summaryrefslogtreecommitdiffstats
path: root/src/man/po/cs.po
diff options
context:
space:
mode:
Diffstat (limited to 'src/man/po/cs.po')
-rw-r--r--src/man/po/cs.po2621
1 files changed, 1548 insertions, 1073 deletions
diff --git a/src/man/po/cs.po b/src/man/po/cs.po
index b6bb9e7cb..17737349e 100644
--- a/src/man/po/cs.po
+++ b/src/man/po/cs.po
@@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: sssd-docs 1.12.90\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2015-09-30 11:58+0200\n"
+"POT-Creation-Date: 2016-06-20 21:22+0200\n"
"PO-Revision-Date: 2014-06-04 02:04-0400\n"
"Last-Translator: jhrozek <jhrozek@redhat.com>\n"
"Language-Team: Czech (http://www.transifex.com/projects/p/sssd/language/"
@@ -18,7 +18,7 @@ msgstr ""
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=3; plural=(n==1) ? 0 : (n>=2 && n<=4) ? 1 : 2;\n"
-"X-Generator: Zanata 3.7.2\n"
+"X-Generator: Zanata 3.8.4\n"
#. type: Content of: <reference><title>
#: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5
@@ -61,7 +61,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:53
+#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:56
#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21
#: sssd-ad.5.xml:21 sssd-sudo.5.xml:21 sssd.8.xml:29 sss_obfuscate.8.xml:30
#: sss_override.8.xml:30 sss_useradd.8.xml:30 sssd-krb5.5.xml:21
@@ -80,11 +80,11 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:39 pam_sss.8.xml:60 sssd.8.xml:42 sss_obfuscate.8.xml:58
+#: sss_groupmod.8.xml:39 pam_sss.8.xml:63 sssd.8.xml:42 sss_obfuscate.8.xml:58
#: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
#: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
#: sss_cache.8.xml:38 sss_debuglevel.8.xml:38 sss_seed.8.xml:42
-#: sss_ssh_authorizedkeys.1.xml:76 sss_ssh_knownhostsproxy.1.xml:62
+#: sss_ssh_authorizedkeys.1.xml:66 sss_ssh_knownhostsproxy.1.xml:62
msgid "OPTIONS"
msgstr "VOLBY"
@@ -215,113 +215,128 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#: sssd.conf.5.xml:73
-msgid "debug_timestamps (bool)"
+msgid "debug (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:76
msgid ""
+"SSSD 1.14 and later also includes the <replaceable>debug</replaceable> alias "
+"for <replaceable>debug_level</replaceable> as a convenience feature. If both "
+"are specified, the value of <replaceable>debug_level</replaceable> will be "
+"used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:86
+msgid "debug_timestamps (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:89
+msgid ""
"Add a timestamp to the debug messages. If journald is enabled for SSSD "
"debug logging this option is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:81 sssd.conf.5.xml:605 sssd.conf.5.xml:1081
-#: sssd-ldap.5.xml:1647 sssd-ldap.5.xml:1744 sssd-ldap.5.xml:1806
-#: sssd-ldap.5.xml:2363 sssd-ldap.5.xml:2428 sssd-ldap.5.xml:2446
-#: sssd-ipa.5.xml:405 sssd-ipa.5.xml:440 sssd-ad.5.xml:166 sssd-ad.5.xml:264
-#: sssd-ad.5.xml:733 sssd-ad.5.xml:852 sssd-krb5.5.xml:499
+#: sssd.conf.5.xml:94 sssd.conf.5.xml:672 sssd.conf.5.xml:1207
+#: sssd-ldap.5.xml:1665 sssd-ldap.5.xml:1762 sssd-ldap.5.xml:1824
+#: sssd-ldap.5.xml:2381 sssd-ldap.5.xml:2446 sssd-ldap.5.xml:2464
+#: sssd-ipa.5.xml:405 sssd-ipa.5.xml:440 sssd-ad.5.xml:174 sssd-ad.5.xml:272
+#: sssd-ad.5.xml:809 sssd-ad.5.xml:928 sssd-krb5.5.xml:499
msgid "Default: true"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:86
+#: sssd.conf.5.xml:99
msgid "debug_microseconds (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:89
+#: sssd.conf.5.xml:102
msgid ""
"Add microseconds to the timestamp in debug messages. If journald is enabled "
"for SSSD debug logging this option is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:94 sssd.conf.5.xml:1035 sssd.conf.5.xml:2164
-#: sssd-ldap.5.xml:692 sssd-ldap.5.xml:1521 sssd-ldap.5.xml:1540
-#: sssd-ldap.5.xml:1716 sssd-ldap.5.xml:2133 sssd-ipa.5.xml:139
+#: sssd.conf.5.xml:107 sssd.conf.5.xml:1161 sssd.conf.5.xml:2456
+#: sssd-ldap.5.xml:692 sssd-ldap.5.xml:1539 sssd-ldap.5.xml:1558
+#: sssd-ldap.5.xml:1734 sssd-ldap.5.xml:2151 sssd-ipa.5.xml:139
#: sssd-ipa.5.xml:211 sssd-ipa.5.xml:542 sssd-krb5.5.xml:266
#: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471
msgid "Default: false"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:67 sssd.conf.5.xml:105 sssd-ldap.5.xml:2171
+#: sssd.conf.5.xml:67 sssd.conf.5.xml:118 sssd-ldap.5.xml:2189
msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:103
+#: sssd.conf.5.xml:116
msgid "Options usable in SERVICE and DOMAIN sections"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:107
+#: sssd.conf.5.xml:120
msgid "timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:110
+#: sssd.conf.5.xml:123
msgid ""
"Timeout in seconds between heartbeats for this service. This is used to "
"ensure that the process is alive and capable of answering requests."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:115 sssd.conf.5.xml:999 sssd-ldap.5.xml:1392
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:128 sssd.conf.5.xml:1125 sssd-ldap.5.xml:1410
+#: include/ldap_id_mapping.xml:264
msgid "Default: 10"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:125
+#: sssd.conf.5.xml:138
msgid "SPECIAL SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:128
+#: sssd.conf.5.xml:141
msgid "The [sssd] section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:137 sssd.conf.5.xml:2272
+#: sssd.conf.5.xml:150 sssd.conf.5.xml:2472
msgid "Section parameters"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:139
+#: sssd.conf.5.xml:152
msgid "config_file_version (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:142
+#: sssd.conf.5.xml:155
msgid ""
"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use "
"version 2."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:148
+#: sssd.conf.5.xml:161
msgid "services"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:151
+#: sssd.conf.5.xml:164
msgid ""
"Comma separated list of services that are started when sssd itself starts."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:155
+#: sssd.conf.5.xml:168
msgid ""
"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> "
"<phrase condition=\"with_autofs\">, autofs</phrase> <phrase condition="
@@ -330,29 +345,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:165 sssd.conf.5.xml:390
+#: sssd.conf.5.xml:178 sssd.conf.5.xml:468
msgid "reconnection_retries (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:168 sssd.conf.5.xml:393
+#: sssd.conf.5.xml:181 sssd.conf.5.xml:471
msgid ""
"Number of times services should attempt to reconnect in the event of a Data "
"Provider crash or restart before they give up"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:173 sssd.conf.5.xml:398
+#: sssd.conf.5.xml:186 sssd.conf.5.xml:476
msgid "Default: 3"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:178
+#: sssd.conf.5.xml:191
msgid "domains"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:181
+#: sssd.conf.5.xml:194
msgid ""
"A domain is a database containing user information. SSSD can use more "
"domains at the same time, but at least one must be configured or SSSD won't "
@@ -362,19 +377,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:193 sssd.conf.5.xml:1947
+#: sssd.conf.5.xml:206 sssd.conf.5.xml:2105
msgid "re_expression (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:196
+#: sssd.conf.5.xml:209
msgid ""
"Default regular expression that describes how to parse the string containing "
"user name and domain into these components."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:201
+#: sssd.conf.5.xml:214
msgid ""
"Each domain can have an individual regular expression configured. For some "
"ID providers there are also default regular expressions. See DOMAIN "
@@ -382,12 +397,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:210 sssd.conf.5.xml:1998
+#: sssd.conf.5.xml:223 sssd.conf.5.xml:2156
msgid "full_name_format (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:213 sssd.conf.5.xml:2001
+#: sssd.conf.5.xml:226 sssd.conf.5.xml:2159
msgid ""
"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
"manvolnum> </citerefentry>-compatible format that describes how to compose a "
@@ -395,58 +410,58 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:224 sssd.conf.5.xml:2012
+#: sssd.conf.5.xml:237 sssd.conf.5.xml:2170
msgid "%1$s"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:225 sssd.conf.5.xml:2013
+#: sssd.conf.5.xml:238 sssd.conf.5.xml:2171
msgid "user name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:228 sssd.conf.5.xml:2016
+#: sssd.conf.5.xml:241 sssd.conf.5.xml:2174
msgid "%2$s"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:231 sssd.conf.5.xml:2019
+#: sssd.conf.5.xml:244 sssd.conf.5.xml:2177
msgid "domain name as specified in the SSSD config file."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:237 sssd.conf.5.xml:2025
+#: sssd.conf.5.xml:250 sssd.conf.5.xml:2183
msgid "%3$s"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:240 sssd.conf.5.xml:2028
+#: sssd.conf.5.xml:253 sssd.conf.5.xml:2186
msgid ""
"domain flat name. Mostly usable for Active Directory domains, both directly "
"configured or discovered via IPA trusts."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:221 sssd.conf.5.xml:2009
+#: sssd.conf.5.xml:234 sssd.conf.5.xml:2167
msgid ""
"The following expansions are supported: <placeholder type=\"variablelist\" "
"id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:250
+#: sssd.conf.5.xml:263
msgid ""
"Each domain can have an individual format string configured. see DOMAIN "
"SECTIONS for more info on this option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:256
+#: sssd.conf.5.xml:269
msgid "try_inotify (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:259
+#: sssd.conf.5.xml:272
msgid ""
"SSSD monitors the state of resolv.conf to identify when it needs to update "
"its internal DNS resolver. By default, we will attempt to use inotify for "
@@ -455,7 +470,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:267
+#: sssd.conf.5.xml:280
msgid ""
"There are some limited situations where it is preferred that we should skip "
"even trying to use inotify. In these rare cases, this option should be set "
@@ -463,69 +478,69 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:273
+#: sssd.conf.5.xml:286
msgid ""
"Default: true on platforms where inotify is supported. False on other "
"platforms."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:277
+#: sssd.conf.5.xml:290
msgid ""
"Note: this option will have no effect on platforms where inotify is "
"unavailable. On these platforms, polling will always be used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:284
+#: sssd.conf.5.xml:297
msgid "krb5_rcache_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:287
+#: sssd.conf.5.xml:300
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:291
+#: sssd.conf.5.xml:304
msgid ""
"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct "
"SSSD to let libkrb5 decide the appropriate location for the replay cache."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:297
+#: sssd.conf.5.xml:310
msgid ""
"Default: Distribution-specific and specified at build-time. "
"(__LIBKRB5_DEFAULTS__ if not configured)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:304
+#: sssd.conf.5.xml:317
msgid "user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:307
+#: sssd.conf.5.xml:320
msgid ""
"The user to drop the privileges to where appropriate to avoid running as the "
"root user."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:312
+#: sssd.conf.5.xml:325
msgid "Default: not set, process will run as root"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:317
+#: sssd.conf.5.xml:330
msgid "default_domain_suffix (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:320
+#: sssd.conf.5.xml:333
msgid ""
"This string will be used as a default domain name for all names without a "
"domain name component. The main use case is environments where the primary "
@@ -535,7 +550,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:330
+#: sssd.conf.5.xml:343
msgid ""
"Please note that if this option is set all users from the primary domain "
"have to use their fully qualified name, e.g. user@domain.name, to log in. "
@@ -545,20 +560,20 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:339 sssd-ldap.5.xml:663 sssd-ldap.5.xml:1480
-#: sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1574 sssd-ad.5.xml:576
-#: sssd-ad.5.xml:646 sssd-krb5.5.xml:410 sssd-krb5.5.xml:550
-#: include/ldap_id_mapping.xml:203 include/ldap_id_mapping.xml:214
+#: sssd.conf.5.xml:352 sssd-ldap.5.xml:663 sssd-ldap.5.xml:1498
+#: sssd-ldap.5.xml:1510 sssd-ldap.5.xml:1592 sssd-ad.5.xml:614
+#: sssd-ad.5.xml:689 sssd-krb5.5.xml:410 sssd-krb5.5.xml:550
+#: include/ldap_id_mapping.xml:205 include/ldap_id_mapping.xml:216
msgid "Default: not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:344
+#: sssd.conf.5.xml:357
msgid "override_space (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:347
+#: sssd.conf.5.xml:360
msgid ""
"This parameter will replace spaces (space bar) with the given character for "
"user and group names. e.g. (_). User name &quot;john doe&quot; will be "
@@ -568,7 +583,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:356
+#: sssd.conf.5.xml:369
msgid ""
"Please note it is a configuration error to use a replacement character that "
"might be used in user or group names. If a name contains the replacement "
@@ -577,12 +592,97 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:364
+#: sssd.conf.5.xml:377
msgid "Default: not set (spaces will not be replaced)"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:382
+msgid "certificate_verification (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:390
+msgid "no_ocsp"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:392
+msgid ""
+"Disables Online Certificate Status Protocol (OCSP) checks. This might be "
+"needed if the OCSP servers defined in the certificate are not reachable from "
+"the client."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:400
+msgid "no_verification"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:402
+msgid ""
+"Disables verification completely. This option should only be used for "
+"testing."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:408
+msgid "ocsp_default_responder=URL"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:410
+msgid ""
+"Sets the OCSP default responder which should be used instead of the one "
+"mentioned in the certificate. URL must be replaced with the URL of the OCSP "
+"default responder e.g. http://example.com:80/ocsp."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:416
+msgid ""
+"This option must be used together with ocsp_default_responder_signing_cert."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:424
+msgid "ocsp_default_responder_signing_cert=NAME"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:426
+msgid ""
+"The nickname of the cert to trust (expected) to sign the OCSP responses. "
+"The certificate with the given nickname must be availble in the systems NSS "
+"database."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:431
+msgid "This option must be used together with ocsp_default_responder."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:385
+msgid ""
+"With this parameter the certificate verification can be tuned with a comma "
+"separated list of options. Supported options are: <placeholder type="
+"\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:438
+msgid "Unknown options are reported but ignored."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:441
+msgid "Default: not set, i.e. do not restrict certificate vertification"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:130
+#: sssd.conf.5.xml:143
msgid ""
"Individual pieces of SSSD functionality are provided by special SSSD "
"services that are started and stopped together with SSSD. The services are "
@@ -593,12 +693,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:375
+#: sssd.conf.5.xml:453
msgid "SERVICES SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:377
+#: sssd.conf.5.xml:455
msgid ""
"Settings that can be used to configure different services are described in "
"this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -607,22 +707,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:384
+#: sssd.conf.5.xml:462
msgid "General service configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:386
+#: sssd.conf.5.xml:464
msgid "These options can be used to configure any service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:403
+#: sssd.conf.5.xml:481
msgid "fd_limit"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:406
+#: sssd.conf.5.xml:484
msgid ""
"This option specifies the maximum number of file descriptors that may be "
"opened at one time by this SSSD process. On systems where SSSD is granted "
@@ -632,17 +732,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:415
+#: sssd.conf.5.xml:493
msgid "Default: 8192 (or limits.conf \"hard\" limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:420
+#: sssd.conf.5.xml:498
msgid "client_idle_timeout"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:423
+#: sssd.conf.5.xml:501
msgid ""
"This option specifies the number of seconds that a client of an SSSD process "
"can hold onto a file descriptor without communicating on it. This value is "
@@ -650,19 +750,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:430 sssd.conf.5.xml:446 sssd.conf.5.xml:478
-#: sssd.conf.5.xml:736 sssd.conf.5.xml:922 sssd.conf.5.xml:1289
-#: sssd-ldap.5.xml:1219
+#: sssd.conf.5.xml:508 sssd.conf.5.xml:524 sssd.conf.5.xml:556
+#: sssd.conf.5.xml:803 sssd.conf.5.xml:995 sssd.conf.5.xml:1428
+#: sssd-ldap.5.xml:1237
msgid "Default: 60"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:435 sssd.conf.5.xml:1278
+#: sssd.conf.5.xml:513 sssd.conf.5.xml:1417
msgid "force_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:438 sssd.conf.5.xml:1281
+#: sssd.conf.5.xml:516 sssd.conf.5.xml:1420
msgid ""
"If a service is not responding to ping checks (see the <quote>timeout</"
"quote> option), it is first sent the SIGTERM signal that instructs it to "
@@ -672,12 +772,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:451
+#: sssd.conf.5.xml:529
msgid "offline_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:454
+#: sssd.conf.5.xml:532
msgid ""
"When SSSD switches to offline mode the amount of time before it tries to go "
"back online will increase based upon the time spent disconnected. This "
@@ -685,117 +785,65 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:461
+#: sssd.conf.5.xml:539
msgid "offline_timeout + random_offset"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:464
+#: sssd.conf.5.xml:542
msgid ""
"The random offset can increment up to 30 seconds. After each unsuccessful "
"attempt to go online, the new interval is recalculated by the following:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:469
+#: sssd.conf.5.xml:547
msgid "new_interval = old_interval*2 + random_offset"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:472
+#: sssd.conf.5.xml:550
msgid ""
"Note that the maximum length of each interval is currently limited to one "
"hour. If the calculated length of new_interval is greater than an hour, it "
"will be forced to one hour."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:483
-msgid "subdomain_inherit (string)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:486
-msgid ""
-"Specifies a list of configuration parameters that should be inherited by a "
-"subdomain. Please note that only selected parameters can be inherited. "
-"Currently the following options can be inherited:"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:492
-msgid "ignore_group_members"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:495
-msgid "ldap_purge_cache_timeout"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:498 sssd-ldap.5.xml:1036
-msgid "ldap_use_tokengroups"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:501
-msgid "ldap_user_principal"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:506
-#, no-wrap
-msgid ""
-"subdomain_inherit = ldap_purge_cache_timeout\n"
-" "
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:504
-msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:510 sssd.conf.5.xml:966 sssd.conf.5.xml:987
-#: sssd.conf.5.xml:1272 sssd-ldap.5.xml:1775
-msgid "Default: none"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:518
+#: sssd.conf.5.xml:564
msgid "NSS configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:520
+#: sssd.conf.5.xml:566
msgid ""
"These options can be used to configure the Name Service Switch (NSS) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:525
+#: sssd.conf.5.xml:571
msgid "enum_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:528
+#: sssd.conf.5.xml:574
msgid ""
"How many seconds should nss_sss cache enumerations (requests for info about "
"all users)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:532
+#: sssd.conf.5.xml:578
msgid "Default: 120"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:537
+#: sssd.conf.5.xml:583
msgid "entry_cache_nowait_percentage (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
+#: sssd.conf.5.xml:586
msgid ""
"The entry cache can be set to automatically update entries in the background "
"if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -803,7 +851,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:546
+#: sssd.conf.5.xml:592
msgid ""
"For example, if the domain's entry_cache_timeout is set to 30s and "
"entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -813,7 +861,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:556
+#: sssd.conf.5.xml:602
msgid ""
"Valid values for this option are 0-99 and represent a percentage of the "
"entry_cache_timeout for each domain. For performance reasons, this "
@@ -822,17 +870,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:564
+#: sssd.conf.5.xml:610
msgid "Default: 50"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:569
+#: sssd.conf.5.xml:615
msgid "entry_negative_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:572
+#: sssd.conf.5.xml:618
msgid ""
"Specifies for how many seconds nss_sss should cache negative cache hits "
"(that is, queries for invalid database entries, like nonexistent ones) "
@@ -840,60 +888,86 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:578 sssd.conf.5.xml:1059
+#: sssd.conf.5.xml:624 sssd.conf.5.xml:1185
msgid "Default: 15"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:583
+#: sssd.conf.5.xml:629
+msgid "local_negative_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:632
+msgid ""
+"Specifies for how many seconds nss_sss should keep local users and groups in "
+"negative cache before trying to look it up in the back end again."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:637 sssd.conf.5.xml:983 sssd.conf.5.xml:2406 sssd.8.xml:79
+msgid "Default: 0"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:642
msgid "filter_users, filter_groups (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:586
+#: sssd.conf.5.xml:645
+msgid ""
+"Exclude certain users or groups from being fetched from the sss NSS "
+"database. This is particularly useful for system accounts. This option can "
+"also be set per-domain or include fully-qualified names to filter only users "
+"from the particular domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:652
msgid ""
-"Exclude certain users from being fetched from the sss NSS database. This is "
-"particularly useful for system accounts. This option can also be set per-"
-"domain or include fully-qualified names to filter only users from the "
-"particular domain."
+"NOTE: The filter_groups option doesn't affect inheritance of nested group "
+"members, since filtering happens after they are propagated for returning via "
+"NSS. E.g. a group having a member group filtered out will still have the "
+"member users of the latter listed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:593
+#: sssd.conf.5.xml:660
msgid "Default: root"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:598
+#: sssd.conf.5.xml:665
msgid "filter_users_in_groups (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:601
+#: sssd.conf.5.xml:668
msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:612
+#: sssd.conf.5.xml:679
msgid "fallback_homedir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:615
+#: sssd.conf.5.xml:682
msgid ""
"Set a default template for a user's home directory if one is not specified "
"explicitly by the domain's data provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:620
+#: sssd.conf.5.xml:687
msgid ""
"The available values for this option are the same as for override_homedir."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:626
+#: sssd.conf.5.xml:693
#, no-wrap
msgid ""
"fallback_homedir = /home/%u\n"
@@ -901,23 +975,23 @@ msgid ""
msgstr ""
#. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:624 sssd.conf.5.xml:981 sssd-krb5.5.xml:533
-#: include/override_homedir.xml:55
+#: sssd.conf.5.xml:691 sssd.conf.5.xml:1062 sssd.conf.5.xml:1081
+#: sssd-krb5.5.xml:533 include/override_homedir.xml:55
msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:630
+#: sssd.conf.5.xml:697
msgid "Default: not set (no substitution for unset home directories)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:636
+#: sssd.conf.5.xml:703
msgid "override_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:639
+#: sssd.conf.5.xml:706
msgid ""
"Override the login shell for all users. This option supersedes any other "
"shell options if it takes effect and can be set either in the [nss] section "
@@ -925,47 +999,47 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:645
+#: sssd.conf.5.xml:712
msgid "Default: not set (SSSD will use the value retrieved from LDAP)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:651
+#: sssd.conf.5.xml:718
msgid "allowed_shells (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:654
+#: sssd.conf.5.xml:721
msgid ""
"Restrict user shell to one of the listed values. The order of evaluation is:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:657
+#: sssd.conf.5.xml:724
msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:661
+#: sssd.conf.5.xml:728
msgid ""
"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
"quote>, use the value of the shell_fallback parameter."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:666
+#: sssd.conf.5.xml:733
msgid ""
"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
"shells</quote>, a nologin shell is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:671
+#: sssd.conf.5.xml:738
msgid "The wildcard (*) can be used to allow any shell."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:674
+#: sssd.conf.5.xml:741
msgid ""
"The (*) is useful if you want to use shell_fallback in case that user's "
"shell is not in <quote>/etc/shells</quote> and maintaining list of all "
@@ -973,103 +1047,110 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:681
+#: sssd.conf.5.xml:748
msgid "An empty string for shell is passed as-is to libc."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:684
+#: sssd.conf.5.xml:751
msgid ""
"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
"that a restart of the SSSD is required in case a new shell is installed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:688
+#: sssd.conf.5.xml:755
msgid "Default: Not set. The user shell is automatically used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:693
+#: sssd.conf.5.xml:760
msgid "vetoed_shells (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:696
+#: sssd.conf.5.xml:763
msgid "Replace any instance of these shells with the shell_fallback"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:701
+#: sssd.conf.5.xml:768
msgid "shell_fallback (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:704
+#: sssd.conf.5.xml:771
msgid ""
"The default shell to use if an allowed shell is not installed on the machine."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:708
+#: sssd.conf.5.xml:775
msgid "Default: /bin/sh"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:713
+#: sssd.conf.5.xml:780
msgid "default_shell"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:716
+#: sssd.conf.5.xml:783
msgid ""
"The default shell to use if the provider does not return one during lookup. "
"This option can be specified globally in the [nss] section or per-domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:722
+#: sssd.conf.5.xml:789
msgid ""
"Default: not set (Return NULL if no shell is specified and rely on libc to "
"substitute something sensible when necessary, usually /bin/sh)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:729 sssd.conf.5.xml:915
+#: sssd.conf.5.xml:796 sssd.conf.5.xml:988
msgid "get_domains_timeout (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:732 sssd.conf.5.xml:918
+#: sssd.conf.5.xml:799 sssd.conf.5.xml:991
msgid ""
"Specifies time in seconds for which the list of subdomains will be "
"considered valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:741
+#: sssd.conf.5.xml:808
msgid "memcache_timeout (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:744
+#: sssd.conf.5.xml:811
msgid ""
"Specifies time in seconds for which records in the in-memory cache will be "
-"valid"
+"valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:748 sssd-ldap.5.xml:706
+#: sssd.conf.5.xml:815 sssd.conf.5.xml:1299 sssd-ldap.5.xml:706
msgid "Default: 300"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:818
+msgid ""
+"NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", "
+"client applications will not use the fast in-memory cache."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:753 sssd-ifp.5.xml:74
+#: sssd.conf.5.xml:826 sssd-ifp.5.xml:74
msgid "user_attributes (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:829
msgid ""
"Some of the additional NSS responder requests can return more attributes "
"than just the POSIX ones defined by the NSS interface. The list of "
@@ -1080,72 +1161,72 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:769
+#: sssd.conf.5.xml:842
msgid ""
"To make configuration more easy the NSS responder will check the InfoPipe "
"option if it is not set for the NSS responder."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:774
+#: sssd.conf.5.xml:847
msgid "Default: not set, fallback to InfoPipe option"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:781
+#: sssd.conf.5.xml:854
msgid "PAM configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:856
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:788
+#: sssd.conf.5.xml:861
msgid "offline_credentials_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:791
+#: sssd.conf.5.xml:864
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:796 sssd.conf.5.xml:809
+#: sssd.conf.5.xml:869 sssd.conf.5.xml:882
msgid "Default: 0 (No limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:802
+#: sssd.conf.5.xml:875
msgid "offline_failed_login_attempts (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:805
+#: sssd.conf.5.xml:878
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:815
+#: sssd.conf.5.xml:888
msgid "offline_failed_login_delay (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:818
+#: sssd.conf.5.xml:891
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:823
+#: sssd.conf.5.xml:896
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -1153,59 +1234,59 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:829 sssd.conf.5.xml:882
+#: sssd.conf.5.xml:902 sssd.conf.5.xml:955
msgid "Default: 5"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:835
+#: sssd.conf.5.xml:908
msgid "pam_verbosity (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:838
+#: sssd.conf.5.xml:911
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:843
+#: sssd.conf.5.xml:916
msgid "Currently sssd supports the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:846
+#: sssd.conf.5.xml:919
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:849
+#: sssd.conf.5.xml:922
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:853
+#: sssd.conf.5.xml:926
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:856
+#: sssd.conf.5.xml:929
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:860 sssd.8.xml:63
+#: sssd.conf.5.xml:933 sssd.8.xml:63
msgid "Default: 1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:865
+#: sssd.conf.5.xml:938
msgid "pam_id_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:941
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -1213,7 +1294,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:874
+#: sssd.conf.5.xml:947
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
@@ -1222,17 +1303,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:888
+#: sssd.conf.5.xml:961
msgid "pam_pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:891 sssd.conf.5.xml:1492
+#: sssd.conf.5.xml:964 sssd.conf.5.xml:1631
msgid "Display a warning N days before the password expires."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:894
+#: sssd.conf.5.xml:967
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -1240,117 +1321,183 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:900 sssd.conf.5.xml:1495
+#: sssd.conf.5.xml:973 sssd.conf.5.xml:1634
msgid ""
"If zero is set, then this filter is not applied, i.e. if the expiration "
"warning was received from backend server, it will automatically be displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:905
+#: sssd.conf.5.xml:978
msgid ""
"This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
"emphasis> for a particular domain."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:910 sssd.conf.5.xml:2224 sssd.8.xml:79
-msgid "Default: 0"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:927
+#: sssd.conf.5.xml:1000
msgid "pam_trusted_users (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:930
+#: sssd.conf.5.xml:1003
msgid ""
"Specifies the comma-separated list of UID values or user names that are "
-"allowed to access the PAM responder. User names are resolved to UIDs at "
+"allowed to run PAM conversations against trusted domains. Users not "
+"included in this list can only access domains marked as public with "
+"<quote>pam_public_domains</quote>. User names are resolved to UIDs at "
"startup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:936
-msgid "Default: all (All users are allowed to access the PAM responder)"
+#: sssd.conf.5.xml:1013
+msgid "Default: All users are considered trusted by default"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940
+#: sssd.conf.5.xml:1017
msgid ""
"Please note that UID 0 is always allowed to access the PAM responder even in "
"case it is not in the pam_trusted_users list."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:947
+#: sssd.conf.5.xml:1024
msgid "pam_public_domains (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:950
+#: sssd.conf.5.xml:1027
msgid ""
"Specifies the comma-separated list of domain names that are accessible even "
"to untrusted users."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:954
+#: sssd.conf.5.xml:1031
msgid "Two special values for pam_public_domains option are defined:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:958
+#: sssd.conf.5.xml:1035
msgid ""
"all (Untrusted users are allowed to access all domains in PAM responder.)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:962
+#: sssd.conf.5.xml:1039
msgid ""
"none (Untrusted users are not allowed to access any domains PAM in "
"responder.)"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1043 sssd.conf.5.xml:1068 sssd.conf.5.xml:1087
+#: sssd.conf.5.xml:1411 sssd.conf.5.xml:2342 sssd-ldap.5.xml:1793
+msgid "Default: none"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:971
+#: sssd.conf.5.xml:1048
msgid "pam_account_expired_message (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:974
+#: sssd.conf.5.xml:1051
+msgid ""
+"Allows a custom expiration message to be set, replacing the default "
+"'Permission denied' message."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1056
+msgid ""
+"Note: Please be aware that message is only printed for the SSH service "
+"unless pam_verbostiy is set to 3 (show all messages and debug information)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd.conf.5.xml:1064
+#, no-wrap
+msgid ""
+"pam_account_expired_message = Account expired, please contact help desk.\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1073
+msgid "pam_account_locked_message (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1076
msgid ""
-"If user is authenticating using SSH keys and account is expired then by "
-"default 'Permission denied' is output. This output will be changed to "
-"content of this variable if it is set."
+"Allows a custom lockout message to be set, replacing the default 'Permission "
+"denied' message."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:983
+#: sssd.conf.5.xml:1083
#, no-wrap
msgid ""
-"pam_account_expired_message = Account expired, please call help desk.\n"
+"pam_account_locked_message = Account locked, please contact help desk.\n"
" "
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:992
+#: sssd.conf.5.xml:1092
+msgid "pam_cert_auth (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1095
+msgid ""
+"Enable certificate based Smartcard authentication. Since this requires "
+"additional communication with the Smartcard which will delay the "
+"authentication process this option is disabled by default."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1101 sssd-ldap.5.xml:1021 sssd-ldap.5.xml:1048
+#: sssd-ldap.5.xml:1339 sssd-ldap.5.xml:1360 sssd-ldap.5.xml:1866
+#: include/ldap_id_mapping.xml:244
+msgid "Default: False"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1106
+msgid "pam_cert_db_path (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1109
+msgid ""
+"The path to the certificate database which contain the PKCS#11 modules to "
+"access the Smartcard."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1113
+msgid "Default: /etc/pki/nssdb (NSS version)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1118
msgid "p11_child_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:995
+#: sssd.conf.5.xml:1121
msgid "How many seconds will pam_sss wait for p11_child to finish."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1008
+#: sssd.conf.5.xml:1134
msgid "SUDO configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1010
+#: sssd.conf.5.xml:1136
msgid ""
"These options can be used to configure the sudo service. The detailed "
"instructions for configuration of <citerefentry> <refentrytitle>sudo</"
@@ -1361,34 +1508,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1027
+#: sssd.conf.5.xml:1153
msgid "sudo_timed (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1030
+#: sssd.conf.5.xml:1156
msgid ""
"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
"that implement time-dependent sudoers entries."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1043
+#: sssd.conf.5.xml:1169
msgid "AUTOFS configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1045
+#: sssd.conf.5.xml:1171
msgid "These options can be used to configure the autofs service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1049
+#: sssd.conf.5.xml:1175
msgid "autofs_negative_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1052
+#: sssd.conf.5.xml:1178
msgid ""
"Specifies for how many seconds should the autofs responder negative cache "
"hits (that is, queries for invalid map entries, like nonexistent ones) "
@@ -1396,68 +1543,68 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1068
+#: sssd.conf.5.xml:1194
msgid "SSH configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1070
+#: sssd.conf.5.xml:1196
msgid "These options can be used to configure the SSH service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1074
+#: sssd.conf.5.xml:1200
msgid "ssh_hash_known_hosts (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1077
+#: sssd.conf.5.xml:1203
msgid ""
"Whether or not to hash host names and addresses in the managed known_hosts "
"file."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1086
+#: sssd.conf.5.xml:1212
msgid "ssh_known_hosts_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1089
+#: sssd.conf.5.xml:1215
msgid ""
"How many seconds to keep a host in the managed known_hosts file after its "
"host keys were requested."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1093
+#: sssd.conf.5.xml:1219
msgid "Default: 180"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1098
+#: sssd.conf.5.xml:1224
msgid "ca_db (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1101
+#: sssd.conf.5.xml:1227
msgid ""
"Path to a storage of trusted CA certificates. The option is used to validate "
"user certificates before deriving public ssh keys from them."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1106
+#: sssd.conf.5.xml:1232
msgid "Default: /etc/pki/nssdb"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1114
+#: sssd.conf.5.xml:1240
msgid "PAC responder configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1116
+#: sssd.conf.5.xml:1242
msgid ""
"The PAC responder works together with the authorization data plugin for MIT "
"Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the "
@@ -1469,7 +1616,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1125
+#: sssd.conf.5.xml:1251
msgid ""
"If the remote user does not exist in the cache, it is created. The uid is "
"determined with the help of the SID, trusted domains will have UPGs and the "
@@ -1480,24 +1627,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1133
+#: sssd.conf.5.xml:1259
msgid ""
"If there are SIDs of groups from domains sssd knows about, the user will be "
"added to those groups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1139
+#: sssd.conf.5.xml:1265
msgid "These options can be used to configure the PAC responder."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1143 sssd-ifp.5.xml:50
+#: sssd.conf.5.xml:1269 sssd-ifp.5.xml:50
msgid "allowed_uids (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1146
+#: sssd.conf.5.xml:1272
msgid ""
"Specifies the comma-separated list of UID values or user names that are "
"allowed to access the PAC responder. User names are resolved to UIDs at "
@@ -1505,12 +1652,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1152
+#: sssd.conf.5.xml:1278
msgid "Default: 0 (only the root user is allowed to access the PAC responder)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1156
+#: sssd.conf.5.xml:1282
msgid ""
"Please note that although the UID 0 is used as the default it will be "
"overwritten with this option. If you still want to allow the root user to "
@@ -1518,25 +1665,37 @@ msgid ""
"to the list of allowed UIDs as well."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1291
+msgid "pac_lifetime (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1294
+msgid ""
+"Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC "
+"data can be used to determine the group memberships of a user."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1170
+#: sssd.conf.5.xml:1309
msgid "DOMAIN SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1177
+#: sssd.conf.5.xml:1316
msgid "min_id,max_id (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1180
+#: sssd.conf.5.xml:1319
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1185
+#: sssd.conf.5.xml:1324
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -1545,46 +1704,46 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1192
+#: sssd.conf.5.xml:1331
msgid ""
"These ID limits affect even saving entries to cache, not only returning them "
"by name or ID."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1196
+#: sssd.conf.5.xml:1335
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1202
+#: sssd.conf.5.xml:1341
msgid "enumerate (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1205
+#: sssd.conf.5.xml:1344
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1209
+#: sssd.conf.5.xml:1348
msgid "TRUE = Users and groups are enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1212
+#: sssd.conf.5.xml:1351
msgid "FALSE = No enumerations for this domain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1215 sssd.conf.5.xml:1447 sssd.conf.5.xml:1614
+#: sssd.conf.5.xml:1354 sssd.conf.5.xml:1586 sssd.conf.5.xml:1753
msgid "Default: FALSE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1218
+#: sssd.conf.5.xml:1357
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -1596,14 +1755,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1231
+#: sssd.conf.5.xml:1370
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1236
+#: sssd.conf.5.xml:1375
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -1612,39 +1771,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1244
+#: sssd.conf.5.xml:1383
msgid ""
"For the reasons cited above, enabling enumeration is not recommended, "
"especially in large environments."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1252
+#: sssd.conf.5.xml:1391
msgid "subdomain_enumerate (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1259
+#: sssd.conf.5.xml:1398
msgid "all"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1260
+#: sssd.conf.5.xml:1399
msgid "All discovered trusted domains will be enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1263
+#: sssd.conf.5.xml:1402
msgid "none"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1264
+#: sssd.conf.5.xml:1403
msgid "No discovered trusted domains will be enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1255
+#: sssd.conf.5.xml:1394
msgid ""
"Whether any of autodetected trusted domains should be enumerated. The "
"supported values are: <placeholder type=\"variablelist\" id=\"0\"/> "
@@ -1653,19 +1812,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1295
+#: sssd.conf.5.xml:1434
msgid "entry_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1298
+#: sssd.conf.5.xml:1437
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1302
+#: sssd.conf.5.xml:1441
msgid ""
"The cache expiration timestamps are stored as attributes of individual "
"objects in the cache. Therefore, changing the cache timeout only has effect "
@@ -1676,151 +1835,151 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1315
+#: sssd.conf.5.xml:1454
msgid "Default: 5400"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1321
+#: sssd.conf.5.xml:1460
msgid "entry_cache_user_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1324
+#: sssd.conf.5.xml:1463
msgid ""
"How many seconds should nss_sss consider user entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1328 sssd.conf.5.xml:1341 sssd.conf.5.xml:1354
-#: sssd.conf.5.xml:1367 sssd.conf.5.xml:1380 sssd.conf.5.xml:1394
-#: sssd.conf.5.xml:1408
+#: sssd.conf.5.xml:1467 sssd.conf.5.xml:1480 sssd.conf.5.xml:1493
+#: sssd.conf.5.xml:1506 sssd.conf.5.xml:1519 sssd.conf.5.xml:1533
+#: sssd.conf.5.xml:1547
msgid "Default: entry_cache_timeout"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1334
+#: sssd.conf.5.xml:1473
msgid "entry_cache_group_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1337
+#: sssd.conf.5.xml:1476
msgid ""
"How many seconds should nss_sss consider group entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1347
+#: sssd.conf.5.xml:1486
msgid "entry_cache_netgroup_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1350
+#: sssd.conf.5.xml:1489
msgid ""
"How many seconds should nss_sss consider netgroup entries valid before "
"asking the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1360
+#: sssd.conf.5.xml:1499
msgid "entry_cache_service_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1363
+#: sssd.conf.5.xml:1502
msgid ""
"How many seconds should nss_sss consider service entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1373
+#: sssd.conf.5.xml:1512
msgid "entry_cache_sudo_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1376
+#: sssd.conf.5.xml:1515
msgid ""
"How many seconds should sudo consider rules valid before asking the backend "
"again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1386
+#: sssd.conf.5.xml:1525
msgid "entry_cache_autofs_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1389
+#: sssd.conf.5.xml:1528
msgid ""
"How many seconds should the autofs service consider automounter maps valid "
"before asking the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1400
+#: sssd.conf.5.xml:1539
msgid "entry_cache_ssh_host_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1403
+#: sssd.conf.5.xml:1542
msgid ""
"How many seconds to keep a host ssh key after refresh. IE how long to cache "
"the host key for."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1414
+#: sssd.conf.5.xml:1553
msgid "refresh_expired_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1417
+#: sssd.conf.5.xml:1556
msgid ""
"Specifies how many seconds SSSD has to wait before triggering a background "
"refresh task which will refresh all expired or nearly expired records."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1422
+#: sssd.conf.5.xml:1561
msgid ""
"The background refresh will process users, groups and netgroups in the cache."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1426
+#: sssd.conf.5.xml:1565
msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1430 sssd-ldap.5.xml:730 sssd-ipa.5.xml:227
+#: sssd.conf.5.xml:1569 sssd-ldap.5.xml:730 sssd-ipa.5.xml:227
msgid "Default: 0 (disabled)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1436
+#: sssd.conf.5.xml:1575
msgid "cache_credentials (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1439
+#: sssd.conf.5.xml:1578
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1443
+#: sssd.conf.5.xml:1582
msgid "User credentials are stored in a SHA512 hash, not in plaintext"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1453
+#: sssd.conf.5.xml:1592
msgid "cache_credentials_minimal_first_factor_length (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1456
+#: sssd.conf.5.xml:1595
msgid ""
"If 2-Factor-Authentication (2FA) is used and credentials should be saved "
"this value determines the minimal length the first authentication factor "
@@ -1828,24 +1987,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1463
+#: sssd.conf.5.xml:1602
msgid ""
"This should avoid that the short PINs of a PIN based 2FA scheme are saved in "
"the cache which would make them easy targets for brute-force attacks."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1468
+#: sssd.conf.5.xml:1607
msgid "Default: 8"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1474
+#: sssd.conf.5.xml:1613
msgid "account_cache_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1477
+#: sssd.conf.5.xml:1616
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -1854,17 +2013,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1484
+#: sssd.conf.5.xml:1623
msgid "Default: 0 (unlimited)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1489
+#: sssd.conf.5.xml:1628
msgid "pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1500
+#: sssd.conf.5.xml:1639
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -1873,33 +2032,33 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1507
+#: sssd.conf.5.xml:1646
msgid "Default: 7 (Kerberos), 0 (LDAP)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1513
+#: sssd.conf.5.xml:1652
msgid "id_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1516
+#: sssd.conf.5.xml:1655
msgid ""
"The identification provider used for the domain. Supported ID providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1520
+#: sssd.conf.5.xml:1659
msgid "<quote>proxy</quote>: Support a legacy NSS provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1523 sssd.conf.5.xml:1660
+#: sssd.conf.5.xml:1662 sssd.conf.5.xml:1799
msgid "<quote>local</quote>: SSSD internal provider for local users"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1527
+#: sssd.conf.5.xml:1666
msgid ""
"<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-"
"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
@@ -1907,8 +2066,8 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1535 sssd.conf.5.xml:1640 sssd.conf.5.xml:1695
-#: sssd.conf.5.xml:1748
+#: sssd.conf.5.xml:1674 sssd.conf.5.xml:1779 sssd.conf.5.xml:1834
+#: sssd.conf.5.xml:1897
msgid ""
"<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management "
"provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
@@ -1917,8 +2076,8 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1544 sssd.conf.5.xml:1649 sssd.conf.5.xml:1704
-#: sssd.conf.5.xml:1757
+#: sssd.conf.5.xml:1683 sssd.conf.5.xml:1788 sssd.conf.5.xml:1843
+#: sssd.conf.5.xml:1906
msgid ""
"<quote>ad</quote>: Active Directory provider. See <citerefentry> "
"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1926,19 +2085,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1555
+#: sssd.conf.5.xml:1694
msgid "use_fully_qualified_names (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1558
+#: sssd.conf.5.xml:1697
msgid ""
"Use the full name and domain (as formatted by the domain's full_name_format) "
"as the user's login name reported to NSS."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1563
+#: sssd.conf.5.xml:1702
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -1947,7 +2106,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1571
+#: sssd.conf.5.xml:1710
msgid ""
"NOTE: This option has no effect on netgroup lookups due to their tendency to "
"include nested netgroups without qualified names. For netgroups, all domains "
@@ -1955,22 +2114,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1578
+#: sssd.conf.5.xml:1717
msgid "Default: FALSE (TRUE if default_domain_suffix is used)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1584
+#: sssd.conf.5.xml:1723
msgid "ignore_group_members (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1587
+#: sssd.conf.5.xml:1726
msgid "Do not return group members for group lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1590
+#: sssd.conf.5.xml:1729
msgid ""
"If set to TRUE, the group membership attribute is not requested from the "
"ldap server, and group members are not returned when processing group lookup "
@@ -1982,7 +2141,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1608
+#: sssd.conf.5.xml:1747
msgid ""
"Enabling this option can also make access provider checks for group "
"membership significantly faster, especially for groups containing many "
@@ -1990,19 +2149,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1619
+#: sssd.conf.5.xml:1758
msgid "auth_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1622
+#: sssd.conf.5.xml:1761
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1626 sssd.conf.5.xml:1688
+#: sssd.conf.5.xml:1765 sssd.conf.5.xml:1827
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2010,7 +2169,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1633
+#: sssd.conf.5.xml:1772
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2018,30 +2177,30 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1657
+#: sssd.conf.5.xml:1796
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1664
+#: sssd.conf.5.xml:1803
msgid "<quote>none</quote> disables authentication explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1667
+#: sssd.conf.5.xml:1806
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1673
+#: sssd.conf.5.xml:1812
msgid "access_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1676
+#: sssd.conf.5.xml:1815
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -2049,19 +2208,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1682
+#: sssd.conf.5.xml:1821
msgid ""
"<quote>permit</quote> always allow access. It's the only permitted access "
"provider for a local domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1685
+#: sssd.conf.5.xml:1824
msgid "<quote>deny</quote> always deny access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1712
+#: sssd.conf.5.xml:1851
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -2070,24 +2229,37 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1719
+#: sssd.conf.5.xml:1858
+msgid ""
+"<quote>krb5</quote>: .k5login based access control. See <citerefentry> "
+"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></"
+"citerefentry> for more information on configuring Kerberos."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1865
+msgid "<quote>proxy</quote> for relaying access control to another PAM module."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1868
msgid "Default: <quote>permit</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1724
+#: sssd.conf.5.xml:1873
msgid "chpass_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1727
+#: sssd.conf.5.xml:1876
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1732
+#: sssd.conf.5.xml:1881
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -2095,7 +2267,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1740
+#: sssd.conf.5.xml:1889
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2103,35 +2275,35 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1765
+#: sssd.conf.5.xml:1914
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1769
+#: sssd.conf.5.xml:1918
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1772
+#: sssd.conf.5.xml:1921
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1779
+#: sssd.conf.5.xml:1928
msgid "sudo_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1782
+#: sssd.conf.5.xml:1931
msgid "The SUDO provider used for the domain. Supported SUDO providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1786
+#: sssd.conf.5.xml:1935
msgid ""
"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2139,32 +2311,32 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1794
+#: sssd.conf.5.xml:1943
msgid ""
"<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default "
"settings."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1798
+#: sssd.conf.5.xml:1947
msgid ""
"<quote>ad</quote> the same as <quote>ldap</quote> but with AD default "
"settings."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1802
+#: sssd.conf.5.xml:1951
msgid "<quote>none</quote> disables SUDO explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1805 sssd.conf.5.xml:1883 sssd.conf.5.xml:1915
-#: sssd.conf.5.xml:1940
+#: sssd.conf.5.xml:1954 sssd.conf.5.xml:2032 sssd.conf.5.xml:2073
+#: sssd.conf.5.xml:2098
msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1809
+#: sssd.conf.5.xml:1958
msgid ""
"The detailed instructions for configuration of sudo_provider are in the "
"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -2175,12 +2347,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1826
+#: sssd.conf.5.xml:1975
msgid "selinux_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1829
+#: sssd.conf.5.xml:1978
msgid ""
"The provider which should handle loading of selinux settings. Note that this "
"provider will be called right after access provider ends. Supported selinux "
@@ -2188,7 +2360,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1835
+#: sssd.conf.5.xml:1984
msgid ""
"<quote>ipa</quote> to load selinux settings from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2196,31 +2368,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1843
+#: sssd.conf.5.xml:1992
msgid "<quote>none</quote> disallows fetching selinux settings explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1846
+#: sssd.conf.5.xml:1995
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"selinux loading requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1852
+#: sssd.conf.5.xml:2001
msgid "subdomains_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1855
+#: sssd.conf.5.xml:2004
msgid ""
"The provider which should handle fetching of subdomains. This value should "
"be always the same as id_provider. Supported subdomain providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1861
+#: sssd.conf.5.xml:2010
msgid ""
"<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2228,7 +2400,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1870
+#: sssd.conf.5.xml:2019
msgid ""
"<quote>ad</quote> to load a list of subdomains from an Active Directory "
"server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> "
@@ -2237,23 +2409,23 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1879
+#: sssd.conf.5.xml:2028
msgid "<quote>none</quote> disallows fetching subdomains explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1890
+#: sssd.conf.5.xml:2039
msgid "autofs_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1893
+#: sssd.conf.5.xml:2042
msgid ""
"The autofs provider used for the domain. Supported autofs providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1897
+#: sssd.conf.5.xml:2046
msgid ""
"<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2261,7 +2433,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1904
+#: sssd.conf.5.xml:2053
msgid ""
"<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2269,24 +2441,32 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1912
+#: sssd.conf.5.xml:2061
+msgid ""
+"<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> "
+"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> for more information on configuring the AD provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2070
msgid "<quote>none</quote> disables autofs explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1922
+#: sssd.conf.5.xml:2080
msgid "hostid_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1925
+#: sssd.conf.5.xml:2083
msgid ""
"The provider used for retrieving host identity information. Supported "
"hostid providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1929
+#: sssd.conf.5.xml:2087
msgid ""
"<quote>ipa</quote> to load host identity stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2294,12 +2474,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1937
+#: sssd.conf.5.xml:2095
msgid "<quote>none</quote> disables hostid explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1950
+#: sssd.conf.5.xml:2108
msgid ""
"Regular expression for this domain that describes how to parse the string "
"containing user name and domain into these components. The \"domain\" can "
@@ -2309,7 +2489,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1959
+#: sssd.conf.5.xml:2117
msgid ""
"Default for the AD and IPA provider: <quote>(((?P&lt;domain&gt;[^\\\\]+)\\"
"\\(?P&lt;name&gt;.+$))|((?P&lt;name&gt;[^@]+)@(?P&lt;domain&gt;.+$))|(^(?"
@@ -2318,29 +2498,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1964
+#: sssd.conf.5.xml:2122
msgid "username"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1967
+#: sssd.conf.5.xml:2125
msgid "username@domain.name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1970
+#: sssd.conf.5.xml:2128
msgid "domain\\username"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1973
+#: sssd.conf.5.xml:2131
msgid ""
"While the first two correspond to the general default the third one is "
"introduced to allow easy integration of users from Windows domains."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1978
+#: sssd.conf.5.xml:2136
msgid ""
"Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
"which translates to \"the name is everything up to the <quote>@</quote> "
@@ -2348,7 +2528,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1984
+#: sssd.conf.5.xml:2142
msgid ""
"PLEASE NOTE: the support for non-unique named subpatterns is not available "
"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
@@ -2356,66 +2536,66 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1991
+#: sssd.conf.5.xml:2149
msgid ""
"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
"P&lt;name&gt;) to label subpatterns."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2038
+#: sssd.conf.5.xml:2196
msgid "Default: <quote>%1$s@%2$s</quote>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2044
+#: sssd.conf.5.xml:2202
msgid "lookup_family_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2047
+#: sssd.conf.5.xml:2205
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2051
+#: sssd.conf.5.xml:2209
msgid "Supported values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2054
+#: sssd.conf.5.xml:2212
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2057
+#: sssd.conf.5.xml:2215
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2060
+#: sssd.conf.5.xml:2218
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2063
+#: sssd.conf.5.xml:2221
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2066
+#: sssd.conf.5.xml:2224
msgid "Default: ipv4_first"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2072
+#: sssd.conf.5.xml:2230
msgid "dns_resolver_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2075
+#: sssd.conf.5.xml:2233
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -2423,70 +2603,70 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2081 sssd-ldap.5.xml:1203 sssd-ldap.5.xml:1245
-#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:248
+#: sssd.conf.5.xml:2239 sssd-ldap.5.xml:1221 sssd-ldap.5.xml:1263
+#: sssd-ldap.5.xml:1281 sssd-krb5.5.xml:248
msgid "Default: 6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2087
+#: sssd.conf.5.xml:2245
msgid "dns_discovery_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2090
+#: sssd.conf.5.xml:2248
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2094
+#: sssd.conf.5.xml:2252
msgid "Default: Use the domain part of machine's hostname"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2100
+#: sssd.conf.5.xml:2258
msgid "override_gid (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2103
+#: sssd.conf.5.xml:2261
msgid "Override the primary GID value with the one specified."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2109
+#: sssd.conf.5.xml:2267
msgid "case_sensitive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2117
+#: sssd.conf.5.xml:2275
msgid "True"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2120
+#: sssd.conf.5.xml:2278
msgid "Case sensitive. This value is invalid for AD provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2126
+#: sssd.conf.5.xml:2284
msgid "False"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2128
+#: sssd.conf.5.xml:2286
msgid "Case insensitive."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2132
+#: sssd.conf.5.xml:2290
msgid "Preserving"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2135
+#: sssd.conf.5.xml:2293
msgid ""
"Same as False (case insensitive), but does not lowercase names in the result "
"of NSS operations. Note that name aliases (and in case of services also "
@@ -2494,7 +2674,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2112
+#: sssd.conf.5.xml:2270
msgid ""
"Treat user and group names as case sensitive. At the moment, this option is "
"not supported in the local provider. Possible option values are: "
@@ -2502,41 +2682,85 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2147
+#: sssd.conf.5.xml:2305
msgid "Default: True (False for AD provider)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2153
-msgid "proxy_fast_alias (boolean)"
+#: sssd.conf.5.xml:2311
+msgid "subdomain_inherit (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2156
+#: sssd.conf.5.xml:2314
msgid ""
-"When a user or group is looked up by name in the proxy provider, a second "
-"lookup by ID is performed to \"canonicalize\" the name in case the requested "
-"name was an alias. Setting this option to true would cause the SSSD to "
-"perform the ID lookup from cache for performance reasons."
+"Specifies a list of configuration parameters that should be inherited by a "
+"subdomain. Please note that only selected parameters can be inherited. "
+"Currently the following options can be inherited:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2320
+msgid "ignore_group_members"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2323
+msgid "ldap_purge_cache_timeout"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2170
+#: sssd.conf.5.xml:2326 sssd-ldap.5.xml:1054
+msgid "ldap_use_tokengroups"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2329
+msgid "ldap_user_principal"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2332
+msgid ""
+"ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab "
+"is not set explicitly)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd.conf.5.xml:2338
+#, no-wrap
+msgid ""
+"subdomain_inherit = ldap_purge_cache_timeout\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2336
+msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2345
+msgid "Note: This option only works with the IPA and AD provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2352
msgid "subdomain_homedir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2181
+#: sssd.conf.5.xml:2363
msgid "%F"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2182
+#: sssd.conf.5.xml:2364
msgid "flat (NetBIOS) name of a subdomain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2173
+#: sssd.conf.5.xml:2355
msgid ""
"Use this homedir as default value for all subdomains within this domain in "
"IPA AD trust. See <emphasis>override_homedir</emphasis> for info about "
@@ -2546,34 +2770,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2187
+#: sssd.conf.5.xml:2369
msgid ""
"The value can be overridden by <emphasis>override_homedir</emphasis> option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2191
+#: sssd.conf.5.xml:2373
msgid "Default: <filename>/home/%d/%u</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2196
+#: sssd.conf.5.xml:2378
msgid "realmd_tags (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2199
+#: sssd.conf.5.xml:2381
msgid ""
"Various tags stored by the realmd configuration service for this domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2205
+#: sssd.conf.5.xml:2387
msgid "cached_auth_timeout (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2208
+#: sssd.conf.5.xml:2390
msgid ""
"Specifies time in seconds since last successful online authentication for "
"which user will be authenticated using cached credentials while SSSD is in "
@@ -2581,12 +2805,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2214
+#: sssd.conf.5.xml:2396
msgid "Special value 0 implies that this feature is disabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2218
+#: sssd.conf.5.xml:2400
msgid ""
"Please note that if <quote>cached_auth_timeout</quote> is longer than "
"<quote>pam_id_timeout</quote> then the back end could be called to handle "
@@ -2594,7 +2818,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1172
+#: sssd.conf.5.xml:1311
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -2602,49 +2826,63 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2236
+#: sssd.conf.5.xml:2418
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2239
+#: sssd.conf.5.xml:2421
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2242
+#: sssd.conf.5.xml:2424
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2250
+#: sssd.conf.5.xml:2432
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2253
+#: sssd.conf.5.xml:2435
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
"for example _nss_files_getpwent."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2445
+msgid "proxy_fast_alias (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2448
+msgid ""
+"When a user or group is looked up by name in the proxy provider, a second "
+"lookup by ID is performed to \"canonicalize\" the name in case the requested "
+"name was an alias. Setting this option to true would cause the SSSD to "
+"perform the ID lookup from cache for performance reasons."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2232
+#: sssd.conf.5.xml:2414
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2265
+#: sssd.conf.5.xml:2465
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2267
+#: sssd.conf.5.xml:2467
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -2652,73 +2890,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2274
+#: sssd.conf.5.xml:2474
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2277
+#: sssd.conf.5.xml:2477
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2281
+#: sssd.conf.5.xml:2481
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2286
+#: sssd.conf.5.xml:2486
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2289
+#: sssd.conf.5.xml:2489
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2294
+#: sssd.conf.5.xml:2494
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2299
+#: sssd.conf.5.xml:2499
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2302
+#: sssd.conf.5.xml:2502
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2306 sssd.conf.5.xml:2318
+#: sssd.conf.5.xml:2506 sssd.conf.5.xml:2518
msgid "Default: TRUE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2311
+#: sssd.conf.5.xml:2511
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2314
+#: sssd.conf.5.xml:2514
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2323
+#: sssd.conf.5.xml:2523
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2326
+#: sssd.conf.5.xml:2526
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -2726,17 +2964,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2334
+#: sssd.conf.5.xml:2534
msgid "Default: 077"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2339
+#: sssd.conf.5.xml:2539
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2342
+#: sssd.conf.5.xml:2542
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -2745,17 +2983,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2352
+#: sssd.conf.5.xml:2552
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2357
+#: sssd.conf.5.xml:2557
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2360
+#: sssd.conf.5.xml:2560
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -2763,17 +3001,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2367
+#: sssd.conf.5.xml:2567
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2372
+#: sssd.conf.5.xml:2572
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2375
+#: sssd.conf.5.xml:2575
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -2781,19 +3019,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2381
+#: sssd.conf.5.xml:2581
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:2391 sssd-ldap.5.xml:2611 sssd-simple.5.xml:131
-#: sssd-ipa.5.xml:717 sssd-ad.5.xml:889 sssd-krb5.5.xml:564
+#: sssd.conf.5.xml:2591 sssd-ldap.5.xml:2629 sssd-simple.5.xml:131
+#: sssd-ipa.5.xml:717 sssd-ad.5.xml:965 sssd-krb5.5.xml:564
#: sss_rpcidmapd.5.xml:98
msgid "EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:2397
+#: sssd.conf.5.xml:2597
#, no-wrap
msgid ""
"[sssd]\n"
@@ -2823,7 +3061,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2393
+#: sssd.conf.5.xml:2593
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -2869,7 +3107,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:88
+#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:89
#: sssd-krb5.5.xml:63 sssd-ifp.5.xml:44
msgid "CONFIGURATION OPTIONS"
msgstr ""
@@ -2969,8 +3207,8 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:646 sssd-ad.5.xml:212
-#: sss_override.8.xml:99 sss_override.8.xml:167
+#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:646 sssd-ad.5.xml:220
+#: sss_override.8.xml:137 sss_override.8.xml:234
msgid "Examples:"
msgstr ""
@@ -3259,14 +3497,14 @@ msgid "ldap_user_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:373 sssd-ldap.5.xml:914 sssd-ldap.5.xml:1119
+#: sssd-ldap.5.xml:373 sssd-ldap.5.xml:914 sssd-ldap.5.xml:1137
msgid ""
"The LDAP attribute that contains timestamp of the last modification of the "
"parent object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:377 sssd-ldap.5.xml:918 sssd-ldap.5.xml:1126
+#: sssd-ldap.5.xml:377 sssd-ldap.5.xml:918 sssd-ldap.5.xml:1144
msgid "Default: modifyTimestamp"
msgstr ""
@@ -3661,8 +3899,8 @@ msgid "The LDAP attribute that corresponds to the user's full name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:743 sssd-ldap.5.xml:850 sssd-ldap.5.xml:1077
-#: sssd-ldap.5.xml:1151 sssd-ldap.5.xml:2192 sssd-ipa.5.xml:590
+#: sssd-ldap.5.xml:743 sssd-ldap.5.xml:850 sssd-ldap.5.xml:1095
+#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:2210 sssd-ipa.5.xml:590
msgid "Default: cn"
msgstr ""
@@ -3866,19 +4104,36 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:945
-msgid "ldap_group_nesting_level (integer)"
+msgid "ldap_group_external_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:948
msgid ""
+"The LDAP attribute that references group members that are defined in an "
+"external domain. At the moment, only IPA's external members are supported."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:954
+msgid "Default: ipaExternalMember in the IPA provider, otherwise unset."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:961
+msgid "ldap_group_nesting_level (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:964
+msgid ""
"If ldap_schema is set to a schema format that supports nested groups (e.g. "
"RFC2307bis), then this option controls how many levels of nesting SSSD will "
"follow. This option has no effect on the RFC2307 schema."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:955
+#: sssd-ldap.5.xml:971
msgid ""
"Note: This option specifies the guaranteed level of nested groups to be "
"processed for any lookup. However, nested groups beyond this limit "
@@ -3888,26 +4143,27 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:964
+#: sssd-ldap.5.xml:980
msgid ""
"If ldap_group_nesting_level is set to 0 then no nested groups are processed "
-"at all. However, when connected to Active-Directory Server 2008 and later it "
-"is furthermore required to disable usage of Token-Groups by setting "
-"ldap_use_tokengroups to false."
+"at all. However, when connected to Active-Directory Server 2008 and later "
+"using <quote>id_provider=ad</quote> it is furthermore required to disable "
+"usage of Token-Groups by setting ldap_use_tokengroups to false in order to "
+"restrict group nesting."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:971
+#: sssd-ldap.5.xml:989
msgid "Default: 2"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:977
+#: sssd-ldap.5.xml:995
msgid "ldap_groups_use_matching_rule_in_chain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:980
+#: sssd-ldap.5.xml:998
msgid ""
"This option tells SSSD to take advantage of an Active Directory-specific "
"feature which may speed up group lookup operations on deployments with "
@@ -3915,14 +4171,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:986
+#: sssd-ldap.5.xml:1004
msgid ""
"In most common cases, it is best to leave this option disabled. It generally "
"only provides a performance increase on very complex nestings."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:991 sssd-ldap.5.xml:1018
+#: sssd-ldap.5.xml:1009 sssd-ldap.5.xml:1036
msgid ""
"If this option is enabled, SSSD will use it if it detects that the server "
"supports it during initial connection. So \"True\" here essentially means "
@@ -3930,7 +4186,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:997 sssd-ldap.5.xml:1024
+#: sssd-ldap.5.xml:1015 sssd-ldap.5.xml:1042
msgid ""
"Note: This feature is currently known to work only with Active Directory "
"2008 R1 and later. See <ulink url=\"http://msdn.microsoft.com/en-us/library/"
@@ -3938,19 +4194,13 @@ msgid ""
"for more details."
msgstr ""
-#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1003 sssd-ldap.5.xml:1030 sssd-ldap.5.xml:1321
-#: sssd-ldap.5.xml:1342 sssd-ldap.5.xml:1848 include/ldap_id_mapping.xml:242
-msgid "Default: False"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1009
+#: sssd-ldap.5.xml:1027
msgid "ldap_initgroups_use_matching_rule_in_chain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1012
+#: sssd-ldap.5.xml:1030
msgid ""
"This option tells SSSD to take advantage of an Active Directory-specific "
"feature which might speed up initgroups operations (most notably when "
@@ -3958,168 +4208,168 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1039
+#: sssd-ldap.5.xml:1057
msgid ""
"This options enables or disables use of Token-Groups attribute when "
"performing initgroup for users from Active Directory Server 2008 and later."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1044
+#: sssd-ldap.5.xml:1062
msgid "Default: True for AD and IPA otherwise False."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1050
+#: sssd-ldap.5.xml:1068
msgid "ldap_netgroup_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1053
+#: sssd-ldap.5.xml:1071
msgid "The object class of a netgroup entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1056
+#: sssd-ldap.5.xml:1074
msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1060
+#: sssd-ldap.5.xml:1078
msgid "Default: nisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1066
+#: sssd-ldap.5.xml:1084
msgid "ldap_netgroup_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1069
+#: sssd-ldap.5.xml:1087
msgid "The LDAP attribute that corresponds to the netgroup name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1073
+#: sssd-ldap.5.xml:1091
msgid "In IPA provider, ipa_netgroup_name should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1083
+#: sssd-ldap.5.xml:1101
msgid "ldap_netgroup_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1086
+#: sssd-ldap.5.xml:1104
msgid "The LDAP attribute that contains the names of the netgroup's members."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1090
+#: sssd-ldap.5.xml:1108
msgid "In IPA provider, ipa_netgroup_member should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1094
+#: sssd-ldap.5.xml:1112
msgid "Default: memberNisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1100
+#: sssd-ldap.5.xml:1118
msgid "ldap_netgroup_triple (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1103
+#: sssd-ldap.5.xml:1121
msgid ""
"The LDAP attribute that contains the (host, user, domain) netgroup triples."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1107 sssd-ldap.5.xml:1123
+#: sssd-ldap.5.xml:1125 sssd-ldap.5.xml:1141
msgid "This option is not available in IPA provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1110
+#: sssd-ldap.5.xml:1128
msgid "Default: nisNetgroupTriple"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1116
+#: sssd-ldap.5.xml:1134
msgid "ldap_netgroup_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1132
+#: sssd-ldap.5.xml:1150
msgid "ldap_service_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1135
+#: sssd-ldap.5.xml:1153
msgid "The object class of a service entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1138
+#: sssd-ldap.5.xml:1156
msgid "Default: ipService"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1144
+#: sssd-ldap.5.xml:1162
msgid "ldap_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1147
+#: sssd-ldap.5.xml:1165
msgid ""
"The LDAP attribute that contains the name of service attributes and their "
"aliases."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1157
+#: sssd-ldap.5.xml:1175
msgid "ldap_service_port (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1160
+#: sssd-ldap.5.xml:1178
msgid "The LDAP attribute that contains the port managed by this service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1164
+#: sssd-ldap.5.xml:1182
msgid "Default: ipServicePort"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1170
+#: sssd-ldap.5.xml:1188
msgid "ldap_service_proto (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1173
+#: sssd-ldap.5.xml:1191
msgid ""
"The LDAP attribute that contains the protocols understood by this service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1177
+#: sssd-ldap.5.xml:1195
msgid "Default: ipServiceProtocol"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1183
+#: sssd-ldap.5.xml:1201
msgid "ldap_service_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1188
+#: sssd-ldap.5.xml:1206
msgid "ldap_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1191
+#: sssd-ldap.5.xml:1209
msgid ""
"Specifies the timeout (in seconds) that ldap searches are allowed to run "
"before they are cancelled and cached results are returned (and offline mode "
@@ -4127,7 +4377,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1197
+#: sssd-ldap.5.xml:1215
msgid ""
"Note: this option is subject to change in future versions of the SSSD. It "
"will likely be replaced at some point by a series of timeouts for specific "
@@ -4135,12 +4385,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1209
+#: sssd-ldap.5.xml:1227
msgid "ldap_enumeration_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1212
+#: sssd-ldap.5.xml:1230
msgid ""
"Specifies the timeout (in seconds) that ldap searches for user and group "
"enumerations are allowed to run before they are cancelled and cached results "
@@ -4148,12 +4398,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1225
+#: sssd-ldap.5.xml:1243
msgid "ldap_network_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1228
+#: sssd-ldap.5.xml:1246
msgid ""
"Specifies the timeout (in seconds) after which the <citerefentry> "
"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
@@ -4164,12 +4414,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1251
+#: sssd-ldap.5.xml:1269
msgid "ldap_opt_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1254
+#: sssd-ldap.5.xml:1272
msgid ""
"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
"will abort if no response is received. Also controls the timeout when "
@@ -4178,12 +4428,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1269
+#: sssd-ldap.5.xml:1287
msgid "ldap_connection_expire_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1272
+#: sssd-ldap.5.xml:1290
msgid ""
"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
"maintained. After this time, the connection will be re-established. If used "
@@ -4192,34 +4442,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1280 sssd-ldap.5.xml:2349
+#: sssd-ldap.5.xml:1298 sssd-ldap.5.xml:2367
msgid "Default: 900 (15 minutes)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1286
+#: sssd-ldap.5.xml:1304
msgid "ldap_page_size (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1289
+#: sssd-ldap.5.xml:1307
msgid ""
"Specify the number of records to retrieve from LDAP in a single request. "
"Some LDAP servers enforce a maximum limit per-request."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1294
+#: sssd-ldap.5.xml:1312
msgid "Default: 1000"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1300
+#: sssd-ldap.5.xml:1318
msgid "ldap_disable_paging (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1303
+#: sssd-ldap.5.xml:1321
msgid ""
"Disable the LDAP paging control. This option should be used if the LDAP "
"server reports that it supports the LDAP paging control in its RootDSE but "
@@ -4227,14 +4477,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1309
+#: sssd-ldap.5.xml:1327
msgid ""
"Example: OpenLDAP servers with the paging control module installed on the "
"server but not enabled will report it in the RootDSE but be unable to use it."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1315
+#: sssd-ldap.5.xml:1333
msgid ""
"Example: 389 DS has a bug where it can only support a one paging control at "
"a time on a single connection. On busy clients, this can result in some "
@@ -4242,17 +4492,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1327
+#: sssd-ldap.5.xml:1345
msgid "ldap_disable_range_retrieval (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1330
+#: sssd-ldap.5.xml:1348
msgid "Disable Active Directory range retrieval."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1333
+#: sssd-ldap.5.xml:1351
msgid ""
"Active Directory limits the number of members to be retrieved in a single "
"lookup using the MaxValRange policy (which defaults to 1500 members). If a "
@@ -4262,12 +4512,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1348
+#: sssd-ldap.5.xml:1366
msgid "ldap_sasl_minssf (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1351
+#: sssd-ldap.5.xml:1369
msgid ""
"When communicating with an LDAP server using SASL, specify the minimum "
"security level necessary to establish the connection. The values of this "
@@ -4275,17 +4525,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1357
+#: sssd-ldap.5.xml:1375
msgid "Default: Use the system default (usually specified by ldap.conf)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1364
+#: sssd-ldap.5.xml:1382
msgid "ldap_deref_threshold (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1367
+#: sssd-ldap.5.xml:1385
msgid ""
"Specify the number of group members that must be missing from the internal "
"cache in order to trigger a dereference lookup. If less members are missing, "
@@ -4293,13 +4543,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1373
+#: sssd-ldap.5.xml:1391
msgid ""
"You can turn off dereference lookups completely by setting the value to 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1377
+#: sssd-ldap.5.xml:1395
msgid ""
"A dereference lookup is a means of fetching all group members in a single "
"LDAP call. Different LDAP servers may implement different dereference "
@@ -4308,7 +4558,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1385
+#: sssd-ldap.5.xml:1403
msgid ""
"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
"filter, then the dereference lookup performance enhancement will be disabled "
@@ -4316,26 +4566,26 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1398
+#: sssd-ldap.5.xml:1416
msgid "ldap_tls_reqcert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1401
+#: sssd-ldap.5.xml:1419
msgid ""
"Specifies what checks to perform on server certificates in a TLS session, if "
"any. It can be specified as one of the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1407
+#: sssd-ldap.5.xml:1425
msgid ""
"<emphasis>never</emphasis> = The client will not request or check any server "
"certificate."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1411
+#: sssd-ldap.5.xml:1429
msgid ""
"<emphasis>allow</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -4343,7 +4593,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1418
+#: sssd-ldap.5.xml:1436
msgid ""
"<emphasis>try</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -4351,7 +4601,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1424
+#: sssd-ldap.5.xml:1442
msgid ""
"<emphasis>demand</emphasis> = The server certificate is requested. If no "
"certificate is provided, or a bad certificate is provided, the session is "
@@ -4359,41 +4609,41 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1430
+#: sssd-ldap.5.xml:1448
msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1434
+#: sssd-ldap.5.xml:1452
msgid "Default: hard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1440
+#: sssd-ldap.5.xml:1458
msgid "ldap_tls_cacert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1443
+#: sssd-ldap.5.xml:1461
msgid ""
"Specifies the file that contains certificates for all of the Certificate "
"Authorities that <command>sssd</command> will recognize."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1448 sssd-ldap.5.xml:1466 sssd-ldap.5.xml:1507
+#: sssd-ldap.5.xml:1466 sssd-ldap.5.xml:1484 sssd-ldap.5.xml:1525
msgid ""
"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
"conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1455
+#: sssd-ldap.5.xml:1473
msgid "ldap_tls_cacertdir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1458
+#: sssd-ldap.5.xml:1476
msgid ""
"Specifies the path of a directory that contains Certificate Authority "
"certificates in separate individual files. Typically the file names need to "
@@ -4402,32 +4652,32 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1473
+#: sssd-ldap.5.xml:1491
msgid "ldap_tls_cert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1476
+#: sssd-ldap.5.xml:1494
msgid "Specifies the file that contains the certificate for the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1486
+#: sssd-ldap.5.xml:1504
msgid "ldap_tls_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1489
+#: sssd-ldap.5.xml:1507
msgid "Specifies the file that contains the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1498
+#: sssd-ldap.5.xml:1516
msgid "ldap_tls_cipher_suite (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1501
+#: sssd-ldap.5.xml:1519
msgid ""
"Specifies acceptable cipher suites. Typically this is a colon separated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -4435,24 +4685,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1514
+#: sssd-ldap.5.xml:1532
msgid "ldap_id_use_start_tls (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1517
+#: sssd-ldap.5.xml:1535
msgid ""
"Specifies that the id_provider connection must also use <systemitem class="
"\"protocol\">tls</systemitem> to protect the channel."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1527
+#: sssd-ldap.5.xml:1545
msgid "ldap_id_mapping (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1530
+#: sssd-ldap.5.xml:1548
msgid ""
"Specifies that SSSD should attempt to map user and group IDs from the "
"ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
@@ -4460,17 +4710,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1536
+#: sssd-ldap.5.xml:1554
msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1546
+#: sssd-ldap.5.xml:1564
msgid "ldap_min_id, ldap_max_id (interger)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1549
+#: sssd-ldap.5.xml:1567
msgid ""
"In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
"set to true the allowed ID range for ldap_user_uid_number and "
@@ -4481,29 +4731,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1561
+#: sssd-ldap.5.xml:1579
msgid "Default: not set (both options are set to 0)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1567
+#: sssd-ldap.5.xml:1585
msgid "ldap_sasl_mech (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1570
+#: sssd-ldap.5.xml:1588
msgid ""
"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
"supported."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1580
+#: sssd-ldap.5.xml:1598
msgid "ldap_sasl_authid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1583
+#: sssd-ldap.5.xml:1601
msgid ""
"Specify the SASL authorization id to use. When GSSAPI is used, this "
"represents the Kerberos principal used for authentication to the directory. "
@@ -4512,17 +4762,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1591
+#: sssd-ldap.5.xml:1609
msgid "Default: host/hostname@REALM"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1597
+#: sssd-ldap.5.xml:1615
msgid "ldap_sasl_realm (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1600
+#: sssd-ldap.5.xml:1618
msgid ""
"Specify the SASL realm to use. When not specified, this option defaults to "
"the value of krb5_realm. If the ldap_sasl_authid contains the realm as "
@@ -4530,49 +4780,49 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1606
+#: sssd-ldap.5.xml:1624
msgid "Default: the value of krb5_realm."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1612
+#: sssd-ldap.5.xml:1630
msgid "ldap_sasl_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1615
+#: sssd-ldap.5.xml:1633
msgid ""
"If set to true, the LDAP library would perform a reverse lookup to "
"canonicalize the host name during a SASL bind."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1620
+#: sssd-ldap.5.xml:1638
msgid "Default: false;"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1626
+#: sssd-ldap.5.xml:1644
msgid "ldap_krb5_keytab (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1629
+#: sssd-ldap.5.xml:1647
msgid "Specify the keytab to use when using SASL/GSSAPI."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1632
+#: sssd-ldap.5.xml:1650
msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1638
+#: sssd-ldap.5.xml:1656
msgid "ldap_krb5_init_creds (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1641
+#: sssd-ldap.5.xml:1659
msgid ""
"Specifies that the id_provider should init Kerberos credentials (TGT). This "
"action is performed only if SASL is used and the mechanism selected is "
@@ -4580,27 +4830,27 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1653
+#: sssd-ldap.5.xml:1671
msgid "ldap_krb5_ticket_lifetime (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1656
+#: sssd-ldap.5.xml:1674
msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1660 sssd-ad.5.xml:783
+#: sssd-ldap.5.xml:1678 sssd-ad.5.xml:859
msgid "Default: 86400 (24 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1666 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1684 sssd-krb5.5.xml:74
msgid "krb5_server, krb5_backup_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1669
+#: sssd-ldap.5.xml:1687
msgid ""
"Specifies the comma-separated list of IP addresses or hostnames of the "
"Kerberos servers to which SSSD should connect in the order of preference. "
@@ -4612,7 +4862,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1681 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1699 sssd-krb5.5.xml:89
msgid ""
"When using service discovery for KDC or kpasswd servers, SSSD first searches "
"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -4620,7 +4870,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1686 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1704 sssd-krb5.5.xml:94
msgid ""
"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
"While the legacy name is recognized for the time being, users are advised to "
@@ -4628,39 +4878,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1695 sssd-ipa.5.xml:415 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1713 sssd-ipa.5.xml:415 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1698
+#: sssd-ldap.5.xml:1716
msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1701
+#: sssd-ldap.5.xml:1719
msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1707 sssd-ipa.5.xml:430 sssd-krb5.5.xml:462
+#: sssd-ldap.5.xml:1725 sssd-ipa.5.xml:430 sssd-krb5.5.xml:462
msgid "krb5_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1710
+#: sssd-ldap.5.xml:1728
msgid ""
"Specifies if the host principal should be canonicalized when connecting to "
"LDAP server. This feature is available with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1722 sssd-krb5.5.xml:477
+#: sssd-ldap.5.xml:1740 sssd-krb5.5.xml:477
msgid "krb5_use_kdcinfo (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1725 sssd-krb5.5.xml:480
+#: sssd-ldap.5.xml:1743 sssd-krb5.5.xml:480
msgid ""
"Specifies if the SSSD should instruct the Kerberos libraries what realm and "
"which KDCs to use. This option is on by default, if you disable it, you need "
@@ -4670,7 +4920,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1736 sssd-krb5.5.xml:491
+#: sssd-ldap.5.xml:1754 sssd-krb5.5.xml:491
msgid ""
"See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
@@ -4678,26 +4928,26 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1750
+#: sssd-ldap.5.xml:1768
msgid "ldap_pwd_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1753
+#: sssd-ldap.5.xml:1771
msgid ""
"Select the policy to evaluate the password expiration on the client side. "
"The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1758
+#: sssd-ldap.5.xml:1776
msgid ""
"<emphasis>none</emphasis> - No evaluation on the client side. This option "
"cannot disable server-side password policies."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1763
+#: sssd-ldap.5.xml:1781
msgid ""
"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -4705,7 +4955,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1769
+#: sssd-ldap.5.xml:1787
msgid ""
"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
"to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -4713,31 +4963,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1778
+#: sssd-ldap.5.xml:1796
msgid ""
"<emphasis>Note</emphasis>: if a password policy is configured on server "
"side, it always takes precedence over policy set with this option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1786
+#: sssd-ldap.5.xml:1804
msgid "ldap_referrals (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1789
+#: sssd-ldap.5.xml:1807
msgid "Specifies whether automatic referral chasing should be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1793
+#: sssd-ldap.5.xml:1811
msgid ""
"Please note that sssd only supports referral chasing when it is compiled "
"with OpenLDAP version 2.4.13 or higher."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1798
+#: sssd-ldap.5.xml:1816
msgid ""
"Chasing referrals may incur a performance penalty in environments that use "
"them heavily, a notable example is Microsoft Active Directory. If your setup "
@@ -4746,56 +4996,56 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1812
+#: sssd-ldap.5.xml:1830
msgid "ldap_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1815
+#: sssd-ldap.5.xml:1833
msgid "Specifies the service name to use when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1819
+#: sssd-ldap.5.xml:1837
msgid "Default: ldap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1825
+#: sssd-ldap.5.xml:1843
msgid "ldap_chpass_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1828
+#: sssd-ldap.5.xml:1846
msgid ""
"Specifies the service name to use to find an LDAP server which allows "
"password changes when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1833
+#: sssd-ldap.5.xml:1851
msgid "Default: not set, i.e. service discovery is disabled"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1839
+#: sssd-ldap.5.xml:1857
msgid "ldap_chpass_update_last_change (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1842
+#: sssd-ldap.5.xml:1860
msgid ""
"Specifies whether to update the ldap_user_shadow_last_change attribute with "
"days since the Epoch after a password change operation."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1854
+#: sssd-ldap.5.xml:1872
msgid "ldap_access_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1857
+#: sssd-ldap.5.xml:1875
msgid ""
"If using access_provider = ldap and ldap_access_order = filter (default), "
"this option is mandatory. It specifies an LDAP search filter criteria that "
@@ -4811,12 +5061,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1877
+#: sssd-ldap.5.xml:1895
msgid "Example:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1880
+#: sssd-ldap.5.xml:1898
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -4825,14 +5075,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1884
+#: sssd-ldap.5.xml:1902
msgid ""
"This example means that access to this host is restricted to users whose "
"employeeType attribute is set to \"admin\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1889
+#: sssd-ldap.5.xml:1907
msgid ""
"Offline caching for this feature is limited to determining whether the "
"user's last online login was granted access permission. If they were granted "
@@ -4841,24 +5091,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1897 sssd-ldap.5.xml:1954
+#: sssd-ldap.5.xml:1915 sssd-ldap.5.xml:1972
msgid "Default: Empty"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1903
+#: sssd-ldap.5.xml:1921
msgid "ldap_account_expire_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1906
+#: sssd-ldap.5.xml:1924
msgid ""
"With this option a client side evaluation of access control attributes can "
"be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1910
+#: sssd-ldap.5.xml:1928
msgid ""
"Please note that it is always recommended to use server side access control, "
"i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -4866,19 +5116,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1917
+#: sssd-ldap.5.xml:1935
msgid "The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1920
+#: sssd-ldap.5.xml:1938
msgid ""
"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
"determine if the account is expired."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1925
+#: sssd-ldap.5.xml:1943
msgid ""
"<emphasis>ad</emphasis>: use the value of the 32bit field "
"ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -4887,7 +5137,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1932
+#: sssd-ldap.5.xml:1950
msgid ""
"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
"emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -4895,7 +5145,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1938
+#: sssd-ldap.5.xml:1956
msgid ""
"<emphasis>nds</emphasis>: the values of "
"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -4904,7 +5154,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1947
+#: sssd-ldap.5.xml:1965
msgid ""
"Please note that the ldap_access_order configuration option <emphasis>must</"
"emphasis> include <quote>expire</quote> in order for the "
@@ -4912,22 +5162,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1960
+#: sssd-ldap.5.xml:1978
msgid "ldap_access_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1963
+#: sssd-ldap.5.xml:1981
msgid "Comma separated list of access control options. Allowed values are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1967
+#: sssd-ldap.5.xml:1985
msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1970
+#: sssd-ldap.5.xml:1988
msgid ""
"<emphasis>lockout</emphasis>: use account locking. If set, this option "
"denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -4937,14 +5187,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1980
+#: sssd-ldap.5.xml:1998
msgid ""
"<emphasis> Please note that this option is superseded by the <quote>ppolicy</"
"quote> option and might be removed in a future release. </emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1987
+#: sssd-ldap.5.xml:2005
msgid ""
"<emphasis>ppolicy</emphasis>: use account locking. If set, this option "
"denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -4957,12 +5207,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2004
+#: sssd-ldap.5.xml:2022
msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2008
+#: sssd-ldap.5.xml:2026
msgid ""
"<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, "
"pwd_expire_policy_renew: </emphasis> These options are useful if users are "
@@ -4972,7 +5222,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2018
+#: sssd-ldap.5.xml:2036
msgid ""
"The difference between these options is the action taken if user password is "
"expired: pwd_expire_policy_reject - user is denied to log in, "
@@ -4982,49 +5232,49 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2026
+#: sssd-ldap.5.xml:2044
msgid ""
"Note If user password is expired no explicit message is prompted by SSSD."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2030
+#: sssd-ldap.5.xml:2048
msgid ""
"Please note that 'access_provider = ldap' must be set for this feature to "
"work. Also 'ldap_pwd_policy' must be set to an appropriate password policy."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2035
+#: sssd-ldap.5.xml:2053
msgid ""
"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
"to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2040
+#: sssd-ldap.5.xml:2058
msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2044
+#: sssd-ldap.5.xml:2062
msgid "Default: filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2047
+#: sssd-ldap.5.xml:2065
msgid ""
"Please note that it is a configuration error if a value is used more than "
"once."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2054
+#: sssd-ldap.5.xml:2072
msgid "ldap_pwdlockout_dn (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2057
+#: sssd-ldap.5.xml:2075
msgid ""
"This option specifies the DN of password policy entry on LDAP server. Please "
"note that absence of this option in sssd.conf in case of enabled account "
@@ -5033,74 +5283,74 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2065
+#: sssd-ldap.5.xml:2083
msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2068
+#: sssd-ldap.5.xml:2086
msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2074
+#: sssd-ldap.5.xml:2092
msgid "ldap_deref (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2077
+#: sssd-ldap.5.xml:2095
msgid ""
"Specifies how alias dereferencing is done when performing a search. The "
"following options are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2082
+#: sssd-ldap.5.xml:2100
msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2086
+#: sssd-ldap.5.xml:2104
msgid ""
"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
"the base object, but not in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2091
+#: sssd-ldap.5.xml:2109
msgid ""
"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
"the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2096
+#: sssd-ldap.5.xml:2114
msgid ""
"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
"in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2101
+#: sssd-ldap.5.xml:2119
msgid ""
"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
"client libraries)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2109
+#: sssd-ldap.5.xml:2127
msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2112
+#: sssd-ldap.5.xml:2130
msgid ""
"Allows to retain local users as members of an LDAP group for servers that "
"use the RFC2307 schema."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2116
+#: sssd-ldap.5.xml:2134
msgid ""
"In some environments where the RFC2307 schema is used, local users are made "
"members of LDAP groups by adding their names to the memberUid attribute. "
@@ -5111,7 +5361,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2127
+#: sssd-ldap.5.xml:2145
msgid ""
"This option falls back to checking if local users are referenced, and caches "
"them so that later initgroups() calls will augment the local users with the "
@@ -5119,24 +5369,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2139 sssd-ifp.5.xml:136
+#: sssd-ldap.5.xml:2157 sssd-ifp.5.xml:136
msgid "wildcart_limit (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2142
+#: sssd-ldap.5.xml:2160
msgid ""
"Specifies an upper limit on the number of entries that are downloaded during "
"a wildcard lookup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2146
+#: sssd-ldap.5.xml:2164
msgid "At the moment, only the InfoPipe responder supports wildcard lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2150
+#: sssd-ldap.5.xml:2168
msgid "Default: 1000 (often the size of one page)"
msgstr ""
@@ -5151,12 +5401,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2160
+#: sssd-ldap.5.xml:2178
msgid "SUDO OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2162
+#: sssd-ldap.5.xml:2180
msgid ""
"The detailed instructions for configuration of sudo_provider are in the "
"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -5164,208 +5414,208 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2173
+#: sssd-ldap.5.xml:2191
msgid "ldap_sudorule_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2176
+#: sssd-ldap.5.xml:2194
msgid "The object class of a sudo rule entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2179
+#: sssd-ldap.5.xml:2197
msgid "Default: sudoRole"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2185
+#: sssd-ldap.5.xml:2203
msgid "ldap_sudorule_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2188
+#: sssd-ldap.5.xml:2206
msgid "The LDAP attribute that corresponds to the sudo rule name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2198
+#: sssd-ldap.5.xml:2216
msgid "ldap_sudorule_command (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2201
+#: sssd-ldap.5.xml:2219
msgid "The LDAP attribute that corresponds to the command name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2205
+#: sssd-ldap.5.xml:2223
msgid "Default: sudoCommand"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2211
+#: sssd-ldap.5.xml:2229
msgid "ldap_sudorule_host (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2214
+#: sssd-ldap.5.xml:2232
msgid ""
"The LDAP attribute that corresponds to the host name (or host IP address, "
"host IP network, or host netgroup)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2219
+#: sssd-ldap.5.xml:2237
msgid "Default: sudoHost"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2225
+#: sssd-ldap.5.xml:2243
msgid "ldap_sudorule_user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2228
+#: sssd-ldap.5.xml:2246
msgid ""
"The LDAP attribute that corresponds to the user name (or UID, group name or "
"user's netgroup)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2232
+#: sssd-ldap.5.xml:2250
msgid "Default: sudoUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2238
+#: sssd-ldap.5.xml:2256
msgid "ldap_sudorule_option (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2241
+#: sssd-ldap.5.xml:2259
msgid "The LDAP attribute that corresponds to the sudo options."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2245
+#: sssd-ldap.5.xml:2263
msgid "Default: sudoOption"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2251
+#: sssd-ldap.5.xml:2269
msgid "ldap_sudorule_runasuser (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2254
+#: sssd-ldap.5.xml:2272
msgid ""
"The LDAP attribute that corresponds to the user name that commands may be "
"run as."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2258
+#: sssd-ldap.5.xml:2276
msgid "Default: sudoRunAsUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2264
+#: sssd-ldap.5.xml:2282
msgid "ldap_sudorule_runasgroup (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2267
+#: sssd-ldap.5.xml:2285
msgid ""
"The LDAP attribute that corresponds to the group name or group GID that "
"commands may be run as."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2271
+#: sssd-ldap.5.xml:2289
msgid "Default: sudoRunAsGroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2277
+#: sssd-ldap.5.xml:2295
msgid "ldap_sudorule_notbefore (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2280
+#: sssd-ldap.5.xml:2298
msgid ""
"The LDAP attribute that corresponds to the start date/time for when the sudo "
"rule is valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2284
+#: sssd-ldap.5.xml:2302
msgid "Default: sudoNotBefore"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2290
+#: sssd-ldap.5.xml:2308
msgid "ldap_sudorule_notafter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2293
+#: sssd-ldap.5.xml:2311
msgid ""
"The LDAP attribute that corresponds to the expiration date/time, after which "
"the sudo rule will no longer be valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2298
+#: sssd-ldap.5.xml:2316
msgid "Default: sudoNotAfter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2304
+#: sssd-ldap.5.xml:2322
msgid "ldap_sudorule_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2307
+#: sssd-ldap.5.xml:2325
msgid "The LDAP attribute that corresponds to the ordering index of the rule."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2311
+#: sssd-ldap.5.xml:2329
msgid "Default: sudoOrder"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2317
+#: sssd-ldap.5.xml:2335
msgid "ldap_sudo_full_refresh_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2320
+#: sssd-ldap.5.xml:2338
msgid ""
"How many seconds SSSD will wait between executing a full refresh of sudo "
"rules (which downloads all rules that are stored on the server)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2325
+#: sssd-ldap.5.xml:2343
msgid ""
"The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
"emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2330
+#: sssd-ldap.5.xml:2348
msgid "Default: 21600 (6 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2336
+#: sssd-ldap.5.xml:2354
msgid "ldap_sudo_smart_refresh_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2339
+#: sssd-ldap.5.xml:2357
msgid ""
"How many seconds SSSD has to wait before executing a smart refresh of sudo "
"rules (which downloads all rules that have USN higher than the highest USN "
@@ -5373,101 +5623,101 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2345
+#: sssd-ldap.5.xml:2363
msgid ""
"If USN attributes are not supported by the server, the modifyTimestamp "
"attribute is used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2355
+#: sssd-ldap.5.xml:2373
msgid "ldap_sudo_use_host_filter (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2358
+#: sssd-ldap.5.xml:2376
msgid ""
"If true, SSSD will download only rules that are applicable to this machine "
"(using the IPv4 or IPv6 host/network addresses and hostnames)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2369
+#: sssd-ldap.5.xml:2387
msgid "ldap_sudo_hostnames (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2372
+#: sssd-ldap.5.xml:2390
msgid ""
"Space separated list of hostnames or fully qualified domain names that "
"should be used to filter the rules."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2377
+#: sssd-ldap.5.xml:2395
msgid ""
"If this option is empty, SSSD will try to discover the hostname and the "
"fully qualified domain name automatically."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2382 sssd-ldap.5.xml:2405 sssd-ldap.5.xml:2423
-#: sssd-ldap.5.xml:2441
+#: sssd-ldap.5.xml:2400 sssd-ldap.5.xml:2423 sssd-ldap.5.xml:2441
+#: sssd-ldap.5.xml:2459
msgid ""
"If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
"emphasis> then this option has no effect."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2387 sssd-ldap.5.xml:2410
+#: sssd-ldap.5.xml:2405 sssd-ldap.5.xml:2428
msgid "Default: not specified"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2393
+#: sssd-ldap.5.xml:2411
msgid "ldap_sudo_ip (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2396
+#: sssd-ldap.5.xml:2414
msgid ""
"Space separated list of IPv4 or IPv6 host/network addresses that should be "
"used to filter the rules."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2401
+#: sssd-ldap.5.xml:2419
msgid ""
"If this option is empty, SSSD will try to discover the addresses "
"automatically."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2416
+#: sssd-ldap.5.xml:2434
msgid "ldap_sudo_include_netgroups (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2419
+#: sssd-ldap.5.xml:2437
msgid ""
"If true then SSSD will download every rule that contains a netgroup in "
"sudoHost attribute."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2434
+#: sssd-ldap.5.xml:2452
msgid "ldap_sudo_include_regexp (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2437
+#: sssd-ldap.5.xml:2455
msgid ""
"If true then SSSD will download every rule that contains a wildcard in "
"sudoHost attribute."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2453
+#: sssd-ldap.5.xml:2471
msgid ""
"This manual page only describes attribute name mapping. For detailed "
"explanation of sudo related attribute semantics, see <citerefentry> "
@@ -5476,108 +5726,108 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2463
+#: sssd-ldap.5.xml:2481
msgid "AUTOFS OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2465
+#: sssd-ldap.5.xml:2483
msgid ""
"Some of the defaults for the parameters below are dependent on the LDAP "
"schema."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2471
+#: sssd-ldap.5.xml:2489
msgid "ldap_autofs_map_master_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2474
+#: sssd-ldap.5.xml:2492
msgid "The name of the automount master map in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2477
+#: sssd-ldap.5.xml:2495
msgid "Default: auto.master"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2484
+#: sssd-ldap.5.xml:2502
msgid "ldap_autofs_map_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2487
+#: sssd-ldap.5.xml:2505
msgid "The object class of an automount map entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2490
+#: sssd-ldap.5.xml:2508
msgid "Default: automountMap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2497
+#: sssd-ldap.5.xml:2515
msgid "ldap_autofs_map_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2500
+#: sssd-ldap.5.xml:2518
msgid "The name of an automount map entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2503
+#: sssd-ldap.5.xml:2521
msgid "Default: ou (rfc2307), automountMapName (rfc2307bis, ipa, ad)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2511
+#: sssd-ldap.5.xml:2529
msgid "ldap_autofs_entry_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2514
+#: sssd-ldap.5.xml:2532
msgid ""
"The object class of an automount entry in LDAP. The entry usually "
"corresponds to a mount point."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2519
+#: sssd-ldap.5.xml:2537
msgid "Default: automount"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2526
+#: sssd-ldap.5.xml:2544
msgid "ldap_autofs_entry_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2529 sssd-ldap.5.xml:2544
+#: sssd-ldap.5.xml:2547 sssd-ldap.5.xml:2562
msgid ""
"The key of an automount entry in LDAP. The entry usually corresponds to a "
"mount point."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2533
+#: sssd-ldap.5.xml:2551
msgid "Default: cn (rfc2307), automountKey (rfc2307bis, ipa, ad)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2541
+#: sssd-ldap.5.xml:2559
msgid "ldap_autofs_entry_value (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2548
+#: sssd-ldap.5.xml:2566
msgid "Default: automountInformation"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2469
+#: sssd-ldap.5.xml:2487
msgid ""
"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
@@ -5586,32 +5836,32 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2558
+#: sssd-ldap.5.xml:2576
msgid "ADVANCED OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2565
+#: sssd-ldap.5.xml:2583
msgid "ldap_netgroup_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2570
+#: sssd-ldap.5.xml:2588
msgid "ldap_user_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2575
+#: sssd-ldap.5.xml:2593
msgid "ldap_group_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><note>
-#: sssd-ldap.5.xml:2580
+#: sssd-ldap.5.xml:2598
msgid "<note>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para>
-#: sssd-ldap.5.xml:2582
+#: sssd-ldap.5.xml:2600
msgid ""
"If the option <quote>ldap_use_tokengroups</quote> is enabled. The searches "
"against Active Directory will not be restricted and return all groups "
@@ -5620,22 +5870,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist>
-#: sssd-ldap.5.xml:2589
+#: sssd-ldap.5.xml:2607
msgid "</note>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2591
+#: sssd-ldap.5.xml:2609
msgid "ldap_sudo_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2596
+#: sssd-ldap.5.xml:2614
msgid "ldap_autofs_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2560
+#: sssd-ldap.5.xml:2578
msgid ""
"These options are supported by LDAP domains, but they should be used with "
"caution. Please include them in your configuration only if you know what you "
@@ -5644,7 +5894,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2613
+#: sssd-ldap.5.xml:2631
msgid ""
"The following example assumes that SSSD is correctly configured and LDAP is "
"set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -5652,7 +5902,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2619
+#: sssd-ldap.5.xml:2637
#, no-wrap
msgid ""
"[domain/LDAP]\n"
@@ -5665,26 +5915,26 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: sssd-ldap.5.xml:2618 sssd-ldap.5.xml:2636 sssd-simple.5.xml:139
-#: sssd-ipa.5.xml:725 sssd-ad.5.xml:897 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98
+#: sssd-ldap.5.xml:2636 sssd-ldap.5.xml:2654 sssd-simple.5.xml:139
+#: sssd-ipa.5.xml:725 sssd-ad.5.xml:973 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98
#: sssd-krb5.5.xml:573 include/ldap_id_mapping.xml:105
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2630
+#: sssd-ldap.5.xml:2648
msgid "LDAP ACCESS FILTER EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2632
+#: sssd-ldap.5.xml:2650
msgid ""
"The following example assumes that SSSD is correctly configured and to use "
"the ldap_access_order=lockout."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2637
+#: sssd-ldap.5.xml:2655
#, no-wrap
msgid ""
"[domain/LDAP]\n"
@@ -5700,13 +5950,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2652 sssd_krb5_locator_plugin.8.xml:61
-#: sssd-simple.5.xml:148 sssd-ad.5.xml:912 sssd.8.xml:195 sss_seed.8.xml:163
+#: sssd-ldap.5.xml:2670 sssd_krb5_locator_plugin.8.xml:61
+#: sssd-simple.5.xml:148 sssd-ad.5.xml:988 sssd.8.xml:195 sss_seed.8.xml:163
msgid "NOTES"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2654
+#: sssd-ldap.5.xml:2672
msgid ""
"The descriptions of some of the configuration options in this manual page "
"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -5743,11 +5993,12 @@ msgid ""
"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </"
"arg> <arg choice='opt'> <replaceable>ignore_unknown_user</replaceable> </"
"arg> <arg choice='opt'> <replaceable>ignore_authinfo_unavail</replaceable> </"
-"arg> <arg choice='opt'> <replaceable>domains=X</replaceable> </arg>"
+"arg> <arg choice='opt'> <replaceable>domains=X</replaceable> </arg> <arg "
+"choice='opt'> <replaceable>allow_missing_name</replaceable> </arg>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:54
+#: pam_sss.8.xml:57
msgid ""
"<command>pam_sss.so</command> is the PAM interface to the System Security "
"Services daemon (SSSD). Errors and results are logged through "
@@ -5755,34 +6006,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:64
+#: pam_sss.8.xml:67
msgid "<option>quiet</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:67
+#: pam_sss.8.xml:70
msgid "Suppress log messages for unknown users."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:72
+#: pam_sss.8.xml:75
msgid "<option>forward_pass</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:75
+#: pam_sss.8.xml:78
msgid ""
"If <option>forward_pass</option> is set the entered password is put on the "
"stack for other PAM modules to use."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:82
+#: pam_sss.8.xml:85
msgid "<option>use_first_pass</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:85
+#: pam_sss.8.xml:88
msgid ""
"The argument use_first_pass forces the module to use a previous stacked "
"modules password and will never prompt the user - if no password is "
@@ -5790,31 +6041,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:93
+#: pam_sss.8.xml:96
msgid "<option>use_authtok</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:96
+#: pam_sss.8.xml:99
msgid ""
"When password changing enforce the module to set the new password to the one "
"provided by a previously stacked password module."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:103
+#: pam_sss.8.xml:106
msgid "<option>retry=N</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:106
+#: pam_sss.8.xml:109
msgid ""
"If specified the user is asked another N times for a password if "
"authentication fails. Default is 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:108
+#: pam_sss.8.xml:111
msgid ""
"Please note that this option might not work as expected if the application "
"calling PAM handles the user dialog on its own. A typical example is "
@@ -5822,36 +6073,36 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:117
+#: pam_sss.8.xml:120
msgid "<option>ignore_unknown_user</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:120
+#: pam_sss.8.xml:123
msgid ""
"If this option is specified and the user does not exist, the PAM module will "
"return PAM_IGNORE. This causes the PAM framework to ignore this module."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:127
+#: pam_sss.8.xml:130
msgid "<option>ignore_authinfo_unavail</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:131
+#: pam_sss.8.xml:134
msgid ""
"Specifies that the PAM module should return PAM_IGNORE if it cannot contact "
"the SSSD daemon. This causes the PAM framework to ignore this module."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: pam_sss.8.xml:138
+#: pam_sss.8.xml:141
msgid "<option>domains</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:142
+#: pam_sss.8.xml:145
msgid ""
"Allows the administrator to restrict the domains a particular PAM service is "
"allowed to authenticate against. The format is a comma-separated list of "
@@ -5859,7 +6110,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: pam_sss.8.xml:148
+#: pam_sss.8.xml:151
msgid ""
"NOTE: Must be used in conjunction with the <quote>pam_trusted_users</quote> "
"and <quote>pam_public_domains</quote> options. Please see the "
@@ -5868,25 +6119,56 @@ msgid ""
"responder options."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:165
+msgid "<option>allow_missing_name</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:169
+msgid ""
+"The main purpose of this option is to let SSSD determine the user name based "
+"on additional information, e.g. the certificate from a Smartcard."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
+#: pam_sss.8.xml:179
+#, no-wrap
+msgid ""
+" auth sufficient pam_sss.so allow_missing_name\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:174
+msgid ""
+"The current use case are login managers which can monitor a Smartcard reader "
+"for card events. In case a Smartcard is inserted the login manager will call "
+"a PAM stack which includes a line like <placeholder type=\"programlisting\" "
+"id=\"0\"/> In this case SSSD will try to determine the user name based on "
+"the content of the Smartcard, returns it to pam_sss which will finally put "
+"it on the PAM stack."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:164
+#: pam_sss.8.xml:191
msgid "MODULE TYPES PROVIDED"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:165
+#: pam_sss.8.xml:192
msgid ""
"All module types (<option>account</option>, <option>auth</option>, "
"<option>password</option> and <option>session</option>) are provided."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: pam_sss.8.xml:171
+#: pam_sss.8.xml:198
msgid "FILES"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:172
+#: pam_sss.8.xml:199
msgid ""
"If a password reset by root fails, because the corresponding SSSD provider "
"does not support password resets, an individual message can be displayed. "
@@ -5894,7 +6176,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:177
+#: pam_sss.8.xml:204
msgid ""
"The message is read from the file <filename>pam_sss_pw_reset_message.LOC</"
"filename> where LOC stands for a locale string returned by <citerefentry> "
@@ -5906,7 +6188,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: pam_sss.8.xml:187
+#: pam_sss.8.xml:214
msgid ""
"These files are searched in the directory <filename>/etc/sssd/customize/"
"DOMAIN_NAME/</filename>. If no matching file is present a generic message is "
@@ -6065,7 +6347,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:89
+#: sssd-simple.5.xml:70 sssd-ipa.5.xml:71 sssd-ad.5.xml:90
msgid ""
"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -6213,7 +6495,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:116 sssd-ad.5.xml:714
+#: sssd-ipa.5.xml:116 sssd-ad.5.xml:790
msgid "dyndns_update (boolean)"
msgstr ""
@@ -6221,14 +6503,14 @@ msgstr ""
#: sssd-ipa.5.xml:119
msgid ""
"Optional. This option tells SSSD to automatically update the DNS server "
-"built into FreeIPA v2 with the IP address of this client. The update is "
-"secured using GSS-TSIG. The IP address of the IPA LDAP connection is used "
-"for the updates, if it is not otherwise specified by using the "
-"<quote>dyndns_iface</quote> option."
+"built into FreeIPA with the IP address of this client. The update is secured "
+"using GSS-TSIG. The IP address of the IPA LDAP connection is used for the "
+"updates, if it is not otherwise specified by using the <quote>dyndns_iface</"
+"quote> option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:128 sssd-ad.5.xml:728
+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:804
msgid ""
"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
"the default Kerberos realm must be set properly in /etc/krb5.conf"
@@ -6243,12 +6525,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:145 sssd-ad.5.xml:739
+#: sssd-ipa.5.xml:145 sssd-ad.5.xml:815
msgid "dyndns_ttl (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:148 sssd-ad.5.xml:742
+#: sssd-ipa.5.xml:148 sssd-ad.5.xml:818
msgid ""
"The TTL to apply to the client DNS record when updating it. If "
"dyndns_update is false this has no effect. This will override the TTL "
@@ -6269,12 +6551,12 @@ msgid "Default: 1200 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:165 sssd-ad.5.xml:753
+#: sssd-ipa.5.xml:165 sssd-ad.5.xml:829
msgid "dyndns_iface (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168 sssd-ad.5.xml:756
+#: sssd-ipa.5.xml:168 sssd-ad.5.xml:832
msgid ""
"Optional. Applicable only when dyndns_update is true. Choose the interface "
"or a list of interfaces whose IP addresses should be used for dynamic DNS "
@@ -6298,7 +6580,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:185 sssd-ad.5.xml:767
+#: sssd-ipa.5.xml:185 sssd-ad.5.xml:843
msgid "Example: dyndns_iface = em1, vnet1, vnet2"
msgstr ""
@@ -6308,7 +6590,7 @@ msgid "ipa_enable_dns_sites (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:194 sssd-ad.5.xml:152
+#: sssd-ipa.5.xml:194 sssd-ad.5.xml:160
msgid "Enables DNS sites - location based service discovery."
msgstr ""
@@ -6325,12 +6607,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:217 sssd-ad.5.xml:773
+#: sssd-ipa.5.xml:217 sssd-ad.5.xml:849
msgid "dyndns_refresh_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:220 sssd-ad.5.xml:776
+#: sssd-ipa.5.xml:220 sssd-ad.5.xml:852
msgid ""
"How often should the back end perform periodic DNS update in addition to the "
"automatic update performed when the back end goes online. This option is "
@@ -6338,12 +6620,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:233 sssd-ad.5.xml:789
+#: sssd-ipa.5.xml:233 sssd-ad.5.xml:865
msgid "dyndns_update_ptr (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:236 sssd-ad.5.xml:792
+#: sssd-ipa.5.xml:236 sssd-ad.5.xml:868
msgid ""
"Whether the PTR record should also be explicitly updated when updating the "
"client's DNS records. Applicable only when dyndns_update is true."
@@ -6362,50 +6644,50 @@ msgid "Default: False (disabled)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:253 sssd-ad.5.xml:803
+#: sssd-ipa.5.xml:253 sssd-ad.5.xml:879
msgid "dyndns_force_tcp (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:256 sssd-ad.5.xml:806
+#: sssd-ipa.5.xml:256 sssd-ad.5.xml:882
msgid ""
"Whether the nsupdate utility should default to using TCP for communicating "
"with the DNS server."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:260 sssd-ad.5.xml:810
+#: sssd-ipa.5.xml:260 sssd-ad.5.xml:886
msgid "Default: False (let nsupdate choose the protocol)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:266 sssd-ad.5.xml:816
+#: sssd-ipa.5.xml:266 sssd-ad.5.xml:892
msgid "dyndns_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:269 sssd-ad.5.xml:819
+#: sssd-ipa.5.xml:269 sssd-ad.5.xml:895
msgid ""
"The DNS server to use when performing a DNS update. In most setups, it's "
"recommended to leave this option unset."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:274 sssd-ad.5.xml:824
+#: sssd-ipa.5.xml:274 sssd-ad.5.xml:900
msgid ""
"Setting this option makes sense for environments where the DNS server is "
"different from the identity server."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:279 sssd-ad.5.xml:829
+#: sssd-ipa.5.xml:279 sssd-ad.5.xml:905
msgid ""
"Please note that this option will be only used in fallback attempt when "
"previous attempt using autodetected settings failed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:284 sssd-ad.5.xml:834
+#: sssd-ipa.5.xml:284 sssd-ad.5.xml:910
msgid "Default: None (let nsupdate choose the server)"
msgstr ""
@@ -6515,7 +6797,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:408 sssd-ad.5.xml:855
+#: sssd-ipa.5.xml:408 sssd-ad.5.xml:931
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
@@ -6589,26 +6871,26 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:480 sssd-ad.5.xml:862
+#: sssd-ipa.5.xml:480 sssd-ad.5.xml:938
msgid "krb5_confd_path (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:483 sssd-ad.5.xml:865
+#: sssd-ipa.5.xml:483 sssd-ad.5.xml:941
msgid ""
"Absolute path of a directory where SSSD should place Kerberos configuration "
"snippets."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:487 sssd-ad.5.xml:869
+#: sssd-ipa.5.xml:487 sssd-ad.5.xml:945
msgid ""
"To disable the creation of the configuration snippets set the parameter to "
"'none'."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:491 sssd-ad.5.xml:873
+#: sssd-ipa.5.xml:491 sssd-ad.5.xml:949
msgid ""
"Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
msgstr ""
@@ -6627,7 +6909,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:508 sssd-ipa.5.xml:524 sssd-ad.5.xml:347
+#: sssd-ipa.5.xml:508 sssd-ipa.5.xml:524 sssd-ad.5.xml:355
msgid "Default: 5 (seconds)"
msgstr ""
@@ -6925,13 +7207,14 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ad.5.xml:45
msgid ""
-"The AD provider is able to provide identity information and authentication "
-"for entities from trusted domains as well. Currently only trusted domains in "
-"the same forest are recognized."
+"The AD provider can be used to get user information and authenticate users "
+"from trusted domains. Currently only trusted domains in the same forest are "
+"recognized. In addition servers from trusted domains are always auto-"
+"discovered."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:50
+#: sssd-ad.5.xml:51
msgid ""
"The AD provider accepts the same options used by the <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -6941,15 +7224,15 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:62
+#: sssd-ad.5.xml:63
msgid ""
"However, it is neither necessary nor recommended to set these options. The "
-"AD provider can also be used as an access, chpass and sudo provider. No "
-"configuration of the access provider is required on the client side."
+"AD provider can also be used as an access, chpass, sudo and autofs provider. "
+"No configuration of the access provider is required on the client side."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:74
+#: sssd-ad.5.xml:75
#, no-wrap
msgid ""
"ldap_id_mapping = False\n"
@@ -6957,7 +7240,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:68
+#: sssd-ad.5.xml:69
msgid ""
"By default, the AD provider will map UID and GID values from the objectSID "
"parameter in Active Directory. For details on this, see the <quote>ID "
@@ -6970,7 +7253,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:81
+#: sssd-ad.5.xml:82
msgid ""
"Users, groups and other entities served by SSSD are always treated as case-"
"insensitive in the AD provider for compatibility with Active Directory's "
@@ -6978,53 +7261,65 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:96
+#: sssd-ad.5.xml:97
msgid "ad_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:99
+#: sssd-ad.5.xml:100
msgid ""
"Specifies the name of the Active Directory domain. This is optional. If not "
"provided, the configuration domain name is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:104
+#: sssd-ad.5.xml:105
msgid ""
"For proper operation, this option should be specified as the lower-case "
"version of the long version of the Active Directory domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:109
+#: sssd-ad.5.xml:110
msgid ""
"The short domain name (also known as the NetBIOS or the flat name) is "
"autodetected by the SSSD."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:116
+#: sssd-ad.5.xml:117
msgid "ad_server, ad_backup_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:119
+#: sssd-ad.5.xml:120
msgid ""
"The comma-separated list of hostnames of the AD servers to which SSSD should "
"connect in order of preference. For more information on failover and server "
-"redundancy, see the <quote>FAILOVER</quote> section. This is optional if "
-"autodiscovery is enabled. For more information on service discovery, refer "
-"to the <quote>SERVICE DISCOVERY</quote> section."
+"redundancy, see the <quote>FAILOVER</quote> section."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:127
+msgid ""
+"This is optional if autodiscovery is enabled. For more information on "
+"service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ad.5.xml:132
+msgid ""
+"Note: Trusted domains will always auto-discover servers even if the primary "
+"server is explicitly defined in the ad_server option."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:140
msgid "ad_hostname (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:135
+#: sssd-ad.5.xml:143
msgid ""
"Optional. May be set on machines where the hostname(5) does not reflect the "
"fully qualified name used in the Active Directory domain to identify this "
@@ -7032,19 +7327,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:141
+#: sssd-ad.5.xml:149
msgid ""
"This field is used to determine the host principal in use in the keytab. It "
"must match the hostname for which the keytab was issued."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:149
+#: sssd-ad.5.xml:157
msgid "ad_enable_dns_sites (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:156
+#: sssd-ad.5.xml:164
msgid ""
"If true and service discovery (see Service Discovery paragraph at the bottom "
"of the man page) is enabled, the SSSD will first attempt to discover the "
@@ -7055,12 +7350,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:172
+#: sssd-ad.5.xml:180
msgid "ad_access_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:175
+#: sssd-ad.5.xml:183
msgid ""
"This option specifies LDAP access control filter that the user must match in "
"order to be allowed access. Please note that the <quote>access_provider</"
@@ -7069,7 +7364,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:183
+#: sssd-ad.5.xml:191
msgid ""
"The option also supports specifying different filters per domain or forest. "
"This extended filter would consist of: <quote>KEYWORD:NAME:FILTER</quote>. "
@@ -7078,7 +7373,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:191
+#: sssd-ad.5.xml:199
msgid ""
"If the keyword equals to <quote>DOM</quote> or is missing, then <quote>NAME</"
"quote> specifies the domain or subdomain the filter applies to. If the "
@@ -7087,14 +7382,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:199
+#: sssd-ad.5.xml:207
msgid ""
"Multiple filters can be separated with the <quote>?</quote> character, "
"similarly to how search bases work."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:204
+#: sssd-ad.5.xml:212
msgid ""
"The most specific match is always used. For example, if the option specified "
"filter for a domain the user is a member of and a global filter, the per-"
@@ -7103,7 +7398,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ad.5.xml:215
+#: sssd-ad.5.xml:223
#, no-wrap
msgid ""
"# apply filter on domain called dom1 only:\n"
@@ -7118,29 +7413,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:225 sssd-ad.5.xml:239
+#: sssd-ad.5.xml:233 sssd-ad.5.xml:247
msgid "Default: Not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:231
+#: sssd-ad.5.xml:239
msgid "ad_site (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:234
+#: sssd-ad.5.xml:242
msgid ""
"Specify AD site to which client should try to connect. If this option is "
"not provided, the AD site will be auto-discovered."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:245
+#: sssd-ad.5.xml:253
msgid "ad_enable_gc (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:248
+#: sssd-ad.5.xml:256
msgid ""
"By default, the SSSD connects to the Global Catalog first to retrieve users "
"from trusted domains and uses the LDAP port to retrieve group memberships or "
@@ -7149,7 +7444,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:256
+#: sssd-ad.5.xml:264
msgid ""
"Please note that disabling Global Catalog support does not disable "
"retrieving users from trusted domains. The SSSD would connect to the LDAP "
@@ -7158,12 +7453,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:270
+#: sssd-ad.5.xml:278
msgid "ad_gpo_access_control (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:273
+#: sssd-ad.5.xml:281
msgid ""
"This option specifies the operation mode for GPO-based access control "
"functionality: whether it operates in disabled mode, enforcing mode, or "
@@ -7173,14 +7468,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:282
+#: sssd-ad.5.xml:290
msgid ""
"GPO-based access control functionality uses GPO policy settings to determine "
"whether or not a particular user is allowed to logon to a particular host."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:288
+#: sssd-ad.5.xml:296
msgid ""
"NOTE: If the operation mode is set to enforcing, it is possible that users "
"that were previously allowed logon access will now be denied logon access "
@@ -7193,23 +7488,23 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:301
+#: sssd-ad.5.xml:309
msgid "There are three supported values for this option:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:305
+#: sssd-ad.5.xml:313
msgid ""
"disabled: GPO-based access control rules are neither evaluated nor enforced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:311
+#: sssd-ad.5.xml:319
msgid "enforcing: GPO-based access control rules are evaluated and enforced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:317
+#: sssd-ad.5.xml:325
msgid ""
"permissive: GPO-based access control rules are evaluated, but not enforced. "
"Instead, a syslog message will be emitted indicating that the user would "
@@ -7217,22 +7512,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:328
+#: sssd-ad.5.xml:336
msgid "Default: permissive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:331
+#: sssd-ad.5.xml:339
msgid "Default: enforcing"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:337
+#: sssd-ad.5.xml:345
msgid "ad_gpo_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:340
+#: sssd-ad.5.xml:348
msgid ""
"The amount of time between lookups of GPO policy files against the AD "
"server. This will reduce the latency and load on the AD server if there are "
@@ -7240,12 +7535,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:353
+#: sssd-ad.5.xml:361
msgid "ad_gpo_map_interactive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:356
+#: sssd-ad.5.xml:364
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the InteractiveLogonRight and "
@@ -7253,14 +7548,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:362
+#: sssd-ad.5.xml:370
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on locally\" and \"Deny log on locally\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:376
+#: sssd-ad.5.xml:384
#, no-wrap
msgid ""
"ad_gpo_map_interactive = +my_pam_service, -login\n"
@@ -7268,7 +7563,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:367
+#: sssd-ad.5.xml:375
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7280,53 +7575,78 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:380 sssd-ad.5.xml:451 sssd-ad.5.xml:492 sssd-ad.5.xml:537
-#: sssd-ad.5.xml:603
+#: sssd-ad.5.xml:388 sssd-ad.5.xml:484 sssd-ad.5.xml:530 sssd-ad.5.xml:575
+#: sssd-ad.5.xml:641
msgid "Default: the default set of PAM service names includes:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:384
+#: sssd-ad.5.xml:392
msgid "login"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:389
+#: sssd-ad.5.xml:397
msgid "su"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:394
+#: sssd-ad.5.xml:402
msgid "su-l"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:399
+#: sssd-ad.5.xml:407
msgid "gdm-fingerprint"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:404
+#: sssd-ad.5.xml:412
msgid "gdm-password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:409
+#: sssd-ad.5.xml:417
msgid "gdm-smartcard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:414
+#: sssd-ad.5.xml:422
msgid "kdm"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:427
+msgid "lightdm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:432
+msgid "lxdm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:437
+msgid "sddm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:442
+msgid "unity"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:447
+msgid "xdm"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:423
+#: sssd-ad.5.xml:456
msgid "ad_gpo_map_remote_interactive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:426
+#: sssd-ad.5.xml:459
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the RemoteInteractiveLogonRight and "
@@ -7334,7 +7654,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:432
+#: sssd-ad.5.xml:465
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on through Remote Desktop Services\" and \"Deny log on through Remote "
@@ -7342,7 +7662,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:447
+#: sssd-ad.5.xml:480
#, no-wrap
msgid ""
"ad_gpo_map_remote_interactive = +my_pam_service, -sshd\n"
@@ -7350,7 +7670,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:438
+#: sssd-ad.5.xml:471
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7362,17 +7682,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:455
+#: sssd-ad.5.xml:488
msgid "sshd"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:493
+msgid "cockpit"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:464
+#: sssd-ad.5.xml:502
msgid "ad_gpo_map_network (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:467
+#: sssd-ad.5.xml:505
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the NetworkLogonRight and "
@@ -7380,7 +7705,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:473
+#: sssd-ad.5.xml:511
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Access "
"this computer from the network\" and \"Deny access to this computer from the "
@@ -7388,7 +7713,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:488
+#: sssd-ad.5.xml:526
#, no-wrap
msgid ""
"ad_gpo_map_network = +my_pam_service, -ftp\n"
@@ -7396,7 +7721,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:479
+#: sssd-ad.5.xml:517
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7408,22 +7733,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:496
+#: sssd-ad.5.xml:534
msgid "ftp"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:501
+#: sssd-ad.5.xml:539
msgid "samba"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:510
+#: sssd-ad.5.xml:548
msgid "ad_gpo_map_batch (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:513
+#: sssd-ad.5.xml:551
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the BatchLogonRight and DenyBatchLogonRight "
@@ -7431,14 +7756,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:519
+#: sssd-ad.5.xml:557
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on as a batch job\" and \"Deny log on as a batch job\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:533
+#: sssd-ad.5.xml:571
#, no-wrap
msgid ""
"ad_gpo_map_batch = +my_pam_service, -crond\n"
@@ -7446,7 +7771,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:524
+#: sssd-ad.5.xml:562
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7458,17 +7783,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:541
+#: sssd-ad.5.xml:579
msgid "crond"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:550
+#: sssd-ad.5.xml:588
msgid "ad_gpo_map_service (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:553
+#: sssd-ad.5.xml:591
msgid ""
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the ServiceLogonRight and "
@@ -7476,14 +7801,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:559
+#: sssd-ad.5.xml:597
msgid ""
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on as a service\" and \"Deny log on as a service\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:572
+#: sssd-ad.5.xml:610
#, no-wrap
msgid ""
"ad_gpo_map_service = +my_pam_service\n"
@@ -7491,7 +7816,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:564 sssd-ad.5.xml:634
+#: sssd-ad.5.xml:602 sssd-ad.5.xml:677
msgid ""
"It is possible to add a PAM service name to the default set by using <quote>"
"+service_name</quote>. Since the default set is empty, it is not possible "
@@ -7502,19 +7827,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:582
+#: sssd-ad.5.xml:620
msgid "ad_gpo_map_permit (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:585
+#: sssd-ad.5.xml:623
msgid ""
"A comma-separated list of PAM service names for which GPO-based access is "
"always granted, regardless of any GPO Logon Rights."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:599
+#: sssd-ad.5.xml:637
#, no-wrap
msgid ""
"ad_gpo_map_permit = +my_pam_service, -sudo\n"
@@ -7522,7 +7847,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:590
+#: sssd-ad.5.xml:628
msgid ""
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
@@ -7534,34 +7859,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:607
+#: sssd-ad.5.xml:645
+msgid "polkit-1"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
+#: sssd-ad.5.xml:650
msgid "sudo"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:612
+#: sssd-ad.5.xml:655
msgid "sudo-i"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:617
+#: sssd-ad.5.xml:660
msgid "systemd-user"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:626
+#: sssd-ad.5.xml:669
msgid "ad_gpo_map_deny (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:629
+#: sssd-ad.5.xml:672
msgid ""
"A comma-separated list of PAM service names for which GPO-based access is "
"always denied, regardless of any GPO Logon Rights."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-ad.5.xml:642
+#: sssd-ad.5.xml:685
#, no-wrap
msgid ""
"ad_gpo_map_deny = +my_pam_service\n"
@@ -7569,12 +7899,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:652
+#: sssd-ad.5.xml:695
msgid "ad_gpo_default_right (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:655
+#: sssd-ad.5.xml:698
msgid ""
"This option defines how access control is evaluated for PAM service names "
"that are not explicitly listed in one of the ad_gpo_map_* options. This "
@@ -7587,52 +7917,90 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:668
+#: sssd-ad.5.xml:711
msgid "Supported values for this option include:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:672
+#: sssd-ad.5.xml:715
msgid "interactive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:677
+#: sssd-ad.5.xml:720
msgid "remote_interactive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:682
+#: sssd-ad.5.xml:725
msgid "network"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:687
+#: sssd-ad.5.xml:730
msgid "batch"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:692
+#: sssd-ad.5.xml:735
msgid "service"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:697
+#: sssd-ad.5.xml:740
msgid "permit"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ad.5.xml:702
+#: sssd-ad.5.xml:745
msgid "deny"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:708
+#: sssd-ad.5.xml:751
msgid "Default: deny"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:757
+msgid "ad_maximum_machine_account_password_age (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:760
+msgid ""
+"SSSD will check once a day if the machine account password is older than the "
+"given age in days and try to renew it. A value of 0 will disable the renewal "
+"attempt."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:766
+msgid "Default: 30 days"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ad.5.xml:772
+msgid "ad_machine_account_password_renewal_opts (string)"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:717
+#: sssd-ad.5.xml:775
+msgid ""
+"This option should only be used to test the machine account renewal task. "
+"The option expect 2 integers seperated by a colon (':'). The first integer "
+"defines the interval in seconds how often the task is run. The second "
+"specifies the inital timeout in seconds before the task is run for the first "
+"time after startup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:784
+msgid "Default: 86400:750 (24h and 15m)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ad.5.xml:793
msgid ""
"Optional. This option tells SSSD to automatically update the Active "
"Directory DNS server with the IP address of this client. The update is "
@@ -7643,36 +8011,36 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:747
+#: sssd-ad.5.xml:823
msgid "Default: 3600 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:763
+#: sssd-ad.5.xml:839
msgid ""
"Default: Use the IP addresses of the interface which is used for AD LDAP "
"connection"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:797 sss_rpcidmapd.5.xml:76
+#: sssd-ad.5.xml:873 sss_rpcidmapd.5.xml:76
msgid "Default: True"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ad.5.xml:843 sssd-krb5.5.xml:505
+#: sssd-ad.5.xml:919 sssd-krb5.5.xml:505
msgid "krb5_use_enterprise_principal (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ad.5.xml:846 sssd-krb5.5.xml:508
+#: sssd-ad.5.xml:922 sssd-krb5.5.xml:508
msgid ""
"Specifies if the user principal should be treated as enterprise principal. "
"See section 5 of RFC 6806 for more details about enterprise principals."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:891
+#: sssd-ad.5.xml:967
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -7680,7 +8048,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:898
+#: sssd-ad.5.xml:974
#, no-wrap
msgid ""
"[domain/EXAMPLE]\n"
@@ -7695,7 +8063,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ad.5.xml:918
+#: sssd-ad.5.xml:994
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -7704,7 +8072,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:914
+#: sssd-ad.5.xml:990
msgid ""
"The AD access control provider checks if the account is expired. It has the "
"same effect as the following configuration of the LDAP provider: "
@@ -7712,7 +8080,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ad.5.xml:924
+#: sssd-ad.5.xml:1000
msgid ""
"However, unless the <quote>ad</quote> access control provider is explicitly "
"configured, the default access provider is <quote>permit</quote>. Please "
@@ -7721,6 +8089,14 @@ msgid ""
"encryption details) manually."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ad.5.xml:1008
+msgid ""
+"When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema "
+"attribute mapping (nisMap, nisObject, ...) is used, because these attributes "
+"are included in the default Active Directory schema."
+msgstr ""
+
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16
msgid "sssd-sudo"
@@ -8179,7 +8555,7 @@ msgid "The password to obfuscate will be read from standard input."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:80
+#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:70
#: sss_ssh_knownhostsproxy.1.xml:78
msgid ""
"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
@@ -8246,17 +8622,22 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_override.8.xml:37
msgid ""
-"Overrides data are stored in SSSD cache. If the cache is deleted all local "
-"overrides are lost."
+"Overrides data are stored in the SSSD cache. If the cache is deleted, all "
+"local overrides are lost. Please note that after the first override is "
+"created using any of the following <emphasis>user-add</emphasis>, "
+"<emphasis>group-add</emphasis>, <emphasis>user-import</emphasis> or "
+"<emphasis>group-import</emphasis> command. SSSD needs to be restarted to "
+"take effect. <emphasis>sss_override</emphasis> prints message when a "
+"restart is required."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_override.8.xml:43
+#: sss_override.8.xml:50
msgid "AVAILABLE COMMANDS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_override.8.xml:45
+#: sss_override.8.xml:52
msgid ""
"Argument <emphasis>NAME</emphasis> is the name of original object in all "
"commands. It is not possible to override <emphasis>uid</emphasis> or "
@@ -8264,50 +8645,82 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:52
+#: sss_override.8.xml:59
msgid ""
"<option>user-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--"
"name</option> NAME</optional> <optional><option>-u,--uid</option> UID</"
"optional> <optional><option>-g,--gid</option> GID</optional> "
"<optional><option>-h,--home</option> HOME</optional> <optional><option>-s,--"
"shell</option> SHELL</optional> <optional><option>-c,--gecos</option> GECOS</"
-"optional>"
+"optional> <optional><option>-x,--certificate</option> BASE64 ENCODED "
+"CERTIFICATE</optional>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:63
-msgid "Override attributes of an user."
+#: sss_override.8.xml:72
+msgid ""
+"Override attributes of an user. Please be aware that calling this command "
+"will replace any previous override for the (NAMEd) user."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:69
+#: sss_override.8.xml:80
msgid "<option>user-del</option> <emphasis>NAME</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:74
-msgid "Remove user overrides."
+#: sss_override.8.xml:85
+msgid ""
+"Remove user overrides. However be aware that overridden attributes might be "
+"returned from memory cache. Please see SSSD option "
+"<emphasis>memcache_timeout</emphasis> for more details."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:80
+#: sss_override.8.xml:94
+#, fuzzy
+#| msgid "<option>-h</option>,<option>--help</option>"
+msgid ""
+"<option>user-find</option> <optional><option>-d,--domain</option> DOMAIN</"
+"optional>"
+msgstr "<option>-h</option>,<option>--help</option>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:99
+msgid ""
+"List all users with set overrides. If <emphasis>DOMAIN</emphasis> parameter "
+"is set, only users from the domain are listed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:107
+msgid "<option>user-show</option> <emphasis>NAME</emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:112
+msgid "Show user overrides."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:118
msgid "<option>user-import</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:85
+#: sss_override.8.xml:123
msgid ""
"Import user overrides from <emphasis>FILE</emphasis>. Data format is "
"similar to standard passwd file. The format is:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:90
-msgid "original_name:name:uid:gid:gecos:home:shell"
+#: sss_override.8.xml:128
+msgid "original_name:name:uid:gid:gecos:home:shell:base64_encoded_certificate"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:93
+#: sss_override.8.xml:131
msgid ""
"where original_name is original name of the user whose attributes should be "
"overridden. The rest of fields correspond to new values. You can omit a "
@@ -8315,29 +8728,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:102
+#: sss_override.8.xml:140
msgid "ckent:superman::::::"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:105
-msgid "ckent@krypton.com::501:501:Superman:/home/earth:/bin/bash"
+#: sss_override.8.xml:143
+msgid "ckent@krypton.com::501:501:Superman:/home/earth:/bin/bash:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:111
+#: sss_override.8.xml:149
msgid "<option>user-export</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:116
+#: sss_override.8.xml:154
msgid ""
"Export all overridden attributes and store them in <emphasis>FILE</"
"emphasis>. See <emphasis>user-import</emphasis> for data format."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:124
+#: sss_override.8.xml:162
msgid ""
"<option>group-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--"
"name</option> NAME</optional> <optional><option>-g,--gid</option> GID</"
@@ -8345,39 +8758,68 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:131
-msgid "Override attributes of a group."
+#: sss_override.8.xml:169
+msgid ""
+"Override attributes of a group. Please be aware that calling this command "
+"will replace any previous override for the (NAMEd) group."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:137
+#: sss_override.8.xml:177
msgid "<option>group-del</option> <emphasis>NAME</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:142
-msgid "Remove group overrides."
+#: sss_override.8.xml:182
+msgid ""
+"Remove group overrides. However be aware that overridden attributes might be "
+"returned from memory cache. Please see SSSD option "
+"<emphasis>memcache_timeout</emphasis> for more details."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:191
+msgid ""
+"<option>group-find</option> <optional><option>-d,--domain</option> DOMAIN</"
+"optional>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:196
+msgid ""
+"List all groups with set overrides. If <emphasis>DOMAIN</emphasis> "
+"parameter is set, only groups from the domain are listed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_override.8.xml:204
+msgid "<option>group-show</option> <emphasis>NAME</emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_override.8.xml:209
+msgid "Show group overrides."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:148
+#: sss_override.8.xml:215
msgid "<option>group-import</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:153
+#: sss_override.8.xml:220
msgid ""
"Import group overrides from <emphasis>FILE</emphasis>. Data format is "
"similar to standard group file. The format is:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:158
+#: sss_override.8.xml:225
msgid "original_name:name:gid"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:161
+#: sss_override.8.xml:228
msgid ""
"where original_name is original name of the group whose attributes should be "
"overridden. The rest of fields correspond to new values. You can omit a "
@@ -8385,41 +8827,41 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:170
+#: sss_override.8.xml:237
msgid "admins:administrators:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:173
+#: sss_override.8.xml:240
msgid "Domain Users:Users:501"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:179
+#: sss_override.8.xml:246
msgid "<option>group-export</option> <emphasis>FILE</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_override.8.xml:184
+#: sss_override.8.xml:251
msgid ""
"Export all overridden attributes and store them in <emphasis>FILE</"
"emphasis>. See <emphasis>group-import</emphasis> for data format."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_override.8.xml:194
+#: sss_override.8.xml:261
#, fuzzy
#| msgid "OPTIONS"
msgid "COMMON OPTIONS"
msgstr "VOLBY"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_override.8.xml:196
+#: sss_override.8.xml:263
msgid "Those options are available with all commands."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_override.8.xml:201
+#: sss_override.8.xml:268
msgid "<option>--debug</option> <replaceable>LEVEL</replaceable>"
msgstr ""
@@ -9565,13 +10007,41 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_cache.8.xml:185
+#, fuzzy
+#| msgid "<option>-h</option>,<option>--help</option>"
+msgid ""
+"<option>-r</option>,<option>--sudo-rule</option> <replaceable>rule</"
+"replaceable>"
+msgstr "<option>-h</option>,<option>--help</option>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:190
+msgid "Invalidate particular sudo rule."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:196
+#, fuzzy
+#| msgid "<option>-h</option>,<option>--help</option>"
+msgid "<option>-R</option>,<option>--sudo-rules</option>"
+msgstr "<option>-h</option>,<option>--help</option>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:200
+msgid ""
+"Invalidate all cached sudo rules. This option overrides invalidation of "
+"specific sudo rule if it was also set."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:208
msgid ""
"<option>-d</option>,<option>--domain</option> <replaceable>domain</"
"replaceable>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_cache.8.xml:190
+#: sss_cache.8.xml:213
msgid "Restrict invalidation process only to a particular domain."
msgstr ""
@@ -10051,13 +10521,13 @@ msgid ""
"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
"citerefentry> can be configured to use <command>sss_ssh_authorizedkeys</"
"command> for public key user authentication if it is compiled with support "
-"for either <quote>AuthorizedKeysCommand</quote> or <quote>PubkeyAgent</"
-"quote> <citerefentry> <refentrytitle>sshd_config</refentrytitle> "
-"<manvolnum>5</manvolnum></citerefentry> options."
+"for <quote>AuthorizedKeysCommand</quote> option. Please refer to the "
+"<citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</"
+"manvolnum></citerefentry> man page for more details about this option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sss_ssh_authorizedkeys.1.xml:58
+#: sss_ssh_authorizedkeys.1.xml:59
#, no-wrap
msgid ""
" AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n"
@@ -10065,7 +10535,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:51
+#: sss_ssh_authorizedkeys.1.xml:52
msgid ""
"If <quote>AuthorizedKeysCommand</quote> is supported, "
"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
@@ -10075,36 +10545,19 @@ msgid ""
"\" id=\"0\"/>"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sss_ssh_authorizedkeys.1.xml:70
-#, no-wrap
-msgid "PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u\n"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:63
-msgid ""
-"If <quote>PubkeyAgent</quote> is supported, "
-"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
-"citerefentry> can be configured to use it by using the following directive "
-"for <citerefentry> <refentrytitle>sshd</refentrytitle> <manvolnum>8</"
-"manvolnum></citerefentry> configuration: <placeholder type=\"programlisting"
-"\" id=\"0\"/>"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_ssh_authorizedkeys.1.xml:85
+#: sss_ssh_authorizedkeys.1.xml:75
msgid ""
"Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_ssh_authorizedkeys.1.xml:94 sss_ssh_knownhostsproxy.1.xml:92
+#: sss_ssh_authorizedkeys.1.xml:84 sss_ssh_knownhostsproxy.1.xml:92
msgid "EXIT STATUS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_ssh_authorizedkeys.1.xml:96 sss_ssh_knownhostsproxy.1.xml:94
+#: sss_ssh_authorizedkeys.1.xml:86 sss_ssh_knownhostsproxy.1.xml:94
msgid ""
"In case of success, an exit value of 0 is returned. Otherwise, 1 is returned."
msgstr ""
@@ -10491,7 +10944,7 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:137 include/ldap_id_mapping.xml:189
+#: include/ldap_id_mapping.xml:137 include/ldap_id_mapping.xml:191
msgid "Default: 200000"
msgstr ""
@@ -10548,11 +11001,12 @@ msgstr ""
msgid ""
"For example, if your most recently-added Active Directory user has "
"objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, "
-"<quote>ldap_idmap_range_size</quote> must be at least 1107."
+"<quote>ldap_idmap_range_size</quote> must be at least 1108 as range size is "
+"equal to maximal SID minus minimal SID plus one (e.g. 1108 = 1107 - 0 + 1)."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:184
+#: include/ldap_id_mapping.xml:186
msgid ""
"It is important to plan ahead for future expansion, as changing this value "
"will result in changing all of the ID mappings on the system, leading to "
@@ -10560,12 +11014,12 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:194
+#: include/ldap_id_mapping.xml:196
msgid "ldap_idmap_default_domain_sid (string)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:197
+#: include/ldap_id_mapping.xml:199
msgid ""
"Specify the domain SID of the default domain. This will guarantee that this "
"domain will always be assigned to slice zero in the ID map, bypassing the "
@@ -10573,36 +11027,36 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:208
+#: include/ldap_id_mapping.xml:210
msgid "ldap_idmap_default_domain (string)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:211
+#: include/ldap_id_mapping.xml:213
msgid "Specify the name of the default domain."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
-#: include/ldap_id_mapping.xml:219
+#: include/ldap_id_mapping.xml:221
msgid "ldap_idmap_autorid_compat (boolean)"
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:222
+#: include/ldap_id_mapping.xml:224
msgid ""
"Changes the behavior of the ID-mapping algorithm to behave more similarly to "
"winbind's <quote>idmap_autorid</quote> algorithm."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:227
+#: include/ldap_id_mapping.xml:229
msgid ""
"When this option is configured, domains will be allocated starting with "
"slice zero and increasing monatomically with each additional domain."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: include/ldap_id_mapping.xml:232
+#: include/ldap_id_mapping.xml:234
msgid ""
"NOTE: This algorithm is non-deterministic (it depends on the order that "
"users and groups are requested). If this mode is required for compatibility "
@@ -10611,13 +11065,34 @@ msgid ""
"least one domain is consistently allocated to slice zero."
msgstr ""
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:249
+msgid "ldap_idmap_helper_table_size (integer)"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:252
+msgid ""
+"Maximal number of secondary slices that is tried when performing mapping "
+"from UNIX id to SID."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:256
+msgid ""
+"Note: Additional secondary slices might be generated when SID is being "
+"mapped to UNIX id and RID part of SID is out of range for secondary slices "
+"generated so far. If value of ldap_idmap_helper_table_size is equal to 0 "
+"then no additional secondary slices are generated."
+msgstr ""
+
#. type: Content of: <refsect1><refsect2><title>
-#: include/ldap_id_mapping.xml:251
+#: include/ldap_id_mapping.xml:273
msgid "Well-Known SIDs"
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:253
+#: include/ldap_id_mapping.xml:275
msgid ""
"SSSD supports to look up the names of Well-Known SIDs, i.e. SIDs with a "
"special hardcoded meaning. Since the generic users and groups related to "
@@ -10626,51 +11101,51 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:259
+#: include/ldap_id_mapping.xml:281
msgid ""
"The SID name space is organized in authorities which can be seen as "
"different domains. The authorities for the Well-Known SIDs are"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:262
+#: include/ldap_id_mapping.xml:284
msgid "Null Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:263
+#: include/ldap_id_mapping.xml:285
msgid "World Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:264
+#: include/ldap_id_mapping.xml:286
msgid "Local Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:265
+#: include/ldap_id_mapping.xml:287
msgid "Creator Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:266
+#: include/ldap_id_mapping.xml:288
msgid "NT Authority"
msgstr ""
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
-#: include/ldap_id_mapping.xml:267
+#: include/ldap_id_mapping.xml:289
msgid "Built-in"
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:269
+#: include/ldap_id_mapping.xml:291
msgid ""
"The capitalized version of these names are used as domain names when "
"returning the fully qualified name of a Well-Known SID."
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: include/ldap_id_mapping.xml:273
+#: include/ldap_id_mapping.xml:295
msgid ""
"Since some utilities allow to modify SID based access control information "
"with the help of a name instead of using the SID directly SSSD supports to "
generated by cgit (git 2.34.1) at 2024-11-16 04:17:14 +0000