.xml:2381
msgid ""
"Various tags stored by the realmd configuration service for this domain."
msgstr ""
@@ -3184,14 +3487,14 @@ msgstr ""
"домену."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2205
+#: sssd.conf.5.xml:2387
#, fuzzy
#| msgid "memcache_timeout (int)"
msgid "cached_auth_timeout (int)"
msgstr "memcache_timeout (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2208
+#: sssd.conf.5.xml:2390
msgid ""
"Specifies time in seconds since last successful online authentication for "
"which user will be authenticated using cached credentials while SSSD is in "
@@ -3199,12 +3502,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2214
+#: sssd.conf.5.xml:2396
msgid "Special value 0 implies that this feature is disabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2218
+#: sssd.conf.5.xml:2400
msgid ""
"Please note that if <quote>cached_auth_timeout</quote> is longer than "
"<quote>pam_id_timeout</quote> then the back end could be called to handle "
@@ -3212,7 +3515,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1172
+#: sssd.conf.5.xml:1311
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -3223,17 +3526,17 @@ msgstr ""
"quote> <placeholder type=\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2236
+#: sssd.conf.5.xml:2418
msgid "proxy_pam_target (string)"
msgstr "proxy_pam_target (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2239
+#: sssd.conf.5.xml:2421
msgid "The proxy target PAM proxies to."
msgstr "Комп’ютер, для якого виконує проксі-сервер PAM."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2242
+#: sssd.conf.5.xml:2424
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
@@ -3242,12 +3545,12 @@ msgstr ""
"налаштуваннями pam або створити нові і тут додати назву служби."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2250
+#: sssd.conf.5.xml:2432
msgid "proxy_lib_name (string)"
msgstr "proxy_lib_name (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2253
+#: sssd.conf.5.xml:2435
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -3257,8 +3560,28 @@ msgstr ""
"NSS шукаються у бібліотеці у форматі _nss_$(назва_бібліотеки)_$(функція), "
"наприклад _nss_files_getpwent."
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2445
+msgid "proxy_fast_alias (boolean)"
+msgstr "proxy_fast_alias (булеве значення)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2448
+msgid ""
+"When a user or group is looked up by name in the proxy provider, a second "
+"lookup by ID is performed to \"canonicalize\" the name in case the requested "
+"name was an alias. Setting this option to true would cause the SSSD to "
+"perform the ID lookup from cache for performance reasons."
+msgstr ""
+"Під час пошуку запису користувача чи групи за назвою у системі надання даних "
+"переадресації виконується вторинний пошук за ідентифікатором з метою "
+"визначення «канонічної» форми назви, якщо результат знайдено за "
+"альтернативною назвою (псевдонімом). Встановлення для цього параметра "
+"значення «true» призведе до того, що SSSD виконуватиме пошук ідентифікатора "
+"у кеші, щоб пришвидшити надання результатів."
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2232
+#: sssd.conf.5.xml:2414
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
@@ -3267,12 +3590,12 @@ msgstr ""
"\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2265
+#: sssd.conf.5.xml:2465
msgid "The local domain section"
msgstr "Розділ локального домену"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2267
+#: sssd.conf.5.xml:2467
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -3283,29 +3606,29 @@ msgstr ""
"використовує <replaceable>id_provider=local</replaceable>."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2274
+#: sssd.conf.5.xml:2474
msgid "default_shell (string)"
msgstr "default_shell (рядок)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2277
+#: sssd.conf.5.xml:2477
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
"Типова оболонка для записів користувачів, створених за допомогою "
"інструментів простору користувачів SSSD."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2281
+#: sssd.conf.5.xml:2481
msgid "Default: <filename>/bin/bash</filename>"
msgstr "Типове значення: <filename>/bin/bash</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2286
+#: sssd.conf.5.xml:2486
msgid "base_directory (string)"
msgstr "base_directory (рядок)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2289
+#: sssd.conf.5.xml:2489
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
@@ -3314,17 +3637,17 @@ msgstr ""
"replaceable> і використовують отриману адресу як адресу домашнього каталогу."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2294
+#: sssd.conf.5.xml:2494
msgid "Default: <filename>/home</filename>"
msgstr "Типове значення: <filename>/home</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2299
+#: sssd.conf.5.xml:2499
msgid "create_homedir (bool)"
msgstr "create_homedir (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2302
+#: sssd.conf.5.xml:2502
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
@@ -3333,17 +3656,17 @@ msgstr ""
"Може бути перевизначено з командного рядка."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2306 sssd.conf.5.xml:2318
+#: sssd.conf.5.xml:2506 sssd.conf.5.xml:2518
msgid "Default: TRUE"
msgstr "Типове значення: TRUE"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2311
+#: sssd.conf.5.xml:2511
msgid "remove_homedir (bool)"
msgstr "remove_homedir (булівське значення)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2314
+#: sssd.conf.5.xml:2514
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
@@ -3352,12 +3675,12 @@ msgstr ""
"користувачів. Може бути перевизначено з командного рядка."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2323
+#: sssd.conf.5.xml:2523
msgid "homedir_umask (integer)"
msgstr "homedir_umask (ціле число)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2326
+#: sssd.conf.5.xml:2526
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -3368,17 +3691,17 @@ msgstr ""
"до щойно створеного домашнього каталогу."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2334
+#: sssd.conf.5.xml:2534
msgid "Default: 077"
msgstr "Типове значення: 077"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2339
+#: sssd.conf.5.xml:2539
msgid "skel_dir (string)"
msgstr "skel_dir (рядок)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2342
+#: sssd.conf.5.xml:2542
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -3391,17 +3714,17 @@ msgstr ""
"<manvolnum>8</manvolnum> </citerefentry>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2352
+#: sssd.conf.5.xml:2552
msgid "Default: <filename>/etc/skel</filename>"
msgstr "Типове значення: <filename>/etc/skel</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2357
+#: sssd.conf.5.xml:2557
msgid "mail_dir (string)"
msgstr "mail_dir (рядок)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2360
+#: sssd.conf.5.xml:2560
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -3412,17 +3735,17 @@ msgstr ""
"каталог не вказано, буде використано типове значення."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2367
+#: sssd.conf.5.xml:2567
msgid "Default: <filename>/var/mail</filename>"
msgstr "Типове значення: <filename>/var/mail</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2372
+#: sssd.conf.5.xml:2572
msgid "userdel_cmd (string)"
msgstr "userdel_cmd (рядок)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2375
+#: sssd.conf.5.xml:2575
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -3433,19 +3756,19 @@ msgstr ""
"вилучається. Код виконання, повернутий програмою не обробляється."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2381
+#: sssd.conf.5.xml:2581
msgid "Default: None, no command is run"
msgstr "Типове значення: None, не виконувати жодних команд"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:2391 sssd-ldap.5.xml:2611 sssd-simple.5.xml:131
-#: sssd-ipa.5.xml:717 sssd-ad.5.xml:889 sssd-krb5.5.xml:564
+#: sssd.conf.5.xml:2591 sssd-ldap.5.xml:2629 sssd-simple.5.xml:131
+#: sssd-ipa.5.xml:717 sssd-ad.5.xml:965 sssd-krb5.5.xml:564
#: sss_rpcidmapd.5.xml:98
msgid "EXAMPLE"
msgstr "ПРИКЛАД"
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:2397
+#: sssd.conf.5.xml:2597
#, no-wrap
msgid ""
"[sssd]\n"
@@ -3499,7 +3822,7 @@ msgstr ""
"enumerate = False\n"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2393
+#: sssd.conf.5.xml:2593
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -3563,7 +3886,7 @@ msgstr ""
"більше про використання LDAP, як засобу керування доступом."
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:88
+#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:89
#: sssd-krb5.5.xml:63 sssd-ifp.5.xml:44
msgid "CONFIGURATION OPTIONS"
msgstr "ПАРАМЕТРИ НАЛАШТУВАННЯ"
@@ -3683,8 +4006,8 @@ msgstr ""
"специфікації http://www.ietf.org/rfc/rfc2254.txt"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:646 sssd-ad.5.xml:212
-#: sss_override.8.xml:99 sss_override.8.xml:167
+#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:646 sssd-ad.5.xml:220
+#: sss_override.8.xml:137 sss_override.8.xml:234
msgid "Examples:"
msgstr "Приклади:"
@@ -4008,7 +4331,7 @@ msgid "ldap_user_modify_timestamp (string)"
msgstr "ldap_user_modify_timestamp (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:373 sssd-ldap.5.xml:914 sssd-ldap.5.xml:1119
+#: sssd-ldap.5.xml:373 sssd-ldap.5.xml:914 sssd-ldap.5.xml:1137
msgid ""
"The LDAP attribute that contains timestamp of the last modification of the "
"parent object."
@@ -4017,7 +4340,7 @@ msgstr ""
"об’єкта."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:377 sssd-ldap.5.xml:918 sssd-ldap.5.xml:1126
+#: sssd-ldap.5.xml:377 sssd-ldap.5.xml:918 sssd-ldap.5.xml:1144
msgid "Default: modifyTimestamp"
msgstr "Типове значення: modifyTimestamp"
@@ -4484,8 +4807,8 @@ msgid "The LDAP attribute that corresponds to the user's full name."
msgstr "Атрибут LDAP, що відповідає повному імені користувача."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:743 sssd-ldap.5.xml:850 sssd-ldap.5.xml:1077
-#: sssd-ldap.5.xml:1151 sssd-ldap.5.xml:2192 sssd-ipa.5.xml:590
+#: sssd-ldap.5.xml:743 sssd-ldap.5.xml:850 sssd-ldap.5.xml:1095
+#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:2210 sssd-ipa.5.xml:590
msgid "Default: cn"
msgstr "Типове значення: cn"
@@ -4717,11 +5040,34 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:945
+#, fuzzy
+#| msgid "ldap_group_member (string)"
+msgid "ldap_group_external_member (string)"
+msgstr "ldap_group_member (рядок)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:948
+msgid ""
+"The LDAP attribute that references group members that are defined in an "
+"external domain. At the moment, only IPA's external members are supported."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:954
+#, fuzzy
+#| msgid "Default: groupType in the AD provider, othewise not set"
+msgid "Default: ipaExternalMember in the IPA provider, otherwise unset."
+msgstr ""
+"Типове значення: groupType у засобі надання даних AD, у інших засобах не "
+"встановлено"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:961
msgid "ldap_group_nesting_level (integer)"
msgstr "ldap_group_nesting_level (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:948
+#: sssd-ldap.5.xml:964
msgid ""
"If ldap_schema is set to a schema format that supports nested groups (e.g. "
"RFC2307bis), then this option controls how many levels of nesting SSSD will "
@@ -4733,7 +5079,7 @@ msgstr ""
"параметра буде проігноровано, якщо використано схему RFC2307."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:955
+#: sssd-ldap.5.xml:971
msgid ""
"Note: This option specifies the guaranteed level of nested groups to be "
"processed for any lookup. However, nested groups beyond this limit "
@@ -4749,12 +5095,19 @@ msgstr ""
"початкового пошуку, якщо запити щодо пошуку надходять повторно."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:964
+#: sssd-ldap.5.xml:980
+#, fuzzy
+#| msgid ""
+#| "If ldap_group_nesting_level is set to 0 then no nested groups are "
+#| "processed at all. However, when connected to Active-Directory Server 2008 "
+#| "and later it is furthermore required to disable usage of Token-Groups by "
+#| "setting ldap_use_tokengroups to false."
msgid ""
"If ldap_group_nesting_level is set to 0 then no nested groups are processed "
-"at all. However, when connected to Active-Directory Server 2008 and later it "
-"is furthermore required to disable usage of Token-Groups by setting "
-"ldap_use_tokengroups to false."
+"at all. However, when connected to Active-Directory Server 2008 and later "
+"using <quote>id_provider=ad</quote> it is furthermore required to disable "
+"usage of Token-Groups by setting ldap_use_tokengroups to false in order to "
+"restrict group nesting."
msgstr ""
"Якщо значенням ldap_group_nesting_level є 0, вкладені групи взагалі не "
"оброблятимуться. Втім, якщо з’єднання встановлено з Active-Directory Server "
@@ -4763,17 +5116,17 @@ msgstr ""
"ldap_use_tokengroups значення false."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:971
+#: sssd-ldap.5.xml:989
msgid "Default: 2"
msgstr "Типове значення: 2"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:977
+#: sssd-ldap.5.xml:995
msgid "ldap_groups_use_matching_rule_in_chain"
msgstr "ldap_groups_use_matching_rule_in_chain"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:980
+#: sssd-ldap.5.xml:998
msgid ""
"This option tells SSSD to take advantage of an Active Directory-specific "
"feature which may speed up group lookup operations on deployments with "
@@ -4785,7 +5138,7 @@ msgstr ""
"високим рівнем вкладеності."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:986
+#: sssd-ldap.5.xml:1004
msgid ""
"In most common cases, it is best to leave this option disabled. It generally "
"only provides a performance increase on very complex nestings."
@@ -4794,7 +5147,7 @@ msgstr ""
"можна буде спостерігати лише у дуже складних випадках вкладеності груп."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:991 sssd-ldap.5.xml:1018
+#: sssd-ldap.5.xml:1009 sssd-ldap.5.xml:1036
msgid ""
"If this option is enabled, SSSD will use it if it detects that the server "
"supports it during initial connection. So \"True\" here essentially means "
@@ -4805,7 +5158,7 @@ msgstr ""
"можливості. Отже, насправді значення «True» означає «визначити автоматично»."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:997 sssd-ldap.5.xml:1024
+#: sssd-ldap.5.xml:1015 sssd-ldap.5.xml:1042
msgid ""
"Note: This feature is currently known to work only with Active Directory "
"2008 R1 and later. See <ulink url=\"http://msdn.microsoft.com/en-us/library/"
@@ -4817,19 +5170,13 @@ msgstr ""
"можна дізнатися з <ulink url=\"http://msdn.microsoft.com/en-us/library/"
"windows/desktop/aa746475%28v=vs.85%29.aspx\">документації MSDN(TM)</ulink>."
-#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1003 sssd-ldap.5.xml:1030 sssd-ldap.5.xml:1321
-#: sssd-ldap.5.xml:1342 sssd-ldap.5.xml:1848 include/ldap_id_mapping.xml:242
-msgid "Default: False"
-msgstr "Типове значення: False"
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1009
+#: sssd-ldap.5.xml:1027
msgid "ldap_initgroups_use_matching_rule_in_chain"
msgstr "ldap_initgroups_use_matching_rule_in_chain"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1012
+#: sssd-ldap.5.xml:1030
msgid ""
"This option tells SSSD to take advantage of an Active Directory-specific "
"feature which might speed up initgroups operations (most notably when "
@@ -4842,7 +5189,7 @@ msgstr ""
"вкладеності."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1039
+#: sssd-ldap.5.xml:1057
msgid ""
"This options enables or disables use of Token-Groups attribute when "
"performing initgroup for users from Active Directory Server 2008 and later."
@@ -4852,115 +5199,115 @@ msgstr ""
"Directory Server 2008 та новіших версій."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1044
+#: sssd-ldap.5.xml:1062
msgid "Default: True for AD and IPA otherwise False."
msgstr "Типове значення: True для AD і IPA, інакше False."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1050
+#: sssd-ldap.5.xml:1068
msgid "ldap_netgroup_object_class (string)"
msgstr "ldap_netgroup_object_class (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1053
+#: sssd-ldap.5.xml:1071
msgid "The object class of a netgroup entry in LDAP."
msgstr "Клас об’єктів запису мережевої групи (netgroup) у LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1056
+#: sssd-ldap.5.xml:1074
msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
msgstr "У надавачі даних IPA має бути використано ipa_netgroup_object_class."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1060
+#: sssd-ldap.5.xml:1078
msgid "Default: nisNetgroup"
msgstr "Типове значення: nisNetgroup"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1066
+#: sssd-ldap.5.xml:1084
msgid "ldap_netgroup_name (string)"
msgstr "ldap_netgroup_name (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1069
+#: sssd-ldap.5.xml:1087
msgid "The LDAP attribute that corresponds to the netgroup name."
msgstr "Атрибут LDAP, що відповідає назві мережевої групи (netgroup)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1073
+#: sssd-ldap.5.xml:1091
msgid "In IPA provider, ipa_netgroup_name should be used instead."
msgstr "У надавачі даних IPA має бути використано ipa_netgroup_name."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1083
+#: sssd-ldap.5.xml:1101
msgid "ldap_netgroup_member (string)"
msgstr "ldap_netgroup_member (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1086
+#: sssd-ldap.5.xml:1104
msgid "The LDAP attribute that contains the names of the netgroup's members."
msgstr ""
"Атрибут LDAP, у якому містяться імена учасників мережевої групи (netgroup)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1090
+#: sssd-ldap.5.xml:1108
msgid "In IPA provider, ipa_netgroup_member should be used instead."
msgstr "У надавачі даних IPA має бути використано ipa_netgroup_member."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1094
+#: sssd-ldap.5.xml:1112
msgid "Default: memberNisNetgroup"
msgstr "Типове значення: memberNisNetgroup"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1100
+#: sssd-ldap.5.xml:1118
msgid "ldap_netgroup_triple (string)"
msgstr "ldap_netgroup_triple (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1103
+#: sssd-ldap.5.xml:1121
msgid ""
"The LDAP attribute that contains the (host, user, domain) netgroup triples."
msgstr ""
"Атрибут LDAP, що містить трійки мережевої групи (вузол, користувач, домен)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1107 sssd-ldap.5.xml:1123
+#: sssd-ldap.5.xml:1125 sssd-ldap.5.xml:1141
msgid "This option is not available in IPA provider."
msgstr "Цим параметром не можна скористатися у надавачі даних IPA."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1110
+#: sssd-ldap.5.xml:1128
msgid "Default: nisNetgroupTriple"
msgstr "Типове значення: nisNetgroupTriple"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1116
+#: sssd-ldap.5.xml:1134
msgid "ldap_netgroup_modify_timestamp (string)"
msgstr "ldap_netgroup_modify_timestamp (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1132
+#: sssd-ldap.5.xml:1150
msgid "ldap_service_object_class (string)"
msgstr "ldap_service_object_class (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1135
+#: sssd-ldap.5.xml:1153
msgid "The object class of a service entry in LDAP."
msgstr "Клас об’єктів запису служби у LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1138
+#: sssd-ldap.5.xml:1156
msgid "Default: ipService"
msgstr "Типове значення: ipService"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1144
+#: sssd-ldap.5.xml:1162
msgid "ldap_service_name (string)"
msgstr "ldap_service_name (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1147
+#: sssd-ldap.5.xml:1165
msgid ""
"The LDAP attribute that contains the name of service attributes and their "
"aliases."
@@ -4968,48 +5315,48 @@ msgstr ""
"Атрибут LDAP, що містить назву атрибутів служби та замінників цих атрибутів."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1157
+#: sssd-ldap.5.xml:1175
msgid "ldap_service_port (string)"
msgstr "ldap_service_port (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1160
+#: sssd-ldap.5.xml:1178
msgid "The LDAP attribute that contains the port managed by this service."
msgstr "Атрибут LDAP, що містить номер порту, яким керує ця служба."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1164
+#: sssd-ldap.5.xml:1182
msgid "Default: ipServicePort"
msgstr "Типове значення: ipServicePort"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1170
+#: sssd-ldap.5.xml:1188
msgid "ldap_service_proto (string)"
msgstr "ldap_service_proto (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1173
+#: sssd-ldap.5.xml:1191
msgid ""
"The LDAP attribute that contains the protocols understood by this service."
msgstr "Атрибут LDAP, що містить протоколи, за яким може працювати ця служба."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1177
+#: sssd-ldap.5.xml:1195
msgid "Default: ipServiceProtocol"
msgstr "Типове значення: ipServiceProtocol"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1183
+#: sssd-ldap.5.xml:1201
msgid "ldap_service_search_base (string)"
msgstr "ldap_service_search_base (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1188
+#: sssd-ldap.5.xml:1206
msgid "ldap_search_timeout (integer)"
msgstr "ldap_search_timeout (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1191
+#: sssd-ldap.5.xml:1209
msgid ""
"Specifies the timeout (in seconds) that ldap searches are allowed to run "
"before they are cancelled and cached results are returned (and offline mode "
@@ -5020,7 +5367,7 @@ msgstr ""
"автономного режиму роботи)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1197
+#: sssd-ldap.5.xml:1215
msgid ""
"Note: this option is subject to change in future versions of the SSSD. It "
"will likely be replaced at some point by a series of timeouts for specific "
@@ -5031,12 +5378,12 @@ msgstr ""
"окремих типів пошуків."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1209
+#: sssd-ldap.5.xml:1227
msgid "ldap_enumeration_search_timeout (integer)"
msgstr "ldap_enumeration_search_timeout (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1212
+#: sssd-ldap.5.xml:1230
msgid ""
"Specifies the timeout (in seconds) that ldap searches for user and group "
"enumerations are allowed to run before they are cancelled and cached results "
@@ -5047,12 +5394,12 @@ msgstr ""
"кешованих даних (і переходом до автономного режиму роботи)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1225
+#: sssd-ldap.5.xml:1243
msgid "ldap_network_timeout (integer)"
msgstr "ldap_network_timeout (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1228
+#: sssd-ldap.5.xml:1246
msgid ""
"Specifies the timeout (in seconds) after which the <citerefentry> "
"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
@@ -5069,12 +5416,12 @@ msgstr ""
"citerefentry> повертається до стану бездіяльності."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1251
+#: sssd-ldap.5.xml:1269
msgid "ldap_opt_timeout (integer)"
msgstr "ldap_opt_timeout (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1254
+#: sssd-ldap.5.xml:1272
msgid ""
"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
"will abort if no response is received. Also controls the timeout when "
@@ -5088,12 +5435,12 @@ msgstr ""
"розширеної операції зі зміни пароля та дії StartTLS."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1269
+#: sssd-ldap.5.xml:1287
msgid "ldap_connection_expire_timeout (integer)"
msgstr "ldap_connection_expire_timeout (ціле значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1272
+#: sssd-ldap.5.xml:1290
msgid ""
"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
"maintained. After this time, the connection will be re-established. If used "
@@ -5107,17 +5454,17 @@ msgstr ""
"дії TGT)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1280 sssd-ldap.5.xml:2349
+#: sssd-ldap.5.xml:1298 sssd-ldap.5.xml:2367
msgid "Default: 900 (15 minutes)"
msgstr "Типове значення: 900 (15 хвилин)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1286
+#: sssd-ldap.5.xml:1304
msgid "ldap_page_size (integer)"
msgstr "ldap_page_size (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1289
+#: sssd-ldap.5.xml:1307
msgid ""
"Specify the number of records to retrieve from LDAP in a single request. "
"Some LDAP servers enforce a maximum limit per-request."
@@ -5127,17 +5474,17 @@ msgstr ""
"один запит."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1294
+#: sssd-ldap.5.xml:1312
msgid "Default: 1000"
msgstr "Типове значення: 1000"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1300
+#: sssd-ldap.5.xml:1318
msgid "ldap_disable_paging (boolean)"
msgstr "ldap_disable_paging (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1303
+#: sssd-ldap.5.xml:1321
msgid ""
"Disable the LDAP paging control. This option should be used if the LDAP "
"server reports that it supports the LDAP paging control in its RootDSE but "
@@ -5148,7 +5495,7 @@ msgstr ""
"RootDSE, але цю підтримку не увімкнено або вона не працює належним чином."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1309
+#: sssd-ldap.5.xml:1327
msgid ""
"Example: OpenLDAP servers with the paging control module installed on the "
"server but not enabled will report it in the RootDSE but be unable to use it."
@@ -5158,7 +5505,7 @@ msgstr ""
"підтримкою не можна скористатися."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1315
+#: sssd-ldap.5.xml:1333
msgid ""
"Example: 389 DS has a bug where it can only support a one paging control at "
"a time on a single connection. On busy clients, this can result in some "
@@ -5169,17 +5516,17 @@ msgstr ""
"це може призвести до відмови у виконанні запитів."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1327
+#: sssd-ldap.5.xml:1345
msgid "ldap_disable_range_retrieval (boolean)"
msgstr "ldap_disable_range_retrieval (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1330
+#: sssd-ldap.5.xml:1348
msgid "Disable Active Directory range retrieval."
msgstr "Вимкнути отримання діапазону Active Directory."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1333
+#: sssd-ldap.5.xml:1351
msgid ""
"Active Directory limits the number of members to be retrieved in a single "
"lookup using the MaxValRange policy (which defaults to 1500 members). If a "
@@ -5195,12 +5542,12 @@ msgstr ""
"буде представлено як такі, у яких немає учасників."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1348
+#: sssd-ldap.5.xml:1366
msgid "ldap_sasl_minssf (integer)"
msgstr "ldap_sasl_minssf (ціле значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1351
+#: sssd-ldap.5.xml:1369
msgid ""
"When communicating with an LDAP server using SASL, specify the minimum "
"security level necessary to establish the connection. The values of this "
@@ -5211,19 +5558,19 @@ msgstr ""
"параметра визначається OpenLDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1357
+#: sssd-ldap.5.xml:1375
msgid "Default: Use the system default (usually specified by ldap.conf)"
msgstr ""
"Типове значення: типове для системи значення (зазвичай, визначається у ldap."
"conf)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1364
+#: sssd-ldap.5.xml:1382
msgid "ldap_deref_threshold (integer)"
msgstr "ldap_deref_threshold (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1367
+#: sssd-ldap.5.xml:1385
msgid ""
"Specify the number of group members that must be missing from the internal "
"cache in order to trigger a dereference lookup. If less members are missing, "
@@ -5235,7 +5582,7 @@ msgstr ""
"виконуватиметься окремо."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1373
+#: sssd-ldap.5.xml:1391
msgid ""
"You can turn off dereference lookups completely by setting the value to 0."
msgstr ""
@@ -5243,7 +5590,7 @@ msgstr ""
"(розіменуванням), якщо вкажете значення 0."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1377
+#: sssd-ldap.5.xml:1395
msgid ""
"A dereference lookup is a means of fetching all group members in a single "
"LDAP call. Different LDAP servers may implement different dereference "
@@ -5256,7 +5603,7 @@ msgstr ""
"OpenLDAP та Active Directory."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1385
+#: sssd-ldap.5.xml:1403
msgid ""
"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
"filter, then the dereference lookup performance enhancement will be disabled "
@@ -5267,12 +5614,12 @@ msgstr ""
"незалежно від використання цього параметра."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1398
+#: sssd-ldap.5.xml:1416
msgid "ldap_tls_reqcert (string)"
msgstr "ldap_tls_reqcert (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1401
+#: sssd-ldap.5.xml:1419
msgid ""
"Specifies what checks to perform on server certificates in a TLS session, if "
"any. It can be specified as one of the following values:"
@@ -5282,7 +5629,7 @@ msgstr ""
"таких значень:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1407
+#: sssd-ldap.5.xml:1425
msgid ""
"<emphasis>never</emphasis> = The client will not request or check any server "
"certificate."
@@ -5291,7 +5638,7 @@ msgstr ""
"жодних сертифікатів сервера."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1411
+#: sssd-ldap.5.xml:1429
msgid ""
"<emphasis>allow</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -5303,7 +5650,7 @@ msgstr ""
"режимі."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1418
+#: sssd-ldap.5.xml:1436
msgid ""
"<emphasis>try</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -5314,7 +5661,7 @@ msgstr ""
"надано помилковий сертифікат, негайно перервати сеанс."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1424
+#: sssd-ldap.5.xml:1442
msgid ""
"<emphasis>demand</emphasis> = The server certificate is requested. If no "
"certificate is provided, or a bad certificate is provided, the session is "
@@ -5325,22 +5672,22 @@ msgstr ""
"перервати сеанс."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1430
+#: sssd-ldap.5.xml:1448
msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
msgstr "<emphasis>hard</emphasis> = те саме, що і <quote>demand</quote>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1434
+#: sssd-ldap.5.xml:1452
msgid "Default: hard"
msgstr "Типове значення: hard"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1440
+#: sssd-ldap.5.xml:1458
msgid "ldap_tls_cacert (string)"
msgstr "ldap_tls_cacert (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1443
+#: sssd-ldap.5.xml:1461
msgid ""
"Specifies the file that contains certificates for all of the Certificate "
"Authorities that <command>sssd</command> will recognize."
@@ -5349,7 +5696,7 @@ msgstr ""
"розпізнаються <command>sssd</command>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1448 sssd-ldap.5.xml:1466 sssd-ldap.5.xml:1507
+#: sssd-ldap.5.xml:1466 sssd-ldap.5.xml:1484 sssd-ldap.5.xml:1525
msgid ""
"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
"conf</filename>"
@@ -5358,12 +5705,12 @@ msgstr ""
"у <filename>/etc/openldap/ldap.conf</filename>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1455
+#: sssd-ldap.5.xml:1473
msgid "ldap_tls_cacertdir (string)"
msgstr "ldap_tls_cacertdir (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1458
+#: sssd-ldap.5.xml:1476
msgid ""
"Specifies the path of a directory that contains Certificate Authority "
"certificates in separate individual files. Typically the file names need to "
@@ -5376,32 +5723,32 @@ msgstr ""
"<command>cacertdir_rehash</command>, якщо ця програма є доступною."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1473
+#: sssd-ldap.5.xml:1491
msgid "ldap_tls_cert (string)"
msgstr "ldap_tls_cert (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1476
+#: sssd-ldap.5.xml:1494
msgid "Specifies the file that contains the certificate for the client's key."
msgstr "Визначає файл, який містить сертифікат для ключа клієнта."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1486
+#: sssd-ldap.5.xml:1504
msgid "ldap_tls_key (string)"
msgstr "ldap_tls_key (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1489
+#: sssd-ldap.5.xml:1507
msgid "Specifies the file that contains the client's key."
msgstr "Визначає файл, у якому міститься ключ клієнта."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1498
+#: sssd-ldap.5.xml:1516
msgid "ldap_tls_cipher_suite (string)"
msgstr "ldap_tls_cipher_suite (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1501
+#: sssd-ldap.5.xml:1519
msgid ""
"Specifies acceptable cipher suites. Typically this is a colon separated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -5413,12 +5760,12 @@ msgstr ""
"<manvolnum>5</manvolnum></citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1514
+#: sssd-ldap.5.xml:1532
msgid "ldap_id_use_start_tls (boolean)"
msgstr "ldap_id_use_start_tls (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1517
+#: sssd-ldap.5.xml:1535
msgid ""
"Specifies that the id_provider connection must also use <systemitem class="
"\"protocol\">tls</systemitem> to protect the channel."
@@ -5427,12 +5774,12 @@ msgstr ""
"class=\"protocol\">tls</systemitem> для захисту каналу."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1527
+#: sssd-ldap.5.xml:1545
msgid "ldap_id_mapping (boolean)"
msgstr "ldap_id_mapping (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1530
+#: sssd-ldap.5.xml:1548
msgid ""
"Specifies that SSSD should attempt to map user and group IDs from the "
"ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
@@ -5444,19 +5791,19 @@ msgstr ""
"ldap_group_gid_number."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1536
+#: sssd-ldap.5.xml:1554
msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
msgstr ""
"У поточній версії у цій можливості передбачено підтримку лише встановлення "
"відповідності objectSID у ActiveDirectory."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1546
+#: sssd-ldap.5.xml:1564
msgid "ldap_min_id, ldap_max_id (interger)"
msgstr "ldap_min_id, ldap_max_id (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1549
+#: sssd-ldap.5.xml:1567
msgid ""
"In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
"set to true the allowed ID range for ldap_user_uid_number and "
@@ -5476,18 +5823,18 @@ msgstr ""
"ідентифікаторів."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1561
+#: sssd-ldap.5.xml:1579
msgid "Default: not set (both options are set to 0)"
msgstr ""
"Типове значення: не встановлено (обидва параметри встановлено у значення 0)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1567
+#: sssd-ldap.5.xml:1585
msgid "ldap_sasl_mech (string)"
msgstr "ldap_sasl_mech (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1570
+#: sssd-ldap.5.xml:1588
msgid ""
"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
"supported."
@@ -5496,12 +5843,12 @@ msgstr ""
"перевірено і підтримується лише механізм GSSAPI."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1580
+#: sssd-ldap.5.xml:1598
msgid "ldap_sasl_authid (string)"
msgstr "ldap_sasl_authid (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1583
+#: sssd-ldap.5.xml:1601
msgid ""
"Specify the SASL authorization id to use. When GSSAPI is used, this "
"represents the Kerberos principal used for authentication to the directory. "
@@ -5516,17 +5863,17 @@ msgstr ""
"myhost)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1591
+#: sssd-ldap.5.xml:1609
msgid "Default: host/hostname@REALM"
msgstr "Типове значення: вузол/назва_вузла@ОБЛАСТЬ"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1597
+#: sssd-ldap.5.xml:1615
msgid "ldap_sasl_realm (string)"
msgstr "ldap_sasl_realm (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1600
+#: sssd-ldap.5.xml:1618
msgid ""
"Specify the SASL realm to use. When not specified, this option defaults to "
"the value of krb5_realm. If the ldap_sasl_authid contains the realm as "
@@ -5538,17 +5885,17 @@ msgstr ""
"проігноровано."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1606
+#: sssd-ldap.5.xml:1624
msgid "Default: the value of krb5_realm."
msgstr "Типове значення: значення krb5_realm."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1612
+#: sssd-ldap.5.xml:1630
msgid "ldap_sasl_canonicalize (boolean)"
msgstr "ldap_sasl_canonicalize (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1615
+#: sssd-ldap.5.xml:1633
msgid ""
"If set to true, the LDAP library would perform a reverse lookup to "
"canonicalize the host name during a SASL bind."
@@ -5558,34 +5905,34 @@ msgstr ""
"SASL."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1620
+#: sssd-ldap.5.xml:1638
msgid "Default: false;"
msgstr "Типове значення: false;"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1626
+#: sssd-ldap.5.xml:1644
msgid "ldap_krb5_keytab (string)"
msgstr "ldap_krb5_keytab (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1629
+#: sssd-ldap.5.xml:1647
msgid "Specify the keytab to use when using SASL/GSSAPI."
msgstr "Визначає таблицю ключів, яку слід використовувати разом з SASL/GSSAPI."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1632
+#: sssd-ldap.5.xml:1650
msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
msgstr ""
"Типове значення: системна таблиця ключів, зазвичай <filename>/etc/krb5."
"keytab</filename>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1638
+#: sssd-ldap.5.xml:1656
msgid "ldap_krb5_init_creds (boolean)"
msgstr "ldap_krb5_init_creds (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1641
+#: sssd-ldap.5.xml:1659
msgid ""
"Specifies that the id_provider should init Kerberos credentials (TGT). This "
"action is performed only if SASL is used and the mechanism selected is "
@@ -5596,27 +5943,27 @@ msgstr ""
"механізм GSSAPI."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1653
+#: sssd-ldap.5.xml:1671
msgid "ldap_krb5_ticket_lifetime (integer)"
msgstr "ldap_krb5_ticket_lifetime (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1656
+#: sssd-ldap.5.xml:1674
msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr "Визначає строк дії (у секундах) TGT, якщо використовується GSSAPI."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1660 sssd-ad.5.xml:783
+#: sssd-ldap.5.xml:1678 sssd-ad.5.xml:859
msgid "Default: 86400 (24 hours)"
msgstr "Типове значення: 86400 (24 години)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1666 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1684 sssd-krb5.5.xml:74
msgid "krb5_server, krb5_backup_server (string)"
msgstr "krb5_server, krb5_backup_server (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1669
+#: sssd-ldap.5.xml:1687
msgid ""
"Specifies the comma-separated list of IP addresses or hostnames of the "
"Kerberos servers to which SSSD should connect in the order of preference. "
@@ -5635,7 +5982,7 @@ msgstr ""
"про виявлення служб можна дізнатися з розділу «ПОШУК СЛУЖБ»."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1681 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1699 sssd-krb5.5.xml:89
msgid ""
"When using service discovery for KDC or kpasswd servers, SSSD first searches "
"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -5647,7 +5994,7 @@ msgstr ""
"вдасться знайти."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1686 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1704 sssd-krb5.5.xml:94
msgid ""
"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
"While the legacy name is recognized for the time being, users are advised to "
@@ -5658,29 +6005,29 @@ msgstr ""
"варто перейти на використання «krb5_server» у файлах налаштувань."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1695 sssd-ipa.5.xml:415 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1713 sssd-ipa.5.xml:415 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr "krb5_realm (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1698
+#: sssd-ldap.5.xml:1716
msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
msgstr "Вказати область Kerberos (для розпізнавання за SASL/GSSAPI)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1701
+#: sssd-ldap.5.xml:1719
msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
msgstr ""
"Типове значення: типове значення системи, див. <filename>/etc/krb5.conf</"
"filename>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1707 sssd-ipa.5.xml:430 sssd-krb5.5.xml:462
+#: sssd-ldap.5.xml:1725 sssd-ipa.5.xml:430 sssd-krb5.5.xml:462
msgid "krb5_canonicalize (boolean)"
msgstr "krb5_canonicalize (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1710
+#: sssd-ldap.5.xml:1728
msgid ""
"Specifies if the host principal should be canonicalized when connecting to "
"LDAP server. This feature is available with MIT Kerberos >= 1.7"
@@ -5690,12 +6037,12 @@ msgstr ""
"версії MIT Kerberos >= 1.7"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1722 sssd-krb5.5.xml:477
+#: sssd-ldap.5.xml:1740 sssd-krb5.5.xml:477
msgid "krb5_use_kdcinfo (boolean)"
msgstr "krb5_use_kdcinfo (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1725 sssd-krb5.5.xml:480
+#: sssd-ldap.5.xml:1743 sssd-krb5.5.xml:480
msgid ""
"Specifies if the SSSD should instruct the Kerberos libraries what realm and "
"which KDCs to use. This option is on by default, if you disable it, you need "
@@ -5710,7 +6057,7 @@ msgstr ""
"<manvolnum>5</manvolnum> </citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1736 sssd-krb5.5.xml:491
+#: sssd-ldap.5.xml:1754 sssd-krb5.5.xml:491
msgid ""
"See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
@@ -5721,12 +6068,12 @@ msgstr ""
"manvolnum> </citerefentry>, щоб дізнатися більше про додаток пошуку."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1750
+#: sssd-ldap.5.xml:1768
msgid "ldap_pwd_policy (string)"
msgstr "ldap_pwd_policy (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1753
+#: sssd-ldap.5.xml:1771
msgid ""
"Select the policy to evaluate the password expiration on the client side. "
"The following values are allowed:"
@@ -5735,7 +6082,7 @@ msgstr ""
"використовувати такі значення:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1758
+#: sssd-ldap.5.xml:1776
msgid ""
"<emphasis>none</emphasis> - No evaluation on the client side. This option "
"cannot disable server-side password policies."
@@ -5744,7 +6091,7 @@ msgstr ""
"разі використання цього варіанта перевірку на боці сервера вимкнено не буде."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1763
+#: sssd-ldap.5.xml:1781
msgid ""
"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -5755,7 +6102,7 @@ msgstr ""
"manvolnum></citerefentry> для визначення того, чи чинним є пароль."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1769
+#: sssd-ldap.5.xml:1787
msgid ""
"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
"to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -5766,7 +6113,7 @@ msgstr ""
"скористайтеся chpass_provider=krb5 для оновлення цих атрибутів."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1778
+#: sssd-ldap.5.xml:1796
msgid ""
"<emphasis>Note</emphasis>: if a password policy is configured on server "
"side, it always takes precedence over policy set with this option."
@@ -5776,18 +6123,18 @@ msgstr ""
"встановленими за допомогою цього параметра."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1786
+#: sssd-ldap.5.xml:1804
msgid "ldap_referrals (boolean)"
msgstr "ldap_referrals (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1789
+#: sssd-ldap.5.xml:1807
msgid "Specifies whether automatic referral chasing should be enabled."
msgstr ""
"Визначає, чи має бути увімкнено автоматичне визначення напрямків пошуку."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1793
+#: sssd-ldap.5.xml:1811
msgid ""
"Please note that sssd only supports referral chasing when it is compiled "
"with OpenLDAP version 2.4.13 or higher."
@@ -5796,7 +6143,7 @@ msgstr ""
"з версією OpenLDAP 2.4.13 або новішою версією."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1798
+#: sssd-ldap.5.xml:1816
msgid ""
"Chasing referrals may incur a performance penalty in environments that use "
"them heavily, a notable example is Microsoft Active Directory. If your setup "
@@ -5810,28 +6157,28 @@ msgstr ""
"«false» може значно пришвидшити роботу."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1812
+#: sssd-ldap.5.xml:1830
msgid "ldap_dns_service_name (string)"
msgstr "ldap_dns_service_name (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1815
+#: sssd-ldap.5.xml:1833
msgid "Specifies the service name to use when service discovery is enabled."
msgstr ""
"Визначає назву служби, яку буде використано у разі вмикання визначення служб."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1819
+#: sssd-ldap.5.xml:1837
msgid "Default: ldap"
msgstr "Типове значення: ldap"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1825
+#: sssd-ldap.5.xml:1843
msgid "ldap_chpass_dns_service_name (string)"
msgstr "ldap_chpass_dns_service_name (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1828
+#: sssd-ldap.5.xml:1846
msgid ""
"Specifies the service name to use to find an LDAP server which allows "
"password changes when service discovery is enabled."
@@ -5840,17 +6187,17 @@ msgstr ""
"уможливлює зміну паролів, у разі вмикання визначення служб."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1833
+#: sssd-ldap.5.xml:1851
msgid "Default: not set, i.e. service discovery is disabled"
msgstr "Типове значення: не встановлено, тобто пошук служб вимкнено"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1839
+#: sssd-ldap.5.xml:1857
msgid "ldap_chpass_update_last_change (bool)"
msgstr "ldap_chpass_update_last_change (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1842
+#: sssd-ldap.5.xml:1860
msgid ""
"Specifies whether to update the ldap_user_shadow_last_change attribute with "
"days since the Epoch after a password change operation."
@@ -5859,12 +6206,12 @@ msgstr ""
"щодо кількості днів з часу виконання дії зі зміни пароля."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1854
+#: sssd-ldap.5.xml:1872
msgid "ldap_access_filter (string)"
msgstr "ldap_access_filter (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1857
+#: sssd-ldap.5.xml:1875
msgid ""
"If using access_provider = ldap and ldap_access_order = filter (default), "
"this option is mandatory. It specifies an LDAP search filter criteria that "
@@ -5893,12 +6240,12 @@ msgstr ""
"refentrytitle><manvolnum>5</manvolnum> </citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1877
+#: sssd-ldap.5.xml:1895
msgid "Example:"
msgstr "Приклад:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1880
+#: sssd-ldap.5.xml:1898
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -5910,7 +6257,7 @@ msgstr ""
" "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1884
+#: sssd-ldap.5.xml:1902
msgid ""
"This example means that access to this host is restricted to users whose "
"employeeType attribute is set to \"admin\"."
@@ -5919,7 +6266,7 @@ msgstr ""
"employeeType встановлено у значення «admin»."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1889
+#: sssd-ldap.5.xml:1907
msgid ""
"Offline caching for this feature is limited to determining whether the "
"user's last online login was granted access permission. If they were granted "
@@ -5933,17 +6280,17 @@ msgstr ""
"таких прав не було надано, у автономному режимі їх також не буде надано."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1897 sssd-ldap.5.xml:1954
+#: sssd-ldap.5.xml:1915 sssd-ldap.5.xml:1972
msgid "Default: Empty"
msgstr "Типове значення: порожній рядок"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1903
+#: sssd-ldap.5.xml:1921
msgid "ldap_account_expire_policy (string)"
msgstr "ldap_account_expire_policy (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1906
+#: sssd-ldap.5.xml:1924
msgid ""
"With this option a client side evaluation of access control attributes can "
"be enabled."
@@ -5952,7 +6299,7 @@ msgstr ""
"керування доступом на боці клієнта."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1910
+#: sssd-ldap.5.xml:1928
msgid ""
"Please note that it is always recommended to use server side access control, "
"i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -5963,12 +6310,12 @@ msgstr ""
"з відповідним кодом помилки, навіть якщо вказано правильний пароль."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1917
+#: sssd-ldap.5.xml:1935
msgid "The following values are allowed:"
msgstr "Можна використовувати такі значення:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1920
+#: sssd-ldap.5.xml:1938
msgid ""
"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
"determine if the account is expired."
@@ -5977,7 +6324,7 @@ msgstr ""
"визначити, чи завершено строк дії облікового запису."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1925
+#: sssd-ldap.5.xml:1943
msgid ""
"<emphasis>ad</emphasis>: use the value of the 32bit field "
"ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -5990,7 +6337,7 @@ msgstr ""
"Також буде перевірено, чи не вичерпано строк дії облікового запису."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1932
+#: sssd-ldap.5.xml:1950
msgid ""
"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
"emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -6001,7 +6348,7 @@ msgstr ""
"ldap_ns_account_lock."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1938
+#: sssd-ldap.5.xml:1956
msgid ""
"<emphasis>nds</emphasis>: the values of "
"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -6014,7 +6361,7 @@ msgstr ""
"атрибутів, надати доступ."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1947
+#: sssd-ldap.5.xml:1965
msgid ""
"Please note that the ldap_access_order configuration option <emphasis>must</"
"emphasis> include <quote>expire</quote> in order for the "
@@ -6025,24 +6372,24 @@ msgstr ""
"користуватися параметром ldap_account_expire_policy."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1960
+#: sssd-ldap.5.xml:1978
msgid "ldap_access_order (string)"
msgstr "ldap_access_order (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1963
+#: sssd-ldap.5.xml:1981
msgid "Comma separated list of access control options. Allowed values are:"
msgstr ""
"Список відокремлених комами параметрів керування доступом. Можливі значення "
"списку:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1967
+#: sssd-ldap.5.xml:1985
msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
msgstr "<emphasis>filter</emphasis>: використовувати ldap_access_filter"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1970
+#: sssd-ldap.5.xml:1988
msgid ""
"<emphasis>lockout</emphasis>: use account locking. If set, this option "
"denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -6057,7 +6404,7 @@ msgstr ""
"для працездатності цієї можливості слід встановити «access_provider = ldap»."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1980
+#: sssd-ldap.5.xml:1998
msgid ""
"<emphasis> Please note that this option is superseded by the <quote>ppolicy</"
"quote> option and might be removed in a future release. </emphasis>"
@@ -6067,7 +6414,7 @@ msgstr ""
"emphasis>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1987
+#: sssd-ldap.5.xml:2005
msgid ""
"<emphasis>ppolicy</emphasis>: use account locking. If set, this option "
"denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -6090,13 +6437,13 @@ msgstr ""
"параметра слід встановити значення «access_provider = ldap»."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2004
+#: sssd-ldap.5.xml:2022
msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
msgstr ""
"<emphasis>expire</emphasis>: використовувати ldap_account_expire_policy"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2008
+#: sssd-ldap.5.xml:2026
msgid ""
"<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, "
"pwd_expire_policy_renew: </emphasis> These options are useful if users are "
@@ -6111,7 +6458,7 @@ msgstr ""
"наприклад на ключах SSH."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2018
+#: sssd-ldap.5.xml:2036
msgid ""
"The difference between these options is the action taken if user password is "
"expired: pwd_expire_policy_reject - user is denied to log in, "
@@ -6126,7 +6473,7 @@ msgstr ""
"негайно змінити пароль."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2026
+#: sssd-ldap.5.xml:2044
msgid ""
"Note If user password is expired no explicit message is prompted by SSSD."
msgstr ""
@@ -6134,7 +6481,7 @@ msgstr ""
"від SSSD не надходитиме."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2030
+#: sssd-ldap.5.xml:2048
msgid ""
"Please note that 'access_provider = ldap' must be set for this feature to "
"work. Also 'ldap_pwd_policy' must be set to an appropriate password policy."
@@ -6144,7 +6491,7 @@ msgstr ""
"параметра «ldap_pwd_policy» відповідні правила поводження із паролями."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2035
+#: sssd-ldap.5.xml:2053
msgid ""
"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
"to determine access"
@@ -6153,19 +6500,19 @@ msgstr ""
"можливості доступу атрибут authorizedService"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2040
+#: sssd-ldap.5.xml:2058
msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
msgstr ""
"<emphasis>host</emphasis>: за допомогою цього атрибута вузла можна визначити "
"права доступу"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2044
+#: sssd-ldap.5.xml:2062
msgid "Default: filter"
msgstr "Типове значення: filter"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2047
+#: sssd-ldap.5.xml:2065
msgid ""
"Please note that it is a configuration error if a value is used more than "
"once."
@@ -6174,12 +6521,12 @@ msgstr ""
"використано декілька разів."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2054
+#: sssd-ldap.5.xml:2072
msgid "ldap_pwdlockout_dn (string)"
msgstr "ldap_pwdlockout_dn (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2057
+#: sssd-ldap.5.xml:2075
msgid ""
"This option specifies the DN of password policy entry on LDAP server. Please "
"note that absence of this option in sssd.conf in case of enabled account "
@@ -6193,22 +6540,22 @@ msgstr ""
"можна буде перевірити належним чином."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2065
+#: sssd-ldap.5.xml:2083
msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com"
msgstr "Приклад: cn=ppolicy,ou=policies,dc=example,dc=com"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2068
+#: sssd-ldap.5.xml:2086
msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base"
msgstr "Типове значення: cn=ppolicy,ou=policies,$ldap_search_base"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2074
+#: sssd-ldap.5.xml:2092
msgid "ldap_deref (string)"
msgstr "ldap_deref (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2077
+#: sssd-ldap.5.xml:2095
msgid ""
"Specifies how alias dereferencing is done when performing a search. The "
"following options are allowed:"
@@ -6217,13 +6564,13 @@ msgstr ""
"пошуку. Можливі такі варіанти:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2082
+#: sssd-ldap.5.xml:2100
msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
msgstr ""
"<emphasis>never</emphasis>: ніколи не виконувати розіменування псевдонімів."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2086
+#: sssd-ldap.5.xml:2104
msgid ""
"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
"the base object, but not in locating the base object of the search."
@@ -6233,7 +6580,7 @@ msgstr ""
"пошуку."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2091
+#: sssd-ldap.5.xml:2109
msgid ""
"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
"the base object of the search."
@@ -6242,7 +6589,7 @@ msgstr ""
"під час визначення місця основного об’єкта пошуку."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2096
+#: sssd-ldap.5.xml:2114
msgid ""
"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
"in locating the base object of the search."
@@ -6251,7 +6598,7 @@ msgstr ""
"час пошуку, так і під час визначення місця основного об’єкта пошуку."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2101
+#: sssd-ldap.5.xml:2119
msgid ""
"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
"client libraries)"
@@ -6260,12 +6607,12 @@ msgstr ""
"сценарієм <emphasis>never</emphasis>)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2109
+#: sssd-ldap.5.xml:2127
msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
msgstr "ldap_rfc2307_fallback_to_local_users (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2112
+#: sssd-ldap.5.xml:2130
msgid ""
"Allows to retain local users as members of an LDAP group for servers that "
"use the RFC2307 schema."
@@ -6274,7 +6621,7 @@ msgstr ""
"серверів, у яких використовується схема RFC2307."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2116
+#: sssd-ldap.5.xml:2134
msgid ""
"In some environments where the RFC2307 schema is used, local users are made "
"members of LDAP groups by adding their names to the memberUid attribute. "
@@ -6292,7 +6639,7 @@ msgstr ""
"користувачів за допомогою виклику getpw*() або initgroups()."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2127
+#: sssd-ldap.5.xml:2145
msgid ""
"This option falls back to checking if local users are referenced, and caches "
"them so that later initgroups() calls will augment the local users with the "
@@ -6304,26 +6651,26 @@ msgstr ""
"групами LDAP."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2139 sssd-ifp.5.xml:136
+#: sssd-ldap.5.xml:2157 sssd-ifp.5.xml:136
#, fuzzy
#| msgid "ldap_opt_timeout (integer)"
msgid "wildcart_limit (integer)"
msgstr "ldap_opt_timeout (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2142
+#: sssd-ldap.5.xml:2160
msgid ""
"Specifies an upper limit on the number of entries that are downloaded during "
"a wildcard lookup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2146
+#: sssd-ldap.5.xml:2164
msgid "At the moment, only the InfoPipe responder supports wildcard lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2150
+#: sssd-ldap.5.xml:2168
msgid "Default: 1000 (often the size of one page)"
msgstr ""
@@ -6343,12 +6690,12 @@ msgstr ""
"<placeholder type=\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2160
+#: sssd-ldap.5.xml:2178
msgid "SUDO OPTIONS"
msgstr "ПАРАМЕТРИ SUDO"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2162
+#: sssd-ldap.5.xml:2180
msgid ""
"The detailed instructions for configuration of sudo_provider are in the "
"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -6359,52 +6706,52 @@ msgstr ""
"<manvolnum>5</manvolnum> </citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2173
+#: sssd-ldap.5.xml:2191
msgid "ldap_sudorule_object_class (string)"
msgstr "ldap_sudorule_object_class (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2176
+#: sssd-ldap.5.xml:2194
msgid "The object class of a sudo rule entry in LDAP."
msgstr "Клас об’єктів запису правила sudo у LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2179
+#: sssd-ldap.5.xml:2197
msgid "Default: sudoRole"
msgstr "Типове значення: sudoRole"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2185
+#: sssd-ldap.5.xml:2203
msgid "ldap_sudorule_name (string)"
msgstr "ldap_sudorule_name (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2188
+#: sssd-ldap.5.xml:2206
msgid "The LDAP attribute that corresponds to the sudo rule name."
msgstr "Атрибут LDAP, що відповідає назві правила sudo."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2198
+#: sssd-ldap.5.xml:2216
msgid "ldap_sudorule_command (string)"
msgstr "ldap_sudorule_command (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2201
+#: sssd-ldap.5.xml:2219
msgid "The LDAP attribute that corresponds to the command name."
msgstr "Атрибут LDAP, що відповідає назві команди."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2205
+#: sssd-ldap.5.xml:2223
msgid "Default: sudoCommand"
msgstr "Типове значення: sudoCommand"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2211
+#: sssd-ldap.5.xml:2229
msgid "ldap_sudorule_host (string)"
msgstr "ldap_sudorule_host (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2214
+#: sssd-ldap.5.xml:2232
msgid ""
"The LDAP attribute that corresponds to the host name (or host IP address, "
"host IP network, or host netgroup)"
@@ -6413,17 +6760,17 @@ msgstr ""
"вузла, мережевій групі вузла)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2219
+#: sssd-ldap.5.xml:2237
msgid "Default: sudoHost"
msgstr "Типове значення: sudoHost"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2225
+#: sssd-ldap.5.xml:2243
msgid "ldap_sudorule_user (string)"
msgstr "ldap_sudorule_user (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2228
+#: sssd-ldap.5.xml:2246
msgid ""
"The LDAP attribute that corresponds to the user name (or UID, group name or "
"user's netgroup)"
@@ -6432,32 +6779,32 @@ msgstr ""
"або назві мережевої групи користувача)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2232
+#: sssd-ldap.5.xml:2250
msgid "Default: sudoUser"
msgstr "Типове значення: sudoUser"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2238
+#: sssd-ldap.5.xml:2256
msgid "ldap_sudorule_option (string)"
msgstr "ldap_sudorule_option (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2241
+#: sssd-ldap.5.xml:2259
msgid "The LDAP attribute that corresponds to the sudo options."
msgstr "Атрибут LDAP, що відповідає параметрам sudo."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2245
+#: sssd-ldap.5.xml:2263
msgid "Default: sudoOption"
msgstr "Типове значення: sudoOption"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2251
+#: sssd-ldap.5.xml:2269
msgid "ldap_sudorule_runasuser (string)"
msgstr "ldap_sudorule_runasuser (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2254
+#: sssd-ldap.5.xml:2272
msgid ""
"The LDAP attribute that corresponds to the user name that commands may be "
"run as."
@@ -6466,17 +6813,17 @@ msgstr ""
"команди."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2258
+#: sssd-ldap.5.xml:2276
msgid "Default: sudoRunAsUser"
msgstr "Типове значення: sudoRunAsUser"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2264
+#: sssd-ldap.5.xml:2282
msgid "ldap_sudorule_runasgroup (string)"
msgstr "ldap_sudorule_runasgroup (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2267
+#: sssd-ldap.5.xml:2285
msgid ""
"The LDAP attribute that corresponds to the group name or group GID that "
"commands may be run as."
@@ -6485,17 +6832,17 @@ msgstr ""
"виконувати команди."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2271
+#: sssd-ldap.5.xml:2289
msgid "Default: sudoRunAsGroup"
msgstr "Типове значення: sudoRunAsGroup"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2277
+#: sssd-ldap.5.xml:2295
msgid "ldap_sudorule_notbefore (string)"
msgstr "ldap_sudorule_notbefore (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2280
+#: sssd-ldap.5.xml:2298
msgid ""
"The LDAP attribute that corresponds to the start date/time for when the sudo "
"rule is valid."
@@ -6503,49 +6850,49 @@ msgstr ""
"Атрибут LDAP, що відповідає даті і часу набуття чинності правилом sudo."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2284
+#: sssd-ldap.5.xml:2302
msgid "Default: sudoNotBefore"
msgstr "Типове значення: sudoNotBefore"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2290
+#: sssd-ldap.5.xml:2308
msgid "ldap_sudorule_notafter (string)"
msgstr "ldap_sudorule_notafter (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2293
+#: sssd-ldap.5.xml:2311
msgid ""
"The LDAP attribute that corresponds to the expiration date/time, after which "
"the sudo rule will no longer be valid."
msgstr "Атрибут LDAP, що відповідає даті і часу втрати чинності правилом sudo."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2298
+#: sssd-ldap.5.xml:2316
msgid "Default: sudoNotAfter"
msgstr "Типове значення: sudoNotAfter"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2304
+#: sssd-ldap.5.xml:2322
msgid "ldap_sudorule_order (string)"
msgstr "ldap_sudorule_order (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2307
+#: sssd-ldap.5.xml:2325
msgid "The LDAP attribute that corresponds to the ordering index of the rule."
msgstr "Атрибут LDAP, що відповідає порядковому номеру правила."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2311
+#: sssd-ldap.5.xml:2329
msgid "Default: sudoOrder"
msgstr "Типове значення: sudoOrder"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2317
+#: sssd-ldap.5.xml:2335
msgid "ldap_sudo_full_refresh_interval (integer)"
msgstr "ldap_sudo_full_refresh_interval (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2320
+#: sssd-ldap.5.xml:2338
msgid ""
"How many seconds SSSD will wait between executing a full refresh of sudo "
"rules (which downloads all rules that are stored on the server)."
@@ -6555,7 +6902,7 @@ msgstr ""
"набір правил, що зберігаються на сервері."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2325
+#: sssd-ldap.5.xml:2343
msgid ""
"The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
"emphasis>"
@@ -6564,17 +6911,17 @@ msgstr ""
"<emphasis>ldap_sudo_smart_refresh_interval </emphasis>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2330
+#: sssd-ldap.5.xml:2348
msgid "Default: 21600 (6 hours)"
msgstr "Типове значення: 21600 (6 годин)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2336
+#: sssd-ldap.5.xml:2354
msgid "ldap_sudo_smart_refresh_interval (integer)"
msgstr "ldap_sudo_smart_refresh_interval (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2339
+#: sssd-ldap.5.xml:2357
msgid ""
"How many seconds SSSD has to wait before executing a smart refresh of sudo "
"rules (which downloads all rules that have USN higher than the highest USN "
@@ -6585,7 +6932,7 @@ msgstr ""
"правил, USN яких перевищує найбільше значення USN у кешованих правилах."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2345
+#: sssd-ldap.5.xml:2363
msgid ""
"If USN attributes are not supported by the server, the modifyTimestamp "
"attribute is used instead."
@@ -6594,12 +6941,12 @@ msgstr ""
"дані атрибута modifyTimestamp."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2355
+#: sssd-ldap.5.xml:2373
msgid "ldap_sudo_use_host_filter (boolean)"
msgstr "ldap_sudo_use_host_filter (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2358
+#: sssd-ldap.5.xml:2376
msgid ""
"If true, SSSD will download only rules that are applicable to this machine "
"(using the IPv4 or IPv6 host/network addresses and hostnames)."
@@ -6609,12 +6956,12 @@ msgstr ""
"назв вузлів)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2369
+#: sssd-ldap.5.xml:2387
msgid "ldap_sudo_hostnames (string)"
msgstr "ldap_sudo_hostnames (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2372
+#: sssd-ldap.5.xml:2390
msgid ""
"Space separated list of hostnames or fully qualified domain names that "
"should be used to filter the rules."
@@ -6623,7 +6970,7 @@ msgstr ""
"фільтрування списку правил."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2377
+#: sssd-ldap.5.xml:2395
msgid ""
"If this option is empty, SSSD will try to discover the hostname and the "
"fully qualified domain name automatically."
@@ -6632,8 +6979,8 @@ msgstr ""
"назву вузла та повну назву комп’ютера у домені у автоматичному режимі."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2382 sssd-ldap.5.xml:2405 sssd-ldap.5.xml:2423
-#: sssd-ldap.5.xml:2441
+#: sssd-ldap.5.xml:2400 sssd-ldap.5.xml:2423 sssd-ldap.5.xml:2441
+#: sssd-ldap.5.xml:2459
msgid ""
"If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
"emphasis> then this option has no effect."
@@ -6642,17 +6989,17 @@ msgstr ""
"<emphasis>false</emphasis>, цей параметр ні на що не впливатиме."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2387 sssd-ldap.5.xml:2410
+#: sssd-ldap.5.xml:2405 sssd-ldap.5.xml:2428
msgid "Default: not specified"
msgstr "Типове значення: не вказано"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2393
+#: sssd-ldap.5.xml:2411
msgid "ldap_sudo_ip (string)"
msgstr "ldap_sudo_ip (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2396
+#: sssd-ldap.5.xml:2414
msgid ""
"Space separated list of IPv4 or IPv6 host/network addresses that should be "
"used to filter the rules."
@@ -6661,7 +7008,7 @@ msgstr ""
"правил."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2401
+#: sssd-ldap.5.xml:2419
msgid ""
"If this option is empty, SSSD will try to discover the addresses "
"automatically."
@@ -6670,12 +7017,12 @@ msgstr ""
"адресу у автоматичному режимі."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2416
+#: sssd-ldap.5.xml:2434
msgid "ldap_sudo_include_netgroups (boolean)"
msgstr "ldap_sudo_include_netgroups (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2419
+#: sssd-ldap.5.xml:2437
msgid ""
"If true then SSSD will download every rule that contains a netgroup in "
"sudoHost attribute."
@@ -6684,12 +7031,12 @@ msgstr ""
"мережеву групу (netgroup) у атрибуті sudoHost."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2434
+#: sssd-ldap.5.xml:2452
msgid "ldap_sudo_include_regexp (boolean)"
msgstr "ldap_sudo_include_regexp (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2437
+#: sssd-ldap.5.xml:2455
msgid ""
"If true then SSSD will download every rule that contains a wildcard in "
"sudoHost attribute."
@@ -6698,7 +7045,7 @@ msgstr ""
"заміни у атрибуті sudoHost."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2453
+#: sssd-ldap.5.xml:2471
msgid ""
"This manual page only describes attribute name mapping. For detailed "
"explanation of sudo related attribute semantics, see <citerefentry> "
@@ -6711,71 +7058,71 @@ msgstr ""
"refentrytitle><manvolnum>5</manvolnum> </citerefentry>."
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2463
+#: sssd-ldap.5.xml:2481
msgid "AUTOFS OPTIONS"
msgstr "ПАРАМЕТРИ AUTOFS"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2465
+#: sssd-ldap.5.xml:2483
msgid ""
"Some of the defaults for the parameters below are dependent on the LDAP "
"schema."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2471
+#: sssd-ldap.5.xml:2489
msgid "ldap_autofs_map_master_name (string)"
msgstr "ldap_autofs_map_master_name (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2474
+#: sssd-ldap.5.xml:2492
msgid "The name of the automount master map in LDAP."
msgstr "Назва основної карти автоматичного монтування у LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2477
+#: sssd-ldap.5.xml:2495
msgid "Default: auto.master"
msgstr "Типове значення: auto.master"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2484
+#: sssd-ldap.5.xml:2502
msgid "ldap_autofs_map_object_class (string)"
msgstr "ldap_autofs_map_object_class (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2487
+#: sssd-ldap.5.xml:2505
msgid "The object class of an automount map entry in LDAP."
msgstr "Клас об’єктів запису карти автоматичного монтування у LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2490
+#: sssd-ldap.5.xml:2508
msgid "Default: automountMap"
msgstr "Типове значення: automountMap"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2497
+#: sssd-ldap.5.xml:2515
msgid "ldap_autofs_map_name (string)"
msgstr "ldap_autofs_map_name (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2500
+#: sssd-ldap.5.xml:2518
msgid "The name of an automount map entry in LDAP."
msgstr "Назва запису карти автоматичного монтування у LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2503
+#: sssd-ldap.5.xml:2521
#, fuzzy
#| msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
msgid "Default: ou (rfc2307), automountMapName (rfc2307bis, ipa, ad)"
msgstr "Типове значення: memberuid (rfc2307) / member (rfc2307bis)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2511
+#: sssd-ldap.5.xml:2529
msgid "ldap_autofs_entry_object_class (string)"
msgstr "ldap_autofs_entry_object_class (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2514
+#: sssd-ldap.5.xml:2532
#, fuzzy
#| msgid ""
#| "The key of an automount entry in LDAP. The entry usually corresponds to a "
@@ -6788,19 +7135,19 @@ msgstr ""
"точні монтування."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2519
+#: sssd-ldap.5.xml:2537
#, fuzzy
#| msgid "Default: automountMap"
msgid "Default: automount"
msgstr "Типове значення: automountMap"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2526
+#: sssd-ldap.5.xml:2544
msgid "ldap_autofs_entry_key (string)"
msgstr "ldap_autofs_entry_key (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2529 sssd-ldap.5.xml:2544
+#: sssd-ldap.5.xml:2547 sssd-ldap.5.xml:2562
msgid ""
"The key of an automount entry in LDAP. The entry usually corresponds to a "
"mount point."
@@ -6809,24 +7156,24 @@ msgstr ""
"точні монтування."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2533
+#: sssd-ldap.5.xml:2551
#, fuzzy
#| msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
msgid "Default: cn (rfc2307), automountKey (rfc2307bis, ipa, ad)"
msgstr "Типове значення: memberuid (rfc2307) / member (rfc2307bis)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2541
+#: sssd-ldap.5.xml:2559
msgid "ldap_autofs_entry_value (string)"
msgstr "ldap_autofs_entry_value (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2548
+#: sssd-ldap.5.xml:2566
msgid "Default: automountInformation"
msgstr "Типове значення: automountInformation"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2469
+#: sssd-ldap.5.xml:2487
msgid ""
"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
@@ -6839,32 +7186,32 @@ msgstr ""
"\"variablelist\" id=\"4\"/> <placeholder type=\"variablelist\" id=\"5\"/>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2558
+#: sssd-ldap.5.xml:2576
msgid "ADVANCED OPTIONS"
msgstr "ДОДАТКОВІ ПАРАМЕТРИ"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2565
+#: sssd-ldap.5.xml:2583
msgid "ldap_netgroup_search_base (string)"
msgstr "ldap_netgroup_search_base (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2570
+#: sssd-ldap.5.xml:2588
msgid "ldap_user_search_base (string)"
msgstr "ldap_user_search_base (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2575
+#: sssd-ldap.5.xml:2593
msgid "ldap_group_search_base (string)"
msgstr "ldap_group_search_base (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><note>
-#: sssd-ldap.5.xml:2580
+#: sssd-ldap.5.xml:2598
msgid "<note>"
msgstr "<note>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para>
-#: sssd-ldap.5.xml:2582
+#: sssd-ldap.5.xml:2600
msgid ""
"If the option <quote>ldap_use_tokengroups</quote> is enabled. The searches "
"against Active Directory will not be restricted and return all groups "
@@ -6877,22 +7224,22 @@ msgstr ""
"показуються неправильно."
#. type: Content of: <reference><refentry><refsect1><para><variablelist>
-#: sssd-ldap.5.xml:2589
+#: sssd-ldap.5.xml:2607
msgid "</note>"
msgstr "</note>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2591
+#: sssd-ldap.5.xml:2609
msgid "ldap_sudo_search_base (string)"
msgstr "ldap_sudo_search_base (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2596
+#: sssd-ldap.5.xml:2614
msgid "ldap_autofs_search_base (string)"
msgstr "ldap_autofs_search_base (рядок)"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2560
+#: sssd-ldap.5.xml:2578
msgid ""
"These options are supported by LDAP domains, but they should be used with "
"caution. Please include them in your configuration only if you know what you "
@@ -6905,7 +7252,7 @@ msgstr ""
"<placeholder type=\"variablelist\" id=\"1\"/>"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2613
+#: sssd-ldap.5.xml:2631
msgid ""
"The following example assumes that SSSD is correctly configured and LDAP is "
"set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -6916,7 +7263,7 @@ msgstr ""
"<replaceable>[domains]</replaceable>."
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2619
+#: sssd-ldap.5.xml:2637
#, no-wrap
msgid ""
"[domain/LDAP]\n"
@@ -6936,19 +7283,19 @@ msgstr ""
"cache_credentials = true\n"
#. type: Content of: <refsect1><refsect2><para>
-#: sssd-ldap.5.xml:2618 sssd-ldap.5.xml:2636 sssd-simple.5.xml:139
-#: sssd-ipa.5.xml:725 sssd-ad.5.xml:897 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98
+#: sssd-ldap.5.xml:2636 sssd-ldap.5.xml:2654 sssd-simple.5.xml:139
+#: sssd-ipa.5.xml:725 sssd-ad.5.xml:973 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98
#: sssd-krb5.5.xml:573 include/ldap_id_mapping.xml:105
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr "<placeholder type=\"programlisting\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2630
+#: sssd-ldap.5.xml:2648
msgid "LDAP ACCESS FILTER EXAMPLE"
msgstr "ПРИКЛАД ФІЛЬТРА ДОСТУПУ LDAP"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2632
+#: sssd-ldap.5.xml:2650
msgid ""
"The following example assumes that SSSD is correctly configured and to use "
"the ldap_access_order=lockout."
@@ -6957,7 +7304,7 @@ msgstr ""
"чином і використано ldap_access_order=lockout."
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2637
+#: sssd-ldap.5.xml:2655
#, no-wrap
msgid ""
"[domain/LDAP]\n"
@@ -6983,13 +7330,13 @@ msgstr ""
"cache_credentials = true\n"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2652 sssd_krb5_locator_plugin.8.xml:61
-#: sssd-simple.5.xml:148 sssd-ad.5.xml:912 sssd.8.xml:195 sss_seed.8.xml:163
+#: sssd-ldap.5.xml:2670 sssd_krb5_locator_plugin.8.xml:61
+#: sssd-simple.5.xml:148 sssd-ad.5.xml:988 sssd.8.xml:195 sss_seed.8.xml:163
msgid "NOTES"
msgstr "ЗАУВАЖЕННЯ"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2654
+#: sssd-ldap.5.xml:2672
msgid ""
"The descriptions of some of the configuration options in this manual page "
"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -7022,6 +7369,17 @@ msgstr "модуль PAM для SSSD"
#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
#: pam_sss.8.xml:24
+#, fuzzy
+#| msgid ""
+#| "<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</"
+#| "replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</"
+#| "replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</"
+#| "replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</"
+#| "replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> "
+#| "</arg> <arg choice='opt'> <replaceable>ignore_unknown_user</replaceable> "
+#| "</arg> <arg choice='opt'> <replaceable>ignore_authinfo_unavail</"
+#| "replaceable> </arg> <arg choice='opt'> <replaceable>domains=X</"
+#| "replaceable> </arg>"
msgid ""
"<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</"
"replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</"
@@ -7030,7 +7388,8 @@ msgid ""
"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </"
"arg> <arg choice='opt'> <replaceable>ignore_unknown_user</replaceable> </"
"arg> <arg choice='opt'> <replaceable>ignore_authinfo_unavail</replaceable> </"
-"arg> <arg choice='opt'> <replaceable>domains=X</replaceable> </arg>"
+"arg> <arg choice='opt'> <replaceable>domains=X</replaceable> </arg> <arg "
+"choice='opt'> <replaceable>allow_missing_name</replaceable> </arg>"
msgstr ""
"<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</"
"replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</"
@@ -7042,7 +7401,7 @@ msgstr ""
"arg> <arg choice='opt'> <replaceable>domains=X</replaceable> </arg>"
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:54
+#: pam_sss.8.xml:57
msgid ""
"<command>pam_sss.so</command> is the PAM interface to the System Security "
"Services daemon (SSSD). Errors and results are logged through "
@@ -7053,22 +7412,22 @@ msgstr ""
"<command>syslog(3)</command> до запису LOG_AUTHPRIV."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:64
+#: pam_sss.8.xml:67
msgid "<option>quiet</option>"
msgstr "<option>quiet</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:67
+#: pam_sss.8.xml:70
msgid "Suppress log messages for unknown users."
msgstr "Не показувати у журналі повідомлень для невідомих користувачів."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:72
+#: pam_sss.8.xml:75
msgid "<option>forward_pass</option>"
msgstr "<option>forward_pass</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:75
+#: pam_sss.8.xml:78
msgid ""
"If <option>forward_pass</option> is set the entered password is put on the "
"stack for other PAM modules to use."
@@ -7077,12 +7436,12 @@ msgstr ""
"буде збережено у стосі паролів для використання іншими модулями PAM."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:82
+#: pam_sss.8.xml:85
msgid "<option>use_first_pass</option>"
msgstr "<option>use_first_pass</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:85
+#: pam_sss.8.xml:88
msgid ""
"The argument use_first_pass forces the module to use a previous stacked "
"modules password and will never prompt the user - if no password is "
@@ -7094,12 +7453,12 @@ msgstr ""
"непридатним, доступ користувачеві буде заборонено."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:93
+#: pam_sss.8.xml:96
msgid "<option>use_authtok</option>"
msgstr "<option>use_authtok</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:96
+#: pam_sss.8.xml:99
msgid ""
"When password changing enforce the module to set the new password to the one "
"provided by a previously stacked password module."
@@ -7109,12 +7468,12 @@ msgstr ""
"стосу модулів."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:103
+#: pam_sss.8.xml:106
msgid "<option>retry=N</option>"
msgstr "<option>retry=N</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:106
+#: pam_sss.8.xml:109
msgid ""
"If specified the user is asked another N times for a password if "
"authentication fails. Default is 0."
@@ -7123,7 +7482,7 @@ msgstr ""
"раз розпізнавання зазнає невдачі. Типовим значенням є 0."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:108
+#: pam_sss.8.xml:111
msgid ""
"Please note that this option might not work as expected if the application "
"calling PAM handles the user dialog on its own. A typical example is "
@@ -7135,12 +7494,12 @@ msgstr ""
"<option>PasswordAuthentication</option>."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:117
+#: pam_sss.8.xml:120
msgid "<option>ignore_unknown_user</option>"
msgstr "<option>ignore_unknown_user</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:120
+#: pam_sss.8.xml:123
msgid ""
"If this option is specified and the user does not exist, the PAM module will "
"return PAM_IGNORE. This causes the PAM framework to ignore this module."
@@ -7149,12 +7508,12 @@ msgstr ""
"PAM_IGNORE. Це призводить до ігнорування цього модуля оболонкою PAM."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:127
+#: pam_sss.8.xml:130
msgid "<option>ignore_authinfo_unavail</option>"
msgstr "<option>ignore_authinfo_unavail</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:131
+#: pam_sss.8.xml:134
msgid ""
"Specifies that the PAM module should return PAM_IGNORE if it cannot contact "
"the SSSD daemon. This causes the PAM framework to ignore this module."
@@ -7164,12 +7523,12 @@ msgstr ""
"PAM ігнорує цей модуль."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:138
+#: pam_sss.8.xml:141
msgid "<option>domains</option>"
msgstr "<option>domains</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:142
+#: pam_sss.8.xml:145
msgid ""
"Allows the administrator to restrict the domains a particular PAM service is "
"allowed to authenticate against. The format is a comma-separated list of "
@@ -7180,7 +7539,7 @@ msgstr ""
"доменів SSSD, відокремлених комами, так, як їх вказано у файлі sssd.conf."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:148
+#: pam_sss.8.xml:151
msgid ""
"NOTE: Must be used in conjunction with the <quote>pam_trusted_users</quote> "
"and <quote>pam_public_domains</quote> options. Please see the "
@@ -7194,13 +7553,46 @@ msgstr ""
"manvolnum> </citerefentry>, щоб дізнатися більше про ці два параметри "
"відповідача PAM."
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:165
+#, fuzzy
+#| msgid "<option>domains</option>"
+msgid "<option>allow_missing_name</option>"
+msgstr "<option>domains</option>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:169
+msgid ""
+"The main purpose of this option is to let SSSD determine the user name based "
+"on additional information, e.g. the certificate from a Smartcard."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
+#: pam_sss.8.xml:179
+#, no-wrap
+msgid ""
+" auth sufficient pam_sss.so allow_missing_name\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:174
+msgid ""
+"The current use case are login managers which can monitor a Smartcard reader "
+"for card events. In case a Smartcard is inserted the login manager will call "
+"a PAM stack which includes a line like <placeholder type=\"programlisting\" "
+"id=\"0\"/> In this case SSSD will try to determine the user name based on "
+"the content of the Smartcard, returns it to pam_sss which will finally put "
+"it on the PAM stack."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:164
+#: pam_sss.8.xml:191
msgid "MODULE TYPES PROVIDED"
msgstr "ПЕРЕДБАЧЕНІ ТИПИ МОДУЛІВ"
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:165
+#: pam_sss.8.xml:192
msgid ""
"All module types (<option>account</option>, <option>auth</option>, "
"<option>password</option> and <option>session</option>) are provided."
@@ -7209,12 +7601,12 @@ msgstr ""
"option>, <option>password</option> і <option>session</option>)."
#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:171
+#: pam_sss.8.xml:198
msgid "FILES"
msgstr "ФАЙЛИ"
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:172
+#: pam_sss.8.xml:199
msgid ""
"If a password reset by root fails, because the corresponding SSSD provider "
"does not support password resets, an individual message can be displayed. "
@@ -7226,7 +7618,7 @@ msgstr ""
"повідомленні, наприклад, можуть міститися настанови щодо скидання пароля."
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:177
+#: pam_sss.8.xml:204
msgid ""
"The message is read from the file <filename>pam_sss_pw_reset_message.LOC</"
"filename> where LOC stands for a locale string returned by <citerefentry> "
@@ -7246,7 +7638,7 @@ msgstr ""
"іншим користувачам може бути надано лише право читання файлів."
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:187
+#: pam_sss.8.xml:214
msgid ""
"These files are searched in the directory <filename>/etc/sssd/customize/"
"DOMAIN_NAME/</filename>. If no matching file is present a generic message is "
@@ -7457,7 +7849,7 @@ msgstr ""
"обробляються."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:89
+#: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:90
msgid ""
"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -7665,18 +8057,25 @@ msgstr ""
"цього вузла."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:116 sssd-ad.5.xml:714
+#: sssd-ipa.5.xml:116 sssd-ad.5.xml:790
msgid "dyndns_update (boolean)"
msgstr "dyndns_update (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ipa.5.xml:119
+#, fuzzy
+#| msgid ""
+#| "Optional. This option tells SSSD to automatically update the DNS server "
+#| "built into FreeIPA v2 with the IP address of this client. The update is "
+#| "secured using GSS-TSIG. The IP address of the IPA LDAP connection is used "
+#| "for the updates, if it is not otherwise specified by using the "
+#| "<quote>dyndns_iface</quote> option."
msgid ""
"Optional. This option tells SSSD to automatically update the DNS server "
-"built into FreeIPA v2 with the IP address of this client. The update is "
-"secured using GSS-TSIG. The IP address of the IPA LDAP connection is used "
-"for the updates, if it is not otherwise specified by using the "
-"<quote>dyndns_iface</quote> option."
+"built into FreeIPA with the IP address of this client. The update is secured "
+"using GSS-TSIG. The IP address of the IPA LDAP connection is used for the "
+"updates, if it is not otherwise specified by using the <quote>dyndns_iface</"
+"quote> option."
msgstr ""
"Необов’язковий. За допомогою цього параметра можна наказати SSSD автоматично "
"оновити на сервері DNS, вбудованому до FreeIPA v2, IP-адресу клієнта. Захист "
@@ -7685,7 +8084,7 @@ msgstr ""
"допомогою параметра «dyndns_iface»."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:128 sssd-ad.5.xml:728
+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:804
msgid ""
"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
"the default Kerberos realm must be set properly in /etc/krb5.conf"
@@ -7706,12 +8105,12 @@ msgstr ""
"назву, <emphasis>dyndns_update</emphasis>, у файлі налаштувань."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:145 sssd-ad.5.xml:739
+#: sssd-ipa.5.xml:145 sssd-ad.5.xml:815
msgid "dyndns_ttl (integer)"
msgstr "dyndns_ttl (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:148 sssd-ad.5.xml:742
+#: sssd-ipa.5.xml:148 sssd-ad.5.xml:818
msgid ""
"The TTL to apply to the client DNS record when updating it. If "
"dyndns_update is false this has no effect. This will override the TTL "
@@ -7738,12 +8137,12 @@ msgid "Default: 1200 (seconds)"
msgstr "Типове значення: 1200 (секунд)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:165 sssd-ad.5.xml:753
+#: sssd-ipa.5.xml:165 sssd-ad.5.xml:829
msgid "dyndns_iface (string)"
msgstr "dyndns_iface (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168 sssd-ad.5.xml:756
+#: sssd-ipa.5.xml:168 sssd-ad.5.xml:832
#, fuzzy
#| msgid ""
#| "Optional. Applicable only when dyndns_update is true. Choose the "
@@ -7779,7 +8178,7 @@ msgid ""
msgstr "Типове значення: використовувати IP-адресу з’єднання LDAP IPA"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:185 sssd-ad.5.xml:767
+#: sssd-ipa.5.xml:185 sssd-ad.5.xml:843
msgid "Example: dyndns_iface = em1, vnet1, vnet2"
msgstr ""
@@ -7789,7 +8188,7 @@ msgid "ipa_enable_dns_sites (boolean)"
msgstr "ipa_enable_dns_sites (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:194 sssd-ad.5.xml:152
+#: sssd-ipa.5.xml:194 sssd-ad.5.xml:160
msgid "Enables DNS sites - location based service discovery."
msgstr "Вмикає сайти DNS — визначення служб на основі адрес."
@@ -7814,12 +8213,12 @@ msgstr ""
"вважатимуться резервними серверами."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:217 sssd-ad.5.xml:773
+#: sssd-ipa.5.xml:217 sssd-ad.5.xml:849
msgid "dyndns_refresh_interval (integer)"
msgstr "dyndns_refresh_interval (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:220 sssd-ad.5.xml:776
+#: sssd-ipa.5.xml:220 sssd-ad.5.xml:852
msgid ""
"How often should the back end perform periodic DNS update in addition to the "
"automatic update performed when the back end goes online. This option is "
@@ -7831,12 +8230,12 @@ msgstr ""
"є обов’язкоми, його застосовують, лише якщо dyndns_update має значення true."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:233 sssd-ad.5.xml:789
+#: sssd-ipa.5.xml:233 sssd-ad.5.xml:865
msgid "dyndns_update_ptr (bool)"
msgstr "dyndns_update_ptr (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:236 sssd-ad.5.xml:792
+#: sssd-ipa.5.xml:236 sssd-ad.5.xml:868
msgid ""
"Whether the PTR record should also be explicitly updated when updating the "
"client's DNS records. Applicable only when dyndns_update is true."
@@ -7860,12 +8259,12 @@ msgid "Default: False (disabled)"
msgstr "Типове значення: False (вимкнено)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:253 sssd-ad.5.xml:803
+#: sssd-ipa.5.xml:253 sssd-ad.5.xml:879
msgid "dyndns_force_tcp (bool)"
msgstr "dyndns_force_tcp (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:256 sssd-ad.5.xml:806
+#: sssd-ipa.5.xml:256 sssd-ad.5.xml:882
msgid ""
"Whether the nsupdate utility should default to using TCP for communicating "
"with the DNS server."
@@ -7874,40 +8273,40 @@ msgstr ""
"даними з сервером DNS."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:260 sssd-ad.5.xml:810
+#: sssd-ipa.5.xml:260 sssd-ad.5.xml:886
msgid "Default: False (let nsupdate choose the protocol)"
msgstr "Типове значення: False (надати змогу nsupdate вибирати протокол)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:266 sssd-ad.5.xml:816
+#: sssd-ipa.5.xml:266 sssd-ad.5.xml:892
#, fuzzy
#| msgid "dyndns_iface (string)"
msgid "dyndns_server (string)"
msgstr "dyndns_iface (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:269 sssd-ad.5.xml:819
+#: sssd-ipa.5.xml:269 sssd-ad.5.xml:895
msgid ""
"The DNS server to use when performing a DNS update. In most setups, it's "
"recommended to leave this option unset."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:274 sssd-ad.5.xml:824
+#: sssd-ipa.5.xml:274 sssd-ad.5.xml:900
msgid ""
"Setting this option makes sense for environments where the DNS server is "
"different from the identity server."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:279 sssd-ad.5.xml:829
+#: sssd-ipa.5.xml:279 sssd-ad.5.xml:905
msgid ""
"Please note that this option will be only used in fallback attempt when "
"previous attempt using autodetected settings failed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:284 sssd-ad.5.xml:834
+#: sssd-ipa.5.xml:284 sssd-ad.5.xml:910
#, fuzzy
#| msgid "Default: False (let nsupdate choose the protocol)"
msgid "Default: None (let nsupdate choose the server)"
@@ -8034,7 +8433,7 @@ msgstr ""
"Перевірити за допомогою krb5_keytab, чи не було підмінено отриманий TGT."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:408 sssd-ad.5.xml:855
+#: sssd-ipa.5.xml:408 sssd-ad.5.xml:931
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
@@ -8129,12 +8528,12 @@ msgstr ""
"налаштуваннях."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:480 sssd-ad.5.xml:862
+#: sssd-ipa.5.xml:480 sssd-ad.5.xml:938
msgid "krb5_confd_path (string)"
msgstr "krb5_confd_path (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:483 sssd-ad.5.xml:865
+#: sssd-ipa.5.xml:483 sssd-ad.5.xml:941
msgid ""
"Absolute path of a directory where SSSD should place Kerberos configuration "
"snippets."
@@ -8143,7 +8542,7 @@ msgstr ""
"налаштувань Kerberos."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:487 sssd-ad.5.xml:869
+#: sssd-ipa.5.xml:487 sssd-ad.5.xml:945
msgid ""
"To disable the creation of the configuration snippets set the parameter to "
"'none'."
@@ -8152,7 +8551,7 @@ msgstr ""
"значення «none»."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:491 sssd-ad.5.xml:873
+#: sssd-ipa.5.xml:491 sssd-ad.5.xml:949
msgid ""
"Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
msgstr ""
@@ -8176,7 +8575,7 @@ msgstr ""
"короткого періоду часу надходить багато запитів щодо керування доступом."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:508 sssd-ipa.5.xml:524 sssd-ad.5.xml:347
+#: sssd-ipa.5.xml:508 sssd-ipa.5.xml:524 sssd-ad.5.xml:355
msgid "Default: 5 (seconds)"
msgstr "Типове значення: 5 (секунд)"
@@ -8526,17 +8925,23 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ad.5.xml:45
+#, fuzzy
+#| msgid ""
+#| "The AD provider is able to provide identity information and "
+#| "authentication for entities from trusted domains as well. Currently only "
+#| "trusted domains in the same forest are recognized."
msgid ""
-"The AD provider is able to provide identity information and authentication "
-"for entities from trusted domains as well. Currently only trusted domains in "
-"the same forest are recognized."
+"The AD provider can be used to get user information and authenticate users "
+"from trusted domains. Currently only trusted domains in the same forest are "
+"recognized. In addition servers from trusted domains are always auto-"
+"discovered."
msgstr ""
"Модуль надання даних AD може надавати дані щодо ідентифікації та "
"розпізнавання і для записів з надійних доменів. У поточній версії "
"розпізнаються лише надійні домени з одного лісу."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:50
+#: sssd-ad.5.xml:51
msgid ""
"The AD provider accepts the same options used by the <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -8552,11 +8957,16 @@ msgstr ""
"описаними нижче."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:62
+#: sssd-ad.5.xml:63
+#, fuzzy
+#| msgid ""
+#| "However, it is neither necessary nor recommended to set these options. "
+#| "The AD provider can also be used as an access, chpass and sudo provider. "
+#| "No configuration of the access provider is required on the client side."
msgid ""
"However, it is neither necessary nor recommended to set these options. The "
-"AD provider can also be used as an access, chpass and sudo provider. No "
-"configuration of the access provider is required on the client side."
+"AD provider can also be used as an access, chpass, sudo and autofs provider. "
+"No configuration of the access provider is required on the client side."
msgstr ""
"Потреби у встановленні або використанні цих параметрів виникнути не повинно. "
"Інструментом надання даних AD також можна скористатися для перевірки прав "
@@ -8564,7 +8974,7 @@ msgstr ""
"доступом на боці клієнта немає потреби."
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:74
+#: sssd-ad.5.xml:75
#, no-wrap
msgid ""
"ldap_id_mapping = False\n"
@@ -8574,7 +8984,7 @@ msgstr ""
" "
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:68
+#: sssd-ad.5.xml:69
msgid ""
"By default, the AD provider will map UID and GID values from the objectSID "
"parameter in Active Directory. For details on this, see the <quote>ID "
@@ -8596,7 +9006,7 @@ msgstr ""
"загальному каталозі (Global Catalog)."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:81
+#: sssd-ad.5.xml:82
msgid ""
"Users, groups and other entities served by SSSD are always treated as case-"
"insensitive in the AD provider for compatibility with Active Directory's "
@@ -8607,12 +9017,12 @@ msgstr ""
"для забезпечення сумісності з реалізацією Active Directory у LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:96
+#: sssd-ad.5.xml:97
msgid "ad_domain (string)"
msgstr "ad_domain (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:99
+#: sssd-ad.5.xml:100
msgid ""
"Specifies the name of the Active Directory domain. This is optional. If not "
"provided, the configuration domain name is used."
@@ -8621,7 +9031,7 @@ msgstr ""
"буде використано назву домену з налаштувань."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:104
+#: sssd-ad.5.xml:105
msgid ""
"For proper operation, this option should be specified as the lower-case "
"version of the long version of the Active Directory domain."
@@ -8630,7 +9040,7 @@ msgstr ""
"малими літерами повної версії назви домену Active Directory."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:109
+#: sssd-ad.5.xml:110
msgid ""
"The short domain name (also known as the NetBIOS or the flat name) is "
"autodetected by the SSSD."
@@ -8639,18 +9049,23 @@ msgstr ""
"автоматично визначається засобами SSSD."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:116
+#: sssd-ad.5.xml:117
msgid "ad_server, ad_backup_server (string)"
msgstr "ad_server, ad_backup_server (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:119
+#: sssd-ad.5.xml:120
+#, fuzzy
+#| msgid ""
+#| "The comma-separated list of hostnames of the AD servers to which SSSD "
+#| "should connect in order of preference. For more information on failover "
+#| "and server redundancy, see the <quote>FAILOVER</quote> section. This is "
+#| "optional if autodiscovery is enabled. For more information on service "
+#| "discovery, refer to the <quote>SERVICE DISCOVERY</quote> section."
msgid ""
"The comma-separated list of hostnames of the AD servers to which SSSD should "
"connect in order of preference. For more information on failover and server "
-"redundancy, see the <quote>FAILOVER</quote> section. This is optional if "
-"autodiscovery is enabled. For more information on service discovery, refer "
-"to the <quote>SERVICE DISCOVERY</quote> section."
+"redundancy, see the <quote>FAILOVER</quote> section."
msgstr ""
"Впорядкований за пріоритетом список назв вузлів, відокремлених комами, "
"серверів AD, з якими має встановити з’єднання SSSD. Докладніші відомості "
@@ -8659,13 +9074,27 @@ msgstr ""
"відомості щодо автоматичного виявлення служб наведено у розділі «ПОШУК "
"СЛУЖБ»."
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:127
+msgid ""
+"This is optional if autodiscovery is enabled. For more information on "
+"service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ad.5.xml:132
+msgid ""
+"Note: Trusted domains will always auto-discover servers even if the primary "
+"server is explicitly defined in the ad_server option."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:140
msgid "ad_hostname (string)"
msgstr "ad_hostname (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:135
+#: sssd-ad.5.xml:143
msgid ""
"Optional. May be set on machines where the hostname(5) does not reflect the "
"fully qualified name used in the Active Directory domain to identify this "
@@ -8676,7 +9105,7 @@ msgstr ""
"розпізнавання цього вузла."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:141
+#: sssd-ad.5.xml:149
msgid ""
"This field is used to determine the host principal in use in the keytab. It "
"must match the hostname for which the keytab was issued."
@@ -8686,12 +9115,12 @@ msgstr ""
"вузла, для якого випущено таблицю ключів."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:149
+#: sssd-ad.5.xml:157
msgid "ad_enable_dns_sites (boolean)"
msgstr "ad_enable_dns_sites (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:156
+#: sssd-ad.5.xml:164
msgid ""
"If true and service discovery (see Service Discovery paragraph at the bottom "
"of the man page) is enabled, the SSSD will first attempt to discover the "
@@ -8709,12 +9138,12 @@ msgstr ""
"сайтів."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:172
+#: sssd-ad.5.xml:180
msgid "ad_access_filter (string)"
msgstr "ad_access_filter (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:175
+#: sssd-ad.5.xml:183
msgid ""
"This option specifies LDAP access control filter that the user must match in "
"order to be allowed access. Please note that the <quote>access_provider</"
@@ -8727,7 +9156,7 @@ msgstr ""
"значення «ad», щоб цей параметр почав діяти."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:183
+#: sssd-ad.5.xml:191
msgid ""
"The option also supports specifying different filters per domain or forest. "
"This extended filter would consist of: <quote>KEYWORD:NAME:FILTER</quote>. "
@@ -8740,7 +9169,7 @@ msgstr ""
"«FOREST» або ключове слово слід пропустити."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:191
+#: sssd-ad.5.xml:199
msgid ""
"If the keyword equals to <quote>DOM</quote> or is missing, then <quote>NAME</"
"quote> specifies the domain or subdomain the filter applies to. If the "
@@ -8753,7 +9182,7 @@ msgstr ""
"вказаного значенням «НАЗВА»."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:199
+#: sssd-ad.5.xml:207
msgid ""
"Multiple filters can be separated with the <quote>?</quote> character, "
"similarly to how search bases work."
@@ -8762,7 +9191,7 @@ msgstr ""
"визначення фільтрів у базах для пошуку."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:204
+#: sssd-ad.5.xml:212
msgid ""
"The most specific match is always used. For example, if the option specified "
"filter for a domain the user is a member of and a global filter, the per-"
@@ -8776,7 +9205,7 @@ msgstr ""
"специфікацією, використовуватиметься лише перший з них."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ad.5.xml:215
+#: sssd-ad.5.xml:223
#, no-wrap
msgid ""
"# apply filter on domain called dom1 only:\n"
@@ -8800,17 +9229,17 @@ msgstr ""
" "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:225 sssd-ad.5.xml:239
+#: sssd-ad.5.xml:233 sssd-ad.5.xml:247
msgid "Default: Not set"
msgstr "Типове значення: не встановлено"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:231
+#: sssd-ad.5.xml:239
msgid "ad_site (string)"
msgstr "ad_site (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:234
+#: sssd-ad.5.xml:242
msgid ""
"Specify AD site to which client should try to connect. If this option is "
"not provided, the AD site will be auto-discovered."
@@ -8819,12 +9248,12 @@ msgstr ""
"вказано, виконуватиметься спроба автоматичного визначення сайта AD."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:245
+#: sssd-ad.5.xml:253
msgid "ad_enable_gc (boolean)"
msgstr "ad_enable_gc (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:248
+#: sssd-ad.5.xml:256
msgid ""
"By default, the SSSD connects to the Global Catalog first to retrieve users "
"from trusted domains and uses the LDAP port to retrieve group memberships or "
@@ -8838,7 +9267,7 @@ msgstr ""
"SSSD встановлюватиме зв’язок лише з портом LDAP поточного сервера AD."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:256
+#: sssd-ad.5.xml:264
msgid ""
"Please note that disabling Global Catalog support does not disable "
"retrieving users from trusted domains. The SSSD would connect to the LDAP "
@@ -8853,12 +9282,12 @@ msgstr ""
"групах для різних доменів."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:270
+#: sssd-ad.5.xml:278
msgid "ad_gpo_access_control (string)"
msgstr "ad_gpo_access_control (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:273
+#: sssd-ad.5.xml:281
msgid ""
"This option specifies the operation mode for GPO-based access control "
"functionality: whether it operates in disabled mode, enforcing mode, or "
@@ -8873,7 +9302,7 @@ msgstr ""
"«access_provider» значення «ad»."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:282
+#: sssd-ad.5.xml:290
msgid ""
"GPO-based access control functionality uses GPO policy settings to determine "
"whether or not a particular user is allowed to logon to a particular host."
@@ -8883,7 +9312,7 @@ msgstr ""
"користувач увійти до системи певного вузла мережі."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:288
+#: sssd-ad.5.xml:296
msgid ""
"NOTE: If the operation mode is set to enforcing, it is possible that users "
"that were previously allowed logon access will now be denied logon access "
@@ -8906,12 +9335,12 @@ msgstr ""
"режиму (enforcing)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:301
+#: sssd-ad.5.xml:309
msgid "There are three supported values for this option:"
msgstr "У цього параметра є три підтримуваних значення:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:305
+#: sssd-ad.5.xml:313
msgid ""
"disabled: GPO-based access control rules are neither evaluated nor enforced."
msgstr ""
@@ -8919,14 +9348,14 @@ msgstr ""
"використовуються примусово."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:311
+#: sssd-ad.5.xml:319
msgid "enforcing: GPO-based access control rules are evaluated and enforced."
msgstr ""
"enforcing: правила керування доступом, засновані на GPO, обробляються і "
"використовуються примусово."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:317
+#: sssd-ad.5.xml:325
msgid ""
"permissive: GPO-based access control rules are evaluated, but not enforced. "
"Instead, a syslog message will be emitted indicating that the user would "
@@ -8939,22 +9368,22 @@ msgstr ""
"enforcing."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:328
+#: sssd-ad.5.xml:336
msgid "Default: permissive"
msgstr "Типове значення: permissive"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:331
+#: sssd-ad.5.xml:339
msgid "Default: enforcing"
msgstr "Типове значення: enforcing"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:337
+#: sssd-ad.5.xml:345
msgid "ad_gpo_cache_timeout (integer)"
msgstr "ad_gpo_cache_timeout (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:340
+#: sssd-ad.5.xml:348
msgid ""
"The amount of time between lookups of GPO policy files against the AD "
"server. This will reduce the latency and load on the AD server if there are "
@@ -8965,12 +9394,12 @@ msgstr ""
"короткого періоду часу надходить багато запитів щодо керування доступом."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:353
+#: sssd-ad.5.xml:361
msgid "ad_gpo_map_interactive (string)"
msgstr "ad_gpo_map_interactive (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:356
+#: sssd-ad.5.xml:364
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the InteractiveLogonRight and "
@@ -8981,7 +9410,7 @@ msgstr ""
"InteractiveLogonRight і DenyInteractiveLogonRight."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:362
+#: sssd-ad.5.xml:370
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on locally\" and \"Deny log on locally\"."
@@ -8991,7 +9420,7 @@ msgstr ""
"вхід» («Deny log on locally»)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:376
+#: sssd-ad.5.xml:384
#, no-wrap
msgid ""
"ad_gpo_map_interactive = +my_pam_service, -login\n"
@@ -9001,7 +9430,7 @@ msgstr ""
" "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:367
+#: sssd-ad.5.xml:375
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -9020,54 +9449,81 @@ msgstr ""
"\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:380 sssd-ad.5.xml:451 sssd-ad.5.xml:492 sssd-ad.5.xml:537
-#: sssd-ad.5.xml:603
+#: sssd-ad.5.xml:388 sssd-ad.5.xml:484 sssd-ad.5.xml:530 sssd-ad.5.xml:575
+#: sssd-ad.5.xml:641
msgid "Default: the default set of PAM service names includes:"
msgstr ""
"Типове значення: типовий набір назв служб PAM складається з таких значень:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:384
+#: sssd-ad.5.xml:392
msgid "login"
msgstr "login"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:389
+#: sssd-ad.5.xml:397
msgid "su"
msgstr "su"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:394
+#: sssd-ad.5.xml:402
msgid "su-l"
msgstr "su-l"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:399
+#: sssd-ad.5.xml:407
msgid "gdm-fingerprint"
msgstr "gdm-fingerprint"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:404
+#: sssd-ad.5.xml:412
msgid "gdm-password"
msgstr "gdm-password"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:409
+#: sssd-ad.5.xml:417
msgid "gdm-smartcard"
msgstr "gdm-smartcard"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:414
+#: sssd-ad.5.xml:422
msgid "kdm"
msgstr "kdm"
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:427
+msgid "lightdm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:432
+msgid "lxdm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:437
+msgid "sddm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:442
+msgid "unity"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:447
+#, fuzzy
+#| msgid "kdm"
+msgid "xdm"
+msgstr "kdm"
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:423
+#: sssd-ad.5.xml:456
msgid "ad_gpo_map_remote_interactive (string)"
msgstr "ad_gpo_map_remote_interactive (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:426
+#: sssd-ad.5.xml:459
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the RemoteInteractiveLogonRight and "
@@ -9078,7 +9534,7 @@ msgstr ""
"DenyRemoteInteractiveLogonRight."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:432
+#: sssd-ad.5.xml:465
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on through Remote Desktop Services\" and \"Deny log on through Remote "
@@ -9090,7 +9546,7 @@ msgstr ""
"служб віддаленої стільниці» («Deny log on through Remote Desktop Services»)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:447
+#: sssd-ad.5.xml:480
#, no-wrap
msgid ""
"ad_gpo_map_remote_interactive = +my_pam_service, -sshd\n"
@@ -9100,7 +9556,7 @@ msgstr ""
" "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:438
+#: sssd-ad.5.xml:471
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -9119,17 +9575,22 @@ msgstr ""
"\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:455
+#: sssd-ad.5.xml:488
msgid "sshd"
msgstr "sshd"
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:493
+msgid "cockpit"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:464
+#: sssd-ad.5.xml:502
msgid "ad_gpo_map_network (string)"
msgstr "ad_gpo_map_network (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:467
+#: sssd-ad.5.xml:505
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the NetworkLogonRight and "
@@ -9140,7 +9601,7 @@ msgstr ""
"DenyNetworkLogonRight."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:473
+#: sssd-ad.5.xml:511
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Access "
"this computer from the network\" and \"Deny access to this computer from the "
@@ -9152,7 +9613,7 @@ msgstr ""
"мережі» (Deny access to this computer from the network»)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:488
+#: sssd-ad.5.xml:526
#, no-wrap
msgid ""
"ad_gpo_map_network = +my_pam_service, -ftp\n"
@@ -9162,7 +9623,7 @@ msgstr ""
" "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:479
+#: sssd-ad.5.xml:517
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -9181,22 +9642,22 @@ msgstr ""
"\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:496
+#: sssd-ad.5.xml:534
msgid "ftp"
msgstr "ftp"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:501
+#: sssd-ad.5.xml:539
msgid "samba"
msgstr "samba"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:510
+#: sssd-ad.5.xml:548
msgid "ad_gpo_map_batch (string)"
msgstr "ad_gpo_map_batch (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:513
+#: sssd-ad.5.xml:551
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the BatchLogonRight and DenyBatchLogonRight "
@@ -9207,7 +9668,7 @@ msgstr ""
"DenyBatchLogonRight."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:519
+#: sssd-ad.5.xml:557
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on as a batch job\" and \"Deny log on as a batch job\"."
@@ -9217,7 +9678,7 @@ msgstr ""
"job») і «Заборонити вхід як пакетне завдання» («Deny log on as a batch job»)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:533
+#: sssd-ad.5.xml:571
#, no-wrap
msgid ""
"ad_gpo_map_batch = +my_pam_service, -crond\n"
@@ -9227,7 +9688,7 @@ msgstr ""
" "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:524
+#: sssd-ad.5.xml:562
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -9246,17 +9707,17 @@ msgstr ""
"\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:541
+#: sssd-ad.5.xml:579
msgid "crond"
msgstr "crond"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:550
+#: sssd-ad.5.xml:588
msgid "ad_gpo_map_service (string)"
msgstr "ad_gpo_map_service (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:553
+#: sssd-ad.5.xml:591
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the ServiceLogonRight and "
@@ -9267,7 +9728,7 @@ msgstr ""
"DenyServiceLogonRight."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:559
+#: sssd-ad.5.xml:597
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on as a service\" and \"Deny log on as a service\"."
@@ -9277,7 +9738,7 @@ msgstr ""
"«Заборонити вхід як службу» («Deny log on as a service»)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:572
+#: sssd-ad.5.xml:610
#, no-wrap
msgid ""
"ad_gpo_map_service = +my_pam_service\n"
@@ -9287,7 +9748,7 @@ msgstr ""
" "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:564 sssd-ad.5.xml:634
+#: sssd-ad.5.xml:602 sssd-ad.5.xml:677
msgid ""
"It is possible to add a PAM service name to the default set by using <quote>"
"+service_name</quote>. Since the default set is empty, it is not possible "
@@ -9304,12 +9765,12 @@ msgstr ""
"\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:582
+#: sssd-ad.5.xml:620
msgid "ad_gpo_map_permit (string)"
msgstr "ad_gpo_map_permit (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:585
+#: sssd-ad.5.xml:623
msgid ""
"A comma-separated list of PAM service names for which GPO-based access is "
"always granted, regardless of any GPO Logon Rights."
@@ -9318,7 +9779,7 @@ msgstr ""
"основі GPO, незалежно від будь-яких прав входу GPO."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:599
+#: sssd-ad.5.xml:637
#, no-wrap
msgid ""
"ad_gpo_map_permit = +my_pam_service, -sudo\n"
@@ -9328,7 +9789,7 @@ msgstr ""
" "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:590
+#: sssd-ad.5.xml:628
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -9347,27 +9808,32 @@ msgstr ""
"type=\"programlisting\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:607
+#: sssd-ad.5.xml:645
+msgid "polkit-1"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:650
msgid "sudo"
msgstr "sudo"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:612
+#: sssd-ad.5.xml:655
msgid "sudo-i"
msgstr "sudo-i"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:617
+#: sssd-ad.5.xml:660
msgid "systemd-user"
msgstr "systemd-user"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:626
+#: sssd-ad.5.xml:669
msgid "ad_gpo_map_deny (string)"
msgstr "ad_gpo_map_deny (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:629
+#: sssd-ad.5.xml:672
msgid ""
"A comma-separated list of PAM service names for which GPO-based access is "
"always denied, regardless of any GPO Logon Rights."
@@ -9376,7 +9842,7 @@ msgstr ""
"на основі GPO, незалежно від будь-яких прав входу GPO."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:642
+#: sssd-ad.5.xml:685
#, no-wrap
msgid ""
"ad_gpo_map_deny = +my_pam_service\n"
@@ -9386,12 +9852,12 @@ msgstr ""
" "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:652
+#: sssd-ad.5.xml:695
msgid "ad_gpo_default_right (string)"
msgstr "ad_gpo_default_right (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:655
+#: sssd-ad.5.xml:698
msgid ""
"This option defines how access control is evaluated for PAM service names "
"that are not explicitly listed in one of the ad_gpo_map_* options. This "
@@ -9413,52 +9879,96 @@ msgstr ""
"забороняла доступ для непов’язаних назв служб PAM."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:668
+#: sssd-ad.5.xml:711
msgid "Supported values for this option include:"
msgstr "Передбачені значення для цього параметра:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:672
+#: sssd-ad.5.xml:715
msgid "interactive"
msgstr "interactive"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:677
+#: sssd-ad.5.xml:720
msgid "remote_interactive"
msgstr "remote_interactive"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:682
+#: sssd-ad.5.xml:725
msgid "network"
msgstr "network"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:687
+#: sssd-ad.5.xml:730
msgid "batch"
msgstr "batch"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:692
+#: sssd-ad.5.xml:735
msgid "service"
msgstr "service"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:697
+#: sssd-ad.5.xml:740
msgid "permit"
msgstr "permit"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:702
+#: sssd-ad.5.xml:745
msgid "deny"
msgstr "deny"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:708
+#: sssd-ad.5.xml:751
msgid "Default: deny"
msgstr "Типове значення: deny"
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:757
+msgid "ad_maximum_machine_account_password_age (integer)"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:717
+#: sssd-ad.5.xml:760
+msgid ""
+"SSSD will check once a day if the machine account password is older than the "
+"given age in days and try to renew it. A value of 0 will disable the renewal "
+"attempt."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:766
+#, fuzzy
+#| msgid "Default: 300"
+msgid "Default: 30 days"
+msgstr "Типове значення: 300"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:772
+#, fuzzy
+#| msgid "pam_account_expired_message (string)"
+msgid "ad_machine_account_password_renewal_opts (string)"
+msgstr "pam_account_expired_message (рядок)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:775
+msgid ""
+"This option should only be used to test the machine account renewal task. "
+"The option expect 2 integers seperated by a colon (':'). The first integer "
+"defines the interval in seconds how often the task is run. The second "
+"specifies the inital timeout in seconds before the task is run for the first "
+"time after startup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:784
+#, fuzzy
+#| msgid "Default: 86400 (24 hours)"
+msgid "Default: 86400:750 (24h and 15m)"
+msgstr "Типове значення: 86400 (24 години)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:793
msgid ""
"Optional. This option tells SSSD to automatically update the Active "
"Directory DNS server with the IP address of this client. The update is "
@@ -9475,12 +9985,12 @@ msgstr ""
"якщо цю адресу не було змінено за допомогою параметра «dyndns_iface»."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:747
+#: sssd-ad.5.xml:823
msgid "Default: 3600 (seconds)"
msgstr "Типове значення: 3600 (секунд)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:763
+#: sssd-ad.5.xml:839
#, fuzzy
#| msgid "Default: Use the IP address of the AD LDAP connection"
msgid ""
@@ -9489,17 +9999,17 @@ msgid ""
msgstr "Типове значення: використовувати IP-адресу з’єднання LDAP AD"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:797 sss_rpcidmapd.5.xml:76
+#: sssd-ad.5.xml:873 sss_rpcidmapd.5.xml:76
msgid "Default: True"
msgstr "Типове значення: True"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:843 sssd-krb5.5.xml:505
+#: sssd-ad.5.xml:919 sssd-krb5.5.xml:505
msgid "krb5_use_enterprise_principal (boolean)"
msgstr "krb5_use_enterprise_principal (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:846 sssd-krb5.5.xml:508
+#: sssd-ad.5.xml:922 sssd-krb5.5.xml:508
msgid ""
"Specifies if the user principal should be treated as enterprise principal. "
"See section 5 of RFC 6806 for more details about enterprise principals."
@@ -9509,7 +10019,7 @@ msgstr ""
"реєстраційні дані."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:891
+#: sssd-ad.5.xml:967
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -9520,7 +10030,7 @@ msgstr ""
"У прикладі продемонстровано лише параметри доступу, специфічні для засобу AD."
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:898
+#: sssd-ad.5.xml:974
#, no-wrap
msgid ""
"[domain/EXAMPLE]\n"
@@ -9544,7 +10054,7 @@ msgstr ""
"ad_domain = example.com\n"
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:918
+#: sssd-ad.5.xml:994
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -9556,7 +10066,7 @@ msgstr ""
"ldap_account_expire_policy = ad\n"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:914
+#: sssd-ad.5.xml:990
msgid ""
"The AD access control provider checks if the account is expired. It has the "
"same effect as the following configuration of the LDAP provider: "
@@ -9568,7 +10078,7 @@ msgstr ""
"\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:924
+#: sssd-ad.5.xml:1000
msgid ""
"However, unless the <quote>ad</quote> access control provider is explicitly "
"configured, the default access provider is <quote>permit</quote>. Please "
@@ -9582,6 +10092,14 @@ msgstr ""
"встановлювати усі параметри з’єднання (зокрема адреси LDAP та параметри "
"шифрування) вручну."
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ad.5.xml:1008
+msgid ""
+"When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema "
+"attribute mapping (nisMap, nisObject, ...) is used, because these attributes "
+"are included in the default Active Directory schema."
+msgstr ""
+
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16
msgid "sssd-sudo"
@@ -10184,7 +10702,7 @@ msgstr ""
"Пароль для заплутування буде прочитано зі стандартного джерела вхідних даних."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:80
+#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:70
#: sss_ssh_knownhostsproxy.1.xml:78
msgid ""
"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
@@ -10258,17 +10776,22 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_override.8.xml:37
msgid ""
-"Overrides data are stored in SSSD cache. If the cache is deleted all local "
-"overrides are lost."
+"Overrides data are stored in the SSSD cache. If the cache is deleted, all "
+"local overrides are lost. Please note that after the first override is "
+"created using any of the following <emphasis>user-add</emphasis>, "
+"<emphasis>group-add</emphasis>, <emphasis>user-import</emphasis> or "
+"<emphasis>group-import</emphasis> command. SSSD needs to be restarted to "
+"take effect. <emphasis>sss_override</emphasis> prints message when a "
+"restart is required."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_override.8.xml:43
+#: sss_override.8.xml:50
msgid "AVAILABLE COMMANDS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_override.8.xml:45
+#: sss_override.8.xml:52
msgid ""
"Argument <emphasis>NAME</emphasis> is the name of original object in all "
"commands. It is not possible to override <emphasis>uid</emphasis> or "
@@ -10276,23 +10799,26 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:52
+#: sss_override.8.xml:59
msgid ""
"<option>user-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--"
"name</option> NAME</optional> <optional><option>-u,--uid</option> UID</"
"optional> <optional><option>-g,--gid</option> GID</optional> "
"<optional><option>-h,--home</option> HOME</optional> <optional><option>-s,--"
"shell</option> SHELL</optional> <optional><option>-c,--gecos</option> GECOS</"
-"optional>"
+"optional> <optional><option>-x,--certificate</option> BASE64 ENCODED "
+"CERTIFICATE</optional>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:63
-msgid "Override attributes of an user."
+#: sss_override.8.xml:72
+msgid ""
+"Override attributes of an user. Please be aware that calling this command "
+"will replace any previous override for the (NAMEd) user."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:69
+#: sss_override.8.xml:80
#, fuzzy
#| msgid "<option>--delattr</option> <replaceable>ATTR_NAME_VAL</replaceable>"
msgid "<option>user-del</option> <emphasis>NAME</emphasis>"
@@ -10300,29 +10826,65 @@ msgstr ""
"<option>--delattr</option> <replaceable>ПАРА_АТРИБУТ-ЗНАЧЕННЯ</replaceable>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:74
-msgid "Remove user overrides."
+#: sss_override.8.xml:85
+msgid ""
+"Remove user overrides. However be aware that overridden attributes might be "
+"returned from memory cache. Please see SSSD option "
+"<emphasis>memcache_timeout</emphasis> for more details."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:94
+#, fuzzy
+#| msgid ""
+#| "<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
+#| "replaceable>"
+msgid ""
+"<option>user-find</option> <optional><option>-d,--domain</option> DOMAIN</"
+"optional>"
+msgstr ""
+"<option>-d</option>,<option>--domain</option> <replaceable>ДОМЕН</"
+"replaceable>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:99
+msgid ""
+"List all users with set overrides. If <emphasis>DOMAIN</emphasis> parameter "
+"is set, only users from the domain are listed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:80
+#: sss_override.8.xml:107
+#, fuzzy
+#| msgid "<option>--setattr</option> <replaceable>ATTR_NAME_VAL</replaceable>"
+msgid "<option>user-show</option> <emphasis>NAME</emphasis>"
+msgstr ""
+"<option>--setattr</option> <replaceable>ПАРА_АТРИБУТ-ЗНАЧЕННЯ</replaceable>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:112
+msgid "Show user overrides."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:118
msgid "<option>user-import</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:85
+#: sss_override.8.xml:123
msgid ""
"Import user overrides from <emphasis>FILE</emphasis>. Data format is "
"similar to standard passwd file. The format is:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:90
-msgid "original_name:name:uid:gid:gecos:home:shell"
+#: sss_override.8.xml:128
+msgid "original_name:name:uid:gid:gecos:home:shell:base64_encoded_certificate"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:93
+#: sss_override.8.xml:131
msgid ""
"where original_name is original name of the user whose attributes should be "
"overridden. The rest of fields correspond to new values. You can omit a "
@@ -10330,29 +10892,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:102
+#: sss_override.8.xml:140
msgid "ckent:superman::::::"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:105
-msgid "ckent@krypton.com::501:501:Superman:/home/earth:/bin/bash"
+#: sss_override.8.xml:143
+msgid "ckent@krypton.com::501:501:Superman:/home/earth:/bin/bash:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:111
+#: sss_override.8.xml:149
msgid "<option>user-export</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:116
+#: sss_override.8.xml:154
msgid ""
"Export all overridden attributes and store them in <emphasis>FILE</"
"emphasis>. See <emphasis>user-import</emphasis> for data format."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:124
+#: sss_override.8.xml:162
msgid ""
"<option>group-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--"
"name</option> NAME</optional> <optional><option>-g,--gid</option> GID</"
@@ -10360,14 +10922,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:131
-#, fuzzy
-#| msgid "print properties of a group"
-msgid "Override attributes of a group."
-msgstr "показ параметрів групи"
+#: sss_override.8.xml:169
+msgid ""
+"Override attributes of a group. Please be aware that calling this command "
+"will replace any previous override for the (NAMEd) group."
+msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:137
+#: sss_override.8.xml:177
#, fuzzy
#| msgid "<option>--delattr</option> <replaceable>ATTR_NAME_VAL</replaceable>"
msgid "<option>group-del</option> <emphasis>NAME</emphasis>"
@@ -10375,29 +10937,62 @@ msgstr ""
"<option>--delattr</option> <replaceable>ПАРА_АТРИБУТ-ЗНАЧЕННЯ</replaceable>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:142
-msgid "Remove group overrides."
+#: sss_override.8.xml:182
+msgid ""
+"Remove group overrides. However be aware that overridden attributes might be "
+"returned from memory cache. Please see SSSD option "
+"<emphasis>memcache_timeout</emphasis> for more details."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:191
+#, fuzzy
+#| msgid ""
+#| "<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
+#| "replaceable>"
+msgid ""
+"<option>group-find</option> <optional><option>-d,--domain</option> DOMAIN</"
+"optional>"
+msgstr ""
+"<option>-d</option>,<option>--domain</option> <replaceable>ДОМЕН</"
+"replaceable>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:196
+msgid ""
+"List all groups with set overrides. If <emphasis>DOMAIN</emphasis> "
+"parameter is set, only groups from the domain are listed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:204
+msgid "<option>group-show</option> <emphasis>NAME</emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:209
+msgid "Show group overrides."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:148
+#: sss_override.8.xml:215
msgid "<option>group-import</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:153
+#: sss_override.8.xml:220
msgid ""
"Import group overrides from <emphasis>FILE</emphasis>. Data format is "
"similar to standard group file. The format is:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:158
+#: sss_override.8.xml:225
msgid "original_name:name:gid"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:161
+#: sss_override.8.xml:228
msgid ""
"where original_name is original name of the group whose attributes should be "
"overridden. The rest of fields correspond to new values. You can omit a "
@@ -10405,43 +11000,43 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:170
+#: sss_override.8.xml:237
msgid "admins:administrators:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:173
+#: sss_override.8.xml:240
msgid "Domain Users:Users:501"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:179
+#: sss_override.8.xml:246
msgid "<option>group-export</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:184
+#: sss_override.8.xml:251
msgid ""
"Export all overridden attributes and store them in <emphasis>FILE</"
"emphasis>. See <emphasis>group-import</emphasis> for data format."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_override.8.xml:194
+#: sss_override.8.xml:261
#, fuzzy
#| msgid "SUDO OPTIONS"
msgid "COMMON OPTIONS"
msgstr "ПАРАМЕТРИ SUDO"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_override.8.xml:196
+#: sss_override.8.xml:263
#, fuzzy
#| msgid "This option is not available in IPA provider."
msgid "Those options are available with all commands."
msgstr "Цим параметром не можна скористатися у надавачі даних IPA."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:201
+#: sss_override.8.xml:268
#, fuzzy
#| msgid "<option>--delattr</option> <replaceable>ATTR_NAME_VAL</replaceable>"
msgid "<option>--debug</option> <replaceable>LEVEL</replaceable>"
@@ -11871,6 +12466,46 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_cache.8.xml:185
+#, fuzzy
+#| msgid ""
+#| "<option>-g</option>,<option>--group</option> <replaceable>group</"
+#| "replaceable>"
+msgid ""
+"<option>-r</option>,<option>--sudo-rule</option> <replaceable>rule</"
+"replaceable>"
+msgstr ""
+"<option>-g</option>,<option>--group</option> <replaceable>група</replaceable>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:190
+#, fuzzy
+#| msgid "Invalidate all cached entries except for sudo rules."
+msgid "Invalidate particular sudo rule."
+msgstr "Скасувати чинність усіх кешованих записів, окрім правил sudo."
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:196
+#, fuzzy
+#| msgid "<option>-R</option>,<option>--no-remove</option>"
+msgid "<option>-R</option>,<option>--sudo-rules</option>"
+msgstr "<option>-R</option>,<option>--no-remove</option>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:200
+#, fuzzy
+#| msgid ""
+#| "Invalidate all user records. This option overrides invalidation of "
+#| "specific user if it was also set."
+msgid ""
+"Invalidate all cached sudo rules. This option overrides invalidation of "
+"specific sudo rule if it was also set."
+msgstr ""
+"Скасувати визначення всіх записів. Цей параметр має вищий пріоритет за "
+"параметр скасування визначення для будь-якого користувача, якщо такий "
+"параметр вказано."
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:208
msgid ""
"<option>-d</option>,<option>--domain</option> <replaceable>domain</"
"replaceable>"
@@ -11879,7 +12514,7 @@ msgstr ""
"replaceable>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_cache.8.xml:190
+#: sss_cache.8.xml:213
msgid "Restrict invalidation process only to a particular domain."
msgstr "Обмежити процедуру скасування визначення лише певним доменом."
@@ -12473,13 +13108,22 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_ssh_authorizedkeys.1.xml:41
+#, fuzzy
+#| msgid ""
+#| "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</"
+#| "manvolnum></citerefentry> can be configured to use "
+#| "<command>sss_ssh_authorizedkeys</command> for public key user "
+#| "authentication if it is compiled with support for either "
+#| "<quote>AuthorizedKeysCommand</quote> or <quote>PubkeyAgent</quote> "
+#| "<citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</"
+#| "manvolnum></citerefentry> options."
msgid ""
"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
"citerefentry> can be configured to use <command>sss_ssh_authorizedkeys</"
"command> for public key user authentication if it is compiled with support "
-"for either <quote>AuthorizedKeysCommand</quote> or <quote>PubkeyAgent</"
-"quote> <citerefentry> <refentrytitle>sshd_config</refentrytitle> "
-"<manvolnum>5</manvolnum></citerefentry> options."
+"for <quote>AuthorizedKeysCommand</quote> option. Please refer to the "
+"<citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</"
+"manvolnum></citerefentry> man page for more details about this option."
msgstr ""
"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
"citerefentry> можна налаштувати на використання "
@@ -12490,7 +13134,7 @@ msgstr ""
"<quote>PubkeyAgent</quote>."
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sss_ssh_authorizedkeys.1.xml:58
+#: sss_ssh_authorizedkeys.1.xml:59
#, no-wrap
msgid ""
" AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n"
@@ -12500,7 +13144,7 @@ msgstr ""
" AuthorizedKeysCommandUser nobody\n"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:51
+#: sss_ssh_authorizedkeys.1.xml:52
msgid ""
"If <quote>AuthorizedKeysCommand</quote> is supported, "
"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
@@ -12516,31 +13160,8 @@ msgstr ""
"<manvolnum>5</manvolnum></citerefentry>: <placeholder type=\"programlisting"
"\" id=\"0\"/>"
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sss_ssh_authorizedkeys.1.xml:70
-#, no-wrap
-msgid "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n"
-msgstr "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n"
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:63
-msgid ""
-"If <quote>PubkeyAgent</quote> is supported, "
-"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
-"citerefentry> can be configured to use it by using the following directive "
-"for <citerefentry> <refentrytitle>sshd</refentrytitle> <manvolnum>8</"
-"manvolnum></citerefentry> configuration: <placeholder type=\"programlisting"
-"\" id=\"0\"/>"
-msgstr ""
-"Якщо передбачено підтримку <quote>PubkeyAgent</quote>, "
-"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
-"citerefentry> може бути налаштовано на використання ключів за допомогою "
-"такої інструкції <citerefentry> <refentrytitle>sshd</refentrytitle> "
-"<manvolnum>8</manvolnum></citerefentry>: <placeholder type=\"programlisting"
-"\" id=\"0\"/>"
-
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_ssh_authorizedkeys.1.xml:85
+#: sss_ssh_authorizedkeys.1.xml:75
msgid ""
"Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>."
msgstr ""
@@ -12548,12 +13169,12 @@ msgstr ""
"replaceable>."
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_ssh_authorizedkeys.1.xml:94 sss_ssh_knownhostsproxy.1.xml:92
+#: sss_ssh_authorizedkeys.1.xml:84 sss_ssh_knownhostsproxy.1.xml:92
msgid "EXIT STATUS"
msgstr "СТАН ВИХОДУ"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:96 sss_ssh_knownhostsproxy.1.xml:94
+#: sss_ssh_authorizedkeys.1.xml:86 sss_ssh_knownhostsproxy.1.xml:94
msgid ""
"In case of success, an exit value of 0 is returned. Otherwise, 1 is returned."
msgstr ""
@@ -13080,7 +13701,7 @@ msgstr ""
"меншим або рівним <quote>ldap_idmap_range_min</quote>"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:137 include/ldap_id_mapping.xml:189
+#: include/ldap_id_mapping.xml:137 include/ldap_id_mapping.xml:191
msgid "Default: 200000"
msgstr "Типове значення: 200000"
@@ -13149,17 +13770,23 @@ msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
#: include/ldap_id_mapping.xml:179
+#, fuzzy
+#| msgid ""
+#| "For example, if your most recently-added Active Directory user has "
+#| "objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, "
+#| "<quote>ldap_idmap_range_size</quote> must be at least 1107."
msgid ""
"For example, if your most recently-added Active Directory user has "
"objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, "
-"<quote>ldap_idmap_range_size</quote> must be at least 1107."
+"<quote>ldap_idmap_range_size</quote> must be at least 1108 as range size is "
+"equal to maximal SID minus minimal SID plus one (e.g. 1108 = 1107 - 0 + 1)."
msgstr ""
"Приклад: якщо найсвіжішим доданим користувачем Active Directory є користувач "
"з objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, "
"«ldap_idmap_range_size» повинне мати значення, яке є не меншим за 1107."
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:184
+#: include/ldap_id_mapping.xml:186
msgid ""
"It is important to plan ahead for future expansion, as changing this value "
"will result in changing all of the ID mappings on the system, leading to "
@@ -13171,12 +13798,12 @@ msgstr ""
"користувачів."
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:194
+#: include/ldap_id_mapping.xml:196
msgid "ldap_idmap_default_domain_sid (string)"
msgstr "ldap_idmap_default_domain_sid (рядок)"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:197
+#: include/ldap_id_mapping.xml:199
msgid ""
"Specify the domain SID of the default domain. This will guarantee that this "
"domain will always be assigned to slice zero in the ID map, bypassing the "
@@ -13187,22 +13814,22 @@ msgstr ""
"ідентифікаторів без використання алгоритму murmurhash описаного вище."
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:208
+#: include/ldap_id_mapping.xml:210
msgid "ldap_idmap_default_domain (string)"
msgstr "ldap_idmap_default_domain (рядок)"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:211
+#: include/ldap_id_mapping.xml:213
msgid "Specify the name of the default domain."
msgstr "Вказати назву типового домену."
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:219
+#: include/ldap_id_mapping.xml:221
msgid "ldap_idmap_autorid_compat (boolean)"
msgstr "ldap_idmap_autorid_compat (булеве значення)"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:222
+#: include/ldap_id_mapping.xml:224
msgid ""
"Changes the behavior of the ID-mapping algorithm to behave more similarly to "
"winbind's <quote>idmap_autorid</quote> algorithm."
@@ -13212,7 +13839,7 @@ msgstr ""
"<quote>idmap_autorid</quote> winbind."
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:227
+#: include/ldap_id_mapping.xml:229
msgid ""
"When this option is configured, domains will be allocated starting with "
"slice zero and increasing monatomically with each additional domain."
@@ -13221,7 +13848,7 @@ msgstr ""
"нульового зрізу з поступовим зростанням номерів на кожен додатковий домен."
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:232
+#: include/ldap_id_mapping.xml:234
msgid ""
"NOTE: This algorithm is non-deterministic (it depends on the order that "
"users and groups are requested). If this mode is required for compatibility "
@@ -13235,13 +13862,36 @@ msgstr ""
"<quote>ldap_idmap_default_domain_sid</quote> з метою гарантування "
"послідовного призначення принаймні одного домену до нульового зрізу."
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:249
+#, fuzzy
+#| msgid "ldap_idmap_range_size (integer)"
+msgid "ldap_idmap_helper_table_size (integer)"
+msgstr "ldap_idmap_range_size (ціле число)"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:252
+msgid ""
+"Maximal number of secondary slices that is tried when performing mapping "
+"from UNIX id to SID."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:256
+msgid ""
+"Note: Additional secondary slices might be generated when SID is being "
+"mapped to UNIX id and RID part of SID is out of range for secondary slices "
+"generated so far. If value of ldap_idmap_helper_table_size is equal to 0 "
+"then no additional secondary slices are generated."
+msgstr ""
+
#. type: Content of: <refsect1><refsect2><title>
-#: include/ldap_id_mapping.xml:251
+#: include/ldap_id_mapping.xml:273
msgid "Well-Known SIDs"
msgstr "Добре відомі SID"
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:253
+#: include/ldap_id_mapping.xml:275
msgid ""
"SSSD supports to look up the names of Well-Known SIDs, i.e. SIDs with a "
"special hardcoded meaning. Since the generic users and groups related to "
@@ -13255,7 +13905,7 @@ msgstr ""
"немає."
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:259
+#: include/ldap_id_mapping.xml:281
msgid ""
"The SID name space is organized in authorities which can be seen as "
"different domains. The authorities for the Well-Known SIDs are"
@@ -13264,37 +13914,37 @@ msgstr ""
"домени. Службами сертифікації для добре відомих (Well-Known) SID є"
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:262
+#: include/ldap_id_mapping.xml:284
msgid "Null Authority"
msgstr "Фіктивна служба сертифікації (Null Authority)"
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:263
+#: include/ldap_id_mapping.xml:285
msgid "World Authority"
msgstr "Загальна служба сертифікації (World Authority)"
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:264
+#: include/ldap_id_mapping.xml:286
msgid "Local Authority"
msgstr "Локальна служба сертифікації (Local Authority)"
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:265
+#: include/ldap_id_mapping.xml:287
msgid "Creator Authority"
msgstr "Авторська служба сертифікації (Creator Authority)"
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:266
+#: include/ldap_id_mapping.xml:288
msgid "NT Authority"
msgstr "Служба сертифікації NT (NT Authority)"
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:267
+#: include/ldap_id_mapping.xml:289
msgid "Built-in"
msgstr "Вбудована (Built-in)"
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:269
+#: include/ldap_id_mapping.xml:291
msgid ""
"The capitalized version of these names are used as domain names when "
"returning the fully qualified name of a Well-Known SID."
@@ -13303,7 +13953,7 @@ msgstr ""
"доменів для повернення повних назв добре відомих (Well-Known) SID."
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:273
+#: include/ldap_id_mapping.xml:295
msgid ""
"Since some utilities allow to modify SID based access control information "
"with the help of a name instead of using the SID directly SSSD supports to "
@@ -13834,6 +14484,27 @@ msgid "Default: /home"
msgstr "Типове значення: /home"
#~ msgid ""
+#~ "Specifies the comma-separated list of UID values or user names that are "
+#~ "allowed to access the PAM responder. User names are resolved to UIDs at "
+#~ "startup."
+#~ msgstr ""
+#~ "Визначає список значень UID або імен користувачів, відокремлених "
+#~ "комами. \n"
+#~ "Користувачам з цього списку буде дозволено доступ до відповідача PAM. UID "
+#~ "за \n"
+#~ "іменами користувачів визначатимуться під час запуску."
+
+#~ msgid ""
+#~ "If user is authenticating using SSH keys and account is expired then by "
+#~ "default 'Permission denied' is output. This output will be changed to "
+#~ "content of this variable if it is set."
+#~ msgstr ""
+#~ "Якщо користувач проходить розпізнавання за допомогою ключів SSH, а строк "
+#~ "дії облікового запису вичерпано, буде виведено типове повідомлення про "
+#~ "заборону доступу («Permission denied»). Це повідомлення буде змінено на "
+#~ "вміст змінної, якщо її значення буде встановлено."
+
+#~ msgid ""
#~ "Please note that the default values correspond to the default schema "
#~ "which is RFC2307."
#~ msgstr ""
@@ -13847,3 +14518,21 @@ msgstr "Типове значення: /home"
#~ msgstr ""
#~ "ЗАУВАЖЕННЯ: для цього параметра у поточній версії передбачено підтримку "
#~ "лише одного інтерфейсу."
+
+#~ msgid "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n"
+#~ msgstr "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n"
+
+#~ msgid ""
+#~ "If <quote>PubkeyAgent</quote> is supported, "
+#~ "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</"
+#~ "manvolnum></citerefentry> can be configured to use it by using the "
+#~ "following directive for <citerefentry> <refentrytitle>sshd</"
+#~ "refentrytitle> <manvolnum>8</manvolnum></citerefentry> configuration: "
+#~ "<placeholder type=\"programlisting\" id=\"0\"/>"
+#~ msgstr ""
+#~ "Якщо передбачено підтримку <quote>PubkeyAgent</quote>, "
+#~ "<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</"
+#~ "manvolnum></citerefentry> може бути налаштовано на використання ключів за "
+#~ "допомогою такої інструкції <citerefentry> <refentrytitle>sshd</"
+#~ "refentrytitle> <manvolnum>8</manvolnum></citerefentry>: <placeholder type="
+#~ "\"programlisting\" id=\"0\"/>"
diff --git a/src/man/po/zh_CN.po b/src/man/po/zh_CN.po
index debfd4624..1d7f9d244 100644
--- a/src/man/po/zh_CN.po
+++ b/src/man/po/zh_CN.po
@@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: sssd-docs 1.12.90\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2015-09-30 11:58+0200\n"
+"POT-Creation-Date: 2016-06-20 21:22+0200\n"
"PO-Revision-Date: 2014-06-04 02:04-0400\n"
"Last-Translator: jhrozek <jhrozek@redhat.com>\n"
"Language-Team: Chinese (China) (http://www.transifex.com/projects/p/sssd/"
@@ -18,7 +18,7 @@ msgstr ""
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=1; plural=0;\n"
-"X-Generator: Zanata 3.7.2\n"
+"X-Generator: Zanata 3.8.4\n"
#. type: Content of: <reference><title>
#: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5
@@ -61,7 +61,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:53
+#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:56
#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21
#: sssd-ad.5.xml:21 sssd-sudo.5.xml:21 sssd.8.xml:29 sss_obfuscate.8.xml:30
#: sss_override.8.xml:30 sss_useradd.8.xml:30 sssd-krb5.5.xml:21
@@ -80,11 +80,11 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:39 pam_sss.8.xml:60 sssd.8.xml:42 sss_obfuscate.8.xml:58
+#: sss_groupmod.8.xml:39 pam_sss.8.xml:63 sssd.8.xml:42 sss_obfuscate.8.xml:58
#: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
#: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
#: sss_cache.8.xml:38 sss_debuglevel.8.xml:38 sss_seed.8.xml:42
-#: sss_ssh_authorizedkeys.1.xml:76 sss_ssh_knownhostsproxy.1.xml:62
+#: sss_ssh_authorizedkeys.1.xml:66 sss_ssh_knownhostsproxy.1.xml:62
msgid "OPTIONS"
msgstr "选项"
@@ -221,113 +221,128 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:73
-msgid "debug_timestamps (bool)"
+msgid "debug (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:76
msgid ""
+"SSSD 1.14 and later also includes the <replaceable>debug</replaceable> alias "
+"for <replaceable>debug_level</replaceable> as a convenience feature. If both "
+"are specified, the value of <replaceable>debug_level</replaceable> will be "
+"used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:86
+msgid "debug_timestamps (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:89
+msgid ""
"Add a timestamp to the debug messages. If journald is enabled for SSSD "
"debug logging this option is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:81 sssd.conf.5.xml:605 sssd.conf.5.xml:1081
-#: sssd-ldap.5.xml:1647 sssd-ldap.5.xml:1744 sssd-ldap.5.xml:1806
-#: sssd-ldap.5.xml:2363 sssd-ldap.5.xml:2428 sssd-ldap.5.xml:2446
-#: sssd-ipa.5.xml:405 sssd-ipa.5.xml:440 sssd-ad.5.xml:166 sssd-ad.5.xml:264
-#: sssd-ad.5.xml:733 sssd-ad.5.xml:852 sssd-krb5.5.xml:499
+#: sssd.conf.5.xml:94 sssd.conf.5.xml:672 sssd.conf.5.xml:1207
+#: sssd-ldap.5.xml:1665 sssd-ldap.5.xml:1762 sssd-ldap.5.xml:1824
+#: sssd-ldap.5.xml:2381 sssd-ldap.5.xml:2446 sssd-ldap.5.xml:2464
+#: sssd-ipa.5.xml:405 sssd-ipa.5.xml:440 sssd-ad.5.xml:174 sssd-ad.5.xml:272
+#: sssd-ad.5.xml:809 sssd-ad.5.xml:928 sssd-krb5.5.xml:499
msgid "Default: true"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:86
+#: sssd.conf.5.xml:99
msgid "debug_microseconds (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:89
+#: sssd.conf.5.xml:102
msgid ""
"Add microseconds to the timestamp in debug messages. If journald is enabled "
"for SSSD debug logging this option is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:94 sssd.conf.5.xml:1035 sssd.conf.5.xml:2164
-#: sssd-ldap.5.xml:692 sssd-ldap.5.xml:1521 sssd-ldap.5.xml:1540
-#: sssd-ldap.5.xml:1716 sssd-ldap.5.xml:2133 sssd-ipa.5.xml:139
+#: sssd.conf.5.xml:107 sssd.conf.5.xml:1161 sssd.conf.5.xml:2456
+#: sssd-ldap.5.xml:692 sssd-ldap.5.xml:1539 sssd-ldap.5.xml:1558
+#: sssd-ldap.5.xml:1734 sssd-ldap.5.xml:2151 sssd-ipa.5.xml:139
#: sssd-ipa.5.xml:211 sssd-ipa.5.xml:542 sssd-krb5.5.xml:266
#: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471
msgid "Default: false"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:67 sssd.conf.5.xml:105 sssd-ldap.5.xml:2171
+#: sssd.conf.5.xml:67 sssd.conf.5.xml:118 sssd-ldap.5.xml:2189
msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:103
+#: sssd.conf.5.xml:116
msgid "Options usable in SERVICE and DOMAIN sections"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:107
+#: sssd.conf.5.xml:120
msgid "timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:110
+#: sssd.conf.5.xml:123
msgid ""
"Timeout in seconds between heartbeats for this service. This is used to "
"ensure that the process is alive and capable of answering requests."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:115 sssd.conf.5.xml:999 sssd-ldap.5.xml:1392
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:128 sssd.conf.5.xml:1125 sssd-ldap.5.xml:1410
+#: include/ldap_id_mapping.xml:264
msgid "Default: 10"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:125
+#: sssd.conf.5.xml:138
msgid "SPECIAL SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:128
+#: sssd.conf.5.xml:141
msgid "The [sssd] section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:137 sssd.conf.5.xml:2272
+#: sssd.conf.5.xml:150 sssd.conf.5.xml:2472
msgid "Section parameters"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:139
+#: sssd.conf.5.xml:152
msgid "config_file_version (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:142
+#: sssd.conf.5.xml:155
msgid ""
"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use "
"version 2."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:148
+#: sssd.conf.5.xml:161
msgid "services"
msgstr "服务"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:151
+#: sssd.conf.5.xml:164
msgid ""
"Comma separated list of services that are started when sssd itself starts."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:155
+#: sssd.conf.5.xml:168
msgid ""
"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> "
"<phrase condition=\"with_autofs\">, autofs</phrase> <phrase condition="
@@ -336,29 +351,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:165 sssd.conf.5.xml:390
+#: sssd.conf.5.xml:178 sssd.conf.5.xml:468
msgid "reconnection_retries (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:168 sssd.conf.5.xml:393
+#: sssd.conf.5.xml:181 sssd.conf.5.xml:471
msgid ""
"Number of times services should attempt to reconnect in the event of a Data "
"Provider crash or restart before they give up"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:173 sssd.conf.5.xml:398
+#: sssd.conf.5.xml:186 sssd.conf.5.xml:476
msgid "Default: 3"
msgstr "默认: 3"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:178
+#: sssd.conf.5.xml:191
msgid "domains"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:181
+#: sssd.conf.5.xml:194
msgid ""
"A domain is a database containing user information. SSSD can use more "
"domains at the same time, but at least one must be configured or SSSD won't "
@@ -368,19 +383,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:193 sssd.conf.5.xml:1947
+#: sssd.conf.5.xml:206 sssd.conf.5.xml:2105
msgid "re_expression (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:196
+#: sssd.conf.5.xml:209
msgid ""
"Default regular expression that describes how to parse the string containing "
"user name and domain into these components."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:201
+#: sssd.conf.5.xml:214
msgid ""
"Each domain can have an individual regular expression configured. For some "
"ID providers there are also default regular expressions. See DOMAIN "
@@ -388,12 +403,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:210 sssd.conf.5.xml:1998
+#: sssd.conf.5.xml:223 sssd.conf.5.xml:2156
msgid "full_name_format (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:213 sssd.conf.5.xml:2001
+#: sssd.conf.5.xml:226 sssd.conf.5.xml:2159
msgid ""
"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
"manvolnum> </citerefentry>-compatible format that describes how to compose a "
@@ -401,58 +416,58 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:224 sssd.conf.5.xml:2012
+#: sssd.conf.5.xml:237 sssd.conf.5.xml:2170
msgid "%1$s"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:225 sssd.conf.5.xml:2013
+#: sssd.conf.5.xml:238 sssd.conf.5.xml:2171
msgid "user name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:228 sssd.conf.5.xml:2016
+#: sssd.conf.5.xml:241 sssd.conf.5.xml:2174
msgid "%2$s"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:231 sssd.conf.5.xml:2019
+#: sssd.conf.5.xml:244 sssd.conf.5.xml:2177
msgid "domain name as specified in the SSSD config file."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:237 sssd.conf.5.xml:2025
+#: sssd.conf.5.xml:250 sssd.conf.5.xml:2183
msgid "%3$s"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:240 sssd.conf.5.xml:2028
+#: sssd.conf.5.xml:253 sssd.conf.5.xml:2186
msgid ""
"domain flat name. Mostly usable for Active Directory domains, both directly "
"configured or discovered via IPA trusts."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:221 sssd.conf.5.xml:2009
+#: sssd.conf.5.xml:234 sssd.conf.5.xml:2167
msgid ""
"The following expansions are supported: <placeholder type=\"variablelist\" "
"id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:250
+#: sssd.conf.5.xml:263
msgid ""
"Each domain can have an individual format string configured. see DOMAIN "
"SECTIONS for more info on this option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:256
+#: sssd.conf.5.xml:269
msgid "try_inotify (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:259
+#: sssd.conf.5.xml:272
msgid ""
"SSSD monitors the state of resolv.conf to identify when it needs to update "
"its internal DNS resolver. By default, we will attempt to use inotify for "
@@ -461,7 +476,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:267
+#: sssd.conf.5.xml:280
msgid ""
"There are some limited situations where it is preferred that we should skip "
"even trying to use inotify. In these rare cases, this option should be set "
@@ -469,69 +484,69 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:273
+#: sssd.conf.5.xml:286
msgid ""
"Default: true on platforms where inotify is supported. False on other "
"platforms."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:277
+#: sssd.conf.5.xml:290
msgid ""
"Note: this option will have no effect on platforms where inotify is "
"unavailable. On these platforms, polling will always be used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:284
+#: sssd.conf.5.xml:297
msgid "krb5_rcache_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:287
+#: sssd.conf.5.xml:300
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:291
+#: sssd.conf.5.xml:304
msgid ""
"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct "
"SSSD to let libkrb5 decide the appropriate location for the replay cache."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:297
+#: sssd.conf.5.xml:310
msgid ""
"Default: Distribution-specific and specified at build-time. "
"(__LIBKRB5_DEFAULTS__ if not configured)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:304
+#: sssd.conf.5.xml:317
msgid "user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:307
+#: sssd.conf.5.xml:320
msgid ""
"The user to drop the privileges to where appropriate to avoid running as the "
"root user."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:312
+#: sssd.conf.5.xml:325
msgid "Default: not set, process will run as root"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:317
+#: sssd.conf.5.xml:330
msgid "default_domain_suffix (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:320
+#: sssd.conf.5.xml:333
msgid ""
"This string will be used as a default domain name for all names without a "
"domain name component. The main use case is environments where the primary "
@@ -541,7 +556,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:330
+#: sssd.conf.5.xml:343
msgid ""
"Please note that if this option is set all users from the primary domain "
"have to use their fully qualified name, e.g. user@domain.name, to log in. "
@@ -551,20 +566,20 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:339 sssd-ldap.5.xml:663 sssd-ldap.5.xml:1480
-#: sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1574 sssd-ad.5.xml:576
-#: sssd-ad.5.xml:646 sssd-krb5.5.xml:410 sssd-krb5.5.xml:550
-#: include/ldap_id_mapping.xml:203 include/ldap_id_mapping.xml:214
+#: sssd.conf.5.xml:352 sssd-ldap.5.xml:663 sssd-ldap.5.xml:1498
+#: sssd-ldap.5.xml:1510 sssd-ldap.5.xml:1592 sssd-ad.5.xml:614
+#: sssd-ad.5.xml:689 sssd-krb5.5.xml:410 sssd-krb5.5.xml:550
+#: include/ldap_id_mapping.xml:205 include/ldap_id_mapping.xml:216
msgid "Default: not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:344
+#: sssd.conf.5.xml:357
msgid "override_space (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:347
+#: sssd.conf.5.xml:360
msgid ""
"This parameter will replace spaces (space bar) with the given character for "
"user and group names. e.g. (_). User name &quot;john doe&quot; will be "
@@ -574,7 +589,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:356
+#: sssd.conf.5.xml:369
msgid ""
"Please note it is a configuration error to use a replacement character that "
"might be used in user or group names. If a name contains the replacement "
@@ -583,12 +598,97 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:364
+#: sssd.conf.5.xml:377
msgid "Default: not set (spaces will not be replaced)"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:382
+msgid "certificate_verification (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:390
+msgid "no_ocsp"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:392
+msgid ""
+"Disables Online Certificate Status Protocol (OCSP) checks. This might be "
+"needed if the OCSP servers defined in the certificate are not reachable from "
+"the client."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:400
+msgid "no_verification"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:402
+msgid ""
+"Disables verification completely. This option should only be used for "
+"testing."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:408
+msgid "ocsp_default_responder=URL"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:410
+msgid ""
+"Sets the OCSP default responder which should be used instead of the one "
+"mentioned in the certificate. URL must be replaced with the URL of the OCSP "
+"default responder e.g. http://example.com:80/ocsp."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:416
+msgid ""
+"This option must be used together with ocsp_default_responder_signing_cert."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:424
+msgid "ocsp_default_responder_signing_cert=NAME"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:426
+msgid ""
+"The nickname of the cert to trust (expected) to sign the OCSP responses. "
+"The certificate with the given nickname must be availble in the systems NSS "
+"database."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:431
+msgid "This option must be used together with ocsp_default_responder."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:385
+msgid ""
+"With this parameter the certificate verification can be tuned with a comma "
+"separated list of options. Supported options are: <placeholder type="
+"\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:438
+msgid "Unknown options are reported but ignored."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:441
+msgid "Default: not set, i.e. do not restrict certificate vertification"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:130
+#: sssd.conf.5.xml:143
msgid ""
"Individual pieces of SSSD functionality are provided by special SSSD "
"services that are started and stopped together with SSSD. The services are "
@@ -599,12 +699,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:375
+#: sssd.conf.5.xml:453
msgid "SERVICES SECTIONS"
msgstr "服务部分"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:377
+#: sssd.conf.5.xml:455
msgid ""
"Settings that can be used to configure different services are described in "
"this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -613,22 +713,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:384
+#: sssd.conf.5.xml:462
msgid "General service configuration options"
msgstr "基本服务配置选项"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:386
+#: sssd.conf.5.xml:464
msgid "These options can be used to configure any service."
msgstr "这些选项可被用于配置任何服务。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:403
+#: sssd.conf.5.xml:481
msgid "fd_limit"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:406
+#: sssd.conf.5.xml:484
msgid ""
"This option specifies the maximum number of file descriptors that may be "
"opened at one time by this SSSD process. On systems where SSSD is granted "
@@ -638,17 +738,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:415
+#: sssd.conf.5.xml:493
msgid "Default: 8192 (or limits.conf \"hard\" limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:420
+#: sssd.conf.5.xml:498
msgid "client_idle_timeout"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:423
+#: sssd.conf.5.xml:501
msgid ""
"This option specifies the number of seconds that a client of an SSSD process "
"can hold onto a file descriptor without communicating on it. This value is "
@@ -656,19 +756,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:430 sssd.conf.5.xml:446 sssd.conf.5.xml:478
-#: sssd.conf.5.xml:736 sssd.conf.5.xml:922 sssd.conf.5.xml:1289
-#: sssd-ldap.5.xml:1219
+#: sssd.conf.5.xml:508 sssd.conf.5.xml:524 sssd.conf.5.xml:556
+#: sssd.conf.5.xml:803 sssd.conf.5.xml:995 sssd.conf.5.xml:1428
+#: sssd-ldap.5.xml:1237
msgid "Default: 60"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:435 sssd.conf.5.xml:1278
+#: sssd.conf.5.xml:513 sssd.conf.5.xml:1417
msgid "force_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:438 sssd.conf.5.xml:1281
+#: sssd.conf.5.xml:516 sssd.conf.5.xml:1420
msgid ""
"If a service is not responding to ping checks (see the <quote>timeout</"
"quote> option), it is first sent the SIGTERM signal that instructs it to "
@@ -678,12 +778,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:451
+#: sssd.conf.5.xml:529
msgid "offline_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:454
+#: sssd.conf.5.xml:532
msgid ""
"When SSSD switches to offline mode the amount of time before it tries to go "
"back online will increase based upon the time spent disconnected. This "
@@ -691,117 +791,65 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:461
+#: sssd.conf.5.xml:539
msgid "offline_timeout + random_offset"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:464
+#: sssd.conf.5.xml:542
msgid ""
"The random offset can increment up to 30 seconds. After each unsuccessful "
"attempt to go online, the new interval is recalculated by the following:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:469
+#: sssd.conf.5.xml:547
msgid "new_interval = old_interval*2 + random_offset"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:472
+#: sssd.conf.5.xml:550
msgid ""
"Note that the maximum length of each interval is currently limited to one "
"hour. If the calculated length of new_interval is greater than an hour, it "
"will be forced to one hour."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:483
-msgid "subdomain_inherit (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:486
-msgid ""
-"Specifies a list of configuration parameters that should be inherited by a "
-"subdomain. Please note that only selected parameters can be inherited. "
-"Currently the following options can be inherited:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:492
-msgid "ignore_group_members"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:495
-msgid "ldap_purge_cache_timeout"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:498 sssd-ldap.5.xml:1036
-msgid "ldap_use_tokengroups"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:501
-msgid "ldap_user_principal"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:506
-#, no-wrap
-msgid ""
-"subdomain_inherit = ldap_purge_cache_timeout\n"
-" "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:504
-msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:510 sssd.conf.5.xml:966 sssd.conf.5.xml:987
-#: sssd.conf.5.xml:1272 sssd-ldap.5.xml:1775
-msgid "Default: none"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:518
+#: sssd.conf.5.xml:564
msgid "NSS configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:520
+#: sssd.conf.5.xml:566
msgid ""
"These options can be used to configure the Name Service Switch (NSS) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:525
+#: sssd.conf.5.xml:571
msgid "enum_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:528
+#: sssd.conf.5.xml:574
msgid ""
"How many seconds should nss_sss cache enumerations (requests for info about "
"all users)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:532
+#: sssd.conf.5.xml:578
msgid "Default: 120"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:537
+#: sssd.conf.5.xml:583
msgid "entry_cache_nowait_percentage (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
+#: sssd.conf.5.xml:586
msgid ""
"The entry cache can be set to automatically update entries in the background "
"if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -809,7 +857,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:546
+#: sssd.conf.5.xml:592
msgid ""
"For example, if the domain's entry_cache_timeout is set to 30s and "
"entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -819,7 +867,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:556
+#: sssd.conf.5.xml:602
msgid ""
"Valid values for this option are 0-99 and represent a percentage of the "
"entry_cache_timeout for each domain. For performance reasons, this "
@@ -828,17 +876,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:564
+#: sssd.conf.5.xml:610
msgid "Default: 50"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:569
+#: sssd.conf.5.xml:615
msgid "entry_negative_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:572
+#: sssd.conf.5.xml:618
msgid ""
"Specifies for how many seconds nss_sss should cache negative cache hits "
"(that is, queries for invalid database entries, like nonexistent ones) "
@@ -846,60 +894,86 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:578 sssd.conf.5.xml:1059
+#: sssd.conf.5.xml:624 sssd.conf.5.xml:1185
msgid "Default: 15"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:583
+#: sssd.conf.5.xml:629
+msgid "local_negative_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:632
+msgid ""
+"Specifies for how many seconds nss_sss should keep local users and groups in "
+"negative cache before trying to look it up in the back end again."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:637 sssd.conf.5.xml:983 sssd.conf.5.xml:2406 sssd.8.xml:79
+msgid "Default: 0"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:642
msgid "filter_users, filter_groups (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:586
+#: sssd.conf.5.xml:645
msgid ""
-"Exclude certain users from being fetched from the sss NSS database. This is "
-"particularly useful for system accounts. This option can also be set per-"
-"domain or include fully-qualified names to filter only users from the "
-"particular domain."
+"Exclude certain users or groups from being fetched from the sss NSS "
+"database. This is particularly useful for system accounts. This option can "
+"also be set per-domain or include fully-qualified names to filter only users "
+"from the particular domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:593
+#: sssd.conf.5.xml:652
+msgid ""
+"NOTE: The filter_groups option doesn't affect inheritance of nested group "
+"members, since filtering happens after they are propagated for returning via "
+"NSS. E.g. a group having a member group filtered out will still have the "
+"member users of the latter listed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:660
msgid "Default: root"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:598
+#: sssd.conf.5.xml:665
msgid "filter_users_in_groups (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:601
+#: sssd.conf.5.xml:668
msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:612
+#: sssd.conf.5.xml:679
msgid "fallback_homedir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:615
+#: sssd.conf.5.xml:682
msgid ""
"Set a default template for a user's home directory if one is not specified "
"explicitly by the domain's data provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:620
+#: sssd.conf.5.xml:687
msgid ""
"The available values for this option are the same as for override_homedir."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:626
+#: sssd.conf.5.xml:693
#, no-wrap
msgid ""
"fallback_homedir = /home/%u\n"
@@ -907,23 +981,23 @@ msgid ""
msgstr ""
#. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:624 sssd.conf.5.xml:981 sssd-krb5.5.xml:533
-#: include/override_homedir.xml:55
+#: sssd.conf.5.xml:691 sssd.conf.5.xml:1062 sssd.conf.5.xml:1081
+#: sssd-krb5.5.xml:533 include/override_homedir.xml:55
msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:630
+#: sssd.conf.5.xml:697
msgid "Default: not set (no substitution for unset home directories)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:636
+#: sssd.conf.5.xml:703
msgid "override_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:639
+#: sssd.conf.5.xml:706
msgid ""
"Override the login shell for all users. This option supersedes any other "
"shell options if it takes effect and can be set either in the [nss] section "
@@ -931,47 +1005,47 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:645
+#: sssd.conf.5.xml:712
msgid "Default: not set (SSSD will use the value retrieved from LDAP)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:651
+#: sssd.conf.5.xml:718
msgid "allowed_shells (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:654
+#: sssd.conf.5.xml:721
msgid ""
"Restrict user shell to one of the listed values. The order of evaluation is:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:657
+#: sssd.conf.5.xml:724
msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:661
+#: sssd.conf.5.xml:728
msgid ""
"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
"quote>, use the value of the shell_fallback parameter."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:666
+#: sssd.conf.5.xml:733
msgid ""
"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
"shells</quote>, a nologin shell is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:671
+#: sssd.conf.5.xml:738
msgid "The wildcard (*) can be used to allow any shell."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:674
+#: sssd.conf.5.xml:741
msgid ""
"The (*) is useful if you want to use shell_fallback in case that user's "
"shell is not in <quote>/etc/shells</quote> and maintaining list of all "
@@ -979,103 +1053,110 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:681
+#: sssd.conf.5.xml:748
msgid "An empty string for shell is passed as-is to libc."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:684
+#: sssd.conf.5.xml:751
msgid ""
"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
"that a restart of the SSSD is required in case a new shell is installed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:688
+#: sssd.conf.5.xml:755
msgid "Default: Not set. The user shell is automatically used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:693
+#: sssd.conf.5.xml:760
msgid "vetoed_shells (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:696
+#: sssd.conf.5.xml:763
msgid "Replace any instance of these shells with the shell_fallback"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:701
+#: sssd.conf.5.xml:768
msgid "shell_fallback (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:704
+#: sssd.conf.5.xml:771
msgid ""
"The default shell to use if an allowed shell is not installed on the machine."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:708
+#: sssd.conf.5.xml:775
msgid "Default: /bin/sh"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:713
+#: sssd.conf.5.xml:780
msgid "default_shell"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:716
+#: sssd.conf.5.xml:783
msgid ""
"The default shell to use if the provider does not return one during lookup. "
"This option can be specified globally in the [nss] section or per-domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:722
+#: sssd.conf.5.xml:789
msgid ""
"Default: not set (Return NULL if no shell is specified and rely on libc to "
"substitute something sensible when necessary, usually /bin/sh)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:729 sssd.conf.5.xml:915
+#: sssd.conf.5.xml:796 sssd.conf.5.xml:988
msgid "get_domains_timeout (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:732 sssd.conf.5.xml:918
+#: sssd.conf.5.xml:799 sssd.conf.5.xml:991
msgid ""
"Specifies time in seconds for which the list of subdomains will be "
"considered valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:741
+#: sssd.conf.5.xml:808
msgid "memcache_timeout (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:744
+#: sssd.conf.5.xml:811
msgid ""
"Specifies time in seconds for which records in the in-memory cache will be "
-"valid"
+"valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:748 sssd-ldap.5.xml:706
+#: sssd.conf.5.xml:815 sssd.conf.5.xml:1299 sssd-ldap.5.xml:706
msgid "Default: 300"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:818
+msgid ""
+"NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", "
+"client applications will not use the fast in-memory cache."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:753 sssd-ifp.5.xml:74
+#: sssd.conf.5.xml:826 sssd-ifp.5.xml:74
msgid "user_attributes (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:829
msgid ""
"Some of the additional NSS responder requests can return more attributes "
"than just the POSIX ones defined by the NSS interface. The list of "
@@ -1086,72 +1167,72 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:769
+#: sssd.conf.5.xml:842
msgid ""
"To make configuration more easy the NSS responder will check the InfoPipe "
"option if it is not set for the NSS responder."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:774
+#: sssd.conf.5.xml:847
msgid "Default: not set, fallback to InfoPipe option"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:781
+#: sssd.conf.5.xml:854
msgid "PAM configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:856
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:788
+#: sssd.conf.5.xml:861
msgid "offline_credentials_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:791
+#: sssd.conf.5.xml:864
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:796 sssd.conf.5.xml:809
+#: sssd.conf.5.xml:869 sssd.conf.5.xml:882
msgid "Default: 0 (No limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:802
+#: sssd.conf.5.xml:875
msgid "offline_failed_login_attempts (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:805
+#: sssd.conf.5.xml:878
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:815
+#: sssd.conf.5.xml:888
msgid "offline_failed_login_delay (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:818
+#: sssd.conf.5.xml:891
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:823
+#: sssd.conf.5.xml:896
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -1159,59 +1240,59 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:829 sssd.conf.5.xml:882
+#: sssd.conf.5.xml:902 sssd.conf.5.xml:955
msgid "Default: 5"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:835
+#: sssd.conf.5.xml:908
msgid "pam_verbosity (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:838
+#: sssd.conf.5.xml:911
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:843
+#: sssd.conf.5.xml:916
msgid "Currently sssd supports the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:846
+#: sssd.conf.5.xml:919
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:849
+#: sssd.conf.5.xml:922
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:853
+#: sssd.conf.5.xml:926
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:856
+#: sssd.conf.5.xml:929
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:860 sssd.8.xml:63
+#: sssd.conf.5.xml:933 sssd.8.xml:63
msgid "Default: 1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:865
+#: sssd.conf.5.xml:938
msgid "pam_id_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:941
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -1219,7 +1300,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:874
+#: sssd.conf.5.xml:947
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
@@ -1228,17 +1309,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:888
+#: sssd.conf.5.xml:961
msgid "pam_pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:891 sssd.conf.5.xml:1492
+#: sssd.conf.5.xml:964 sssd.conf.5.xml:1631
msgid "Display a warning N days before the password expires."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:894
+#: sssd.conf.5.xml:967
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -1246,117 +1327,183 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:900 sssd.conf.5.xml:1495
+#: sssd.conf.5.xml:973 sssd.conf.5.xml:1634
msgid ""
"If zero is set, then this filter is not applied, i.e. if the expiration "
"warning was received from backend server, it will automatically be displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:905
+#: sssd.conf.5.xml:978
msgid ""
"This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
"emphasis> for a particular domain."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:910 sssd.conf.5.xml:2224 sssd.8.xml:79
-msgid "Default: 0"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:927
+#: sssd.conf.5.xml:1000
msgid "pam_trusted_users (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:930
+#: sssd.conf.5.xml:1003
msgid ""
"Specifies the comma-separated list of UID values or user names that are "
-"allowed to access the PAM responder. User names are resolved to UIDs at "
+"allowed to run PAM conversations against trusted domains. Users not "
+"included in this list can only access domains marked as public with "
+"<quote>pam_public_domains</quote>. User names are resolved to UIDs at "
"startup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:936
-msgid "Default: all (All users are allowed to access the PAM responder)"
+#: sssd.conf.5.xml:1013
+msgid "Default: All users are considered trusted by default"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940
+#: sssd.conf.5.xml:1017
msgid ""
"Please note that UID 0 is always allowed to access the PAM responder even in "
"case it is not in the pam_trusted_users list."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:947
+#: sssd.conf.5.xml:1024
msgid "pam_public_domains (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:950
+#: sssd.conf.5.xml:1027
msgid ""
"Specifies the comma-separated list of domain names that are accessible even "
"to untrusted users."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:954
+#: sssd.conf.5.xml:1031
msgid "Two special values for pam_public_domains option are defined:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:958
+#: sssd.conf.5.xml:1035
msgid ""
"all (Untrusted users are allowed to access all domains in PAM responder.)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:962
+#: sssd.conf.5.xml:1039
msgid ""
"none (Untrusted users are not allowed to access any domains PAM in "
"responder.)"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1043 sssd.conf.5.xml:1068 sssd.conf.5.xml:1087
+#: sssd.conf.5.xml:1411 sssd.conf.5.xml:2342 sssd-ldap.5.xml:1793
+msgid "Default: none"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:971
+#: sssd.conf.5.xml:1048
msgid "pam_account_expired_message (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:974
+#: sssd.conf.5.xml:1051
msgid ""
-"If user is authenticating using SSH keys and account is expired then by "
-"default 'Permission denied' is output. This output will be changed to "
-"content of this variable if it is set."
+"Allows a custom expiration message to be set, replacing the default "
+"'Permission denied' message."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1056
+msgid ""
+"Note: Please be aware that message is only printed for the SSH service "
+"unless pam_verbostiy is set to 3 (show all messages and debug information)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:983
+#: sssd.conf.5.xml:1064
#, no-wrap
msgid ""
-"pam_account_expired_message = Account expired, please call help desk.\n"
+"pam_account_expired_message = Account expired, please contact help desk.\n"
" "
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:992
+#: sssd.conf.5.xml:1073
+msgid "pam_account_locked_message (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1076
+msgid ""
+"Allows a custom lockout message to be set, replacing the default 'Permission "
+"denied' message."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd.conf.5.xml:1083
+#, no-wrap
+msgid ""
+"pam_account_locked_message = Account locked, please contact help desk.\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1092
+msgid "pam_cert_auth (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1095
+msgid ""
+"Enable certificate based Smartcard authentication. Since this requires "
+"additional communication with the Smartcard which will delay the "
+"authentication process this option is disabled by default."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1101 sssd-ldap.5.xml:1021 sssd-ldap.5.xml:1048
+#: sssd-ldap.5.xml:1339 sssd-ldap.5.xml:1360 sssd-ldap.5.xml:1866
+#: include/ldap_id_mapping.xml:244
+msgid "Default: False"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1106
+msgid "pam_cert_db_path (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1109
+msgid ""
+"The path to the certificate database which contain the PKCS#11 modules to "
+"access the Smartcard."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1113
+msgid "Default: /etc/pki/nssdb (NSS version)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1118
msgid "p11_child_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:995
+#: sssd.conf.5.xml:1121
msgid "How many seconds will pam_sss wait for p11_child to finish."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1008
+#: sssd.conf.5.xml:1134
msgid "SUDO configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1010
+#: sssd.conf.5.xml:1136
msgid ""
"These options can be used to configure the sudo service. The detailed "
"instructions for configuration of <citerefentry> <refentrytitle>sudo</"
@@ -1367,34 +1514,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1027
+#: sssd.conf.5.xml:1153
msgid "sudo_timed (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1030
+#: sssd.conf.5.xml:1156
msgid ""
"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
"that implement time-dependent sudoers entries."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1043
+#: sssd.conf.5.xml:1169
msgid "AUTOFS configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1045
+#: sssd.conf.5.xml:1171
msgid "These options can be used to configure the autofs service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1049
+#: sssd.conf.5.xml:1175
msgid "autofs_negative_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1052
+#: sssd.conf.5.xml:1178
msgid ""
"Specifies for how many seconds should the autofs responder negative cache "
"hits (that is, queries for invalid map entries, like nonexistent ones) "
@@ -1402,68 +1549,68 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1068
+#: sssd.conf.5.xml:1194
msgid "SSH configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1070
+#: sssd.conf.5.xml:1196
msgid "These options can be used to configure the SSH service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1074
+#: sssd.conf.5.xml:1200
msgid "ssh_hash_known_hosts (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1077
+#: sssd.conf.5.xml:1203
msgid ""
"Whether or not to hash host names and addresses in the managed known_hosts "
"file."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1086
+#: sssd.conf.5.xml:1212
msgid "ssh_known_hosts_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1089
+#: sssd.conf.5.xml:1215
msgid ""
"How many seconds to keep a host in the managed known_hosts file after its "
"host keys were requested."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1093
+#: sssd.conf.5.xml:1219
msgid "Default: 180"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1098
+#: sssd.conf.5.xml:1224
msgid "ca_db (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1101
+#: sssd.conf.5.xml:1227
msgid ""
"Path to a storage of trusted CA certificates. The option is used to validate "
"user certificates before deriving public ssh keys from them."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1106
+#: sssd.conf.5.xml:1232
msgid "Default: /etc/pki/nssdb"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1114
+#: sssd.conf.5.xml:1240
msgid "PAC responder configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1116
+#: sssd.conf.5.xml:1242
msgid ""
"The PAC responder works together with the authorization data plugin for MIT "
"Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the "
@@ -1475,7 +1622,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1125
+#: sssd.conf.5.xml:1251
msgid ""
"If the remote user does not exist in the cache, it is created. The uid is "
"determined with the help of the SID, trusted domains will have UPGs and the "
@@ -1486,24 +1633,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1133
+#: sssd.conf.5.xml:1259
msgid ""
"If there are SIDs of groups from domains sssd knows about, the user will be "
"added to those groups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1139
+#: sssd.conf.5.xml:1265
msgid "These options can be used to configure the PAC responder."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1143 sssd-ifp.5.xml:50
+#: sssd.conf.5.xml:1269 sssd-ifp.5.xml:50
msgid "allowed_uids (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1146
+#: sssd.conf.5.xml:1272
msgid ""
"Specifies the comma-separated list of UID values or user names that are "
"allowed to access the PAC responder. User names are resolved to UIDs at "
@@ -1511,12 +1658,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1152
+#: sssd.conf.5.xml:1278
msgid "Default: 0 (only the root user is allowed to access the PAC responder)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1156
+#: sssd.conf.5.xml:1282
msgid ""
"Please note that although the UID 0 is used as the default it will be "
"overwritten with this option. If you still want to allow the root user to "
@@ -1524,25 +1671,37 @@ msgid ""
"to the list of allowed UIDs as well."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1291
+msgid "pac_lifetime (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1294
+msgid ""
+"Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC "
+"data can be used to determine the group memberships of a user."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1170
+#: sssd.conf.5.xml:1309
msgid "DOMAIN SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1177
+#: sssd.conf.5.xml:1316
msgid "min_id,max_id (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1180
+#: sssd.conf.5.xml:1319
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1185
+#: sssd.conf.5.xml:1324
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -1551,46 +1710,46 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1192
+#: sssd.conf.5.xml:1331
msgid ""
"These ID limits affect even saving entries to cache, not only returning them "
"by name or ID."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1196
+#: sssd.conf.5.xml:1335
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1202
+#: sssd.conf.5.xml:1341
msgid "enumerate (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1205
+#: sssd.conf.5.xml:1344
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1209
+#: sssd.conf.5.xml:1348
msgid "TRUE = Users and groups are enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1212
+#: sssd.conf.5.xml:1351
msgid "FALSE = No enumerations for this domain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1215 sssd.conf.5.xml:1447 sssd.conf.5.xml:1614
+#: sssd.conf.5.xml:1354 sssd.conf.5.xml:1586 sssd.conf.5.xml:1753
msgid "Default: FALSE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1218
+#: sssd.conf.5.xml:1357
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -1602,14 +1761,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1231
+#: sssd.conf.5.xml:1370
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1236
+#: sssd.conf.5.xml:1375
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -1618,39 +1777,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1244
+#: sssd.conf.5.xml:1383
msgid ""
"For the reasons cited above, enabling enumeration is not recommended, "
"especially in large environments."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1252
+#: sssd.conf.5.xml:1391
msgid "subdomain_enumerate (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1259
+#: sssd.conf.5.xml:1398
msgid "all"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1260
+#: sssd.conf.5.xml:1399
msgid "All discovered trusted domains will be enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1263
+#: sssd.conf.5.xml:1402
msgid "none"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1264
+#: sssd.conf.5.xml:1403
msgid "No discovered trusted domains will be enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1255
+#: sssd.conf.5.xml:1394
msgid ""
"Whether any of autodetected trusted domains should be enumerated. The "
"supported values are: <placeholder type=\"variablelist\" id=\"0\"/> "
@@ -1659,19 +1818,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1295
+#: sssd.conf.5.xml:1434
msgid "entry_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1298
+#: sssd.conf.5.xml:1437
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1302
+#: sssd.conf.5.xml:1441
msgid ""
"The cache expiration timestamps are stored as attributes of individual "
"objects in the cache. Therefore, changing the cache timeout only has effect "
@@ -1682,151 +1841,151 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1315
+#: sssd.conf.5.xml:1454
msgid "Default: 5400"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1321
+#: sssd.conf.5.xml:1460
msgid "entry_cache_user_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1324
+#: sssd.conf.5.xml:1463
msgid ""
"How many seconds should nss_sss consider user entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1328 sssd.conf.5.xml:1341 sssd.conf.5.xml:1354
-#: sssd.conf.5.xml:1367 sssd.conf.5.xml:1380 sssd.conf.5.xml:1394
-#: sssd.conf.5.xml:1408
+#: sssd.conf.5.xml:1467 sssd.conf.5.xml:1480 sssd.conf.5.xml:1493
+#: sssd.conf.5.xml:1506 sssd.conf.5.xml:1519 sssd.conf.5.xml:1533
+#: sssd.conf.5.xml:1547
msgid "Default: entry_cache_timeout"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1334
+#: sssd.conf.5.xml:1473
msgid "entry_cache_group_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1337
+#: sssd.conf.5.xml:1476
msgid ""
"How many seconds should nss_sss consider group entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1347
+#: sssd.conf.5.xml:1486
msgid "entry_cache_netgroup_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1350
+#: sssd.conf.5.xml:1489
msgid ""
"How many seconds should nss_sss consider netgroup entries valid before "
"asking the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1360
+#: sssd.conf.5.xml:1499
msgid "entry_cache_service_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1363
+#: sssd.conf.5.xml:1502
msgid ""
"How many seconds should nss_sss consider service entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1373
+#: sssd.conf.5.xml:1512
msgid "entry_cache_sudo_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1376
+#: sssd.conf.5.xml:1515
msgid ""
"How many seconds should sudo consider rules valid before asking the backend "
"again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1386
+#: sssd.conf.5.xml:1525
msgid "entry_cache_autofs_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1389
+#: sssd.conf.5.xml:1528
msgid ""
"How many seconds should the autofs service consider automounter maps valid "
"before asking the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1400
+#: sssd.conf.5.xml:1539
msgid "entry_cache_ssh_host_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1403
+#: sssd.conf.5.xml:1542
msgid ""
"How many seconds to keep a host ssh key after refresh. IE how long to cache "
"the host key for."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1414
+#: sssd.conf.5.xml:1553
msgid "refresh_expired_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1417
+#: sssd.conf.5.xml:1556
msgid ""
"Specifies how many seconds SSSD has to wait before triggering a background "
"refresh task which will refresh all expired or nearly expired records."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1422
+#: sssd.conf.5.xml:1561
msgid ""
"The background refresh will process users, groups and netgroups in the cache."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1426
+#: sssd.conf.5.xml:1565
msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1430 sssd-ldap.5.xml:730 sssd-ipa.5.xml:227
+#: sssd.conf.5.xml:1569 sssd-ldap.5.xml:730 sssd-ipa.5.xml:227
msgid "Default: 0 (disabled)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1436
+#: sssd.conf.5.xml:1575
msgid "cache_credentials (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1439
+#: sssd.conf.5.xml:1578
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1443
+#: sssd.conf.5.xml:1582
msgid "User credentials are stored in a SHA512 hash, not in plaintext"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1453
+#: sssd.conf.5.xml:1592
msgid "cache_credentials_minimal_first_factor_length (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1456
+#: sssd.conf.5.xml:1595
msgid ""
"If 2-Factor-Authentication (2FA) is used and credentials should be saved "
"this value determines the minimal length the first authentication factor "
@@ -1834,24 +1993,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1463
+#: sssd.conf.5.xml:1602
msgid ""
"This should avoid that the short PINs of a PIN based 2FA scheme are saved in "
"the cache which would make them easy targets for brute-force attacks."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1468
+#: sssd.conf.5.xml:1607
msgid "Default: 8"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1474
+#: sssd.conf.5.xml:1613
msgid "account_cache_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1477
+#: sssd.conf.5.xml:1616
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -1860,17 +2019,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1484
+#: sssd.conf.5.xml:1623
msgid "Default: 0 (unlimited)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1489
+#: sssd.conf.5.xml:1628
msgid "pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1500
+#: sssd.conf.5.xml:1639
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -1879,33 +2038,33 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1507
+#: sssd.conf.5.xml:1646
msgid "Default: 7 (Kerberos), 0 (LDAP)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1513
+#: sssd.conf.5.xml:1652
msgid "id_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1516
+#: sssd.conf.5.xml:1655
msgid ""
"The identification provider used for the domain. Supported ID providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1520
+#: sssd.conf.5.xml:1659
msgid "<quote>proxy</quote>: Support a legacy NSS provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1523 sssd.conf.5.xml:1660
+#: sssd.conf.5.xml:1662 sssd.conf.5.xml:1799
msgid "<quote>local</quote>: SSSD internal provider for local users"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1527
+#: sssd.conf.5.xml:1666
msgid ""
"<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-"
"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
@@ -1913,8 +2072,8 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1535 sssd.conf.5.xml:1640 sssd.conf.5.xml:1695
-#: sssd.conf.5.xml:1748
+#: sssd.conf.5.xml:1674 sssd.conf.5.xml:1779 sssd.conf.5.xml:1834
+#: sssd.conf.5.xml:1897
msgid ""
"<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management "
"provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
@@ -1923,8 +2082,8 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1544 sssd.conf.5.xml:1649 sssd.conf.5.xml:1704
-#: sssd.conf.5.xml:1757
+#: sssd.conf.5.xml:1683 sssd.conf.5.xml:1788 sssd.conf.5.xml:1843
+#: sssd.conf.5.xml:1906
msgid ""
"<quote>ad</quote>: Active Directory provider. See <citerefentry> "
"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1932,19 +2091,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1555
+#: sssd.conf.5.xml:1694
msgid "use_fully_qualified_names (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1558
+#: sssd.conf.5.xml:1697
msgid ""
"Use the full name and domain (as formatted by the domain's full_name_format) "
"as the user's login name reported to NSS."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1563
+#: sssd.conf.5.xml:1702
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -1953,7 +2112,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1571
+#: sssd.conf.5.xml:1710
msgid ""
"NOTE: This option has no effect on netgroup lookups due to their tendency to "
"include nested netgroups without qualified names. For netgroups, all domains "
@@ -1961,22 +2120,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1578
+#: sssd.conf.5.xml:1717
msgid "Default: FALSE (TRUE if default_domain_suffix is used)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1584
+#: sssd.conf.5.xml:1723
msgid "ignore_group_members (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1587
+#: sssd.conf.5.xml:1726
msgid "Do not return group members for group lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1590
+#: sssd.conf.5.xml:1729
msgid ""
"If set to TRUE, the group membership attribute is not requested from the "
"ldap server, and group members are not returned when processing group lookup "
@@ -1988,7 +2147,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1608
+#: sssd.conf.5.xml:1747
msgid ""
"Enabling this option can also make access provider checks for group "
"membership significantly faster, especially for groups containing many "
@@ -1996,19 +2155,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1619
+#: sssd.conf.5.xml:1758
msgid "auth_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1622
+#: sssd.conf.5.xml:1761
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1626 sssd.conf.5.xml:1688
+#: sssd.conf.5.xml:1765 sssd.conf.5.xml:1827
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2016,7 +2175,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1633
+#: sssd.conf.5.xml:1772
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2024,30 +2183,30 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1657
+#: sssd.conf.5.xml:1796
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1664
+#: sssd.conf.5.xml:1803
msgid "<quote>none</quote> disables authentication explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1667
+#: sssd.conf.5.xml:1806
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1673
+#: sssd.conf.5.xml:1812
msgid "access_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1676
+#: sssd.conf.5.xml:1815
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -2055,19 +2214,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1682
+#: sssd.conf.5.xml:1821
msgid ""
"<quote>permit</quote> always allow access. It's the only permitted access "
"provider for a local domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1685
+#: sssd.conf.5.xml:1824
msgid "<quote>deny</quote> always deny access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1712
+#: sssd.conf.5.xml:1851
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -2076,24 +2235,37 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1719
+#: sssd.conf.5.xml:1858
+msgid ""
+"<quote>krb5</quote>: .k5login based access control. See <citerefentry> "
+"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></"
+"citerefentry> for more information on configuring Kerberos."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1865
+msgid "<quote>proxy</quote> for relaying access control to another PAM module."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1868
msgid "Default: <quote>permit</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1724
+#: sssd.conf.5.xml:1873
msgid "chpass_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1727
+#: sssd.conf.5.xml:1876
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1732
+#: sssd.conf.5.xml:1881
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -2101,7 +2273,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1740
+#: sssd.conf.5.xml:1889
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2109,35 +2281,35 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1765
+#: sssd.conf.5.xml:1914
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1769
+#: sssd.conf.5.xml:1918
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1772
+#: sssd.conf.5.xml:1921
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1779
+#: sssd.conf.5.xml:1928
msgid "sudo_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1782
+#: sssd.conf.5.xml:1931
msgid "The SUDO provider used for the domain. Supported SUDO providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1786
+#: sssd.conf.5.xml:1935
msgid ""
"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2145,32 +2317,32 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1794
+#: sssd.conf.5.xml:1943
msgid ""
"<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default "
"settings."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1798
+#: sssd.conf.5.xml:1947
msgid ""
"<quote>ad</quote> the same as <quote>ldap</quote> but with AD default "
"settings."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1802
+#: sssd.conf.5.xml:1951
msgid "<quote>none</quote> disables SUDO explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1805 sssd.conf.5.xml:1883 sssd.conf.5.xml:1915
-#: sssd.conf.5.xml:1940
+#: sssd.conf.5.xml:1954 sssd.conf.5.xml:2032 sssd.conf.5.xml:2073
+#: sssd.conf.5.xml:2098
msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1809
+#: sssd.conf.5.xml:1958
msgid ""
"The detailed instructions for configuration of sudo_provider are in the "
"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -2181,12 +2353,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1826
+#: sssd.conf.5.xml:1975
msgid "selinux_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1829
+#: sssd.conf.5.xml:1978
msgid ""
"The provider which should handle loading of selinux settings. Note that this "
"provider will be called right after access provider ends. Supported selinux "
@@ -2194,7 +2366,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1835
+#: sssd.conf.5.xml:1984
msgid ""
"<quote>ipa</quote> to load selinux settings from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2202,31 +2374,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1843
+#: sssd.conf.5.xml:1992
msgid "<quote>none</quote> disallows fetching selinux settings explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1846
+#: sssd.conf.5.xml:1995
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"selinux loading requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1852
+#: sssd.conf.5.xml:2001
msgid "subdomains_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1855
+#: sssd.conf.5.xml:2004
msgid ""
"The provider which should handle fetching of subdomains. This value should "
"be always the same as id_provider. Supported subdomain providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1861
+#: sssd.conf.5.xml:2010
msgid ""
"<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2234,7 +2406,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1870
+#: sssd.conf.5.xml:2019
msgid ""
"<quote>ad</quote> to load a list of subdomains from an Active Directory "
"server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> "
@@ -2243,23 +2415,23 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1879
+#: sssd.conf.5.xml:2028
msgid "<quote>none</quote> disallows fetching subdomains explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1890
+#: sssd.conf.5.xml:2039
msgid "autofs_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1893
+#: sssd.conf.5.xml:2042
msgid ""
"The autofs provider used for the domain. Supported autofs providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1897
+#: sssd.conf.5.xml:2046
msgid ""
"<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2267,7 +2439,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1904
+#: sssd.conf.5.xml:2053
msgid ""
"<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2275,24 +2447,32 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1912
+#: sssd.conf.5.xml:2061
+msgid ""
+"<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> "
+"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> for more information on configuring the AD provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2070
msgid "<quote>none</quote> disables autofs explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1922
+#: sssd.conf.5.xml:2080
msgid "hostid_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1925
+#: sssd.conf.5.xml:2083
msgid ""
"The provider used for retrieving host identity information. Supported "
"hostid providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1929
+#: sssd.conf.5.xml:2087
msgid ""
"<quote>ipa</quote> to load host identity stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2300,12 +2480,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1937
+#: sssd.conf.5.xml:2095
msgid "<quote>none</quote> disables hostid explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1950
+#: sssd.conf.5.xml:2108
msgid ""
"Regular expression for this domain that describes how to parse the string "
"containing user name and domain into these components. The \"domain\" can "
@@ -2315,7 +2495,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1959
+#: sssd.conf.5.xml:2117
msgid ""
"Default for the AD and IPA provider: <quote>(((?P&lt;domain&gt;[^\\\\]+)\\"
"\\(?P&lt;name&gt;.+$))|((?P&lt;name&gt;[^@]+)@(?P&lt;domain&gt;.+$))|(^(?"
@@ -2324,29 +2504,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1964
+#: sssd.conf.5.xml:2122
msgid "username"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1967
+#: sssd.conf.5.xml:2125
msgid "username@domain.name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1970
+#: sssd.conf.5.xml:2128
msgid "domain\\username"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1973
+#: sssd.conf.5.xml:2131
msgid ""
"While the first two correspond to the general default the third one is "
"introduced to allow easy integration of users from Windows domains."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1978
+#: sssd.conf.5.xml:2136
msgid ""
"Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
"which translates to \"the name is everything up to the <quote>@</quote> "
@@ -2354,7 +2534,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1984
+#: sssd.conf.5.xml:2142
msgid ""
"PLEASE NOTE: the support for non-unique named subpatterns is not available "
"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
@@ -2362,66 +2542,66 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1991
+#: sssd.conf.5.xml:2149
msgid ""
"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
"P&lt;name&gt;) to label subpatterns."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2038
+#: sssd.conf.5.xml:2196
msgid "Default: <quote>%1$s@%2$s</quote>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2044
+#: sssd.conf.5.xml:2202
msgid "lookup_family_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2047
+#: sssd.conf.5.xml:2205
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2051
+#: sssd.conf.5.xml:2209
msgid "Supported values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2054
+#: sssd.conf.5.xml:2212
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2057
+#: sssd.conf.5.xml:2215
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2060
+#: sssd.conf.5.xml:2218
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2063
+#: sssd.conf.5.xml:2221
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2066
+#: sssd.conf.5.xml:2224
msgid "Default: ipv4_first"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2072
+#: sssd.conf.5.xml:2230
msgid "dns_resolver_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2075
+#: sssd.conf.5.xml:2233
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -2429,70 +2609,70 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2081 sssd-ldap.5.xml:1203 sssd-ldap.5.xml:1245
-#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:248
+#: sssd.conf.5.xml:2239 sssd-ldap.5.xml:1221 sssd-ldap.5.xml:1263
+#: sssd-ldap.5.xml:1281 sssd-krb5.5.xml:248
msgid "Default: 6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2087
+#: sssd.conf.5.xml:2245
msgid "dns_discovery_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2090
+#: sssd.conf.5.xml:2248
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2094
+#: sssd.conf.5.xml:2252
msgid "Default: Use the domain part of machine's hostname"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2100
+#: sssd.conf.5.xml:2258
msgid "override_gid (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2103
+#: sssd.conf.5.xml:2261
msgid "Override the primary GID value with the one specified."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2109
+#: sssd.conf.5.xml:2267
msgid "case_sensitive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2117
+#: sssd.conf.5.xml:2275
msgid "True"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2120
+#: sssd.conf.5.xml:2278
msgid "Case sensitive. This value is invalid for AD provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2126
+#: sssd.conf.5.xml:2284
msgid "False"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2128
+#: sssd.conf.5.xml:2286
msgid "Case insensitive."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2132
+#: sssd.conf.5.xml:2290
msgid "Preserving"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2135
+#: sssd.conf.5.xml:2293
msgid ""
"Same as False (case insensitive), but does not lowercase names in the result "
"of NSS operations. Note that name aliases (and in case of services also "
@@ -2500,7 +2680,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2112
+#: sssd.conf.5.xml:2270
msgid ""
"Treat user and group names as case sensitive. At the moment, this option is "
"not supported in the local provider. Possible option values are: "
@@ -2508,41 +2688,85 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2147
+#: sssd.conf.5.xml:2305
msgid "Default: True (False for AD provider)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2153
-msgid "proxy_fast_alias (boolean)"
+#: sssd.conf.5.xml:2311
+msgid "subdomain_inherit (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2156
+#: sssd.conf.5.xml:2314
msgid ""
-"When a user or group is looked up by name in the proxy provider, a second "
-"lookup by ID is performed to \"canonicalize\" the name in case the requested "
-"name was an alias. Setting this option to true would cause the SSSD to "
-"perform the ID lookup from cache for performance reasons."
+"Specifies a list of configuration parameters that should be inherited by a "
+"subdomain. Please note that only selected parameters can be inherited. "
+"Currently the following options can be inherited:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2320
+msgid "ignore_group_members"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2323
+msgid "ldap_purge_cache_timeout"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2326 sssd-ldap.5.xml:1054
+msgid "ldap_use_tokengroups"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2329
+msgid "ldap_user_principal"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2332
+msgid ""
+"ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab "
+"is not set explicitly)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd.conf.5.xml:2338
+#, no-wrap
+msgid ""
+"subdomain_inherit = ldap_purge_cache_timeout\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2336
+msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2345
+msgid "Note: This option only works with the IPA and AD provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2170
+#: sssd.conf.5.xml:2352
msgid "subdomain_homedir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2181
+#: sssd.conf.5.xml:2363
msgid "%F"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2182
+#: sssd.conf.5.xml:2364
msgid "flat (NetBIOS) name of a subdomain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2173
+#: sssd.conf.5.xml:2355
msgid ""
"Use this homedir as default value for all subdomains within this domain in "
"IPA AD trust. See <emphasis>override_homedir</emphasis> for info about "
@@ -2552,34 +2776,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2187
+#: sssd.conf.5.xml:2369
msgid ""
"The value can be overridden by <emphasis>override_homedir</emphasis> option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2191
+#: sssd.conf.5.xml:2373
msgid "Default: <filename>/home/%d/%u</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2196
+#: sssd.conf.5.xml:2378
msgid "realmd_tags (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2199
+#: sssd.conf.5.xml:2381
msgid ""
"Various tags stored by the realmd configuration service for this domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2205
+#: sssd.conf.5.xml:2387
msgid "cached_auth_timeout (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2208
+#: sssd.conf.5.xml:2390
msgid ""
"Specifies time in seconds since last successful online authentication for "
"which user will be authenticated using cached credentials while SSSD is in "
@@ -2587,12 +2811,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2214
+#: sssd.conf.5.xml:2396
msgid "Special value 0 implies that this feature is disabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2218
+#: sssd.conf.5.xml:2400
msgid ""
"Please note that if <quote>cached_auth_timeout</quote> is longer than "
"<quote>pam_id_timeout</quote> then the back end could be called to handle "
@@ -2600,7 +2824,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1172
+#: sssd.conf.5.xml:1311
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -2608,49 +2832,63 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2236
+#: sssd.conf.5.xml:2418
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2239
+#: sssd.conf.5.xml:2421
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2242
+#: sssd.conf.5.xml:2424
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2250
+#: sssd.conf.5.xml:2432
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2253
+#: sssd.conf.5.xml:2435
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
"for example _nss_files_getpwent."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2445
+msgid "proxy_fast_alias (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2448
+msgid ""
+"When a user or group is looked up by name in the proxy provider, a second "
+"lookup by ID is performed to \"canonicalize\" the name in case the requested "
+"name was an alias. Setting this option to true would cause the SSSD to "
+"perform the ID lookup from cache for performance reasons."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2232
+#: sssd.conf.5.xml:2414
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2265
+#: sssd.conf.5.xml:2465
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2267
+#: sssd.conf.5.xml:2467
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -2658,73 +2896,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2274
+#: sssd.conf.5.xml:2474
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2277
+#: sssd.conf.5.xml:2477
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2281
+#: sssd.conf.5.xml:2481
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2286
+#: sssd.conf.5.xml:2486
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2289
+#: sssd.conf.5.xml:2489
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2294
+#: sssd.conf.5.xml:2494
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2299
+#: sssd.conf.5.xml:2499
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2302
+#: sssd.conf.5.xml:2502
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2306 sssd.conf.5.xml:2318
+#: sssd.conf.5.xml:2506 sssd.conf.5.xml:2518
msgid "Default: TRUE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2311
+#: sssd.conf.5.xml:2511
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2314
+#: sssd.conf.5.xml:2514
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2323
+#: sssd.conf.5.xml:2523
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2326
+#: sssd.conf.5.xml:2526
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -2732,17 +2970,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2334
+#: sssd.conf.5.xml:2534
msgid "Default: 077"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2339
+#: sssd.conf.5.xml:2539
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2342
+#: sssd.conf.5.xml:2542
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -2751,17 +2989,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2352
+#: sssd.conf.5.xml:2552
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2357
+#: sssd.conf.5.xml:2557
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2360
+#: sssd.conf.5.xml:2560
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -2769,17 +3007,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2367
+#: sssd.conf.5.xml:2567
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2372
+#: sssd.conf.5.xml:2572
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2375
+#: sssd.conf.5.xml:2575
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -2787,19 +3025,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2381
+#: sssd.conf.5.xml:2581
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:2391 sssd-ldap.5.xml:2611 sssd-simple.5.xml:131
-#: sssd-ipa.5.xml:717 sssd-ad.5.xml:889 sssd-krb5.5.xml:564
+#: sssd.conf.5.xml:2591 sssd-ldap.5.xml:2629 sssd-simple.5.xml:131
+#: sssd-ipa.5.xml:717 sssd-ad.5.xml:965 sssd-krb5.5.xml:564
#: sss_rpcidmapd.5.xml:98
msgid "EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:2397
+#: sssd.conf.5.xml:2597
#, no-wrap
msgid ""
"[sssd]\n"
@@ -2829,7 +3067,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2393
+#: sssd.conf.5.xml:2593
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -2875,7 +3113,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:88
+#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:89
#: sssd-krb5.5.xml:63 sssd-ifp.5.xml:44
msgid "CONFIGURATION OPTIONS"
msgstr ""
@@ -2975,8 +3213,8 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:646 sssd-ad.5.xml:212
-#: sss_override.8.xml:99 sss_override.8.xml:167
+#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:646 sssd-ad.5.xml:220
+#: sss_override.8.xml:137 sss_override.8.xml:234
msgid "Examples:"
msgstr ""
@@ -3265,14 +3503,14 @@ msgid "ldap_user_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:373 sssd-ldap.5.xml:914 sssd-ldap.5.xml:1119
+#: sssd-ldap.5.xml:373 sssd-ldap.5.xml:914 sssd-ldap.5.xml:1137
msgid ""
"The LDAP attribute that contains timestamp of the last modification of the "
"parent object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:377 sssd-ldap.5.xml:918 sssd-ldap.5.xml:1126
+#: sssd-ldap.5.xml:377 sssd-ldap.5.xml:918 sssd-ldap.5.xml:1144
msgid "Default: modifyTimestamp"
msgstr ""
@@ -3667,8 +3905,8 @@ msgid "The LDAP attribute that corresponds to the user's full name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:743 sssd-ldap.5.xml:850 sssd-ldap.5.xml:1077
-#: sssd-ldap.5.xml:1151 sssd-ldap.5.xml:2192 sssd-ipa.5.xml:590
+#: sssd-ldap.5.xml:743 sssd-ldap.5.xml:850 sssd-ldap.5.xml:1095
+#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:2210 sssd-ipa.5.xml:590
msgid "Default: cn"
msgstr ""
@@ -3872,19 +4110,36 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:945
-msgid "ldap_group_nesting_level (integer)"
+msgid "ldap_group_external_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:948
msgid ""
+"The LDAP attribute that references group members that are defined in an "
+"external domain. At the moment, only IPA's external members are supported."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:954
+msgid "Default: ipaExternalMember in the IPA provider, otherwise unset."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:961
+msgid "ldap_group_nesting_level (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:964
+msgid ""
"If ldap_schema is set to a schema format that supports nested groups (e.g. "
"RFC2307bis), then this option controls how many levels of nesting SSSD will "
"follow. This option has no effect on the RFC2307 schema."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:955
+#: sssd-ldap.5.xml:971
msgid ""
"Note: This option specifies the guaranteed level of nested groups to be "
"processed for any lookup. However, nested groups beyond this limit "
@@ -3894,26 +4149,27 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:964
+#: sssd-ldap.5.xml:980
msgid ""
"If ldap_group_nesting_level is set to 0 then no nested groups are processed "
-"at all. However, when connected to Active-Directory Server 2008 and later it "
-"is furthermore required to disable usage of Token-Groups by setting "
-"ldap_use_tokengroups to false."
+"at all. However, when connected to Active-Directory Server 2008 and later "
+"using <quote>id_provider=ad</quote> it is furthermore required to disable "
+"usage of Token-Groups by setting ldap_use_tokengroups to false in order to "
+"restrict group nesting."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:971
+#: sssd-ldap.5.xml:989
msgid "Default: 2"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:977
+#: sssd-ldap.5.xml:995
msgid "ldap_groups_use_matching_rule_in_chain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:980
+#: sssd-ldap.5.xml:998
msgid ""
"This option tells SSSD to take advantage of an Active Directory-specific "
"feature which may speed up group lookup operations on deployments with "
@@ -3921,14 +4177,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:986
+#: sssd-ldap.5.xml:1004
msgid ""
"In most common cases, it is best to leave this option disabled. It generally "
"only provides a performance increase on very complex nestings."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:991 sssd-ldap.5.xml:1018
+#: sssd-ldap.5.xml:1009 sssd-ldap.5.xml:1036
msgid ""
"If this option is enabled, SSSD will use it if it detects that the server "
"supports it during initial connection. So \"True\" here essentially means "
@@ -3936,7 +4192,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:997 sssd-ldap.5.xml:1024
+#: sssd-ldap.5.xml:1015 sssd-ldap.5.xml:1042
msgid ""
"Note: This feature is currently known to work only with Active Directory "
"2008 R1 and later. See <ulink url=\"http://msdn.microsoft.com/en-us/library/"
@@ -3944,19 +4200,13 @@ msgid ""
"for more details."
msgstr ""
-#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1003 sssd-ldap.5.xml:1030 sssd-ldap.5.xml:1321
-#: sssd-ldap.5.xml:1342 sssd-ldap.5.xml:1848 include/ldap_id_mapping.xml:242
-msgid "Default: False"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1009
+#: sssd-ldap.5.xml:1027
msgid "ldap_initgroups_use_matching_rule_in_chain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1012
+#: sssd-ldap.5.xml:1030
msgid ""
"This option tells SSSD to take advantage of an Active Directory-specific "
"feature which might speed up initgroups operations (most notably when "
@@ -3964,168 +4214,168 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1039
+#: sssd-ldap.5.xml:1057
msgid ""
"This options enables or disables use of Token-Groups attribute when "
"performing initgroup for users from Active Directory Server 2008 and later."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1044
+#: sssd-ldap.5.xml:1062
msgid "Default: True for AD and IPA otherwise False."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1050
+#: sssd-ldap.5.xml:1068
msgid "ldap_netgroup_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1053
+#: sssd-ldap.5.xml:1071
msgid "The object class of a netgroup entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1056
+#: sssd-ldap.5.xml:1074
msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1060
+#: sssd-ldap.5.xml:1078
msgid "Default: nisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1066
+#: sssd-ldap.5.xml:1084
msgid "ldap_netgroup_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1069
+#: sssd-ldap.5.xml:1087
msgid "The LDAP attribute that corresponds to the netgroup name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1073
+#: sssd-ldap.5.xml:1091
msgid "In IPA provider, ipa_netgroup_name should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1083
+#: sssd-ldap.5.xml:1101
msgid "ldap_netgroup_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1086
+#: sssd-ldap.5.xml:1104
msgid "The LDAP attribute that contains the names of the netgroup's members."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1090
+#: sssd-ldap.5.xml:1108
msgid "In IPA provider, ipa_netgroup_member should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1094
+#: sssd-ldap.5.xml:1112
msgid "Default: memberNisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1100
+#: sssd-ldap.5.xml:1118
msgid "ldap_netgroup_triple (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1103
+#: sssd-ldap.5.xml:1121
msgid ""
"The LDAP attribute that contains the (host, user, domain) netgroup triples."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1107 sssd-ldap.5.xml:1123
+#: sssd-ldap.5.xml:1125 sssd-ldap.5.xml:1141
msgid "This option is not available in IPA provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1110
+#: sssd-ldap.5.xml:1128
msgid "Default: nisNetgroupTriple"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1116
+#: sssd-ldap.5.xml:1134
msgid "ldap_netgroup_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1132
+#: sssd-ldap.5.xml:1150
msgid "ldap_service_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1135
+#: sssd-ldap.5.xml:1153
msgid "The object class of a service entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1138
+#: sssd-ldap.5.xml:1156
msgid "Default: ipService"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1144
+#: sssd-ldap.5.xml:1162
msgid "ldap_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1147
+#: sssd-ldap.5.xml:1165
msgid ""
"The LDAP attribute that contains the name of service attributes and their "
"aliases."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1157
+#: sssd-ldap.5.xml:1175
msgid "ldap_service_port (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1160
+#: sssd-ldap.5.xml:1178
msgid "The LDAP attribute that contains the port managed by this service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1164
+#: sssd-ldap.5.xml:1182
msgid "Default: ipServicePort"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1170
+#: sssd-ldap.5.xml:1188
msgid "ldap_service_proto (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1173
+#: sssd-ldap.5.xml:1191
msgid ""
"The LDAP attribute that contains the protocols understood by this service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1177
+#: sssd-ldap.5.xml:1195
msgid "Default: ipServiceProtocol"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1183
+#: sssd-ldap.5.xml:1201
msgid "ldap_service_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1188
+#: sssd-ldap.5.xml:1206
msgid "ldap_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1191
+#: sssd-ldap.5.xml:1209
msgid ""
"Specifies the timeout (in seconds) that ldap searches are allowed to run "
"before they are cancelled and cached results are returned (and offline mode "
@@ -4133,7 +4383,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1197
+#: sssd-ldap.5.xml:1215
msgid ""
"Note: this option is subject to change in future versions of the SSSD. It "
"will likely be replaced at some point by a series of timeouts for specific "
@@ -4141,12 +4391,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1209
+#: sssd-ldap.5.xml:1227
msgid "ldap_enumeration_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1212
+#: sssd-ldap.5.xml:1230
msgid ""
"Specifies the timeout (in seconds) that ldap searches for user and group "
"enumerations are allowed to run before they are cancelled and cached results "
@@ -4154,12 +4404,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1225
+#: sssd-ldap.5.xml:1243
msgid "ldap_network_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1228
+#: sssd-ldap.5.xml:1246
msgid ""
"Specifies the timeout (in seconds) after which the <citerefentry> "
"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
@@ -4170,12 +4420,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1251
+#: sssd-ldap.5.xml:1269
msgid "ldap_opt_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1254
+#: sssd-ldap.5.xml:1272
msgid ""
"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
"will abort if no response is received. Also controls the timeout when "
@@ -4184,12 +4434,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1269
+#: sssd-ldap.5.xml:1287
msgid "ldap_connection_expire_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1272
+#: sssd-ldap.5.xml:1290
msgid ""
"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
"maintained. After this time, the connection will be re-established. If used "
@@ -4198,34 +4448,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1280 sssd-ldap.5.xml:2349
+#: sssd-ldap.5.xml:1298 sssd-ldap.5.xml:2367
msgid "Default: 900 (15 minutes)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1286
+#: sssd-ldap.5.xml:1304
msgid "ldap_page_size (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1289
+#: sssd-ldap.5.xml:1307
msgid ""
"Specify the number of records to retrieve from LDAP in a single request. "
"Some LDAP servers enforce a maximum limit per-request."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1294
+#: sssd-ldap.5.xml:1312
msgid "Default: 1000"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1300
+#: sssd-ldap.5.xml:1318
msgid "ldap_disable_paging (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1303
+#: sssd-ldap.5.xml:1321
msgid ""
"Disable the LDAP paging control. This option should be used if the LDAP "
"server reports that it supports the LDAP paging control in its RootDSE but "
@@ -4233,14 +4483,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1309
+#: sssd-ldap.5.xml:1327
msgid ""
"Example: OpenLDAP servers with the paging control module installed on the "
"server but not enabled will report it in the RootDSE but be unable to use it."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1315
+#: sssd-ldap.5.xml:1333
msgid ""
"Example: 389 DS has a bug where it can only support a one paging control at "
"a time on a single connection. On busy clients, this can result in some "
@@ -4248,17 +4498,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1327
+#: sssd-ldap.5.xml:1345
msgid "ldap_disable_range_retrieval (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1330
+#: sssd-ldap.5.xml:1348
msgid "Disable Active Directory range retrieval."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1333
+#: sssd-ldap.5.xml:1351
msgid ""
"Active Directory limits the number of members to be retrieved in a single "
"lookup using the MaxValRange policy (which defaults to 1500 members). If a "
@@ -4268,12 +4518,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1348
+#: sssd-ldap.5.xml:1366
msgid "ldap_sasl_minssf (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1351
+#: sssd-ldap.5.xml:1369
msgid ""
"When communicating with an LDAP server using SASL, specify the minimum "
"security level necessary to establish the connection. The values of this "
@@ -4281,17 +4531,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1357
+#: sssd-ldap.5.xml:1375
msgid "Default: Use the system default (usually specified by ldap.conf)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1364
+#: sssd-ldap.5.xml:1382
msgid "ldap_deref_threshold (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1367
+#: sssd-ldap.5.xml:1385
msgid ""
"Specify the number of group members that must be missing from the internal "
"cache in order to trigger a dereference lookup. If less members are missing, "
@@ -4299,13 +4549,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1373
+#: sssd-ldap.5.xml:1391
msgid ""
"You can turn off dereference lookups completely by setting the value to 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1377
+#: sssd-ldap.5.xml:1395
msgid ""
"A dereference lookup is a means of fetching all group members in a single "
"LDAP call. Different LDAP servers may implement different dereference "
@@ -4314,7 +4564,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1385
+#: sssd-ldap.5.xml:1403
msgid ""
"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
"filter, then the dereference lookup performance enhancement will be disabled "
@@ -4322,26 +4572,26 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1398
+#: sssd-ldap.5.xml:1416
msgid "ldap_tls_reqcert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1401
+#: sssd-ldap.5.xml:1419
msgid ""
"Specifies what checks to perform on server certificates in a TLS session, if "
"any. It can be specified as one of the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1407
+#: sssd-ldap.5.xml:1425
msgid ""
"<emphasis>never</emphasis> = The client will not request or check any server "
"certificate."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1411
+#: sssd-ldap.5.xml:1429
msgid ""
"<emphasis>allow</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -4349,7 +4599,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1418
+#: sssd-ldap.5.xml:1436
msgid ""
"<emphasis>try</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -4357,7 +4607,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1424
+#: sssd-ldap.5.xml:1442
msgid ""
"<emphasis>demand</emphasis> = The server certificate is requested. If no "
"certificate is provided, or a bad certificate is provided, the session is "
@@ -4365,41 +4615,41 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1430
+#: sssd-ldap.5.xml:1448
msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1434
+#: sssd-ldap.5.xml:1452
msgid "Default: hard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1440
+#: sssd-ldap.5.xml:1458
msgid "ldap_tls_cacert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1443
+#: sssd-ldap.5.xml:1461
msgid ""
"Specifies the file that contains certificates for all of the Certificate "
"Authorities that <command>sssd</command> will recognize."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1448 sssd-ldap.5.xml:1466 sssd-ldap.5.xml:1507
+#: sssd-ldap.5.xml:1466 sssd-ldap.5.xml:1484 sssd-ldap.5.xml:1525
msgid ""
"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
"conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1455
+#: sssd-ldap.5.xml:1473
msgid "ldap_tls_cacertdir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1458
+#: sssd-ldap.5.xml:1476
msgid ""
"Specifies the path of a directory that contains Certificate Authority "
"certificates in separate individual files. Typically the file names need to "
@@ -4408,32 +4658,32 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1473
+#: sssd-ldap.5.xml:1491
msgid "ldap_tls_cert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1476
+#: sssd-ldap.5.xml:1494
msgid "Specifies the file that contains the certificate for the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1486
+#: sssd-ldap.5.xml:1504
msgid "ldap_tls_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1489
+#: sssd-ldap.5.xml:1507
msgid "Specifies the file that contains the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1498
+#: sssd-ldap.5.xml:1516
msgid "ldap_tls_cipher_suite (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1501
+#: sssd-ldap.5.xml:1519
msgid ""
"Specifies acceptable cipher suites. Typically this is a colon separated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -4441,24 +4691,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1514
+#: sssd-ldap.5.xml:1532
msgid "ldap_id_use_start_tls (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1517
+#: sssd-ldap.5.xml:1535
msgid ""
"Specifies that the id_provider connection must also use <systemitem class="
"\"protocol\">tls</systemitem> to protect the channel."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1527
+#: sssd-ldap.5.xml:1545
msgid "ldap_id_mapping (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1530
+#: sssd-ldap.5.xml:1548
msgid ""
"Specifies that SSSD should attempt to map user and group IDs from the "
"ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
@@ -4466,17 +4716,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1536
+#: sssd-ldap.5.xml:1554
msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1546
+#: sssd-ldap.5.xml:1564
msgid "ldap_min_id, ldap_max_id (interger)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1549
+#: sssd-ldap.5.xml:1567
msgid ""
"In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
"set to true the allowed ID range for ldap_user_uid_number and "
@@ -4487,29 +4737,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1561
+#: sssd-ldap.5.xml:1579
msgid "Default: not set (both options are set to 0)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1567
+#: sssd-ldap.5.xml:1585
msgid "ldap_sasl_mech (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1570
+#: sssd-ldap.5.xml:1588
msgid ""
"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
"supported."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1580
+#: sssd-ldap.5.xml:1598
msgid "ldap_sasl_authid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1583
+#: sssd-ldap.5.xml:1601
msgid ""
"Specify the SASL authorization id to use. When GSSAPI is used, this "
"represents the Kerberos principal used for authentication to the directory. "
@@ -4518,17 +4768,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1591
+#: sssd-ldap.5.xml:1609
msgid "Default: host/hostname@REALM"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1597
+#: sssd-ldap.5.xml:1615
msgid "ldap_sasl_realm (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1600
+#: sssd-ldap.5.xml:1618
msgid ""
"Specify the SASL realm to use. When not specified, this option defaults to "
"the value of krb5_realm. If the ldap_sasl_authid contains the realm as "
@@ -4536,49 +4786,49 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1606
+#: sssd-ldap.5.xml:1624
msgid "Default: the value of krb5_realm."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1612
+#: sssd-ldap.5.xml:1630
msgid "ldap_sasl_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1615
+#: sssd-ldap.5.xml:1633
msgid ""
"If set to true, the LDAP library would perform a reverse lookup to "
"canonicalize the host name during a SASL bind."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1620
+#: sssd-ldap.5.xml:1638
msgid "Default: false;"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1626
+#: sssd-ldap.5.xml:1644
msgid "ldap_krb5_keytab (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1629
+#: sssd-ldap.5.xml:1647
msgid "Specify the keytab to use when using SASL/GSSAPI."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1632
+#: sssd-ldap.5.xml:1650
msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1638
+#: sssd-ldap.5.xml:1656
msgid "ldap_krb5_init_creds (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1641
+#: sssd-ldap.5.xml:1659
msgid ""
"Specifies that the id_provider should init Kerberos credentials (TGT). This "
"action is performed only if SASL is used and the mechanism selected is "
@@ -4586,27 +4836,27 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1653
+#: sssd-ldap.5.xml:1671
msgid "ldap_krb5_ticket_lifetime (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1656
+#: sssd-ldap.5.xml:1674
msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1660 sssd-ad.5.xml:783
+#: sssd-ldap.5.xml:1678 sssd-ad.5.xml:859
msgid "Default: 86400 (24 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1666 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1684 sssd-krb5.5.xml:74
msgid "krb5_server, krb5_backup_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1669
+#: sssd-ldap.5.xml:1687
msgid ""
"Specifies the comma-separated list of IP addresses or hostnames of the "
"Kerberos servers to which SSSD should connect in the order of preference. "
@@ -4618,7 +4868,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1681 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1699 sssd-krb5.5.xml:89
msgid ""
"When using service discovery for KDC or kpasswd servers, SSSD first searches "
"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -4626,7 +4876,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1686 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1704 sssd-krb5.5.xml:94
msgid ""
"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
"While the legacy name is recognized for the time being, users are advised to "
@@ -4634,39 +4884,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1695 sssd-ipa.5.xml:415 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1713 sssd-ipa.5.xml:415 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1698
+#: sssd-ldap.5.xml:1716
msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1701
+#: sssd-ldap.5.xml:1719
msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1707 sssd-ipa.5.xml:430 sssd-krb5.5.xml:462
+#: sssd-ldap.5.xml:1725 sssd-ipa.5.xml:430 sssd-krb5.5.xml:462
msgid "krb5_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1710
+#: sssd-ldap.5.xml:1728
msgid ""
"Specifies if the host principal should be canonicalized when connecting to "
"LDAP server. This feature is available with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1722 sssd-krb5.5.xml:477
+#: sssd-ldap.5.xml:1740 sssd-krb5.5.xml:477
msgid "krb5_use_kdcinfo (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1725 sssd-krb5.5.xml:480
+#: sssd-ldap.5.xml:1743 sssd-krb5.5.xml:480
msgid ""
"Specifies if the SSSD should instruct the Kerberos libraries what realm and "
"which KDCs to use. This option is on by default, if you disable it, you need "
@@ -4676,7 +4926,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1736 sssd-krb5.5.xml:491
+#: sssd-ldap.5.xml:1754 sssd-krb5.5.xml:491
msgid ""
"See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
@@ -4684,26 +4934,26 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1750
+#: sssd-ldap.5.xml:1768
msgid "ldap_pwd_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1753
+#: sssd-ldap.5.xml:1771
msgid ""
"Select the policy to evaluate the password expiration on the client side. "
"The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1758
+#: sssd-ldap.5.xml:1776
msgid ""
"<emphasis>none</emphasis> - No evaluation on the client side. This option "
"cannot disable server-side password policies."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1763
+#: sssd-ldap.5.xml:1781
msgid ""
"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -4711,7 +4961,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1769
+#: sssd-ldap.5.xml:1787
msgid ""
"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
"to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -4719,31 +4969,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1778
+#: sssd-ldap.5.xml:1796
msgid ""
"<emphasis>Note</emphasis>: if a password policy is configured on server "
"side, it always takes precedence over policy set with this option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1786
+#: sssd-ldap.5.xml:1804
msgid "ldap_referrals (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1789
+#: sssd-ldap.5.xml:1807
msgid "Specifies whether automatic referral chasing should be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1793
+#: sssd-ldap.5.xml:1811
msgid ""
"Please note that sssd only supports referral chasing when it is compiled "
"with OpenLDAP version 2.4.13 or higher."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1798
+#: sssd-ldap.5.xml:1816
msgid ""
"Chasing referrals may incur a performance penalty in environments that use "
"them heavily, a notable example is Microsoft Active Directory. If your setup "
@@ -4752,56 +5002,56 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1812
+#: sssd-ldap.5.xml:1830
msgid "ldap_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1815
+#: sssd-ldap.5.xml:1833
msgid "Specifies the service name to use when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1819
+#: sssd-ldap.5.xml:1837
msgid "Default: ldap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1825
+#: sssd-ldap.5.xml:1843
msgid "ldap_chpass_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1828
+#: sssd-ldap.5.xml:1846
msgid ""
"Specifies the service name to use to find an LDAP server which allows "
"password changes when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1833
+#: sssd-ldap.5.xml:1851
msgid "Default: not set, i.e. service discovery is disabled"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1839
+#: sssd-ldap.5.xml:1857
msgid "ldap_chpass_update_last_change (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1842
+#: sssd-ldap.5.xml:1860
msgid ""
"Specifies whether to update the ldap_user_shadow_last_change attribute with "
"days since the Epoch after a password change operation."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1854
+#: sssd-ldap.5.xml:1872
msgid "ldap_access_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1857
+#: sssd-ldap.5.xml:1875
msgid ""
"If using access_provider = ldap and ldap_access_order = filter (default), "
"this option is mandatory. It specifies an LDAP search filter criteria that "
@@ -4817,12 +5067,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1877
+#: sssd-ldap.5.xml:1895
msgid "Example:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1880
+#: sssd-ldap.5.xml:1898
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -4831,14 +5081,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1884
+#: sssd-ldap.5.xml:1902
msgid ""
"This example means that access to this host is restricted to users whose "
"employeeType attribute is set to \"admin\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1889
+#: sssd-ldap.5.xml:1907
msgid ""
"Offline caching for this feature is limited to determining whether the "
"user's last online login was granted access permission. If they were granted "
@@ -4847,24 +5097,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1897 sssd-ldap.5.xml:1954
+#: sssd-ldap.5.xml:1915 sssd-ldap.5.xml:1972
msgid "Default: Empty"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1903
+#: sssd-ldap.5.xml:1921
msgid "ldap_account_expire_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1906
+#: sssd-ldap.5.xml:1924
msgid ""
"With this option a client side evaluation of access control attributes can "
"be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1910
+#: sssd-ldap.5.xml:1928
msgid ""
"Please note that it is always recommended to use server side access control, "
"i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -4872,19 +5122,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1917
+#: sssd-ldap.5.xml:1935
msgid "The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1920
+#: sssd-ldap.5.xml:1938
msgid ""
"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
"determine if the account is expired."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1925
+#: sssd-ldap.5.xml:1943
msgid ""
"<emphasis>ad</emphasis>: use the value of the 32bit field "
"ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -4893,7 +5143,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1932
+#: sssd-ldap.5.xml:1950
msgid ""
"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
"emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -4901,7 +5151,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1938
+#: sssd-ldap.5.xml:1956
msgid ""
"<emphasis>nds</emphasis>: the values of "
"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -4910,7 +5160,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1947
+#: sssd-ldap.5.xml:1965
msgid ""
"Please note that the ldap_access_order configuration option <emphasis>must</"
"emphasis> include <quote>expire</quote> in order for the "
@@ -4918,22 +5168,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1960
+#: sssd-ldap.5.xml:1978
msgid "ldap_access_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1963
+#: sssd-ldap.5.xml:1981
msgid "Comma separated list of access control options. Allowed values are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1967
+#: sssd-ldap.5.xml:1985
msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1970
+#: sssd-ldap.5.xml:1988
msgid ""
"<emphasis>lockout</emphasis>: use account locking. If set, this option "
"denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -4943,14 +5193,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1980
+#: sssd-ldap.5.xml:1998
msgid ""
"<emphasis> Please note that this option is superseded by the <quote>ppolicy</"
"quote> option and might be removed in a future release. </emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1987
+#: sssd-ldap.5.xml:2005
msgid ""
"<emphasis>ppolicy</emphasis>: use account locking. If set, this option "
"denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -4963,12 +5213,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2004
+#: sssd-ldap.5.xml:2022
msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2008
+#: sssd-ldap.5.xml:2026
msgid ""
"<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, "
"pwd_expire_policy_renew: </emphasis> These options are useful if users are "
@@ -4978,7 +5228,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2018
+#: sssd-ldap.5.xml:2036
msgid ""
"The difference between these options is the action taken if user password is "
"expired: pwd_expire_policy_reject - user is denied to log in, "
@@ -4988,49 +5238,49 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2026
+#: sssd-ldap.5.xml:2044
msgid ""
"Note If user password is expired no explicit message is prompted by SSSD."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2030
+#: sssd-ldap.5.xml:2048
msgid ""
"Please note that 'access_provider = ldap' must be set for this feature to "
"work. Also 'ldap_pwd_policy' must be set to an appropriate password policy."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2035
+#: sssd-ldap.5.xml:2053
msgid ""
"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
"to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2040
+#: sssd-ldap.5.xml:2058
msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2044
+#: sssd-ldap.5.xml:2062
msgid "Default: filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2047
+#: sssd-ldap.5.xml:2065
msgid ""
"Please note that it is a configuration error if a value is used more than "
"once."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2054
+#: sssd-ldap.5.xml:2072
msgid "ldap_pwdlockout_dn (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2057
+#: sssd-ldap.5.xml:2075
msgid ""
"This option specifies the DN of password policy entry on LDAP server. Please "
"note that absence of this option in sssd.conf in case of enabled account "
@@ -5039,74 +5289,74 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2065
+#: sssd-ldap.5.xml:2083
msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2068
+#: sssd-ldap.5.xml:2086
msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2074
+#: sssd-ldap.5.xml:2092
msgid "ldap_deref (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2077
+#: sssd-ldap.5.xml:2095
msgid ""
"Specifies how alias dereferencing is done when performing a search. The "
"following options are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2082
+#: sssd-ldap.5.xml:2100
msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2086
+#: sssd-ldap.5.xml:2104
msgid ""
"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
"the base object, but not in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2091
+#: sssd-ldap.5.xml:2109
msgid ""
"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
"the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2096
+#: sssd-ldap.5.xml:2114
msgid ""
"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
"in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2101
+#: sssd-ldap.5.xml:2119
msgid ""
"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
"client libraries)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2109
+#: sssd-ldap.5.xml:2127
msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2112
+#: sssd-ldap.5.xml:2130
msgid ""
"Allows to retain local users as members of an LDAP group for servers that "
"use the RFC2307 schema."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2116
+#: sssd-ldap.5.xml:2134
msgid ""
"In some environments where the RFC2307 schema is used, local users are made "
"members of LDAP groups by adding their names to the memberUid attribute. "
@@ -5117,7 +5367,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2127
+#: sssd-ldap.5.xml:2145
msgid ""
"This option falls back to checking if local users are referenced, and caches "
"them so that later initgroups() calls will augment the local users with the "
@@ -5125,24 +5375,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2139 sssd-ifp.5.xml:136
+#: sssd-ldap.5.xml:2157 sssd-ifp.5.xml:136
msgid "wildcart_limit (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2142
+#: sssd-ldap.5.xml:2160
msgid ""
"Specifies an upper limit on the number of entries that are downloaded during "
"a wildcard lookup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2146
+#: sssd-ldap.5.xml:2164
msgid "At the moment, only the InfoPipe responder supports wildcard lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2150
+#: sssd-ldap.5.xml:2168
msgid "Default: 1000 (often the size of one page)"
msgstr ""
@@ -5157,12 +5407,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2160
+#: sssd-ldap.5.xml:2178
msgid "SUDO OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2162
+#: sssd-ldap.5.xml:2180
msgid ""
"The detailed instructions for configuration of sudo_provider are in the "
"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -5170,208 +5420,208 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2173
+#: sssd-ldap.5.xml:2191
msgid "ldap_sudorule_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2176
+#: sssd-ldap.5.xml:2194
msgid "The object class of a sudo rule entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2179
+#: sssd-ldap.5.xml:2197
msgid "Default: sudoRole"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2185
+#: sssd-ldap.5.xml:2203
msgid "ldap_sudorule_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2188
+#: sssd-ldap.5.xml:2206
msgid "The LDAP attribute that corresponds to the sudo rule name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2198
+#: sssd-ldap.5.xml:2216
msgid "ldap_sudorule_command (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2201
+#: sssd-ldap.5.xml:2219
msgid "The LDAP attribute that corresponds to the command name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2205
+#: sssd-ldap.5.xml:2223
msgid "Default: sudoCommand"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2211
+#: sssd-ldap.5.xml:2229
msgid "ldap_sudorule_host (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2214
+#: sssd-ldap.5.xml:2232
msgid ""
"The LDAP attribute that corresponds to the host name (or host IP address, "
"host IP network, or host netgroup)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2219
+#: sssd-ldap.5.xml:2237
msgid "Default: sudoHost"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2225
+#: sssd-ldap.5.xml:2243
msgid "ldap_sudorule_user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2228
+#: sssd-ldap.5.xml:2246
msgid ""
"The LDAP attribute that corresponds to the user name (or UID, group name or "
"user's netgroup)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2232
+#: sssd-ldap.5.xml:2250
msgid "Default: sudoUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2238
+#: sssd-ldap.5.xml:2256
msgid "ldap_sudorule_option (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2241
+#: sssd-ldap.5.xml:2259
msgid "The LDAP attribute that corresponds to the sudo options."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2245
+#: sssd-ldap.5.xml:2263
msgid "Default: sudoOption"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2251
+#: sssd-ldap.5.xml:2269
msgid "ldap_sudorule_runasuser (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2254
+#: sssd-ldap.5.xml:2272
msgid ""
"The LDAP attribute that corresponds to the user name that commands may be "
"run as."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2258
+#: sssd-ldap.5.xml:2276
msgid "Default: sudoRunAsUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2264
+#: sssd-ldap.5.xml:2282
msgid "ldap_sudorule_runasgroup (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2267
+#: sssd-ldap.5.xml:2285
msgid ""
"The LDAP attribute that corresponds to the group name or group GID that "
"commands may be run as."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2271
+#: sssd-ldap.5.xml:2289
msgid "Default: sudoRunAsGroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2277
+#: sssd-ldap.5.xml:2295
msgid "ldap_sudorule_notbefore (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2280
+#: sssd-ldap.5.xml:2298
msgid ""
"The LDAP attribute that corresponds to the start date/time for when the sudo "
"rule is valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2284
+#: sssd-ldap.5.xml:2302
msgid "Default: sudoNotBefore"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2290
+#: sssd-ldap.5.xml:2308
msgid "ldap_sudorule_notafter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2293
+#: sssd-ldap.5.xml:2311
msgid ""
"The LDAP attribute that corresponds to the expiration date/time, after which "
"the sudo rule will no longer be valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2298
+#: sssd-ldap.5.xml:2316
msgid "Default: sudoNotAfter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2304
+#: sssd-ldap.5.xml:2322
msgid "ldap_sudorule_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2307
+#: sssd-ldap.5.xml:2325
msgid "The LDAP attribute that corresponds to the ordering index of the rule."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2311
+#: sssd-ldap.5.xml:2329
msgid "Default: sudoOrder"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2317
+#: sssd-ldap.5.xml:2335
msgid "ldap_sudo_full_refresh_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2320
+#: sssd-ldap.5.xml:2338
msgid ""
"How many seconds SSSD will wait between executing a full refresh of sudo "
"rules (which downloads all rules that are stored on the server)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2325
+#: sssd-ldap.5.xml:2343
msgid ""
"The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
"emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2330
+#: sssd-ldap.5.xml:2348
msgid "Default: 21600 (6 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2336
+#: sssd-ldap.5.xml:2354
msgid "ldap_sudo_smart_refresh_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2339
+#: sssd-ldap.5.xml:2357
msgid ""
"How many seconds SSSD has to wait before executing a smart refresh of sudo "
"rules (which downloads all rules that have USN higher than the highest USN "
@@ -5379,101 +5629,101 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2345
+#: sssd-ldap.5.xml:2363
msgid ""
"If USN attributes are not supported by the server, the modifyTimestamp "
"attribute is used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2355
+#: sssd-ldap.5.xml:2373
msgid "ldap_sudo_use_host_filter (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2358
+#: sssd-ldap.5.xml:2376
msgid ""
"If true, SSSD will download only rules that are applicable to this machine "
"(using the IPv4 or IPv6 host/network addresses and hostnames)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2369
+#: sssd-ldap.5.xml:2387
msgid "ldap_sudo_hostnames (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2372
+#: sssd-ldap.5.xml:2390
msgid ""
"Space separated list of hostnames or fully qualified domain names that "
"should be used to filter the rules."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2377
+#: sssd-ldap.5.xml:2395
msgid ""
"If this option is empty, SSSD will try to discover the hostname and the "
"fully qualified domain name automatically."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2382 sssd-ldap.5.xml:2405 sssd-ldap.5.xml:2423
-#: sssd-ldap.5.xml:2441
+#: sssd-ldap.5.xml:2400 sssd-ldap.5.xml:2423 sssd-ldap.5.xml:2441
+#: sssd-ldap.5.xml:2459
msgid ""
"If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
"emphasis> then this option has no effect."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2387 sssd-ldap.5.xml:2410
+#: sssd-ldap.5.xml:2405 sssd-ldap.5.xml:2428
msgid "Default: not specified"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2393
+#: sssd-ldap.5.xml:2411
msgid "ldap_sudo_ip (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2396
+#: sssd-ldap.5.xml:2414
msgid ""
"Space separated list of IPv4 or IPv6 host/network addresses that should be "
"used to filter the rules."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2401
+#: sssd-ldap.5.xml:2419
msgid ""
"If this option is empty, SSSD will try to discover the addresses "
"automatically."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2416
+#: sssd-ldap.5.xml:2434
msgid "ldap_sudo_include_netgroups (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2419
+#: sssd-ldap.5.xml:2437
msgid ""
"If true then SSSD will download every rule that contains a netgroup in "
"sudoHost attribute."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2434
+#: sssd-ldap.5.xml:2452
msgid "ldap_sudo_include_regexp (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2437
+#: sssd-ldap.5.xml:2455
msgid ""
"If true then SSSD will download every rule that contains a wildcard in "
"sudoHost attribute."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2453
+#: sssd-ldap.5.xml:2471
msgid ""
"This manual page only describes attribute name mapping. For detailed "
"explanation of sudo related attribute semantics, see <citerefentry> "
@@ -5482,110 +5732,110 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2463
+#: sssd-ldap.5.xml:2481
msgid "AUTOFS OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2465
+#: sssd-ldap.5.xml:2483
msgid ""
"Some of the defaults for the parameters below are dependent on the LDAP "
"schema."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2471
+#: sssd-ldap.5.xml:2489
msgid "ldap_autofs_map_master_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2474
+#: sssd-ldap.5.xml:2492
msgid "The name of the automount master map in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2477
+#: sssd-ldap.5.xml:2495
msgid "Default: auto.master"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2484
+#: sssd-ldap.5.xml:2502
msgid "ldap_autofs_map_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2487
+#: sssd-ldap.5.xml:2505
msgid "The object class of an automount map entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2490
+#: sssd-ldap.5.xml:2508
msgid "Default: automountMap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2497
+#: sssd-ldap.5.xml:2515
msgid "ldap_autofs_map_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2500
+#: sssd-ldap.5.xml:2518
msgid "The name of an automount map entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2503
+#: sssd-ldap.5.xml:2521
msgid "Default: ou (rfc2307), automountMapName (rfc2307bis, ipa, ad)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2511
+#: sssd-ldap.5.xml:2529
msgid "ldap_autofs_entry_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2514
+#: sssd-ldap.5.xml:2532
msgid ""
"The object class of an automount entry in LDAP. The entry usually "
"corresponds to a mount point."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2519
+#: sssd-ldap.5.xml:2537
#, fuzzy
#| msgid "Default: 3"
msgid "Default: automount"
msgstr "默认: 3"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2526
+#: sssd-ldap.5.xml:2544
msgid "ldap_autofs_entry_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2529 sssd-ldap.5.xml:2544
+#: sssd-ldap.5.xml:2547 sssd-ldap.5.xml:2562
msgid ""
"The key of an automount entry in LDAP. The entry usually corresponds to a "
"mount point."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2533
+#: sssd-ldap.5.xml:2551
msgid "Default: cn (rfc2307), automountKey (rfc2307bis, ipa, ad)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2541
+#: sssd-ldap.5.xml:2559
msgid "ldap_autofs_entry_value (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2548
+#: sssd-ldap.5.xml:2566
msgid "Default: automountInformation"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2469
+#: sssd-ldap.5.xml:2487
msgid ""
"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
@@ -5594,32 +5844,32 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2558
+#: sssd-ldap.5.xml:2576
msgid "ADVANCED OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2565
+#: sssd-ldap.5.xml:2583
msgid "ldap_netgroup_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2570
+#: sssd-ldap.5.xml:2588
msgid "ldap_user_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2575
+#: sssd-ldap.5.xml:2593
msgid "ldap_group_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><note>
-#: sssd-ldap.5.xml:2580
+#: sssd-ldap.5.xml:2598
msgid "<note>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para>
-#: sssd-ldap.5.xml:2582
+#: sssd-ldap.5.xml:2600
msgid ""
"If the option <quote>ldap_use_tokengroups</quote> is enabled. The searches "
"against Active Directory will not be restricted and return all groups "
@@ -5628,22 +5878,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist>
-#: sssd-ldap.5.xml:2589
+#: sssd-ldap.5.xml:2607
msgid "</note>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2591
+#: sssd-ldap.5.xml:2609
msgid "ldap_sudo_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2596
+#: sssd-ldap.5.xml:2614
msgid "ldap_autofs_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2560
+#: sssd-ldap.5.xml:2578
msgid ""
"These options are supported by LDAP domains, but they should be used with "
"caution. Please include them in your configuration only if you know what you "
@@ -5652,7 +5902,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2613
+#: sssd-ldap.5.xml:2631
msgid ""
"The following example assumes that SSSD is correctly configured and LDAP is "
"set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -5660,7 +5910,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2619
+#: sssd-ldap.5.xml:2637
#, no-wrap
msgid ""
"[domain/LDAP]\n"
@@ -5673,26 +5923,26 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: sssd-ldap.5.xml:2618 sssd-ldap.5.xml:2636 sssd-simple.5.xml:139
-#: sssd-ipa.5.xml:725 sssd-ad.5.xml:897 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98
+#: sssd-ldap.5.xml:2636 sssd-ldap.5.xml:2654 sssd-simple.5.xml:139
+#: sssd-ipa.5.xml:725 sssd-ad.5.xml:973 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98
#: sssd-krb5.5.xml:573 include/ldap_id_mapping.xml:105
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2630
+#: sssd-ldap.5.xml:2648
msgid "LDAP ACCESS FILTER EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2632
+#: sssd-ldap.5.xml:2650
msgid ""
"The following example assumes that SSSD is correctly configured and to use "
"the ldap_access_order=lockout."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2637
+#: sssd-ldap.5.xml:2655
#, no-wrap
msgid ""
"[domain/LDAP]\n"
@@ -5708,13 +5958,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2652 sssd_krb5_locator_plugin.8.xml:61
-#: sssd-simple.5.xml:148 sssd-ad.5.xml:912 sssd.8.xml:195 sss_seed.8.xml:163
+#: sssd-ldap.5.xml:2670 sssd_krb5_locator_plugin.8.xml:61
+#: sssd-simple.5.xml:148 sssd-ad.5.xml:988 sssd.8.xml:195 sss_seed.8.xml:163
msgid "NOTES"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2654
+#: sssd-ldap.5.xml:2672
msgid ""
"The descriptions of some of the configuration options in this manual page "
"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -5749,11 +5999,12 @@ msgid ""
"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </"
"arg> <arg choice='opt'> <replaceable>ignore_unknown_user</replaceable> </"
"arg> <arg choice='opt'> <replaceable>ignore_authinfo_unavail</replaceable> </"
-"arg> <arg choice='opt'> <replaceable>domains=X</replaceable> </arg>"
+"arg> <arg choice='opt'> <replaceable>domains=X</replaceable> </arg> <arg "
+"choice='opt'> <replaceable>allow_missing_name</replaceable> </arg>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:54
+#: pam_sss.8.xml:57
msgid ""
"<command>pam_sss.so</command> is the PAM interface to the System Security "
"Services daemon (SSSD). Errors and results are logged through "
@@ -5761,34 +6012,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:64
+#: pam_sss.8.xml:67
msgid "<option>quiet</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:67
+#: pam_sss.8.xml:70
msgid "Suppress log messages for unknown users."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:72
+#: pam_sss.8.xml:75
msgid "<option>forward_pass</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:75
+#: pam_sss.8.xml:78
msgid ""
"If <option>forward_pass</option> is set the entered password is put on the "
"stack for other PAM modules to use."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:82
+#: pam_sss.8.xml:85
msgid "<option>use_first_pass</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:85
+#: pam_sss.8.xml:88
msgid ""
"The argument use_first_pass forces the module to use a previous stacked "
"modules password and will never prompt the user - if no password is "
@@ -5796,31 +6047,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:93
+#: pam_sss.8.xml:96
msgid "<option>use_authtok</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:96
+#: pam_sss.8.xml:99
msgid ""
"When password changing enforce the module to set the new password to the one "
"provided by a previously stacked password module."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:103
+#: pam_sss.8.xml:106
msgid "<option>retry=N</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:106
+#: pam_sss.8.xml:109
msgid ""
"If specified the user is asked another N times for a password if "
"authentication fails. Default is 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:108
+#: pam_sss.8.xml:111
msgid ""
"Please note that this option might not work as expected if the application "
"calling PAM handles the user dialog on its own. A typical example is "
@@ -5828,36 +6079,36 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:117
+#: pam_sss.8.xml:120
msgid "<option>ignore_unknown_user</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:120
+#: pam_sss.8.xml:123
msgid ""
"If this option is specified and the user does not exist, the PAM module will "
"return PAM_IGNORE. This causes the PAM framework to ignore this module."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:127
+#: pam_sss.8.xml:130
msgid "<option>ignore_authinfo_unavail</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:131
+#: pam_sss.8.xml:134
msgid ""
"Specifies that the PAM module should return PAM_IGNORE if it cannot contact "
"the SSSD daemon. This causes the PAM framework to ignore this module."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:138
+#: pam_sss.8.xml:141
msgid "<option>domains</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:142
+#: pam_sss.8.xml:145
msgid ""
"Allows the administrator to restrict the domains a particular PAM service is "
"allowed to authenticate against. The format is a comma-separated list of "
@@ -5865,7 +6116,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:148
+#: pam_sss.8.xml:151
msgid ""
"NOTE: Must be used in conjunction with the <quote>pam_trusted_users</quote> "
"and <quote>pam_public_domains</quote> options. Please see the "
@@ -5874,25 +6125,56 @@ msgid ""
"responder options."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:165
+msgid "<option>allow_missing_name</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:169
+msgid ""
+"The main purpose of this option is to let SSSD determine the user name based "
+"on additional information, e.g. the certificate from a Smartcard."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
+#: pam_sss.8.xml:179
+#, no-wrap
+msgid ""
+" auth sufficient pam_sss.so allow_missing_name\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:174
+msgid ""
+"The current use case are login managers which can monitor a Smartcard reader "
+"for card events. In case a Smartcard is inserted the login manager will call "
+"a PAM stack which includes a line like <placeholder type=\"programlisting\" "
+"id=\"0\"/> In this case SSSD will try to determine the user name based on "
+"the content of the Smartcard, returns it to pam_sss which will finally put "
+"it on the PAM stack."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:164
+#: pam_sss.8.xml:191
msgid "MODULE TYPES PROVIDED"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:165
+#: pam_sss.8.xml:192
msgid ""
"All module types (<option>account</option>, <option>auth</option>, "
"<option>password</option> and <option>session</option>) are provided."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:171
+#: pam_sss.8.xml:198
msgid "FILES"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:172
+#: pam_sss.8.xml:199
msgid ""
"If a password reset by root fails, because the corresponding SSSD provider "
"does not support password resets, an individual message can be displayed. "
@@ -5900,7 +6182,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:177
+#: pam_sss.8.xml:204
msgid ""
"The message is read from the file <filename>pam_sss_pw_reset_message.LOC</"
"filename> where LOC stands for a locale string returned by <citerefentry> "
@@ -5912,7 +6194,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:187
+#: pam_sss.8.xml:214
msgid ""
"These files are searched in the directory <filename>/etc/sssd/customize/"
"DOMAIN_NAME/</filename>. If no matching file is present a generic message is "
@@ -6071,7 +6353,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:89
+#: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:90
msgid ""
"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -6219,7 +6501,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:116 sssd-ad.5.xml:714
+#: sssd-ipa.5.xml:116 sssd-ad.5.xml:790
msgid "dyndns_update (boolean)"
msgstr ""
@@ -6227,14 +6509,14 @@ msgstr ""
#: sssd-ipa.5.xml:119
msgid ""
"Optional. This option tells SSSD to automatically update the DNS server "
-"built into FreeIPA v2 with the IP address of this client. The update is "
-"secured using GSS-TSIG. The IP address of the IPA LDAP connection is used "
-"for the updates, if it is not otherwise specified by using the "
-"<quote>dyndns_iface</quote> option."
+"built into FreeIPA with the IP address of this client. The update is secured "
+"using GSS-TSIG. The IP address of the IPA LDAP connection is used for the "
+"updates, if it is not otherwise specified by using the <quote>dyndns_iface</"
+"quote> option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:128 sssd-ad.5.xml:728
+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:804
msgid ""
"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
"the default Kerberos realm must be set properly in /etc/krb5.conf"
@@ -6249,12 +6531,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:145 sssd-ad.5.xml:739
+#: sssd-ipa.5.xml:145 sssd-ad.5.xml:815
msgid "dyndns_ttl (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:148 sssd-ad.5.xml:742
+#: sssd-ipa.5.xml:148 sssd-ad.5.xml:818
msgid ""
"The TTL to apply to the client DNS record when updating it. If "
"dyndns_update is false this has no effect. This will override the TTL "
@@ -6275,12 +6557,12 @@ msgid "Default: 1200 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:165 sssd-ad.5.xml:753
+#: sssd-ipa.5.xml:165 sssd-ad.5.xml:829
msgid "dyndns_iface (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168 sssd-ad.5.xml:756
+#: sssd-ipa.5.xml:168 sssd-ad.5.xml:832
msgid ""
"Optional. Applicable only when dyndns_update is true. Choose the interface "
"or a list of interfaces whose IP addresses should be used for dynamic DNS "
@@ -6304,7 +6586,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:185 sssd-ad.5.xml:767
+#: sssd-ipa.5.xml:185 sssd-ad.5.xml:843
msgid "Example: dyndns_iface = em1, vnet1, vnet2"
msgstr ""
@@ -6314,7 +6596,7 @@ msgid "ipa_enable_dns_sites (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:194 sssd-ad.5.xml:152
+#: sssd-ipa.5.xml:194 sssd-ad.5.xml:160
msgid "Enables DNS sites - location based service discovery."
msgstr ""
@@ -6331,12 +6613,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:217 sssd-ad.5.xml:773
+#: sssd-ipa.5.xml:217 sssd-ad.5.xml:849
msgid "dyndns_refresh_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:220 sssd-ad.5.xml:776
+#: sssd-ipa.5.xml:220 sssd-ad.5.xml:852
msgid ""
"How often should the back end perform periodic DNS update in addition to the "
"automatic update performed when the back end goes online. This option is "
@@ -6344,12 +6626,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:233 sssd-ad.5.xml:789
+#: sssd-ipa.5.xml:233 sssd-ad.5.xml:865
msgid "dyndns_update_ptr (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:236 sssd-ad.5.xml:792
+#: sssd-ipa.5.xml:236 sssd-ad.5.xml:868
msgid ""
"Whether the PTR record should also be explicitly updated when updating the "
"client's DNS records. Applicable only when dyndns_update is true."
@@ -6368,50 +6650,50 @@ msgid "Default: False (disabled)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:253 sssd-ad.5.xml:803
+#: sssd-ipa.5.xml:253 sssd-ad.5.xml:879
msgid "dyndns_force_tcp (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:256 sssd-ad.5.xml:806
+#: sssd-ipa.5.xml:256 sssd-ad.5.xml:882
msgid ""
"Whether the nsupdate utility should default to using TCP for communicating "
"with the DNS server."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:260 sssd-ad.5.xml:810
+#: sssd-ipa.5.xml:260 sssd-ad.5.xml:886
msgid "Default: False (let nsupdate choose the protocol)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:266 sssd-ad.5.xml:816
+#: sssd-ipa.5.xml:266 sssd-ad.5.xml:892
msgid "dyndns_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:269 sssd-ad.5.xml:819
+#: sssd-ipa.5.xml:269 sssd-ad.5.xml:895
msgid ""
"The DNS server to use when performing a DNS update. In most setups, it's "
"recommended to leave this option unset."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:274 sssd-ad.5.xml:824
+#: sssd-ipa.5.xml:274 sssd-ad.5.xml:900
msgid ""
"Setting this option makes sense for environments where the DNS server is "
"different from the identity server."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:279 sssd-ad.5.xml:829
+#: sssd-ipa.5.xml:279 sssd-ad.5.xml:905
msgid ""
"Please note that this option will be only used in fallback attempt when "
"previous attempt using autodetected settings failed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:284 sssd-ad.5.xml:834
+#: sssd-ipa.5.xml:284 sssd-ad.5.xml:910
msgid "Default: None (let nsupdate choose the server)"
msgstr ""
@@ -6521,7 +6803,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:408 sssd-ad.5.xml:855
+#: sssd-ipa.5.xml:408 sssd-ad.5.xml:931
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
@@ -6595,26 +6877,26 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:480 sssd-ad.5.xml:862
+#: sssd-ipa.5.xml:480 sssd-ad.5.xml:938
msgid "krb5_confd_path (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:483 sssd-ad.5.xml:865
+#: sssd-ipa.5.xml:483 sssd-ad.5.xml:941
msgid ""
"Absolute path of a directory where SSSD should place Kerberos configuration "
"snippets."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:487 sssd-ad.5.xml:869
+#: sssd-ipa.5.xml:487 sssd-ad.5.xml:945
msgid ""
"To disable the creation of the configuration snippets set the parameter to "
"'none'."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:491 sssd-ad.5.xml:873
+#: sssd-ipa.5.xml:491 sssd-ad.5.xml:949
msgid ""
"Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
msgstr ""
@@ -6633,7 +6915,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:508 sssd-ipa.5.xml:524 sssd-ad.5.xml:347
+#: sssd-ipa.5.xml:508 sssd-ipa.5.xml:524 sssd-ad.5.xml:355
msgid "Default: 5 (seconds)"
msgstr ""
@@ -6931,13 +7213,14 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ad.5.xml:45
msgid ""
-"The AD provider is able to provide identity information and authentication "
-"for entities from trusted domains as well. Currently only trusted domains in "
-"the same forest are recognized."
+"The AD provider can be used to get user information and authenticate users "
+"from trusted domains. Currently only trusted domains in the same forest are "
+"recognized. In addition servers from trusted domains are always auto-"
+"discovered."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:50
+#: sssd-ad.5.xml:51
msgid ""
"The AD provider accepts the same options used by the <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -6947,15 +7230,15 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:62
+#: sssd-ad.5.xml:63
msgid ""
"However, it is neither necessary nor recommended to set these options. The "
-"AD provider can also be used as an access, chpass and sudo provider. No "
-"configuration of the access provider is required on the client side."
+"AD provider can also be used as an access, chpass, sudo and autofs provider. "
+"No configuration of the access provider is required on the client side."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:74
+#: sssd-ad.5.xml:75
#, no-wrap
msgid ""
"ldap_id_mapping = False\n"
@@ -6963,7 +7246,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:68
+#: sssd-ad.5.xml:69
msgid ""
"By default, the AD provider will map UID and GID values from the objectSID "
"parameter in Active Directory. For details on this, see the <quote>ID "
@@ -6976,7 +7259,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:81
+#: sssd-ad.5.xml:82
msgid ""
"Users, groups and other entities served by SSSD are always treated as case-"
"insensitive in the AD provider for compatibility with Active Directory's "
@@ -6984,53 +7267,65 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:96
+#: sssd-ad.5.xml:97
msgid "ad_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:99
+#: sssd-ad.5.xml:100
msgid ""
"Specifies the name of the Active Directory domain. This is optional. If not "
"provided, the configuration domain name is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:104
+#: sssd-ad.5.xml:105
msgid ""
"For proper operation, this option should be specified as the lower-case "
"version of the long version of the Active Directory domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:109
+#: sssd-ad.5.xml:110
msgid ""
"The short domain name (also known as the NetBIOS or the flat name) is "
"autodetected by the SSSD."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:116
+#: sssd-ad.5.xml:117
msgid "ad_server, ad_backup_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:119
+#: sssd-ad.5.xml:120
msgid ""
"The comma-separated list of hostnames of the AD servers to which SSSD should "
"connect in order of preference. For more information on failover and server "
-"redundancy, see the <quote>FAILOVER</quote> section. This is optional if "
-"autodiscovery is enabled. For more information on service discovery, refer "
-"to the <quote>SERVICE DISCOVERY</quote> section."
+"redundancy, see the <quote>FAILOVER</quote> section."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:127
+msgid ""
+"This is optional if autodiscovery is enabled. For more information on "
+"service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ad.5.xml:132
+msgid ""
+"Note: Trusted domains will always auto-discover servers even if the primary "
+"server is explicitly defined in the ad_server option."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:140
msgid "ad_hostname (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:135
+#: sssd-ad.5.xml:143
msgid ""
"Optional. May be set on machines where the hostname(5) does not reflect the "
"fully qualified name used in the Active Directory domain to identify this "
@@ -7038,19 +7333,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:141
+#: sssd-ad.5.xml:149
msgid ""
"This field is used to determine the host principal in use in the keytab. It "
"must match the hostname for which the keytab was issued."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:149
+#: sssd-ad.5.xml:157
msgid "ad_enable_dns_sites (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:156
+#: sssd-ad.5.xml:164
msgid ""
"If true and service discovery (see Service Discovery paragraph at the bottom "
"of the man page) is enabled, the SSSD will first attempt to discover the "
@@ -7061,12 +7356,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:172
+#: sssd-ad.5.xml:180
msgid "ad_access_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:175
+#: sssd-ad.5.xml:183
msgid ""
"This option specifies LDAP access control filter that the user must match in "
"order to be allowed access. Please note that the <quote>access_provider</"
@@ -7075,7 +7370,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:183
+#: sssd-ad.5.xml:191
msgid ""
"The option also supports specifying different filters per domain or forest. "
"This extended filter would consist of: <quote>KEYWORD:NAME:FILTER</quote>. "
@@ -7084,7 +7379,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:191
+#: sssd-ad.5.xml:199
msgid ""
"If the keyword equals to <quote>DOM</quote> or is missing, then <quote>NAME</"
"quote> specifies the domain or subdomain the filter applies to. If the "
@@ -7093,14 +7388,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:199
+#: sssd-ad.5.xml:207
msgid ""
"Multiple filters can be separated with the <quote>?</quote> character, "
"similarly to how search bases work."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:204
+#: sssd-ad.5.xml:212
msgid ""
"The most specific match is always used. For example, if the option specified "
"filter for a domain the user is a member of and a global filter, the per-"
@@ -7109,7 +7404,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ad.5.xml:215
+#: sssd-ad.5.xml:223
#, no-wrap
msgid ""
"# apply filter on domain called dom1 only:\n"
@@ -7124,29 +7419,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:225 sssd-ad.5.xml:239
+#: sssd-ad.5.xml:233 sssd-ad.5.xml:247
msgid "Default: Not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:231
+#: sssd-ad.5.xml:239
msgid "ad_site (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:234
+#: sssd-ad.5.xml:242
msgid ""
"Specify AD site to which client should try to connect. If this option is "
"not provided, the AD site will be auto-discovered."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:245
+#: sssd-ad.5.xml:253
msgid "ad_enable_gc (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:248
+#: sssd-ad.5.xml:256
msgid ""
"By default, the SSSD connects to the Global Catalog first to retrieve users "
"from trusted domains and uses the LDAP port to retrieve group memberships or "
@@ -7155,7 +7450,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:256
+#: sssd-ad.5.xml:264
msgid ""
"Please note that disabling Global Catalog support does not disable "
"retrieving users from trusted domains. The SSSD would connect to the LDAP "
@@ -7164,12 +7459,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:270
+#: sssd-ad.5.xml:278
msgid "ad_gpo_access_control (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:273
+#: sssd-ad.5.xml:281
msgid ""
"This option specifies the operation mode for GPO-based access control "
"functionality: whether it operates in disabled mode, enforcing mode, or "
@@ -7179,14 +7474,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:282
+#: sssd-ad.5.xml:290
msgid ""
"GPO-based access control functionality uses GPO policy settings to determine "
"whether or not a particular user is allowed to logon to a particular host."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:288
+#: sssd-ad.5.xml:296
msgid ""
"NOTE: If the operation mode is set to enforcing, it is possible that users "
"that were previously allowed logon access will now be denied logon access "
@@ -7199,23 +7494,23 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:301
+#: sssd-ad.5.xml:309
msgid "There are three supported values for this option:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:305
+#: sssd-ad.5.xml:313
msgid ""
"disabled: GPO-based access control rules are neither evaluated nor enforced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:311
+#: sssd-ad.5.xml:319
msgid "enforcing: GPO-based access control rules are evaluated and enforced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:317
+#: sssd-ad.5.xml:325
msgid ""
"permissive: GPO-based access control rules are evaluated, but not enforced. "
"Instead, a syslog message will be emitted indicating that the user would "
@@ -7223,22 +7518,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:328
+#: sssd-ad.5.xml:336
msgid "Default: permissive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:331
+#: sssd-ad.5.xml:339
msgid "Default: enforcing"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:337
+#: sssd-ad.5.xml:345
msgid "ad_gpo_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:340
+#: sssd-ad.5.xml:348
msgid ""
"The amount of time between lookups of GPO policy files against the AD "
"server. This will reduce the latency and load on the AD server if there are "
@@ -7246,12 +7541,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:353
+#: sssd-ad.5.xml:361
msgid "ad_gpo_map_interactive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:356
+#: sssd-ad.5.xml:364
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the InteractiveLogonRight and "
@@ -7259,14 +7554,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:362
+#: sssd-ad.5.xml:370
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on locally\" and \"Deny log on locally\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:376
+#: sssd-ad.5.xml:384
#, no-wrap
msgid ""
"ad_gpo_map_interactive = +my_pam_service, -login\n"
@@ -7274,7 +7569,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:367
+#: sssd-ad.5.xml:375
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7286,53 +7581,78 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:380 sssd-ad.5.xml:451 sssd-ad.5.xml:492 sssd-ad.5.xml:537
-#: sssd-ad.5.xml:603
+#: sssd-ad.5.xml:388 sssd-ad.5.xml:484 sssd-ad.5.xml:530 sssd-ad.5.xml:575
+#: sssd-ad.5.xml:641
msgid "Default: the default set of PAM service names includes:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:384
+#: sssd-ad.5.xml:392
msgid "login"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:389
+#: sssd-ad.5.xml:397
msgid "su"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:394
+#: sssd-ad.5.xml:402
msgid "su-l"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:399
+#: sssd-ad.5.xml:407
msgid "gdm-fingerprint"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:404
+#: sssd-ad.5.xml:412
msgid "gdm-password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:409
+#: sssd-ad.5.xml:417
msgid "gdm-smartcard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:414
+#: sssd-ad.5.xml:422
msgid "kdm"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:427
+msgid "lightdm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:432
+msgid "lxdm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:437
+msgid "sddm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:442
+msgid "unity"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:447
+msgid "xdm"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:423
+#: sssd-ad.5.xml:456
msgid "ad_gpo_map_remote_interactive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:426
+#: sssd-ad.5.xml:459
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the RemoteInteractiveLogonRight and "
@@ -7340,7 +7660,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:432
+#: sssd-ad.5.xml:465
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on through Remote Desktop Services\" and \"Deny log on through Remote "
@@ -7348,7 +7668,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:447
+#: sssd-ad.5.xml:480
#, no-wrap
msgid ""
"ad_gpo_map_remote_interactive = +my_pam_service, -sshd\n"
@@ -7356,7 +7676,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:438
+#: sssd-ad.5.xml:471
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7368,17 +7688,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:455
+#: sssd-ad.5.xml:488
msgid "sshd"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:493
+msgid "cockpit"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:464
+#: sssd-ad.5.xml:502
msgid "ad_gpo_map_network (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:467
+#: sssd-ad.5.xml:505
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the NetworkLogonRight and "
@@ -7386,7 +7711,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:473
+#: sssd-ad.5.xml:511
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Access "
"this computer from the network\" and \"Deny access to this computer from the "
@@ -7394,7 +7719,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:488
+#: sssd-ad.5.xml:526
#, no-wrap
msgid ""
"ad_gpo_map_network = +my_pam_service, -ftp\n"
@@ -7402,7 +7727,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:479
+#: sssd-ad.5.xml:517
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7414,22 +7739,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:496
+#: sssd-ad.5.xml:534
msgid "ftp"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:501
+#: sssd-ad.5.xml:539
msgid "samba"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:510
+#: sssd-ad.5.xml:548
msgid "ad_gpo_map_batch (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:513
+#: sssd-ad.5.xml:551
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the BatchLogonRight and DenyBatchLogonRight "
@@ -7437,14 +7762,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:519
+#: sssd-ad.5.xml:557
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on as a batch job\" and \"Deny log on as a batch job\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:533
+#: sssd-ad.5.xml:571
#, no-wrap
msgid ""
"ad_gpo_map_batch = +my_pam_service, -crond\n"
@@ -7452,7 +7777,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:524
+#: sssd-ad.5.xml:562
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7464,17 +7789,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:541
+#: sssd-ad.5.xml:579
msgid "crond"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:550
+#: sssd-ad.5.xml:588
msgid "ad_gpo_map_service (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:553
+#: sssd-ad.5.xml:591
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the ServiceLogonRight and "
@@ -7482,14 +7807,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:559
+#: sssd-ad.5.xml:597
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on as a service\" and \"Deny log on as a service\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:572
+#: sssd-ad.5.xml:610
#, no-wrap
msgid ""
"ad_gpo_map_service = +my_pam_service\n"
@@ -7497,7 +7822,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:564 sssd-ad.5.xml:634
+#: sssd-ad.5.xml:602 sssd-ad.5.xml:677
msgid ""
"It is possible to add a PAM service name to the default set by using <quote>"
"+service_name</quote>. Since the default set is empty, it is not possible "
@@ -7508,19 +7833,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:582
+#: sssd-ad.5.xml:620
msgid "ad_gpo_map_permit (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:585
+#: sssd-ad.5.xml:623
msgid ""
"A comma-separated list of PAM service names for which GPO-based access is "
"always granted, regardless of any GPO Logon Rights."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:599
+#: sssd-ad.5.xml:637
#, no-wrap
msgid ""
"ad_gpo_map_permit = +my_pam_service, -sudo\n"
@@ -7528,7 +7853,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:590
+#: sssd-ad.5.xml:628
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7540,34 +7865,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:607
+#: sssd-ad.5.xml:645
+msgid "polkit-1"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:650
msgid "sudo"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:612
+#: sssd-ad.5.xml:655
msgid "sudo-i"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:617
+#: sssd-ad.5.xml:660
msgid "systemd-user"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:626
+#: sssd-ad.5.xml:669
msgid "ad_gpo_map_deny (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:629
+#: sssd-ad.5.xml:672
msgid ""
"A comma-separated list of PAM service names for which GPO-based access is "
"always denied, regardless of any GPO Logon Rights."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:642
+#: sssd-ad.5.xml:685
#, no-wrap
msgid ""
"ad_gpo_map_deny = +my_pam_service\n"
@@ -7575,12 +7905,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:652
+#: sssd-ad.5.xml:695
msgid "ad_gpo_default_right (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:655
+#: sssd-ad.5.xml:698
msgid ""
"This option defines how access control is evaluated for PAM service names "
"that are not explicitly listed in one of the ad_gpo_map_* options. This "
@@ -7593,52 +7923,92 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:668
+#: sssd-ad.5.xml:711
msgid "Supported values for this option include:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:672
+#: sssd-ad.5.xml:715
msgid "interactive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:677
+#: sssd-ad.5.xml:720
msgid "remote_interactive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:682
+#: sssd-ad.5.xml:725
msgid "network"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:687
+#: sssd-ad.5.xml:730
msgid "batch"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:692
+#: sssd-ad.5.xml:735
msgid "service"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:697
+#: sssd-ad.5.xml:740
msgid "permit"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:702
+#: sssd-ad.5.xml:745
msgid "deny"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:708
+#: sssd-ad.5.xml:751
msgid "Default: deny"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:757
+msgid "ad_maximum_machine_account_password_age (integer)"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:717
+#: sssd-ad.5.xml:760
+msgid ""
+"SSSD will check once a day if the machine account password is older than the "
+"given age in days and try to renew it. A value of 0 will disable the renewal "
+"attempt."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:766
+#, fuzzy
+#| msgid "Default: 3"
+msgid "Default: 30 days"
+msgstr "默认: 3"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:772
+msgid "ad_machine_account_password_renewal_opts (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:775
+msgid ""
+"This option should only be used to test the machine account renewal task. "
+"The option expect 2 integers seperated by a colon (':'). The first integer "
+"defines the interval in seconds how often the task is run. The second "
+"specifies the inital timeout in seconds before the task is run for the first "
+"time after startup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:784
+msgid "Default: 86400:750 (24h and 15m)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:793
msgid ""
"Optional. This option tells SSSD to automatically update the Active "
"Directory DNS server with the IP address of this client. The update is "
@@ -7649,36 +8019,36 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:747
+#: sssd-ad.5.xml:823
msgid "Default: 3600 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:763
+#: sssd-ad.5.xml:839
msgid ""
"Default: Use the IP addresses of the interface which is used for AD LDAP "
"connection"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:797 sss_rpcidmapd.5.xml:76
+#: sssd-ad.5.xml:873 sss_rpcidmapd.5.xml:76
msgid "Default: True"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:843 sssd-krb5.5.xml:505
+#: sssd-ad.5.xml:919 sssd-krb5.5.xml:505
msgid "krb5_use_enterprise_principal (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:846 sssd-krb5.5.xml:508
+#: sssd-ad.5.xml:922 sssd-krb5.5.xml:508
msgid ""
"Specifies if the user principal should be treated as enterprise principal. "
"See section 5 of RFC 6806 for more details about enterprise principals."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:891
+#: sssd-ad.5.xml:967
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -7686,7 +8056,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:898
+#: sssd-ad.5.xml:974
#, no-wrap
msgid ""
"[domain/EXAMPLE]\n"
@@ -7701,7 +8071,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:918
+#: sssd-ad.5.xml:994
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -7710,7 +8080,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:914
+#: sssd-ad.5.xml:990
msgid ""
"The AD access control provider checks if the account is expired. It has the "
"same effect as the following configuration of the LDAP provider: "
@@ -7718,7 +8088,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:924
+#: sssd-ad.5.xml:1000
msgid ""
"However, unless the <quote>ad</quote> access control provider is explicitly "
"configured, the default access provider is <quote>permit</quote>. Please "
@@ -7727,6 +8097,14 @@ msgid ""
"encryption details) manually."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ad.5.xml:1008
+msgid ""
+"When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema "
+"attribute mapping (nisMap, nisObject, ...) is used, because these attributes "
+"are included in the default Active Directory schema."
+msgstr ""
+
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16
msgid "sssd-sudo"
@@ -8185,7 +8563,7 @@ msgid "The password to obfuscate will be read from standard input."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:80
+#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:70
#: sss_ssh_knownhostsproxy.1.xml:78
msgid ""
"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
@@ -8244,17 +8622,22 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_override.8.xml:37
msgid ""
-"Overrides data are stored in SSSD cache. If the cache is deleted all local "
-"overrides are lost."
+"Overrides data are stored in the SSSD cache. If the cache is deleted, all "
+"local overrides are lost. Please note that after the first override is "
+"created using any of the following <emphasis>user-add</emphasis>, "
+"<emphasis>group-add</emphasis>, <emphasis>user-import</emphasis> or "
+"<emphasis>group-import</emphasis> command. SSSD needs to be restarted to "
+"take effect. <emphasis>sss_override</emphasis> prints message when a "
+"restart is required."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_override.8.xml:43
+#: sss_override.8.xml:50
msgid "AVAILABLE COMMANDS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_override.8.xml:45
+#: sss_override.8.xml:52
msgid ""
"Argument <emphasis>NAME</emphasis> is the name of original object in all "
"commands. It is not possible to override <emphasis>uid</emphasis> or "
@@ -8262,50 +8645,80 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:52
+#: sss_override.8.xml:59
msgid ""
"<option>user-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--"
"name</option> NAME</optional> <optional><option>-u,--uid</option> UID</"
"optional> <optional><option>-g,--gid</option> GID</optional> "
"<optional><option>-h,--home</option> HOME</optional> <optional><option>-s,--"
"shell</option> SHELL</optional> <optional><option>-c,--gecos</option> GECOS</"
-"optional>"
+"optional> <optional><option>-x,--certificate</option> BASE64 ENCODED "
+"CERTIFICATE</optional>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:63
-msgid "Override attributes of an user."
+#: sss_override.8.xml:72
+msgid ""
+"Override attributes of an user. Please be aware that calling this command "
+"will replace any previous override for the (NAMEd) user."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:69
+#: sss_override.8.xml:80
msgid "<option>user-del</option> <emphasis>NAME</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:74
-msgid "Remove user overrides."
+#: sss_override.8.xml:85
+msgid ""
+"Remove user overrides. However be aware that overridden attributes might be "
+"returned from memory cache. Please see SSSD option "
+"<emphasis>memcache_timeout</emphasis> for more details."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:94
+msgid ""
+"<option>user-find</option> <optional><option>-d,--domain</option> DOMAIN</"
+"optional>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:99
+msgid ""
+"List all users with set overrides. If <emphasis>DOMAIN</emphasis> parameter "
+"is set, only users from the domain are listed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:80
+#: sss_override.8.xml:107
+msgid "<option>user-show</option> <emphasis>NAME</emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:112
+msgid "Show user overrides."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:118
msgid "<option>user-import</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:85
+#: sss_override.8.xml:123
msgid ""
"Import user overrides from <emphasis>FILE</emphasis>. Data format is "
"similar to standard passwd file. The format is:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:90
-msgid "original_name:name:uid:gid:gecos:home:shell"
+#: sss_override.8.xml:128
+msgid "original_name:name:uid:gid:gecos:home:shell:base64_encoded_certificate"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:93
+#: sss_override.8.xml:131
msgid ""
"where original_name is original name of the user whose attributes should be "
"overridden. The rest of fields correspond to new values. You can omit a "
@@ -8313,29 +8726,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:102
+#: sss_override.8.xml:140
msgid "ckent:superman::::::"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:105
-msgid "ckent@krypton.com::501:501:Superman:/home/earth:/bin/bash"
+#: sss_override.8.xml:143
+msgid "ckent@krypton.com::501:501:Superman:/home/earth:/bin/bash:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:111
+#: sss_override.8.xml:149
msgid "<option>user-export</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:116
+#: sss_override.8.xml:154
msgid ""
"Export all overridden attributes and store them in <emphasis>FILE</"
"emphasis>. See <emphasis>user-import</emphasis> for data format."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:124
+#: sss_override.8.xml:162
msgid ""
"<option>group-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--"
"name</option> NAME</optional> <optional><option>-g,--gid</option> GID</"
@@ -8343,39 +8756,68 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:131
-msgid "Override attributes of a group."
+#: sss_override.8.xml:169
+msgid ""
+"Override attributes of a group. Please be aware that calling this command "
+"will replace any previous override for the (NAMEd) group."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:137
+#: sss_override.8.xml:177
msgid "<option>group-del</option> <emphasis>NAME</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:142
-msgid "Remove group overrides."
+#: sss_override.8.xml:182
+msgid ""
+"Remove group overrides. However be aware that overridden attributes might be "
+"returned from memory cache. Please see SSSD option "
+"<emphasis>memcache_timeout</emphasis> for more details."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:191
+msgid ""
+"<option>group-find</option> <optional><option>-d,--domain</option> DOMAIN</"
+"optional>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:196
+msgid ""
+"List all groups with set overrides. If <emphasis>DOMAIN</emphasis> "
+"parameter is set, only groups from the domain are listed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:204
+msgid "<option>group-show</option> <emphasis>NAME</emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:209
+msgid "Show group overrides."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:148
+#: sss_override.8.xml:215
msgid "<option>group-import</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:153
+#: sss_override.8.xml:220
msgid ""
"Import group overrides from <emphasis>FILE</emphasis>. Data format is "
"similar to standard group file. The format is:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:158
+#: sss_override.8.xml:225
msgid "original_name:name:gid"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:161
+#: sss_override.8.xml:228
msgid ""
"where original_name is original name of the group whose attributes should be "
"overridden. The rest of fields correspond to new values. You can omit a "
@@ -8383,41 +8825,41 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:170
+#: sss_override.8.xml:237
msgid "admins:administrators:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:173
+#: sss_override.8.xml:240
msgid "Domain Users:Users:501"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:179
+#: sss_override.8.xml:246
msgid "<option>group-export</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:184
+#: sss_override.8.xml:251
msgid ""
"Export all overridden attributes and store them in <emphasis>FILE</"
"emphasis>. See <emphasis>group-import</emphasis> for data format."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_override.8.xml:194
+#: sss_override.8.xml:261
#, fuzzy
#| msgid "OPTIONS"
msgid "COMMON OPTIONS"
msgstr "选项"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_override.8.xml:196
+#: sss_override.8.xml:263
msgid "Those options are available with all commands."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:201
+#: sss_override.8.xml:268
#, fuzzy
#| msgid ""
#| "<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</"
@@ -9564,13 +10006,49 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_cache.8.xml:185
+#, fuzzy
+#| msgid ""
+#| "<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</"
+#| "replaceable>"
msgid ""
-"<option>-d</option>,<option>--domain</option> <replaceable>domain</"
+"<option>-r</option>,<option>--sudo-rule</option> <replaceable>rule</"
"replaceable>"
msgstr ""
+"<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</"
+"replaceable>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_cache.8.xml:190
+msgid "Invalidate particular sudo rule."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:196
+#, fuzzy
+#| msgid ""
+#| "<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</"
+#| "replaceable>"
+msgid "<option>-R</option>,<option>--sudo-rules</option>"
+msgstr ""
+"<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</"
+"replaceable>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:200
+msgid ""
+"Invalidate all cached sudo rules. This option overrides invalidation of "
+"specific sudo rule if it was also set."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:208
+msgid ""
+"<option>-d</option>,<option>--domain</option> <replaceable>domain</"
+"replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:213
msgid "Restrict invalidation process only to a particular domain."
msgstr ""
@@ -10050,13 +10528,13 @@ msgid ""
"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
"citerefentry> can be configured to use <command>sss_ssh_authorizedkeys</"
"command> for public key user authentication if it is compiled with support "
-"for either <quote>AuthorizedKeysCommand</quote> or <quote>PubkeyAgent</"
-"quote> <citerefentry> <refentrytitle>sshd_config</refentrytitle> "
-"<manvolnum>5</manvolnum></citerefentry> options."
+"for <quote>AuthorizedKeysCommand</quote> option. Please refer to the "
+"<citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</"
+"manvolnum></citerefentry> man page for more details about this option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sss_ssh_authorizedkeys.1.xml:58
+#: sss_ssh_authorizedkeys.1.xml:59
#, no-wrap
msgid ""
" AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n"
@@ -10064,7 +10542,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:51
+#: sss_ssh_authorizedkeys.1.xml:52
msgid ""
"If <quote>AuthorizedKeysCommand</quote> is supported, "
"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
@@ -10074,36 +10552,19 @@ msgid ""
"\" id=\"0\"/>"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sss_ssh_authorizedkeys.1.xml:70
-#, no-wrap
-msgid "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:63
-msgid ""
-"If <quote>PubkeyAgent</quote> is supported, "
-"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
-"citerefentry> can be configured to use it by using the following directive "
-"for <citerefentry> <refentrytitle>sshd</refentrytitle> <manvolnum>8</"
-"manvolnum></citerefentry> configuration: <placeholder type=\"programlisting"
-"\" id=\"0\"/>"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_ssh_authorizedkeys.1.xml:85
+#: sss_ssh_authorizedkeys.1.xml:75
msgid ""
"Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_ssh_authorizedkeys.1.xml:94 sss_ssh_knownhostsproxy.1.xml:92
+#: sss_ssh_authorizedkeys.1.xml:84 sss_ssh_knownhostsproxy.1.xml:92
msgid "EXIT STATUS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:96 sss_ssh_knownhostsproxy.1.xml:94
+#: sss_ssh_authorizedkeys.1.xml:86 sss_ssh_knownhostsproxy.1.xml:94
msgid ""
"In case of success, an exit value of 0 is returned. Otherwise, 1 is returned."
msgstr ""
@@ -10490,7 +10951,7 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:137 include/ldap_id_mapping.xml:189
+#: include/ldap_id_mapping.xml:137 include/ldap_id_mapping.xml:191
msgid "Default: 200000"
msgstr ""
@@ -10547,11 +11008,12 @@ msgstr ""
msgid ""
"For example, if your most recently-added Active Directory user has "
"objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, "
-"<quote>ldap_idmap_range_size</quote> must be at least 1107."
+"<quote>ldap_idmap_range_size</quote> must be at least 1108 as range size is "
+"equal to maximal SID minus minimal SID plus one (e.g. 1108 = 1107 - 0 + 1)."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:184
+#: include/ldap_id_mapping.xml:186
msgid ""
"It is important to plan ahead for future expansion, as changing this value "
"will result in changing all of the ID mappings on the system, leading to "
@@ -10559,12 +11021,12 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:194
+#: include/ldap_id_mapping.xml:196
msgid "ldap_idmap_default_domain_sid (string)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:197
+#: include/ldap_id_mapping.xml:199
msgid ""
"Specify the domain SID of the default domain. This will guarantee that this "
"domain will always be assigned to slice zero in the ID map, bypassing the "
@@ -10572,36 +11034,36 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:208
+#: include/ldap_id_mapping.xml:210
msgid "ldap_idmap_default_domain (string)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:211
+#: include/ldap_id_mapping.xml:213
msgid "Specify the name of the default domain."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:219
+#: include/ldap_id_mapping.xml:221
msgid "ldap_idmap_autorid_compat (boolean)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:222
+#: include/ldap_id_mapping.xml:224
msgid ""
"Changes the behavior of the ID-mapping algorithm to behave more similarly to "
"winbind's <quote>idmap_autorid</quote> algorithm."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:227
+#: include/ldap_id_mapping.xml:229
msgid ""
"When this option is configured, domains will be allocated starting with "
"slice zero and increasing monatomically with each additional domain."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:232
+#: include/ldap_id_mapping.xml:234
msgid ""
"NOTE: This algorithm is non-deterministic (it depends on the order that "
"users and groups are requested). If this mode is required for compatibility "
@@ -10610,13 +11072,34 @@ msgid ""
"least one domain is consistently allocated to slice zero."
msgstr ""
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:249
+msgid "ldap_idmap_helper_table_size (integer)"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:252
+msgid ""
+"Maximal number of secondary slices that is tried when performing mapping "
+"from UNIX id to SID."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:256
+msgid ""
+"Note: Additional secondary slices might be generated when SID is being "
+"mapped to UNIX id and RID part of SID is out of range for secondary slices "
+"generated so far. If value of ldap_idmap_helper_table_size is equal to 0 "
+"then no additional secondary slices are generated."
+msgstr ""
+
#. type: Content of: <refsect1><refsect2><title>
-#: include/ldap_id_mapping.xml:251
+#: include/ldap_id_mapping.xml:273
msgid "Well-Known SIDs"
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:253
+#: include/ldap_id_mapping.xml:275
msgid ""
"SSSD supports to look up the names of Well-Known SIDs, i.e. SIDs with a "
"special hardcoded meaning. Since the generic users and groups related to "
@@ -10625,51 +11108,51 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:259
+#: include/ldap_id_mapping.xml:281
msgid ""
"The SID name space is organized in authorities which can be seen as "
"different domains. The authorities for the Well-Known SIDs are"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:262
+#: include/ldap_id_mapping.xml:284
msgid "Null Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:263
+#: include/ldap_id_mapping.xml:285
msgid "World Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:264
+#: include/ldap_id_mapping.xml:286
msgid "Local Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:265
+#: include/ldap_id_mapping.xml:287
msgid "Creator Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:266
+#: include/ldap_id_mapping.xml:288
msgid "NT Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:267
+#: include/ldap_id_mapping.xml:289
msgid "Built-in"
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:269
+#: include/ldap_id_mapping.xml:291
msgid ""
"The capitalized version of these names are used as domain names when "
"returning the fully qualified name of a Well-Known SID."
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:273
+#: include/ldap_id_mapping.xml:295
msgid ""
"Since some utilities allow to modify SID based access control information "
"with the help of a name instead of using the SID directly SSSD supports to "
generated by cgit (git 2.34.1) at 2024-06-09 19:23:01 +0000