summaryrefslogtreecommitdiffstats
path: root/src/man/po/eu.po
diff options
context:
space:
mode:
Diffstat (limited to 'src/man/po/eu.po')
-rw-r--r--src/man/po/eu.po2542
1 files changed, 1580 insertions, 962 deletions
diff --git a/src/man/po/eu.po b/src/man/po/eu.po
index 0882d6c03..9f1b1550f 100644
--- a/src/man/po/eu.po
+++ b/src/man/po/eu.po
@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: sssd-docs 1.12.90\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2016-08-19 15:44+0200\n"
+"POT-Creation-Date: 2016-10-19 20:57+0200\n"
"PO-Revision-Date: 2014-12-14 11:55-0500\n"
"Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
"Language-Team: Basque (http://www.transifex.com/projects/p/sssd/language/"
@@ -17,7 +17,7 @@ msgstr ""
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=2; plural=(n != 1);\n"
-"X-Generator: Zanata 3.9.3\n"
+"X-Generator: Zanata 3.9.5\n"
#. type: Content of: <reference><title>
#: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5
@@ -29,6 +29,7 @@ msgstr ""
#: sss_debuglevel.8.xml:5 sss_seed.8.xml:5 sssd-ifp.5.xml:5
#: sss_rpcidmapd.5.xml:5 sss_ssh_authorizedkeys.1.xml:5
#: sss_ssh_knownhostsproxy.1.xml:5 idmap_sss.8.xml:5 sssctl.8.xml:5
+#: sssd-secrets.5.xml:5
msgid "SSSD Manual pages"
msgstr ""
@@ -69,7 +70,7 @@ msgstr ""
#: sss_groupshow.8.xml:30 sss_usermod.8.xml:30 sss_cache.8.xml:29
#: sss_debuglevel.8.xml:30 sss_seed.8.xml:31 sssd-ifp.5.xml:21
#: sss_ssh_authorizedkeys.1.xml:30 sss_ssh_knownhostsproxy.1.xml:31
-#: idmap_sss.8.xml:20 sssctl.8.xml:30
+#: idmap_sss.8.xml:20 sssctl.8.xml:30 sssd-secrets.5.xml:21
msgid "DESCRIPTION"
msgstr ""
@@ -84,7 +85,7 @@ msgstr ""
#: sss_groupmod.8.xml:39 pam_sss.8.xml:63 sssd.8.xml:42 sss_obfuscate.8.xml:58
#: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
#: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
-#: sss_cache.8.xml:38 sss_debuglevel.8.xml:38 sss_seed.8.xml:42
+#: sss_cache.8.xml:39 sss_debuglevel.8.xml:38 sss_seed.8.xml:42
#: sss_ssh_authorizedkeys.1.xml:66 sss_ssh_knownhostsproxy.1.xml:62
msgid "OPTIONS"
msgstr ""
@@ -124,16 +125,16 @@ msgid "sssd.conf"
msgstr ""
#. type: Content of: <reference><refentry><refmeta><manvolnum>
-#: sssd.conf.5.xml:11 sssd-ldap.5.xml:11 sssd-simple.5.xml:11
-#: sssd-ipa.5.xml:11 sssd-ad.5.xml:11 sssd-sudo.5.xml:11 sssd-krb5.5.xml:11
-#: sssd-ifp.5.xml:11 sss_rpcidmapd.5.xml:27
+#: sssd.conf.5.xml:11 sssd-ldap.5.xml:11 sssd-simple.5.xml:11 sssd-ipa.5.xml:11
+#: sssd-ad.5.xml:11 sssd-sudo.5.xml:11 sssd-krb5.5.xml:11 sssd-ifp.5.xml:11
+#: sss_rpcidmapd.5.xml:27 sssd-secrets.5.xml:11
msgid "5"
msgstr ""
#. type: Content of: <reference><refentry><refmeta><refmiscinfo>
-#: sssd.conf.5.xml:12 sssd-ldap.5.xml:12 sssd-simple.5.xml:12
-#: sssd-ipa.5.xml:12 sssd-ad.5.xml:12 sssd-sudo.5.xml:12 sssd-krb5.5.xml:12
-#: sssd-ifp.5.xml:12 sss_rpcidmapd.5.xml:28
+#: sssd.conf.5.xml:12 sssd-ldap.5.xml:12 sssd-simple.5.xml:12 sssd-ipa.5.xml:12
+#: sssd-ad.5.xml:12 sssd-sudo.5.xml:12 sssd-krb5.5.xml:12 sssd-ifp.5.xml:12
+#: sss_rpcidmapd.5.xml:28 sssd-secrets.5.xml:12
msgid "File Formats and Conventions"
msgstr ""
@@ -284,9 +285,9 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:133 sssd.conf.5.xml:711 sssd.conf.5.xml:1246
-#: sssd-ldap.5.xml:1678 sssd-ldap.5.xml:1775 sssd-ldap.5.xml:1837
-#: sssd-ldap.5.xml:2394 sssd-ldap.5.xml:2459 sssd-ldap.5.xml:2477
+#: sssd.conf.5.xml:133 sssd.conf.5.xml:713 sssd.conf.5.xml:1248
+#: sssd-ldap.5.xml:1695 sssd-ldap.5.xml:1792 sssd-ldap.5.xml:1854
+#: sssd-ldap.5.xml:2411 sssd-ldap.5.xml:2476 sssd-ldap.5.xml:2494
#: sssd-ipa.5.xml:405 sssd-ipa.5.xml:440 sssd-ad.5.xml:201 sssd-ad.5.xml:299
#: sssd-ad.5.xml:836 sssd-ad.5.xml:955 sssd-krb5.5.xml:499
msgid "Default: true"
@@ -305,16 +306,16 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:146 sssd.conf.5.xml:1200 sssd.conf.5.xml:2495
-#: sssd-ldap.5.xml:692 sssd-ldap.5.xml:1552 sssd-ldap.5.xml:1571
-#: sssd-ldap.5.xml:1747 sssd-ldap.5.xml:2164 sssd-ipa.5.xml:139
+#: sssd.conf.5.xml:146 sssd.conf.5.xml:1202 sssd.conf.5.xml:2480
+#: sssd-ldap.5.xml:708 sssd-ldap.5.xml:1569 sssd-ldap.5.xml:1588
+#: sssd-ldap.5.xml:1764 sssd-ldap.5.xml:2181 sssd-ipa.5.xml:139
#: sssd-ipa.5.xml:211 sssd-ipa.5.xml:542 sssd-krb5.5.xml:266
#: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471
msgid "Default: false"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:2202
+#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:2219
msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
msgstr ""
@@ -336,8 +337,8 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:167 sssd.conf.5.xml:1164 sssd-ldap.5.xml:1423
-#: include/ldap_id_mapping.xml:264
+#: sssd.conf.5.xml:167 sssd.conf.5.xml:1166 sssd.conf.5.xml:2496
+#: sssd-ldap.5.xml:1440 include/ldap_id_mapping.xml:264
msgid "Default: 10"
msgstr ""
@@ -352,7 +353,7 @@ msgid "The [sssd] section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:189 sssd.conf.5.xml:2511
+#: sssd.conf.5.xml:189 sssd.conf.5.xml:2512
msgid "Section parameters"
msgstr ""
@@ -389,19 +390,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:217 sssd.conf.5.xml:507
+#: sssd.conf.5.xml:217 sssd.conf.5.xml:525
msgid "reconnection_retries (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:220 sssd.conf.5.xml:510
+#: sssd.conf.5.xml:220 sssd.conf.5.xml:528
msgid ""
"Number of times services should attempt to reconnect in the event of a Data "
"Provider crash or restart before they give up"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:225 sssd.conf.5.xml:515
+#: sssd.conf.5.xml:225 sssd.conf.5.xml:533
msgid "Default: 3"
msgstr ""
@@ -421,7 +422,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:245 sssd.conf.5.xml:2144
+#: sssd.conf.5.xml:245 sssd.conf.5.xml:2129
msgid "re_expression (string)"
msgstr ""
@@ -441,12 +442,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:262 sssd.conf.5.xml:2195
+#: sssd.conf.5.xml:262 sssd.conf.5.xml:2180
msgid "full_name_format (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:265 sssd.conf.5.xml:2198
+#: sssd.conf.5.xml:265 sssd.conf.5.xml:2183
msgid ""
"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
"manvolnum> </citerefentry>-compatible format that describes how to compose a "
@@ -454,39 +455,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:276 sssd.conf.5.xml:2209
+#: sssd.conf.5.xml:276 sssd.conf.5.xml:2194
msgid "%1$s"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:277 sssd.conf.5.xml:2210
+#: sssd.conf.5.xml:277 sssd.conf.5.xml:2195
msgid "user name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:280 sssd.conf.5.xml:2213
+#: sssd.conf.5.xml:280 sssd.conf.5.xml:2198
msgid "%2$s"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:283 sssd.conf.5.xml:2216
+#: sssd.conf.5.xml:283 sssd.conf.5.xml:2201
msgid "domain name as specified in the SSSD config file."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:289 sssd.conf.5.xml:2222
+#: sssd.conf.5.xml:289 sssd.conf.5.xml:2207
msgid "%3$s"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:292 sssd.conf.5.xml:2225
+#: sssd.conf.5.xml:292 sssd.conf.5.xml:2210
msgid ""
"domain flat name. Mostly usable for Active Directory domains, both directly "
"configured or discovered via IPA trusts."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:273 sssd.conf.5.xml:2206
+#: sssd.conf.5.xml:273 sssd.conf.5.xml:2191
msgid ""
"The following expansions are supported: <placeholder type=\"variablelist\" "
"id=\"0\"/>"
@@ -604,10 +605,11 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:391 sssd-ldap.5.xml:663 sssd-ldap.5.xml:1511
-#: sssd-ldap.5.xml:1523 sssd-ldap.5.xml:1605 sssd-ad.5.xml:641
+#: sssd.conf.5.xml:391 sssd-ldap.5.xml:679 sssd-ldap.5.xml:1528
+#: sssd-ldap.5.xml:1540 sssd-ldap.5.xml:1622 sssd-ad.5.xml:641
#: sssd-ad.5.xml:716 sssd-krb5.5.xml:410 sssd-krb5.5.xml:556
-#: include/ldap_id_mapping.xml:205 include/ldap_id_mapping.xml:216
+#: sssd-secrets.5.xml:260 include/ldap_id_mapping.xml:205
+#: include/ldap_id_mapping.xml:216
msgid "Default: not set"
msgstr ""
@@ -725,6 +727,30 @@ msgstr ""
msgid "Default: not set, i.e. do not restrict certificate verification"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:486
+msgid "disable_netlink (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:489
+msgid ""
+"SSSD hooks into the netlink interface to monitor changes to routes, "
+"addresses, links and trigger certain actions."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:494
+msgid ""
+"The SSSD state changes caused by netlink events may be undesirable and can "
+"be disabled by setting this option to 'true'"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:499
+msgid "Default: false (netlink changes are detected)"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
#: sssd.conf.5.xml:182
msgid ""
@@ -737,12 +763,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:492
+#: sssd.conf.5.xml:510
msgid "SERVICES SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:494
+#: sssd.conf.5.xml:512
msgid ""
"Settings that can be used to configure different services are described in "
"this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -751,22 +777,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:501
+#: sssd.conf.5.xml:519
msgid "General service configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:503
+#: sssd.conf.5.xml:521
msgid "These options can be used to configure any service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:520
+#: sssd.conf.5.xml:538
msgid "fd_limit"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:523
+#: sssd.conf.5.xml:541
msgid ""
"This option specifies the maximum number of file descriptors that may be "
"opened at one time by this SSSD process. On systems where SSSD is granted "
@@ -776,17 +802,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:532
+#: sssd.conf.5.xml:550
msgid "Default: 8192 (or limits.conf \"hard\" limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:537
+#: sssd.conf.5.xml:555
msgid "client_idle_timeout"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:540
+#: sssd.conf.5.xml:558
msgid ""
"This option specifies the number of seconds that a client of an SSSD process "
"can hold onto a file descriptor without communicating on it. This value is "
@@ -794,34 +820,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:547 sssd.conf.5.xml:563 sssd.conf.5.xml:595
-#: sssd.conf.5.xml:842 sssd.conf.5.xml:1034 sssd.conf.5.xml:1467
-#: sssd-ldap.5.xml:1250
+#: sssd.conf.5.xml:565 sssd.conf.5.xml:597 sssd.conf.5.xml:844
+#: sssd.conf.5.xml:1036 sssd-ldap.5.xml:1267
msgid "Default: 60"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:552 sssd.conf.5.xml:1456
-msgid "force_timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:555 sssd.conf.5.xml:1459
-msgid ""
-"If a service is not responding to ping checks (see the <quote>timeout</"
-"quote> option), it is first sent the SIGTERM signal that instructs it to "
-"quit gracefully. If the service does not terminate after "
-"<quote>force_timeout</quote> seconds, the monitor will forcibly shut it down "
-"by sending a SIGKILL signal."
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:568
+#: sssd.conf.5.xml:570
msgid "offline_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:571
+#: sssd.conf.5.xml:573
msgid ""
"When SSSD switches to offline mode the amount of time before it tries to go "
"back online will increase based upon the time spent disconnected. This "
@@ -829,24 +839,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:578
+#: sssd.conf.5.xml:580
msgid "offline_timeout + random_offset"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:581
+#: sssd.conf.5.xml:583
msgid ""
"The random offset can increment up to 30 seconds. After each unsuccessful "
"attempt to go online, the new interval is recalculated by the following:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:586
+#: sssd.conf.5.xml:588
msgid "new_interval = old_interval*2 + random_offset"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:589
+#: sssd.conf.5.xml:591
msgid ""
"Note that the maximum length of each interval is currently limited to one "
"hour. If the calculated length of new_interval is greater than an hour, it "
@@ -854,40 +864,40 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:603
+#: sssd.conf.5.xml:605
msgid "NSS configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:605
+#: sssd.conf.5.xml:607
msgid ""
"These options can be used to configure the Name Service Switch (NSS) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:610
+#: sssd.conf.5.xml:612
msgid "enum_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:613
+#: sssd.conf.5.xml:615
msgid ""
"How many seconds should nss_sss cache enumerations (requests for info about "
"all users)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:617
+#: sssd.conf.5.xml:619
msgid "Default: 120"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:622
+#: sssd.conf.5.xml:624
msgid "entry_cache_nowait_percentage (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:625
+#: sssd.conf.5.xml:627
msgid ""
"The entry cache can be set to automatically update entries in the background "
"if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -895,7 +905,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:631
+#: sssd.conf.5.xml:633
msgid ""
"For example, if the domain's entry_cache_timeout is set to 30s and "
"entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -905,7 +915,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:641
+#: sssd.conf.5.xml:643
msgid ""
"Valid values for this option are 0-99 and represent a percentage of the "
"entry_cache_timeout for each domain. For performance reasons, this "
@@ -914,17 +924,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:649
+#: sssd.conf.5.xml:651
msgid "Default: 50"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:654
+#: sssd.conf.5.xml:656
msgid "entry_negative_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:657
+#: sssd.conf.5.xml:659
msgid ""
"Specifies for how many seconds nss_sss should cache negative cache hits "
"(that is, queries for invalid database entries, like nonexistent ones) "
@@ -932,34 +942,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:663 sssd.conf.5.xml:1224
+#: sssd.conf.5.xml:665 sssd.conf.5.xml:1226
msgid "Default: 15"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:668
+#: sssd.conf.5.xml:670
msgid "local_negative_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:671
+#: sssd.conf.5.xml:673
msgid ""
"Specifies for how many seconds nss_sss should keep local users and groups in "
"negative cache before trying to look it up in the back end again."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:676 sssd.conf.5.xml:1022 sssd.conf.5.xml:2445 sssd.8.xml:79
+#: sssd.conf.5.xml:678 sssd.conf.5.xml:1024 sssd.conf.5.xml:2430 sssd.8.xml:79
msgid "Default: 0"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:681
+#: sssd.conf.5.xml:683
msgid "filter_users, filter_groups (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:684
+#: sssd.conf.5.xml:686
msgid ""
"Exclude certain users or groups from being fetched from the sss NSS "
"database. This is particularly useful for system accounts. This option can "
@@ -968,7 +978,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:691
+#: sssd.conf.5.xml:693
msgid ""
"NOTE: The filter_groups option doesn't affect inheritance of nested group "
"members, since filtering happens after they are propagated for returning via "
@@ -977,41 +987,41 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:699
+#: sssd.conf.5.xml:701
msgid "Default: root"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:704
+#: sssd.conf.5.xml:706
msgid "filter_users_in_groups (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:707
+#: sssd.conf.5.xml:709
msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:718
+#: sssd.conf.5.xml:720
msgid "fallback_homedir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:721
+#: sssd.conf.5.xml:723
msgid ""
"Set a default template for a user's home directory if one is not specified "
"explicitly by the domain's data provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:726
+#: sssd.conf.5.xml:728
msgid ""
"The available values for this option are the same as for override_homedir."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:732
+#: sssd.conf.5.xml:734
#, no-wrap
msgid ""
"fallback_homedir = /home/%u\n"
@@ -1019,23 +1029,23 @@ msgid ""
msgstr ""
#. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:730 sssd.conf.5.xml:1101 sssd.conf.5.xml:1120
+#: sssd.conf.5.xml:732 sssd.conf.5.xml:1103 sssd.conf.5.xml:1122
#: sssd-krb5.5.xml:539 include/override_homedir.xml:55
msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:736
+#: sssd.conf.5.xml:738
msgid "Default: not set (no substitution for unset home directories)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:742
+#: sssd.conf.5.xml:744
msgid "override_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:745
+#: sssd.conf.5.xml:747
msgid ""
"Override the login shell for all users. This option supersedes any other "
"shell options if it takes effect and can be set either in the [nss] section "
@@ -1043,47 +1053,47 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:751
+#: sssd.conf.5.xml:753
msgid "Default: not set (SSSD will use the value retrieved from LDAP)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:757
+#: sssd.conf.5.xml:759
msgid "allowed_shells (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:760
+#: sssd.conf.5.xml:762
msgid ""
"Restrict user shell to one of the listed values. The order of evaluation is:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:763
+#: sssd.conf.5.xml:765
msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:767
+#: sssd.conf.5.xml:769
msgid ""
"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
"quote>, use the value of the shell_fallback parameter."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:772
+#: sssd.conf.5.xml:774
msgid ""
"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
"shells</quote>, a nologin shell is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:777
+#: sssd.conf.5.xml:779
msgid "The wildcard (*) can be used to allow any shell."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:780
+#: sssd.conf.5.xml:782
msgid ""
"The (*) is useful if you want to use shell_fallback in case that user's "
"shell is not in <quote>/etc/shells</quote> and maintaining list of all "
@@ -1091,110 +1101,110 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:787
+#: sssd.conf.5.xml:789
msgid "An empty string for shell is passed as-is to libc."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:790
+#: sssd.conf.5.xml:792
msgid ""
"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
"that a restart of the SSSD is required in case a new shell is installed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:794
+#: sssd.conf.5.xml:796
msgid "Default: Not set. The user shell is automatically used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:799
+#: sssd.conf.5.xml:801
msgid "vetoed_shells (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:802
+#: sssd.conf.5.xml:804
msgid "Replace any instance of these shells with the shell_fallback"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:807
+#: sssd.conf.5.xml:809
msgid "shell_fallback (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:810
+#: sssd.conf.5.xml:812
msgid ""
"The default shell to use if an allowed shell is not installed on the machine."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:814
+#: sssd.conf.5.xml:816
msgid "Default: /bin/sh"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:819
+#: sssd.conf.5.xml:821
msgid "default_shell"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:822
+#: sssd.conf.5.xml:824
msgid ""
"The default shell to use if the provider does not return one during lookup. "
"This option can be specified globally in the [nss] section or per-domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:828
+#: sssd.conf.5.xml:830
msgid ""
"Default: not set (Return NULL if no shell is specified and rely on libc to "
"substitute something sensible when necessary, usually /bin/sh)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:835 sssd.conf.5.xml:1027
+#: sssd.conf.5.xml:837 sssd.conf.5.xml:1029
msgid "get_domains_timeout (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:838 sssd.conf.5.xml:1030
+#: sssd.conf.5.xml:840 sssd.conf.5.xml:1032
msgid ""
"Specifies time in seconds for which the list of subdomains will be "
"considered valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:847
+#: sssd.conf.5.xml:849
msgid "memcache_timeout (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:850
+#: sssd.conf.5.xml:852
msgid ""
"Specifies time in seconds for which records in the in-memory cache will be "
"valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:854 sssd.conf.5.xml:1338 sssd-ldap.5.xml:706
+#: sssd.conf.5.xml:856 sssd.conf.5.xml:1340 sssd-ldap.5.xml:722
msgid "Default: 300"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:857
+#: sssd.conf.5.xml:859
msgid ""
"NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", "
"client applications will not use the fast in-memory cache."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:865 sssd-ifp.5.xml:74
+#: sssd.conf.5.xml:867 sssd-ifp.5.xml:74
msgid "user_attributes (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:868
+#: sssd.conf.5.xml:870
msgid ""
"Some of the additional NSS responder requests can return more attributes "
"than just the POSIX ones defined by the NSS interface. The list of "
@@ -1205,72 +1215,72 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:881
+#: sssd.conf.5.xml:883
msgid ""
"To make configuration more easy the NSS responder will check the InfoPipe "
"option if it is not set for the NSS responder."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:886
+#: sssd.conf.5.xml:888
msgid "Default: not set, fallback to InfoPipe option"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:893
+#: sssd.conf.5.xml:895
msgid "PAM configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:895
+#: sssd.conf.5.xml:897
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:900
+#: sssd.conf.5.xml:902
msgid "offline_credentials_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:903
+#: sssd.conf.5.xml:905
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:908 sssd.conf.5.xml:921
+#: sssd.conf.5.xml:910 sssd.conf.5.xml:923
msgid "Default: 0 (No limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:914
+#: sssd.conf.5.xml:916
msgid "offline_failed_login_attempts (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:917
+#: sssd.conf.5.xml:919
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:927
+#: sssd.conf.5.xml:929
msgid "offline_failed_login_delay (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:930
+#: sssd.conf.5.xml:932
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:935
+#: sssd.conf.5.xml:937
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -1278,59 +1288,59 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:941 sssd.conf.5.xml:994
+#: sssd.conf.5.xml:943 sssd.conf.5.xml:996
msgid "Default: 5"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:947
+#: sssd.conf.5.xml:949
msgid "pam_verbosity (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:950
+#: sssd.conf.5.xml:952
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:955
+#: sssd.conf.5.xml:957
msgid "Currently sssd supports the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:958
+#: sssd.conf.5.xml:960
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:961
+#: sssd.conf.5.xml:963
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:965
+#: sssd.conf.5.xml:967
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:968
+#: sssd.conf.5.xml:970
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:972 sssd.8.xml:63
+#: sssd.conf.5.xml:974 sssd.8.xml:63
msgid "Default: 1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:977
+#: sssd.conf.5.xml:979
msgid "pam_id_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:980
+#: sssd.conf.5.xml:982
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -1338,7 +1348,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:986
+#: sssd.conf.5.xml:988
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
@@ -1347,17 +1357,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1000
+#: sssd.conf.5.xml:1002
msgid "pam_pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1003 sssd.conf.5.xml:1670
+#: sssd.conf.5.xml:1005 sssd.conf.5.xml:1655
msgid "Display a warning N days before the password expires."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1006
+#: sssd.conf.5.xml:1008
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -1365,26 +1375,26 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1012 sssd.conf.5.xml:1673
+#: sssd.conf.5.xml:1014 sssd.conf.5.xml:1658
msgid ""
"If zero is set, then this filter is not applied, i.e. if the expiration "
"warning was received from backend server, it will automatically be displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1017
+#: sssd.conf.5.xml:1019
msgid ""
"This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
"emphasis> for a particular domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1039
+#: sssd.conf.5.xml:1041
msgid "pam_trusted_users (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1042
+#: sssd.conf.5.xml:1044
msgid ""
"Specifies the comma-separated list of UID values or user names that are "
"allowed to run PAM conversations against trusted domains. Users not "
@@ -1394,74 +1404,74 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1052
+#: sssd.conf.5.xml:1054
msgid "Default: All users are considered trusted by default"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1056
+#: sssd.conf.5.xml:1058
msgid ""
"Please note that UID 0 is always allowed to access the PAM responder even in "
"case it is not in the pam_trusted_users list."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1063
+#: sssd.conf.5.xml:1065
msgid "pam_public_domains (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1066
+#: sssd.conf.5.xml:1068
msgid ""
"Specifies the comma-separated list of domain names that are accessible even "
"to untrusted users."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1070
+#: sssd.conf.5.xml:1072
msgid "Two special values for pam_public_domains option are defined:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1074
+#: sssd.conf.5.xml:1076
msgid ""
"all (Untrusted users are allowed to access all domains in PAM responder.)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1078
+#: sssd.conf.5.xml:1080
msgid ""
"none (Untrusted users are not allowed to access any domains PAM in "
"responder.)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1082 sssd.conf.5.xml:1107 sssd.conf.5.xml:1126
-#: sssd.conf.5.xml:1450 sssd.conf.5.xml:2381 sssd-ldap.5.xml:1806
+#: sssd.conf.5.xml:1084 sssd.conf.5.xml:1109 sssd.conf.5.xml:1128
+#: sssd.conf.5.xml:1452 sssd.conf.5.xml:2366 sssd-ldap.5.xml:1823
msgid "Default: none"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1087
+#: sssd.conf.5.xml:1089
msgid "pam_account_expired_message (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1090
+#: sssd.conf.5.xml:1092
msgid ""
"Allows a custom expiration message to be set, replacing the default "
"'Permission denied' message."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1095
+#: sssd.conf.5.xml:1097
msgid ""
"Note: Please be aware that message is only printed for the SSH service "
"unless pam_verbostiy is set to 3 (show all messages and debug information)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1103
+#: sssd.conf.5.xml:1105
#, no-wrap
msgid ""
"pam_account_expired_message = Account expired, please contact help desk.\n"
@@ -1469,19 +1479,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1112
+#: sssd.conf.5.xml:1114
msgid "pam_account_locked_message (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1115
+#: sssd.conf.5.xml:1117
msgid ""
"Allows a custom lockout message to be set, replacing the default 'Permission "
"denied' message."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1122
+#: sssd.conf.5.xml:1124
#, no-wrap
msgid ""
"pam_account_locked_message = Account locked, please contact help desk.\n"
@@ -1489,12 +1499,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1131
+#: sssd.conf.5.xml:1133
msgid "pam_cert_auth (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1134
+#: sssd.conf.5.xml:1136
msgid ""
"Enable certificate based Smartcard authentication. Since this requires "
"additional communication with the Smartcard which will delay the "
@@ -1502,46 +1512,46 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1140 sssd-ldap.5.xml:1034 sssd-ldap.5.xml:1061
-#: sssd-ldap.5.xml:1352 sssd-ldap.5.xml:1373 sssd-ldap.5.xml:1879
+#: sssd.conf.5.xml:1142 sssd-ldap.5.xml:1051 sssd-ldap.5.xml:1078
+#: sssd-ldap.5.xml:1369 sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1896
#: include/ldap_id_mapping.xml:244
msgid "Default: False"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1145
+#: sssd.conf.5.xml:1147
msgid "pam_cert_db_path (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1148
+#: sssd.conf.5.xml:1150
msgid ""
"The path to the certificate database which contain the PKCS#11 modules to "
"access the Smartcard."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1152
+#: sssd.conf.5.xml:1154
msgid "Default: /etc/pki/nssdb (NSS version)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1157
+#: sssd.conf.5.xml:1159
msgid "p11_child_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1160
+#: sssd.conf.5.xml:1162
msgid "How many seconds will pam_sss wait for p11_child to finish."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1173
+#: sssd.conf.5.xml:1175
msgid "SUDO configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1175
+#: sssd.conf.5.xml:1177
msgid ""
"These options can be used to configure the sudo service. The detailed "
"instructions for configuration of <citerefentry> <refentrytitle>sudo</"
@@ -1552,34 +1562,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1192
+#: sssd.conf.5.xml:1194
msgid "sudo_timed (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1195
+#: sssd.conf.5.xml:1197
msgid ""
"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
"that implement time-dependent sudoers entries."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1208
+#: sssd.conf.5.xml:1210
msgid "AUTOFS configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1210
+#: sssd.conf.5.xml:1212
msgid "These options can be used to configure the autofs service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1214
+#: sssd.conf.5.xml:1216
msgid "autofs_negative_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1217
+#: sssd.conf.5.xml:1219
msgid ""
"Specifies for how many seconds should the autofs responder negative cache "
"hits (that is, queries for invalid map entries, like nonexistent ones) "
@@ -1587,68 +1597,68 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1233
+#: sssd.conf.5.xml:1235
msgid "SSH configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1235
+#: sssd.conf.5.xml:1237
msgid "These options can be used to configure the SSH service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1239
+#: sssd.conf.5.xml:1241
msgid "ssh_hash_known_hosts (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1242
+#: sssd.conf.5.xml:1244
msgid ""
"Whether or not to hash host names and addresses in the managed known_hosts "
"file."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1251
+#: sssd.conf.5.xml:1253
msgid "ssh_known_hosts_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1254
+#: sssd.conf.5.xml:1256
msgid ""
"How many seconds to keep a host in the managed known_hosts file after its "
"host keys were requested."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1258
+#: sssd.conf.5.xml:1260
msgid "Default: 180"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1263
+#: sssd.conf.5.xml:1265
msgid "ca_db (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1266
+#: sssd.conf.5.xml:1268
msgid ""
"Path to a storage of trusted CA certificates. The option is used to validate "
"user certificates before deriving public ssh keys from them."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1271
+#: sssd.conf.5.xml:1273
msgid "Default: /etc/pki/nssdb"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1279
+#: sssd.conf.5.xml:1281
msgid "PAC responder configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1281
+#: sssd.conf.5.xml:1283
msgid ""
"The PAC responder works together with the authorization data plugin for MIT "
"Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the "
@@ -1660,7 +1670,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1290
+#: sssd.conf.5.xml:1292
msgid ""
"If the remote user does not exist in the cache, it is created. The uid is "
"determined with the help of the SID, trusted domains will have UPGs and the "
@@ -1671,24 +1681,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1298
+#: sssd.conf.5.xml:1300
msgid ""
"If there are SIDs of groups from domains sssd knows about, the user will be "
"added to those groups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1304
+#: sssd.conf.5.xml:1306
msgid "These options can be used to configure the PAC responder."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1308 sssd-ifp.5.xml:50
+#: sssd.conf.5.xml:1310 sssd-ifp.5.xml:50
msgid "allowed_uids (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1311
+#: sssd.conf.5.xml:1313
msgid ""
"Specifies the comma-separated list of UID values or user names that are "
"allowed to access the PAC responder. User names are resolved to UIDs at "
@@ -1696,12 +1706,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1317
+#: sssd.conf.5.xml:1319
msgid "Default: 0 (only the root user is allowed to access the PAC responder)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1321
+#: sssd.conf.5.xml:1323
msgid ""
"Please note that although the UID 0 is used as the default it will be "
"overwritten with this option. If you still want to allow the root user to "
@@ -1710,36 +1720,36 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1330
+#: sssd.conf.5.xml:1332
msgid "pac_lifetime (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1333
+#: sssd.conf.5.xml:1335
msgid ""
"Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC "
"data can be used to determine the group memberships of a user."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1348
+#: sssd.conf.5.xml:1350
msgid "DOMAIN SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1355
+#: sssd.conf.5.xml:1357
msgid "min_id,max_id (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1358
+#: sssd.conf.5.xml:1360
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1363
+#: sssd.conf.5.xml:1365
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -1748,46 +1758,46 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1370
+#: sssd.conf.5.xml:1372
msgid ""
"These ID limits affect even saving entries to cache, not only returning them "
"by name or ID."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1374
+#: sssd.conf.5.xml:1376
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1380
+#: sssd.conf.5.xml:1382
msgid "enumerate (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1383
+#: sssd.conf.5.xml:1385
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1387
+#: sssd.conf.5.xml:1389
msgid "TRUE = Users and groups are enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1390
+#: sssd.conf.5.xml:1392
msgid "FALSE = No enumerations for this domain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1393 sssd.conf.5.xml:1625 sssd.conf.5.xml:1792
+#: sssd.conf.5.xml:1395 sssd.conf.5.xml:1610 sssd.conf.5.xml:1777
msgid "Default: FALSE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1396
+#: sssd.conf.5.xml:1398
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -1799,14 +1809,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1409
+#: sssd.conf.5.xml:1411
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1414
+#: sssd.conf.5.xml:1416
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -1815,39 +1825,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1422
+#: sssd.conf.5.xml:1424
msgid ""
"For the reasons cited above, enabling enumeration is not recommended, "
"especially in large environments."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1430
+#: sssd.conf.5.xml:1432
msgid "subdomain_enumerate (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1437
+#: sssd.conf.5.xml:1439
msgid "all"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1438
+#: sssd.conf.5.xml:1440
msgid "All discovered trusted domains will be enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1441
+#: sssd.conf.5.xml:1443
msgid "none"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1442
+#: sssd.conf.5.xml:1444
msgid "No discovered trusted domains will be enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1433
+#: sssd.conf.5.xml:1435
msgid ""
"Whether any of autodetected trusted domains should be enumerated. The "
"supported values are: <placeholder type=\"variablelist\" id=\"0\"/> "
@@ -1856,19 +1866,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1473
+#: sssd.conf.5.xml:1458
msgid "entry_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1476
+#: sssd.conf.5.xml:1461
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1480
+#: sssd.conf.5.xml:1465
msgid ""
"The cache expiration timestamps are stored as attributes of individual "
"objects in the cache. Therefore, changing the cache timeout only has effect "
@@ -1879,151 +1889,151 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1493
+#: sssd.conf.5.xml:1478
msgid "Default: 5400"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1499
+#: sssd.conf.5.xml:1484
msgid "entry_cache_user_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1502
+#: sssd.conf.5.xml:1487
msgid ""
"How many seconds should nss_sss consider user entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1506 sssd.conf.5.xml:1519 sssd.conf.5.xml:1532
-#: sssd.conf.5.xml:1545 sssd.conf.5.xml:1558 sssd.conf.5.xml:1572
-#: sssd.conf.5.xml:1586
+#: sssd.conf.5.xml:1491 sssd.conf.5.xml:1504 sssd.conf.5.xml:1517
+#: sssd.conf.5.xml:1530 sssd.conf.5.xml:1543 sssd.conf.5.xml:1557
+#: sssd.conf.5.xml:1571
msgid "Default: entry_cache_timeout"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1512
+#: sssd.conf.5.xml:1497
msgid "entry_cache_group_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1515
+#: sssd.conf.5.xml:1500
msgid ""
"How many seconds should nss_sss consider group entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1525
+#: sssd.conf.5.xml:1510
msgid "entry_cache_netgroup_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1528
+#: sssd.conf.5.xml:1513
msgid ""
"How many seconds should nss_sss consider netgroup entries valid before "
"asking the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1538
+#: sssd.conf.5.xml:1523
msgid "entry_cache_service_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1541
+#: sssd.conf.5.xml:1526
msgid ""
"How many seconds should nss_sss consider service entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1551
+#: sssd.conf.5.xml:1536
msgid "entry_cache_sudo_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1554
+#: sssd.conf.5.xml:1539
msgid ""
"How many seconds should sudo consider rules valid before asking the backend "
"again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1564
+#: sssd.conf.5.xml:1549
msgid "entry_cache_autofs_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1567
+#: sssd.conf.5.xml:1552
msgid ""
"How many seconds should the autofs service consider automounter maps valid "
"before asking the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1578
+#: sssd.conf.5.xml:1563
msgid "entry_cache_ssh_host_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1581
+#: sssd.conf.5.xml:1566
msgid ""
"How many seconds to keep a host ssh key after refresh. IE how long to cache "
"the host key for."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1592
+#: sssd.conf.5.xml:1577
msgid "refresh_expired_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1595
+#: sssd.conf.5.xml:1580
msgid ""
"Specifies how many seconds SSSD has to wait before triggering a background "
"refresh task which will refresh all expired or nearly expired records."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1600
+#: sssd.conf.5.xml:1585
msgid ""
"The background refresh will process users, groups and netgroups in the cache."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1604
+#: sssd.conf.5.xml:1589
msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1608 sssd-ldap.5.xml:730 sssd-ipa.5.xml:227
+#: sssd.conf.5.xml:1593 sssd-ldap.5.xml:746 sssd-ipa.5.xml:227
msgid "Default: 0 (disabled)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1614
+#: sssd.conf.5.xml:1599
msgid "cache_credentials (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1617
+#: sssd.conf.5.xml:1602
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1621
+#: sssd.conf.5.xml:1606
msgid "User credentials are stored in a SHA512 hash, not in plaintext"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1631
+#: sssd.conf.5.xml:1616
msgid "cache_credentials_minimal_first_factor_length (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1634
+#: sssd.conf.5.xml:1619
msgid ""
"If 2-Factor-Authentication (2FA) is used and credentials should be saved "
"this value determines the minimal length the first authentication factor "
@@ -2031,24 +2041,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1641
+#: sssd.conf.5.xml:1626
msgid ""
"This should avoid that the short PINs of a PIN based 2FA scheme are saved in "
"the cache which would make them easy targets for brute-force attacks."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1646
+#: sssd.conf.5.xml:1631
msgid "Default: 8"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1652
+#: sssd.conf.5.xml:1637
msgid "account_cache_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1655
+#: sssd.conf.5.xml:1640
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -2057,17 +2067,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1662
+#: sssd.conf.5.xml:1647
msgid "Default: 0 (unlimited)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1667
+#: sssd.conf.5.xml:1652
msgid "pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1678
+#: sssd.conf.5.xml:1663
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -2076,33 +2086,33 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1685
+#: sssd.conf.5.xml:1670
msgid "Default: 7 (Kerberos), 0 (LDAP)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1691
+#: sssd.conf.5.xml:1676
msgid "id_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1694
+#: sssd.conf.5.xml:1679
msgid ""
"The identification provider used for the domain. Supported ID providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1698
+#: sssd.conf.5.xml:1683
msgid "<quote>proxy</quote>: Support a legacy NSS provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1701 sssd.conf.5.xml:1838
+#: sssd.conf.5.xml:1686 sssd.conf.5.xml:1823
msgid "<quote>local</quote>: SSSD internal provider for local users"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1705
+#: sssd.conf.5.xml:1690
msgid ""
"<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-"
"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
@@ -2110,8 +2120,8 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1713 sssd.conf.5.xml:1818 sssd.conf.5.xml:1873
-#: sssd.conf.5.xml:1936
+#: sssd.conf.5.xml:1698 sssd.conf.5.xml:1803 sssd.conf.5.xml:1858
+#: sssd.conf.5.xml:1921
msgid ""
"<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management "
"provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
@@ -2120,8 +2130,8 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1722 sssd.conf.5.xml:1827 sssd.conf.5.xml:1882
-#: sssd.conf.5.xml:1945
+#: sssd.conf.5.xml:1707 sssd.conf.5.xml:1812 sssd.conf.5.xml:1867
+#: sssd.conf.5.xml:1930
msgid ""
"<quote>ad</quote>: Active Directory provider. See <citerefentry> "
"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2129,19 +2139,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1733
+#: sssd.conf.5.xml:1718
msgid "use_fully_qualified_names (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1736
+#: sssd.conf.5.xml:1721
msgid ""
"Use the full name and domain (as formatted by the domain's full_name_format) "
"as the user's login name reported to NSS."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1741
+#: sssd.conf.5.xml:1726
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -2150,7 +2160,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1749
+#: sssd.conf.5.xml:1734
msgid ""
"NOTE: This option has no effect on netgroup lookups due to their tendency to "
"include nested netgroups without qualified names. For netgroups, all domains "
@@ -2158,22 +2168,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1756
+#: sssd.conf.5.xml:1741
msgid "Default: FALSE (TRUE if default_domain_suffix is used)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1762
+#: sssd.conf.5.xml:1747
msgid "ignore_group_members (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1765
+#: sssd.conf.5.xml:1750
msgid "Do not return group members for group lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1768
+#: sssd.conf.5.xml:1753
msgid ""
"If set to TRUE, the group membership attribute is not requested from the "
"ldap server, and group members are not returned when processing group lookup "
@@ -2185,7 +2195,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1786
+#: sssd.conf.5.xml:1771
msgid ""
"Enabling this option can also make access provider checks for group "
"membership significantly faster, especially for groups containing many "
@@ -2193,19 +2203,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1797
+#: sssd.conf.5.xml:1782
msgid "auth_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1800
+#: sssd.conf.5.xml:1785
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1804 sssd.conf.5.xml:1866
+#: sssd.conf.5.xml:1789 sssd.conf.5.xml:1851
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2213,7 +2223,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1811
+#: sssd.conf.5.xml:1796
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2221,30 +2231,30 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1835
+#: sssd.conf.5.xml:1820
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1842
+#: sssd.conf.5.xml:1827
msgid "<quote>none</quote> disables authentication explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1845
+#: sssd.conf.5.xml:1830
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1851
+#: sssd.conf.5.xml:1836
msgid "access_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1854
+#: sssd.conf.5.xml:1839
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -2252,19 +2262,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1860
+#: sssd.conf.5.xml:1845
msgid ""
"<quote>permit</quote> always allow access. It's the only permitted access "
"provider for a local domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1863
+#: sssd.conf.5.xml:1848
msgid "<quote>deny</quote> always deny access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1890
+#: sssd.conf.5.xml:1875
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -2273,7 +2283,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1897
+#: sssd.conf.5.xml:1882
msgid ""
"<quote>krb5</quote>: .k5login based access control. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></"
@@ -2281,29 +2291,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1904
+#: sssd.conf.5.xml:1889
msgid "<quote>proxy</quote> for relaying access control to another PAM module."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1907
+#: sssd.conf.5.xml:1892
msgid "Default: <quote>permit</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1912
+#: sssd.conf.5.xml:1897
msgid "chpass_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1915
+#: sssd.conf.5.xml:1900
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1920
+#: sssd.conf.5.xml:1905
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -2311,7 +2321,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1928
+#: sssd.conf.5.xml:1913
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2319,35 +2329,35 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1953
+#: sssd.conf.5.xml:1938
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1957
+#: sssd.conf.5.xml:1942
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1960
+#: sssd.conf.5.xml:1945
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1967
+#: sssd.conf.5.xml:1952
msgid "sudo_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1970
+#: sssd.conf.5.xml:1955
msgid "The SUDO provider used for the domain. Supported SUDO providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1974
+#: sssd.conf.5.xml:1959
msgid ""
"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2355,32 +2365,32 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1982
+#: sssd.conf.5.xml:1967
msgid ""
"<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default "
"settings."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1986
+#: sssd.conf.5.xml:1971
msgid ""
"<quote>ad</quote> the same as <quote>ldap</quote> but with AD default "
"settings."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1990
+#: sssd.conf.5.xml:1975
msgid "<quote>none</quote> disables SUDO explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1993 sssd.conf.5.xml:2071 sssd.conf.5.xml:2112
-#: sssd.conf.5.xml:2137
+#: sssd.conf.5.xml:1978 sssd.conf.5.xml:2056 sssd.conf.5.xml:2097
+#: sssd.conf.5.xml:2122
msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1997
+#: sssd.conf.5.xml:1982
msgid ""
"The detailed instructions for configuration of sudo_provider are in the "
"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -2391,12 +2401,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2014
+#: sssd.conf.5.xml:1999
msgid "selinux_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2017
+#: sssd.conf.5.xml:2002
msgid ""
"The provider which should handle loading of selinux settings. Note that this "
"provider will be called right after access provider ends. Supported selinux "
@@ -2404,7 +2414,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2023
+#: sssd.conf.5.xml:2008
msgid ""
"<quote>ipa</quote> to load selinux settings from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2412,31 +2422,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2031
+#: sssd.conf.5.xml:2016
msgid "<quote>none</quote> disallows fetching selinux settings explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2034
+#: sssd.conf.5.xml:2019
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"selinux loading requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2040
+#: sssd.conf.5.xml:2025
msgid "subdomains_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2043
+#: sssd.conf.5.xml:2028
msgid ""
"The provider which should handle fetching of subdomains. This value should "
"be always the same as id_provider. Supported subdomain providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2049
+#: sssd.conf.5.xml:2034
msgid ""
"<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2444,7 +2454,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2058
+#: sssd.conf.5.xml:2043
msgid ""
"<quote>ad</quote> to load a list of subdomains from an Active Directory "
"server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> "
@@ -2453,23 +2463,23 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2067
+#: sssd.conf.5.xml:2052
msgid "<quote>none</quote> disallows fetching subdomains explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2078
+#: sssd.conf.5.xml:2063
msgid "autofs_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2081
+#: sssd.conf.5.xml:2066
msgid ""
"The autofs provider used for the domain. Supported autofs providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2085
+#: sssd.conf.5.xml:2070
msgid ""
"<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2477,7 +2487,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2092
+#: sssd.conf.5.xml:2077
msgid ""
"<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2485,7 +2495,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2100
+#: sssd.conf.5.xml:2085
msgid ""
"<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> "
"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2493,24 +2503,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2109
+#: sssd.conf.5.xml:2094
msgid "<quote>none</quote> disables autofs explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2119
+#: sssd.conf.5.xml:2104
msgid "hostid_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2122
+#: sssd.conf.5.xml:2107
msgid ""
"The provider used for retrieving host identity information. Supported "
"hostid providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2126
+#: sssd.conf.5.xml:2111
msgid ""
"<quote>ipa</quote> to load host identity stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2518,12 +2528,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2134
+#: sssd.conf.5.xml:2119
msgid "<quote>none</quote> disables hostid explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2147
+#: sssd.conf.5.xml:2132
msgid ""
"Regular expression for this domain that describes how to parse the string "
"containing user name and domain into these components. The \"domain\" can "
@@ -2533,7 +2543,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2156
+#: sssd.conf.5.xml:2141
msgid ""
"Default for the AD and IPA provider: <quote>(((?P&lt;domain&gt;[^\\\\]+)\\"
"\\(?P&lt;name&gt;.+$))|((?P&lt;name&gt;[^@]+)@(?P&lt;domain&gt;.+$))|(^(?"
@@ -2542,29 +2552,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2161
+#: sssd.conf.5.xml:2146
msgid "username"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2164
+#: sssd.conf.5.xml:2149
msgid "username@domain.name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2167
+#: sssd.conf.5.xml:2152
msgid "domain\\username"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2170
+#: sssd.conf.5.xml:2155
msgid ""
"While the first two correspond to the general default the third one is "
"introduced to allow easy integration of users from Windows domains."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2175
+#: sssd.conf.5.xml:2160
msgid ""
"Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
"which translates to \"the name is everything up to the <quote>@</quote> "
@@ -2572,7 +2582,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2181
+#: sssd.conf.5.xml:2166
msgid ""
"PLEASE NOTE: the support for non-unique named subpatterns is not available "
"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
@@ -2580,66 +2590,66 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2188
+#: sssd.conf.5.xml:2173
msgid ""
"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
"P&lt;name&gt;) to label subpatterns."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2235
+#: sssd.conf.5.xml:2220
msgid "Default: <quote>%1$s@%2$s</quote>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2241
+#: sssd.conf.5.xml:2226
msgid "lookup_family_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2244
+#: sssd.conf.5.xml:2229
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2248
+#: sssd.conf.5.xml:2233
msgid "Supported values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2251
+#: sssd.conf.5.xml:2236
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2254
+#: sssd.conf.5.xml:2239
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2257
+#: sssd.conf.5.xml:2242
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2260
+#: sssd.conf.5.xml:2245
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2263
+#: sssd.conf.5.xml:2248
msgid "Default: ipv4_first"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2269
+#: sssd.conf.5.xml:2254
msgid "dns_resolver_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2272
+#: sssd.conf.5.xml:2257
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -2647,70 +2657,70 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2278 sssd-ldap.5.xml:1234 sssd-ldap.5.xml:1276
-#: sssd-ldap.5.xml:1294 sssd-krb5.5.xml:248
+#: sssd.conf.5.xml:2263 sssd-ldap.5.xml:1251 sssd-ldap.5.xml:1293
+#: sssd-ldap.5.xml:1311 sssd-krb5.5.xml:248
msgid "Default: 6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2284
+#: sssd.conf.5.xml:2269
msgid "dns_discovery_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2287
+#: sssd.conf.5.xml:2272
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2291
+#: sssd.conf.5.xml:2276
msgid "Default: Use the domain part of machine's hostname"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2297
+#: sssd.conf.5.xml:2282
msgid "override_gid (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2300
+#: sssd.conf.5.xml:2285
msgid "Override the primary GID value with the one specified."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2306
+#: sssd.conf.5.xml:2291
msgid "case_sensitive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2314
+#: sssd.conf.5.xml:2299
msgid "True"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2317
+#: sssd.conf.5.xml:2302
msgid "Case sensitive. This value is invalid for AD provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2323
+#: sssd.conf.5.xml:2308
msgid "False"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2325
+#: sssd.conf.5.xml:2310
msgid "Case insensitive."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2329
+#: sssd.conf.5.xml:2314
msgid "Preserving"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2332
+#: sssd.conf.5.xml:2317
msgid ""
"Same as False (case insensitive), but does not lowercase names in the result "
"of NSS operations. Note that name aliases (and in case of services also "
@@ -2718,7 +2728,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2309
+#: sssd.conf.5.xml:2294
msgid ""
"Treat user and group names as case sensitive. At the moment, this option is "
"not supported in the local provider. Possible option values are: "
@@ -2726,17 +2736,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2344
+#: sssd.conf.5.xml:2329
msgid "Default: True (False for AD provider)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2350
+#: sssd.conf.5.xml:2335
msgid "subdomain_inherit (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2353
+#: sssd.conf.5.xml:2338
msgid ""
"Specifies a list of configuration parameters that should be inherited by a "
"subdomain. Please note that only selected parameters can be inherited. "
@@ -2744,67 +2754,67 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2359
+#: sssd.conf.5.xml:2344
msgid "ignore_group_members"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2362
+#: sssd.conf.5.xml:2347
msgid "ldap_purge_cache_timeout"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2365 sssd-ldap.5.xml:1067
+#: sssd.conf.5.xml:2350 sssd-ldap.5.xml:1084
msgid "ldap_use_tokengroups"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2368
+#: sssd.conf.5.xml:2353
msgid "ldap_user_principal"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2371
+#: sssd.conf.5.xml:2356
msgid ""
"ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab "
"is not set explicitly)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:2377
+#: sssd.conf.5.xml:2362
#, no-wrap
msgid ""
"subdomain_inherit = ldap_purge_cache_timeout\n"
" "
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2375
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2360 sssd-secrets.5.xml:293
msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2384
+#: sssd.conf.5.xml:2369
msgid "Note: This option only works with the IPA and AD provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2391
+#: sssd.conf.5.xml:2376
msgid "subdomain_homedir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2402
+#: sssd.conf.5.xml:2387
msgid "%F"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2403
+#: sssd.conf.5.xml:2388
msgid "flat (NetBIOS) name of a subdomain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2394
+#: sssd.conf.5.xml:2379
msgid ""
"Use this homedir as default value for all subdomains within this domain in "
"IPA AD trust. See <emphasis>override_homedir</emphasis> for info about "
@@ -2814,34 +2824,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2408
+#: sssd.conf.5.xml:2393
msgid ""
"The value can be overridden by <emphasis>override_homedir</emphasis> option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2412
+#: sssd.conf.5.xml:2397
msgid "Default: <filename>/home/%d/%u</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2417
+#: sssd.conf.5.xml:2402
msgid "realmd_tags (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2420
+#: sssd.conf.5.xml:2405
msgid ""
"Various tags stored by the realmd configuration service for this domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2426
+#: sssd.conf.5.xml:2411
msgid "cached_auth_timeout (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2429
+#: sssd.conf.5.xml:2414
msgid ""
"Specifies time in seconds since last successful online authentication for "
"which user will be authenticated using cached credentials while SSSD is in "
@@ -2849,12 +2859,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2435
+#: sssd.conf.5.xml:2420
msgid "Special value 0 implies that this feature is disabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2439
+#: sssd.conf.5.xml:2424
msgid ""
"Please note that if <quote>cached_auth_timeout</quote> is longer than "
"<quote>pam_id_timeout</quote> then the back end could be called to handle "
@@ -2862,7 +2872,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1350
+#: sssd.conf.5.xml:1352
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -2870,29 +2880,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2457
+#: sssd.conf.5.xml:2442
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2460
+#: sssd.conf.5.xml:2445
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2463
+#: sssd.conf.5.xml:2448
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2471
+#: sssd.conf.5.xml:2456
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2474
+#: sssd.conf.5.xml:2459
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -2900,12 +2910,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2484
+#: sssd.conf.5.xml:2469
msgid "proxy_fast_alias (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2487
+#: sssd.conf.5.xml:2472
msgid ""
"When a user or group is looked up by name in the proxy provider, a second "
"lookup by ID is performed to \"canonicalize\" the name in case the requested "
@@ -2913,20 +2923,33 @@ msgid ""
"perform the ID lookup from cache for performance reasons."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2486
+msgid "proxy_max_children (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2489
+msgid ""
+"This option specifies the number of pre-forked proxy children. It is useful "
+"for high-load SSSD environments where sssd may run out of available child "
+"slots, which would cause some issues due to the requests being queued."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2453
+#: sssd.conf.5.xml:2438
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2504
+#: sssd.conf.5.xml:2505
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2506
+#: sssd.conf.5.xml:2507
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -2934,73 +2957,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2513
+#: sssd.conf.5.xml:2514
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2516
+#: sssd.conf.5.xml:2517
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2520
+#: sssd.conf.5.xml:2521
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2525
+#: sssd.conf.5.xml:2526
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2528
+#: sssd.conf.5.xml:2529
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2533
+#: sssd.conf.5.xml:2534
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2538
+#: sssd.conf.5.xml:2539
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2541
+#: sssd.conf.5.xml:2542
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2545 sssd.conf.5.xml:2557
+#: sssd.conf.5.xml:2546 sssd.conf.5.xml:2558
msgid "Default: TRUE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2550
+#: sssd.conf.5.xml:2551
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2553
+#: sssd.conf.5.xml:2554
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2562
+#: sssd.conf.5.xml:2563
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2565
+#: sssd.conf.5.xml:2566
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -3008,17 +3031,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2573
+#: sssd.conf.5.xml:2574
msgid "Default: 077"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2578
+#: sssd.conf.5.xml:2579
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2581
+#: sssd.conf.5.xml:2582
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -3027,17 +3050,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2591
+#: sssd.conf.5.xml:2592
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2596
+#: sssd.conf.5.xml:2597
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2599
+#: sssd.conf.5.xml:2600
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -3045,17 +3068,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2606
+#: sssd.conf.5.xml:2607
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2611
+#: sssd.conf.5.xml:2612
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2614
+#: sssd.conf.5.xml:2615
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -3063,19 +3086,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2620
+#: sssd.conf.5.xml:2621
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:2630 sssd-ldap.5.xml:2645 sssd-simple.5.xml:131
+#: sssd.conf.5.xml:2631 sssd-ldap.5.xml:2662 sssd-simple.5.xml:131
#: sssd-ipa.5.xml:717 sssd-ad.5.xml:992 sssd-krb5.5.xml:570
#: sss_rpcidmapd.5.xml:98
msgid "EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:2636
+#: sssd.conf.5.xml:2637
#, no-wrap
msgid ""
"[sssd]\n"
@@ -3105,7 +3128,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2632
+#: sssd.conf.5.xml:2633
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -3152,7 +3175,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:70 sssd-ad.5.xml:89
-#: sssd-krb5.5.xml:63 sssd-ifp.5.xml:44
+#: sssd-krb5.5.xml:63 sssd-ifp.5.xml:44 sssd-secrets.5.xml:94
msgid "CONFIGURATION OPTIONS"
msgstr ""
@@ -3171,8 +3194,8 @@ msgid ""
"information, refer to the <quote>SERVICE DISCOVERY</quote> section."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:70
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:70 sssd-secrets.5.xml:185
msgid "The format of the URI must match the format defined in RFC 2732:"
msgstr ""
@@ -3251,7 +3274,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:646 sssd-ad.5.xml:247
+#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:662 sssd-ad.5.xml:247
#: sss_override.8.xml:137 sss_override.8.xml:234
msgid "Examples:"
msgstr ""
@@ -3423,142 +3446,160 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:270
-msgid "Default: uid"
+msgid "Default: uid (rfc2307, rfc2307bis and IPA), sAMAccountName (AD)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:276
+#: sssd-ldap.5.xml:277
msgid "ldap_user_uid_number (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:279
+#: sssd-ldap.5.xml:280
msgid "The LDAP attribute that corresponds to the user's id."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:283
+#: sssd-ldap.5.xml:284
msgid "Default: uidNumber"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:289
+#: sssd-ldap.5.xml:290
msgid "ldap_user_gid_number (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:292
+#: sssd-ldap.5.xml:293
msgid "The LDAP attribute that corresponds to the user's primary group id."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:296 sssd-ldap.5.xml:876
+#: sssd-ldap.5.xml:297 sssd-ldap.5.xml:893
msgid "Default: gidNumber"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:302
+#: sssd-ldap.5.xml:303
+msgid "ldap_user_primary_group (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:306
+msgid ""
+"Active Directory primary group attribute for ID-mapping. Note that this "
+"attribute should only be set manually if you are running the <quote>ldap</"
+"quote> provider with ID mapping."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:312
+msgid "Default: unset (LDAP), primaryGroupID (AD)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:318
msgid "ldap_user_gecos (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:305
+#: sssd-ldap.5.xml:321
msgid "The LDAP attribute that corresponds to the user's gecos field."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:309
+#: sssd-ldap.5.xml:325
msgid "Default: gecos"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:315
+#: sssd-ldap.5.xml:331
msgid "ldap_user_home_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:318
+#: sssd-ldap.5.xml:334
msgid "The LDAP attribute that contains the name of the user's home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:322
+#: sssd-ldap.5.xml:338
msgid "Default: homeDirectory"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:328
+#: sssd-ldap.5.xml:344
msgid "ldap_user_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:331
+#: sssd-ldap.5.xml:347
msgid "The LDAP attribute that contains the path to the user's default shell."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:335
+#: sssd-ldap.5.xml:351
msgid "Default: loginShell"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:341
+#: sssd-ldap.5.xml:357
msgid "ldap_user_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:344
+#: sssd-ldap.5.xml:360
msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:348 sssd-ldap.5.xml:902
+#: sssd-ldap.5.xml:364 sssd-ldap.5.xml:919
msgid ""
"Default: not set in the general case, objectGUID for AD and ipaUniqueID for "
"IPA"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:355
+#: sssd-ldap.5.xml:371
msgid "ldap_user_objectsid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:358
+#: sssd-ldap.5.xml:374
msgid ""
"The LDAP attribute that contains the objectSID of an LDAP user object. This "
"is usually only necessary for ActiveDirectory servers."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:363 sssd-ldap.5.xml:917
+#: sssd-ldap.5.xml:379 sssd-ldap.5.xml:934
msgid "Default: objectSid for ActiveDirectory, not set for other servers."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:370
+#: sssd-ldap.5.xml:386
msgid "ldap_user_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:373 sssd-ldap.5.xml:927 sssd-ldap.5.xml:1150
+#: sssd-ldap.5.xml:389 sssd-ldap.5.xml:944 sssd-ldap.5.xml:1167
msgid ""
"The LDAP attribute that contains timestamp of the last modification of the "
"parent object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:377 sssd-ldap.5.xml:931 sssd-ldap.5.xml:1157
+#: sssd-ldap.5.xml:393 sssd-ldap.5.xml:948 sssd-ldap.5.xml:1174
msgid "Default: modifyTimestamp"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:383
+#: sssd-ldap.5.xml:399
msgid "ldap_user_shadow_last_change (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:386
+#: sssd-ldap.5.xml:402
msgid ""
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
@@ -3567,17 +3608,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:396
+#: sssd-ldap.5.xml:412
msgid "Default: shadowLastChange"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:402
+#: sssd-ldap.5.xml:418
msgid "ldap_user_shadow_min (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:405
+#: sssd-ldap.5.xml:421
msgid ""
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
@@ -3586,17 +3627,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:414
+#: sssd-ldap.5.xml:430
msgid "Default: shadowMin"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:420
+#: sssd-ldap.5.xml:436
msgid "ldap_user_shadow_max (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:423
+#: sssd-ldap.5.xml:439
msgid ""
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
@@ -3605,17 +3646,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:432
+#: sssd-ldap.5.xml:448
msgid "Default: shadowMax"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:438
+#: sssd-ldap.5.xml:454
msgid "ldap_user_shadow_warning (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:441
+#: sssd-ldap.5.xml:457
msgid ""
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
@@ -3624,17 +3665,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:451
+#: sssd-ldap.5.xml:467
msgid "Default: shadowWarning"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:457
+#: sssd-ldap.5.xml:473
msgid "ldap_user_shadow_inactive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:460
+#: sssd-ldap.5.xml:476
msgid ""
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
@@ -3643,17 +3684,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:470
+#: sssd-ldap.5.xml:486
msgid "Default: shadowInactive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:476
+#: sssd-ldap.5.xml:492
msgid "ldap_user_shadow_expire (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:479
+#: sssd-ldap.5.xml:495
msgid ""
"When using ldap_pwd_policy=shadow or ldap_account_expire_policy=shadow, this "
"parameter contains the name of an LDAP attribute corresponding to its "
@@ -3662,17 +3703,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:489
+#: sssd-ldap.5.xml:505
msgid "Default: shadowExpire"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:495
+#: sssd-ldap.5.xml:511
msgid "ldap_user_krb_last_pwd_change (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:498
+#: sssd-ldap.5.xml:514
msgid ""
"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
"an LDAP attribute storing the date and time of last password change in "
@@ -3680,155 +3721,155 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:504
+#: sssd-ldap.5.xml:520
msgid "Default: krbLastPwdChange"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:510
+#: sssd-ldap.5.xml:526
msgid "ldap_user_krb_password_expiration (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:513
+#: sssd-ldap.5.xml:529
msgid ""
"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
"an LDAP attribute storing the date and time when current password expires."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:519
+#: sssd-ldap.5.xml:535
msgid "Default: krbPasswordExpiration"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:525
+#: sssd-ldap.5.xml:541
msgid "ldap_user_ad_account_expires (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:528
+#: sssd-ldap.5.xml:544
msgid ""
"When using ldap_account_expire_policy=ad, this parameter contains the name "
"of an LDAP attribute storing the expiration time of the account."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:533
+#: sssd-ldap.5.xml:549
msgid "Default: accountExpires"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:539
+#: sssd-ldap.5.xml:555
msgid "ldap_user_ad_user_account_control (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:542
+#: sssd-ldap.5.xml:558
msgid ""
"When using ldap_account_expire_policy=ad, this parameter contains the name "
"of an LDAP attribute storing the user account control bit field."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:547
+#: sssd-ldap.5.xml:563
msgid "Default: userAccountControl"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:553
+#: sssd-ldap.5.xml:569
msgid "ldap_ns_account_lock (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:556
+#: sssd-ldap.5.xml:572
msgid ""
"When using ldap_account_expire_policy=rhds or equivalent, this parameter "
"determines if access is allowed or not."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:561
+#: sssd-ldap.5.xml:577
msgid "Default: nsAccountLock"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:567
+#: sssd-ldap.5.xml:583
msgid "ldap_user_nds_login_disabled (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:570
+#: sssd-ldap.5.xml:586
msgid ""
"When using ldap_account_expire_policy=nds, this attribute determines if "
"access is allowed or not."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:574 sssd-ldap.5.xml:588
+#: sssd-ldap.5.xml:590 sssd-ldap.5.xml:604
msgid "Default: loginDisabled"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:580
+#: sssd-ldap.5.xml:596
msgid "ldap_user_nds_login_expiration_time (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:583
+#: sssd-ldap.5.xml:599
msgid ""
"When using ldap_account_expire_policy=nds, this attribute determines until "
"which date access is granted."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:594
+#: sssd-ldap.5.xml:610
msgid "ldap_user_nds_login_allowed_time_map (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:597
+#: sssd-ldap.5.xml:613
msgid ""
"When using ldap_account_expire_policy=nds, this attribute determines the "
"hours of a day in a week when access is granted."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:602
+#: sssd-ldap.5.xml:618
msgid "Default: loginAllowedTimeMap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:608
+#: sssd-ldap.5.xml:624
msgid "ldap_user_principal (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:611
+#: sssd-ldap.5.xml:627
msgid ""
"The LDAP attribute that contains the user's Kerberos User Principal Name "
"(UPN)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:615
+#: sssd-ldap.5.xml:631
msgid "Default: krbPrincipalName"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:621
+#: sssd-ldap.5.xml:637
msgid "ldap_user_extra_attrs (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:624
+#: sssd-ldap.5.xml:640
msgid ""
"Comma-separated list of LDAP attributes that SSSD would fetch along with the "
"usual set of user attributes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:629
+#: sssd-ldap.5.xml:645
msgid ""
"The list can either contain LDAP attribute names only, or colon-separated "
"tuples of SSSD cache attribute name and LDAP attribute name. In case only "
@@ -3838,7 +3879,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:639
+#: sssd-ldap.5.xml:655
msgid ""
"Please note that several attribute names are reserved by SSSD, notably the "
"<quote>name</quote> attribute. SSSD would report an error if any of the "
@@ -3846,51 +3887,51 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:649
+#: sssd-ldap.5.xml:665
msgid "ldap_user_extra_attrs = telephoneNumber"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:652
+#: sssd-ldap.5.xml:668
msgid ""
"Save the <quote>telephoneNumber</quote> attribute from LDAP as "
"<quote>telephoneNumber</quote> to the cache."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:656
+#: sssd-ldap.5.xml:672
msgid "ldap_user_extra_attrs = phone:telephoneNumber"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:659
+#: sssd-ldap.5.xml:675
msgid ""
"Save the <quote>telephoneNumber</quote> attribute from LDAP as <quote>phone</"
"quote> to the cache."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:669
+#: sssd-ldap.5.xml:685
msgid "ldap_user_ssh_public_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:672
+#: sssd-ldap.5.xml:688
msgid "The LDAP attribute that contains the user's SSH public keys."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:676
+#: sssd-ldap.5.xml:692
msgid "Default: sshPublicKey"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:682
+#: sssd-ldap.5.xml:698
msgid "ldap_force_upper_case_realm (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:685
+#: sssd-ldap.5.xml:701
msgid ""
"Some directory servers, for example Active Directory, might deliver the "
"realm part of the UPN in lower case, which might cause the authentication to "
@@ -3899,24 +3940,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:698
+#: sssd-ldap.5.xml:714
msgid "ldap_enumeration_refresh_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:701
+#: sssd-ldap.5.xml:717
msgid ""
"Specifies how many seconds SSSD has to wait before refreshing its cache of "
"enumerated records."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:712
+#: sssd-ldap.5.xml:728
msgid "ldap_purge_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:715
+#: sssd-ldap.5.xml:731
msgid ""
"Determine how often to check the cache for inactive entries (such as groups "
"with no members and users who have never logged in) and remove them to save "
@@ -3924,7 +3965,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:721
+#: sssd-ldap.5.xml:737
msgid ""
"Setting this option to zero will disable the cache cleanup operation. Please "
"note that if enumeration is enabled, the cleanup task is required in order "
@@ -3933,43 +3974,43 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:736
+#: sssd-ldap.5.xml:752
msgid "ldap_user_fullname (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:739
+#: sssd-ldap.5.xml:755
msgid "The LDAP attribute that corresponds to the user's full name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:743 sssd-ldap.5.xml:863 sssd-ldap.5.xml:1108
-#: sssd-ldap.5.xml:1182 sssd-ldap.5.xml:2223 sssd-ipa.5.xml:590
+#: sssd-ldap.5.xml:759 sssd-ldap.5.xml:1125 sssd-ldap.5.xml:1199
+#: sssd-ldap.5.xml:2240 sssd-ipa.5.xml:590
msgid "Default: cn"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:749
+#: sssd-ldap.5.xml:765
msgid "ldap_user_member_of (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:752
+#: sssd-ldap.5.xml:768
msgid "The LDAP attribute that lists the user's group memberships."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:756
+#: sssd-ldap.5.xml:772
msgid "Default: memberOf"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:762
+#: sssd-ldap.5.xml:778
msgid "ldap_user_authorized_service (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:765
+#: sssd-ldap.5.xml:781
msgid ""
"If access_provider=ldap and ldap_access_order=authorized_service, SSSD will "
"use the presence of the authorizedService attribute in the user's LDAP entry "
@@ -3977,14 +4018,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:772
+#: sssd-ldap.5.xml:788
msgid ""
"An explicit deny (!svc) is resolved first. Second, SSSD searches for "
"explicit allow (svc) and finally for allow_all (*)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:777
+#: sssd-ldap.5.xml:793
msgid ""
"Please note that the ldap_access_order configuration option <emphasis>must</"
"emphasis> include <quote>authorized_service</quote> in order for the "
@@ -3992,17 +4033,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:784
+#: sssd-ldap.5.xml:800
msgid "Default: authorizedService"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:790
+#: sssd-ldap.5.xml:806
msgid "ldap_user_authorized_host (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:793
+#: sssd-ldap.5.xml:809
msgid ""
"If access_provider=ldap and ldap_access_order=host, SSSD will use the "
"presence of the host attribute in the user's LDAP entry to determine access "
@@ -4010,14 +4051,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:799
+#: sssd-ldap.5.xml:815
msgid ""
"An explicit deny (!host) is resolved first. Second, SSSD searches for "
"explicit allow (host) and finally for allow_all (*)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:804
+#: sssd-ldap.5.xml:820
msgid ""
"Please note that the ldap_access_order configuration option <emphasis>must</"
"emphasis> include <quote>host</quote> in order for the "
@@ -4025,131 +4066,136 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:811
+#: sssd-ldap.5.xml:827
msgid "Default: host"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:817
+#: sssd-ldap.5.xml:833
msgid "ldap_user_certificate (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:820
+#: sssd-ldap.5.xml:836
msgid "Name of the LDAP attribute containing the X509 certificate of the user."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:824
+#: sssd-ldap.5.xml:840
msgid "Default: no set in the general case, userCertificate;binary for IPA"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:831
+#: sssd-ldap.5.xml:847
msgid "ldap_user_email (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:834
+#: sssd-ldap.5.xml:850
msgid "Name of the LDAP attribute containing the email address of the user."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:838
+#: sssd-ldap.5.xml:854
msgid "Default: mail"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:844
+#: sssd-ldap.5.xml:860
msgid "ldap_group_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:847
+#: sssd-ldap.5.xml:863
msgid "The object class of a group entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:850
+#: sssd-ldap.5.xml:866
msgid "Default: posixGroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:856
+#: sssd-ldap.5.xml:872
msgid "ldap_group_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:859
+#: sssd-ldap.5.xml:875
msgid "The LDAP attribute that corresponds to the group name."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:879
+msgid "Default: cn (rfc2307, rfc2307bis and IPA), sAMAccountName (AD)"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:869
+#: sssd-ldap.5.xml:886
msgid "ldap_group_gid_number (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:872
+#: sssd-ldap.5.xml:889
msgid "The LDAP attribute that corresponds to the group's id."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:882
+#: sssd-ldap.5.xml:899
msgid "ldap_group_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:885
+#: sssd-ldap.5.xml:902
msgid "The LDAP attribute that contains the names of the group's members."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:889
+#: sssd-ldap.5.xml:906
msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:895
+#: sssd-ldap.5.xml:912
msgid "ldap_group_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:898
+#: sssd-ldap.5.xml:915
msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:909
+#: sssd-ldap.5.xml:926
msgid "ldap_group_objectsid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:912
+#: sssd-ldap.5.xml:929
msgid ""
"The LDAP attribute that contains the objectSID of an LDAP group object. This "
"is usually only necessary for ActiveDirectory servers."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:924
+#: sssd-ldap.5.xml:941
msgid "ldap_group_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:937
+#: sssd-ldap.5.xml:954
msgid "ldap_group_type (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:940
+#: sssd-ldap.5.xml:957
msgid ""
"The LDAP attribute that contains an integer value indicating the type of the "
"group and maybe other flags."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:945
+#: sssd-ldap.5.xml:962
msgid ""
"This attribute is currently only used by the AD provider to determine if a "
"group is a domain local groups and has to be filtered out for trusted "
@@ -4157,34 +4203,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:951
+#: sssd-ldap.5.xml:968
msgid "Default: groupType in the AD provider, othewise not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:958
+#: sssd-ldap.5.xml:975
msgid "ldap_group_external_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:961
+#: sssd-ldap.5.xml:978
msgid ""
"The LDAP attribute that references group members that are defined in an "
"external domain. At the moment, only IPA's external members are supported."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:967
+#: sssd-ldap.5.xml:984
msgid "Default: ipaExternalMember in the IPA provider, otherwise unset."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:974
+#: sssd-ldap.5.xml:991
msgid "ldap_group_nesting_level (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:977
+#: sssd-ldap.5.xml:994
msgid ""
"If ldap_schema is set to a schema format that supports nested groups (e.g. "
"RFC2307bis), then this option controls how many levels of nesting SSSD will "
@@ -4192,7 +4238,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:984
+#: sssd-ldap.5.xml:1001
msgid ""
"Note: This option specifies the guaranteed level of nested groups to be "
"processed for any lookup. However, nested groups beyond this limit "
@@ -4202,7 +4248,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:993
+#: sssd-ldap.5.xml:1010
msgid ""
"If ldap_group_nesting_level is set to 0 then no nested groups are processed "
"at all. However, when connected to Active-Directory Server 2008 and later "
@@ -4212,17 +4258,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1002
+#: sssd-ldap.5.xml:1019
msgid "Default: 2"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1008
+#: sssd-ldap.5.xml:1025
msgid "ldap_groups_use_matching_rule_in_chain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1011
+#: sssd-ldap.5.xml:1028
msgid ""
"This option tells SSSD to take advantage of an Active Directory-specific "
"feature which may speed up group lookup operations on deployments with "
@@ -4230,14 +4276,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1017
+#: sssd-ldap.5.xml:1034
msgid ""
"In most common cases, it is best to leave this option disabled. It generally "
"only provides a performance increase on very complex nestings."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1022 sssd-ldap.5.xml:1049
+#: sssd-ldap.5.xml:1039 sssd-ldap.5.xml:1066
msgid ""
"If this option is enabled, SSSD will use it if it detects that the server "
"supports it during initial connection. So \"True\" here essentially means "
@@ -4245,7 +4291,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1028 sssd-ldap.5.xml:1055
+#: sssd-ldap.5.xml:1045 sssd-ldap.5.xml:1072
msgid ""
"Note: This feature is currently known to work only with Active Directory "
"2008 R1 and later. See <ulink url=\"http://msdn.microsoft.com/en-us/library/"
@@ -4254,12 +4300,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1040
+#: sssd-ldap.5.xml:1057
msgid "ldap_initgroups_use_matching_rule_in_chain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1043
+#: sssd-ldap.5.xml:1060
msgid ""
"This option tells SSSD to take advantage of an Active Directory-specific "
"feature which might speed up initgroups operations (most notably when "
@@ -4267,168 +4313,168 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1070
+#: sssd-ldap.5.xml:1087
msgid ""
"This options enables or disables use of Token-Groups attribute when "
"performing initgroup for users from Active Directory Server 2008 and later."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1075
+#: sssd-ldap.5.xml:1092
msgid "Default: True for AD and IPA otherwise False."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1081
+#: sssd-ldap.5.xml:1098
msgid "ldap_netgroup_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1084
+#: sssd-ldap.5.xml:1101
msgid "The object class of a netgroup entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1087
+#: sssd-ldap.5.xml:1104
msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1091
+#: sssd-ldap.5.xml:1108
msgid "Default: nisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1097
+#: sssd-ldap.5.xml:1114
msgid "ldap_netgroup_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1100
+#: sssd-ldap.5.xml:1117
msgid "The LDAP attribute that corresponds to the netgroup name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1104
+#: sssd-ldap.5.xml:1121
msgid "In IPA provider, ipa_netgroup_name should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1114
+#: sssd-ldap.5.xml:1131
msgid "ldap_netgroup_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1117
+#: sssd-ldap.5.xml:1134
msgid "The LDAP attribute that contains the names of the netgroup's members."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1121
+#: sssd-ldap.5.xml:1138
msgid "In IPA provider, ipa_netgroup_member should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1125
+#: sssd-ldap.5.xml:1142
msgid "Default: memberNisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1131
+#: sssd-ldap.5.xml:1148
msgid "ldap_netgroup_triple (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1134
+#: sssd-ldap.5.xml:1151
msgid ""
"The LDAP attribute that contains the (host, user, domain) netgroup triples."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1138 sssd-ldap.5.xml:1154
+#: sssd-ldap.5.xml:1155 sssd-ldap.5.xml:1171
msgid "This option is not available in IPA provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1141
+#: sssd-ldap.5.xml:1158
msgid "Default: nisNetgroupTriple"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1147
+#: sssd-ldap.5.xml:1164
msgid "ldap_netgroup_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1163
+#: sssd-ldap.5.xml:1180
msgid "ldap_service_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1166
+#: sssd-ldap.5.xml:1183
msgid "The object class of a service entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1169
+#: sssd-ldap.5.xml:1186
msgid "Default: ipService"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1175
+#: sssd-ldap.5.xml:1192
msgid "ldap_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1178
+#: sssd-ldap.5.xml:1195
msgid ""
"The LDAP attribute that contains the name of service attributes and their "
"aliases."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1188
+#: sssd-ldap.5.xml:1205
msgid "ldap_service_port (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1191
+#: sssd-ldap.5.xml:1208
msgid "The LDAP attribute that contains the port managed by this service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1195
+#: sssd-ldap.5.xml:1212
msgid "Default: ipServicePort"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1201
+#: sssd-ldap.5.xml:1218
msgid "ldap_service_proto (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1204
+#: sssd-ldap.5.xml:1221
msgid ""
"The LDAP attribute that contains the protocols understood by this service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1208
+#: sssd-ldap.5.xml:1225
msgid "Default: ipServiceProtocol"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1214
+#: sssd-ldap.5.xml:1231
msgid "ldap_service_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1219
+#: sssd-ldap.5.xml:1236
msgid "ldap_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1222
+#: sssd-ldap.5.xml:1239
msgid ""
"Specifies the timeout (in seconds) that ldap searches are allowed to run "
"before they are cancelled and cached results are returned (and offline mode "
@@ -4436,7 +4482,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1228
+#: sssd-ldap.5.xml:1245
msgid ""
"Note: this option is subject to change in future versions of the SSSD. It "
"will likely be replaced at some point by a series of timeouts for specific "
@@ -4444,12 +4490,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1240
+#: sssd-ldap.5.xml:1257
msgid "ldap_enumeration_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1243
+#: sssd-ldap.5.xml:1260
msgid ""
"Specifies the timeout (in seconds) that ldap searches for user and group "
"enumerations are allowed to run before they are cancelled and cached results "
@@ -4457,12 +4503,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1256
+#: sssd-ldap.5.xml:1273
msgid "ldap_network_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1259
+#: sssd-ldap.5.xml:1276
msgid ""
"Specifies the timeout (in seconds) after which the <citerefentry> "
"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
@@ -4473,12 +4519,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1282
+#: sssd-ldap.5.xml:1299
msgid "ldap_opt_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1285
+#: sssd-ldap.5.xml:1302
msgid ""
"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
"will abort if no response is received. Also controls the timeout when "
@@ -4487,12 +4533,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1300
+#: sssd-ldap.5.xml:1317
msgid "ldap_connection_expire_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1303
+#: sssd-ldap.5.xml:1320
msgid ""
"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
"maintained. After this time, the connection will be re-established. If used "
@@ -4501,34 +4547,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1311 sssd-ldap.5.xml:2380
+#: sssd-ldap.5.xml:1328 sssd-ldap.5.xml:2397
msgid "Default: 900 (15 minutes)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1317
+#: sssd-ldap.5.xml:1334
msgid "ldap_page_size (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1320
+#: sssd-ldap.5.xml:1337
msgid ""
"Specify the number of records to retrieve from LDAP in a single request. "
"Some LDAP servers enforce a maximum limit per-request."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1325
+#: sssd-ldap.5.xml:1342
msgid "Default: 1000"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1331
+#: sssd-ldap.5.xml:1348
msgid "ldap_disable_paging (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1334
+#: sssd-ldap.5.xml:1351
msgid ""
"Disable the LDAP paging control. This option should be used if the LDAP "
"server reports that it supports the LDAP paging control in its RootDSE but "
@@ -4536,14 +4582,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1340
+#: sssd-ldap.5.xml:1357
msgid ""
"Example: OpenLDAP servers with the paging control module installed on the "
"server but not enabled will report it in the RootDSE but be unable to use it."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1346
+#: sssd-ldap.5.xml:1363
msgid ""
"Example: 389 DS has a bug where it can only support a one paging control at "
"a time on a single connection. On busy clients, this can result in some "
@@ -4551,17 +4597,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1358
+#: sssd-ldap.5.xml:1375
msgid "ldap_disable_range_retrieval (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1361
+#: sssd-ldap.5.xml:1378
msgid "Disable Active Directory range retrieval."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1364
+#: sssd-ldap.5.xml:1381
msgid ""
"Active Directory limits the number of members to be retrieved in a single "
"lookup using the MaxValRange policy (which defaults to 1500 members). If a "
@@ -4571,12 +4617,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1379
+#: sssd-ldap.5.xml:1396
msgid "ldap_sasl_minssf (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1382
+#: sssd-ldap.5.xml:1399
msgid ""
"When communicating with an LDAP server using SASL, specify the minimum "
"security level necessary to establish the connection. The values of this "
@@ -4584,17 +4630,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1388
+#: sssd-ldap.5.xml:1405
msgid "Default: Use the system default (usually specified by ldap.conf)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1395
+#: sssd-ldap.5.xml:1412
msgid "ldap_deref_threshold (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1398
+#: sssd-ldap.5.xml:1415
msgid ""
"Specify the number of group members that must be missing from the internal "
"cache in order to trigger a dereference lookup. If less members are missing, "
@@ -4602,13 +4648,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1404
+#: sssd-ldap.5.xml:1421
msgid ""
"You can turn off dereference lookups completely by setting the value to 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1408
+#: sssd-ldap.5.xml:1425
msgid ""
"A dereference lookup is a means of fetching all group members in a single "
"LDAP call. Different LDAP servers may implement different dereference "
@@ -4617,7 +4663,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1416
+#: sssd-ldap.5.xml:1433
msgid ""
"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
"filter, then the dereference lookup performance enhancement will be disabled "
@@ -4625,26 +4671,26 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1429
+#: sssd-ldap.5.xml:1446
msgid "ldap_tls_reqcert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1432
+#: sssd-ldap.5.xml:1449
msgid ""
"Specifies what checks to perform on server certificates in a TLS session, if "
"any. It can be specified as one of the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1438
+#: sssd-ldap.5.xml:1455
msgid ""
"<emphasis>never</emphasis> = The client will not request or check any server "
"certificate."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1442
+#: sssd-ldap.5.xml:1459
msgid ""
"<emphasis>allow</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -4652,7 +4698,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1449
+#: sssd-ldap.5.xml:1466
msgid ""
"<emphasis>try</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -4660,7 +4706,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1455
+#: sssd-ldap.5.xml:1472
msgid ""
"<emphasis>demand</emphasis> = The server certificate is requested. If no "
"certificate is provided, or a bad certificate is provided, the session is "
@@ -4668,41 +4714,41 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1461
+#: sssd-ldap.5.xml:1478
msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1465
+#: sssd-ldap.5.xml:1482
msgid "Default: hard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1471
+#: sssd-ldap.5.xml:1488
msgid "ldap_tls_cacert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1474
+#: sssd-ldap.5.xml:1491
msgid ""
"Specifies the file that contains certificates for all of the Certificate "
"Authorities that <command>sssd</command> will recognize."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1479 sssd-ldap.5.xml:1497 sssd-ldap.5.xml:1538
+#: sssd-ldap.5.xml:1496 sssd-ldap.5.xml:1514 sssd-ldap.5.xml:1555
msgid ""
"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
"conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1486
+#: sssd-ldap.5.xml:1503
msgid "ldap_tls_cacertdir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1489
+#: sssd-ldap.5.xml:1506
msgid ""
"Specifies the path of a directory that contains Certificate Authority "
"certificates in separate individual files. Typically the file names need to "
@@ -4711,32 +4757,32 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1504
+#: sssd-ldap.5.xml:1521
msgid "ldap_tls_cert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1507
+#: sssd-ldap.5.xml:1524
msgid "Specifies the file that contains the certificate for the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1517
+#: sssd-ldap.5.xml:1534
msgid "ldap_tls_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1520
+#: sssd-ldap.5.xml:1537
msgid "Specifies the file that contains the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1529
+#: sssd-ldap.5.xml:1546
msgid "ldap_tls_cipher_suite (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1532
+#: sssd-ldap.5.xml:1549
msgid ""
"Specifies acceptable cipher suites. Typically this is a colon separated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -4744,24 +4790,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1545
+#: sssd-ldap.5.xml:1562
msgid "ldap_id_use_start_tls (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1548
+#: sssd-ldap.5.xml:1565
msgid ""
"Specifies that the id_provider connection must also use <systemitem class="
"\"protocol\">tls</systemitem> to protect the channel."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1558
+#: sssd-ldap.5.xml:1575
msgid "ldap_id_mapping (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1561
+#: sssd-ldap.5.xml:1578
msgid ""
"Specifies that SSSD should attempt to map user and group IDs from the "
"ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
@@ -4769,17 +4815,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1567
+#: sssd-ldap.5.xml:1584
msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1577
+#: sssd-ldap.5.xml:1594
msgid "ldap_min_id, ldap_max_id (interger)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1580
+#: sssd-ldap.5.xml:1597
msgid ""
"In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
"set to true the allowed ID range for ldap_user_uid_number and "
@@ -4790,29 +4836,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1592
+#: sssd-ldap.5.xml:1609
msgid "Default: not set (both options are set to 0)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1598
+#: sssd-ldap.5.xml:1615
msgid "ldap_sasl_mech (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1601
+#: sssd-ldap.5.xml:1618
msgid ""
"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
"supported."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1611
+#: sssd-ldap.5.xml:1628
msgid "ldap_sasl_authid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1614
+#: sssd-ldap.5.xml:1631
msgid ""
"Specify the SASL authorization id to use. When GSSAPI is used, this "
"represents the Kerberos principal used for authentication to the directory. "
@@ -4821,17 +4867,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1622
+#: sssd-ldap.5.xml:1639
msgid "Default: host/hostname@REALM"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1628
+#: sssd-ldap.5.xml:1645
msgid "ldap_sasl_realm (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1631
+#: sssd-ldap.5.xml:1648
msgid ""
"Specify the SASL realm to use. When not specified, this option defaults to "
"the value of krb5_realm. If the ldap_sasl_authid contains the realm as "
@@ -4839,49 +4885,49 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1637
+#: sssd-ldap.5.xml:1654
msgid "Default: the value of krb5_realm."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1643
+#: sssd-ldap.5.xml:1660
msgid "ldap_sasl_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1646
+#: sssd-ldap.5.xml:1663
msgid ""
"If set to true, the LDAP library would perform a reverse lookup to "
"canonicalize the host name during a SASL bind."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1651
+#: sssd-ldap.5.xml:1668
msgid "Default: false;"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1657
+#: sssd-ldap.5.xml:1674
msgid "ldap_krb5_keytab (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1660
+#: sssd-ldap.5.xml:1677
msgid "Specify the keytab to use when using SASL/GSSAPI."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1663
+#: sssd-ldap.5.xml:1680
msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1669
+#: sssd-ldap.5.xml:1686
msgid "ldap_krb5_init_creds (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1672
+#: sssd-ldap.5.xml:1689
msgid ""
"Specifies that the id_provider should init Kerberos credentials (TGT). This "
"action is performed only if SASL is used and the mechanism selected is "
@@ -4889,27 +4935,27 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1684
+#: sssd-ldap.5.xml:1701
msgid "ldap_krb5_ticket_lifetime (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1687
+#: sssd-ldap.5.xml:1704
msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1691 sssd-ad.5.xml:886
+#: sssd-ldap.5.xml:1708 sssd-ad.5.xml:886
msgid "Default: 86400 (24 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1697 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1714 sssd-krb5.5.xml:74
msgid "krb5_server, krb5_backup_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1700
+#: sssd-ldap.5.xml:1717
msgid ""
"Specifies the comma-separated list of IP addresses or hostnames of the "
"Kerberos servers to which SSSD should connect in the order of preference. "
@@ -4921,7 +4967,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1712 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1729 sssd-krb5.5.xml:89
msgid ""
"When using service discovery for KDC or kpasswd servers, SSSD first searches "
"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -4929,7 +4975,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1717 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1734 sssd-krb5.5.xml:94
msgid ""
"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
"While the legacy name is recognized for the time being, users are advised to "
@@ -4937,39 +4983,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1726 sssd-ipa.5.xml:415 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1743 sssd-ipa.5.xml:415 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1729
+#: sssd-ldap.5.xml:1746
msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1732
+#: sssd-ldap.5.xml:1749
msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1738 sssd-ipa.5.xml:430 sssd-krb5.5.xml:462
+#: sssd-ldap.5.xml:1755 sssd-ipa.5.xml:430 sssd-krb5.5.xml:462
msgid "krb5_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1741
+#: sssd-ldap.5.xml:1758
msgid ""
"Specifies if the host principal should be canonicalized when connecting to "
"LDAP server. This feature is available with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1753 sssd-krb5.5.xml:477
+#: sssd-ldap.5.xml:1770 sssd-krb5.5.xml:477
msgid "krb5_use_kdcinfo (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1756 sssd-krb5.5.xml:480
+#: sssd-ldap.5.xml:1773 sssd-krb5.5.xml:480
msgid ""
"Specifies if the SSSD should instruct the Kerberos libraries what realm and "
"which KDCs to use. This option is on by default, if you disable it, you need "
@@ -4979,7 +5025,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1767 sssd-krb5.5.xml:491
+#: sssd-ldap.5.xml:1784 sssd-krb5.5.xml:491
msgid ""
"See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
@@ -4987,26 +5033,26 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1781
+#: sssd-ldap.5.xml:1798
msgid "ldap_pwd_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1784
+#: sssd-ldap.5.xml:1801
msgid ""
"Select the policy to evaluate the password expiration on the client side. "
"The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1789
+#: sssd-ldap.5.xml:1806
msgid ""
"<emphasis>none</emphasis> - No evaluation on the client side. This option "
"cannot disable server-side password policies."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1794
+#: sssd-ldap.5.xml:1811
msgid ""
"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -5014,7 +5060,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1800
+#: sssd-ldap.5.xml:1817
msgid ""
"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
"to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -5022,31 +5068,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1809
+#: sssd-ldap.5.xml:1826
msgid ""
"<emphasis>Note</emphasis>: if a password policy is configured on server "
"side, it always takes precedence over policy set with this option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1817
+#: sssd-ldap.5.xml:1834
msgid "ldap_referrals (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1820
+#: sssd-ldap.5.xml:1837
msgid "Specifies whether automatic referral chasing should be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1824
+#: sssd-ldap.5.xml:1841
msgid ""
"Please note that sssd only supports referral chasing when it is compiled "
"with OpenLDAP version 2.4.13 or higher."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1829
+#: sssd-ldap.5.xml:1846
msgid ""
"Chasing referrals may incur a performance penalty in environments that use "
"them heavily, a notable example is Microsoft Active Directory. If your setup "
@@ -5055,56 +5101,56 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1843
+#: sssd-ldap.5.xml:1860
msgid "ldap_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1846
+#: sssd-ldap.5.xml:1863
msgid "Specifies the service name to use when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1850
+#: sssd-ldap.5.xml:1867
msgid "Default: ldap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1856
+#: sssd-ldap.5.xml:1873
msgid "ldap_chpass_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1859
+#: sssd-ldap.5.xml:1876
msgid ""
"Specifies the service name to use to find an LDAP server which allows "
"password changes when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1864
+#: sssd-ldap.5.xml:1881
msgid "Default: not set, i.e. service discovery is disabled"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1870
+#: sssd-ldap.5.xml:1887
msgid "ldap_chpass_update_last_change (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1873
+#: sssd-ldap.5.xml:1890
msgid ""
"Specifies whether to update the ldap_user_shadow_last_change attribute with "
"days since the Epoch after a password change operation."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1885
+#: sssd-ldap.5.xml:1902
msgid "ldap_access_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1888
+#: sssd-ldap.5.xml:1905
msgid ""
"If using access_provider = ldap and ldap_access_order = filter (default), "
"this option is mandatory. It specifies an LDAP search filter criteria that "
@@ -5120,12 +5166,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1908
+#: sssd-ldap.5.xml:1925
msgid "Example:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1911
+#: sssd-ldap.5.xml:1928
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -5134,14 +5180,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1915
+#: sssd-ldap.5.xml:1932
msgid ""
"This example means that access to this host is restricted to users whose "
"employeeType attribute is set to \"admin\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1920
+#: sssd-ldap.5.xml:1937
msgid ""
"Offline caching for this feature is limited to determining whether the "
"user's last online login was granted access permission. If they were granted "
@@ -5150,24 +5196,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1928 sssd-ldap.5.xml:1985
+#: sssd-ldap.5.xml:1945 sssd-ldap.5.xml:2002
msgid "Default: Empty"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1934
+#: sssd-ldap.5.xml:1951
msgid "ldap_account_expire_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1937
+#: sssd-ldap.5.xml:1954
msgid ""
"With this option a client side evaluation of access control attributes can "
"be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1941
+#: sssd-ldap.5.xml:1958
msgid ""
"Please note that it is always recommended to use server side access control, "
"i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -5175,19 +5221,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1948
+#: sssd-ldap.5.xml:1965
msgid "The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1951
+#: sssd-ldap.5.xml:1968
msgid ""
"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
"determine if the account is expired."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1956
+#: sssd-ldap.5.xml:1973
msgid ""
"<emphasis>ad</emphasis>: use the value of the 32bit field "
"ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -5196,7 +5242,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1963
+#: sssd-ldap.5.xml:1980
msgid ""
"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
"emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -5204,7 +5250,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1969
+#: sssd-ldap.5.xml:1986
msgid ""
"<emphasis>nds</emphasis>: the values of "
"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -5213,7 +5259,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1978
+#: sssd-ldap.5.xml:1995
msgid ""
"Please note that the ldap_access_order configuration option <emphasis>must</"
"emphasis> include <quote>expire</quote> in order for the "
@@ -5221,22 +5267,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1991
+#: sssd-ldap.5.xml:2008
msgid "ldap_access_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1994
+#: sssd-ldap.5.xml:2011
msgid "Comma separated list of access control options. Allowed values are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1998
+#: sssd-ldap.5.xml:2015
msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2001
+#: sssd-ldap.5.xml:2018
msgid ""
"<emphasis>lockout</emphasis>: use account locking. If set, this option "
"denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -5246,14 +5292,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2011
+#: sssd-ldap.5.xml:2028
msgid ""
"<emphasis> Please note that this option is superseded by the <quote>ppolicy</"
"quote> option and might be removed in a future release. </emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2018
+#: sssd-ldap.5.xml:2035
msgid ""
"<emphasis>ppolicy</emphasis>: use account locking. If set, this option "
"denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -5266,12 +5312,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2035
+#: sssd-ldap.5.xml:2052
msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2039
+#: sssd-ldap.5.xml:2056
msgid ""
"<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, "
"pwd_expire_policy_renew: </emphasis> These options are useful if users are "
@@ -5281,7 +5327,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2049
+#: sssd-ldap.5.xml:2066
msgid ""
"The difference between these options is the action taken if user password is "
"expired: pwd_expire_policy_reject - user is denied to log in, "
@@ -5291,49 +5337,49 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2057
+#: sssd-ldap.5.xml:2074
msgid ""
"Note If user password is expired no explicit message is prompted by SSSD."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2061
+#: sssd-ldap.5.xml:2078
msgid ""
"Please note that 'access_provider = ldap' must be set for this feature to "
"work. Also 'ldap_pwd_policy' must be set to an appropriate password policy."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2066
+#: sssd-ldap.5.xml:2083
msgid ""
"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
"to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2071
+#: sssd-ldap.5.xml:2088
msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2075
+#: sssd-ldap.5.xml:2092
msgid "Default: filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2078
+#: sssd-ldap.5.xml:2095
msgid ""
"Please note that it is a configuration error if a value is used more than "
"once."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2085
+#: sssd-ldap.5.xml:2102
msgid "ldap_pwdlockout_dn (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2088
+#: sssd-ldap.5.xml:2105
msgid ""
"This option specifies the DN of password policy entry on LDAP server. Please "
"note that absence of this option in sssd.conf in case of enabled account "
@@ -5342,74 +5388,74 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2096
+#: sssd-ldap.5.xml:2113
msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2099
+#: sssd-ldap.5.xml:2116
msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2105
+#: sssd-ldap.5.xml:2122
msgid "ldap_deref (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2108
+#: sssd-ldap.5.xml:2125
msgid ""
"Specifies how alias dereferencing is done when performing a search. The "
"following options are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2113
+#: sssd-ldap.5.xml:2130
msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2117
+#: sssd-ldap.5.xml:2134
msgid ""
"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
"the base object, but not in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2122
+#: sssd-ldap.5.xml:2139
msgid ""
"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
"the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2127
+#: sssd-ldap.5.xml:2144
msgid ""
"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
"in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2132
+#: sssd-ldap.5.xml:2149
msgid ""
"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
"client libraries)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2140
+#: sssd-ldap.5.xml:2157
msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2143
+#: sssd-ldap.5.xml:2160
msgid ""
"Allows to retain local users as members of an LDAP group for servers that "
"use the RFC2307 schema."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2147
+#: sssd-ldap.5.xml:2164
msgid ""
"In some environments where the RFC2307 schema is used, local users are made "
"members of LDAP groups by adding their names to the memberUid attribute. "
@@ -5420,7 +5466,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2158
+#: sssd-ldap.5.xml:2175
msgid ""
"This option falls back to checking if local users are referenced, and caches "
"them so that later initgroups() calls will augment the local users with the "
@@ -5428,24 +5474,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2170 sssd-ifp.5.xml:136
+#: sssd-ldap.5.xml:2187 sssd-ifp.5.xml:136
msgid "wildcart_limit (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2173
+#: sssd-ldap.5.xml:2190
msgid ""
"Specifies an upper limit on the number of entries that are downloaded during "
"a wildcard lookup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2177
+#: sssd-ldap.5.xml:2194
msgid "At the moment, only the InfoPipe responder supports wildcard lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2181
+#: sssd-ldap.5.xml:2198
msgid "Default: 1000 (often the size of one page)"
msgstr ""
@@ -5460,12 +5506,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2191
+#: sssd-ldap.5.xml:2208
msgid "SUDO OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2193
+#: sssd-ldap.5.xml:2210
msgid ""
"The detailed instructions for configuration of sudo_provider are in the "
"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -5473,208 +5519,208 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2204
+#: sssd-ldap.5.xml:2221
msgid "ldap_sudorule_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2207
+#: sssd-ldap.5.xml:2224
msgid "The object class of a sudo rule entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2210
+#: sssd-ldap.5.xml:2227
msgid "Default: sudoRole"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2216
+#: sssd-ldap.5.xml:2233
msgid "ldap_sudorule_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2219
+#: sssd-ldap.5.xml:2236
msgid "The LDAP attribute that corresponds to the sudo rule name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2229
+#: sssd-ldap.5.xml:2246
msgid "ldap_sudorule_command (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2232
+#: sssd-ldap.5.xml:2249
msgid "The LDAP attribute that corresponds to the command name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2236
+#: sssd-ldap.5.xml:2253
msgid "Default: sudoCommand"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2242
+#: sssd-ldap.5.xml:2259
msgid "ldap_sudorule_host (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2245
+#: sssd-ldap.5.xml:2262
msgid ""
"The LDAP attribute that corresponds to the host name (or host IP address, "
"host IP network, or host netgroup)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2250
+#: sssd-ldap.5.xml:2267
msgid "Default: sudoHost"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2256
+#: sssd-ldap.5.xml:2273
msgid "ldap_sudorule_user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2259
+#: sssd-ldap.5.xml:2276
msgid ""
"The LDAP attribute that corresponds to the user name (or UID, group name or "
"user's netgroup)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2263
+#: sssd-ldap.5.xml:2280
msgid "Default: sudoUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2269
+#: sssd-ldap.5.xml:2286
msgid "ldap_sudorule_option (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2272
+#: sssd-ldap.5.xml:2289
msgid "The LDAP attribute that corresponds to the sudo options."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2276
+#: sssd-ldap.5.xml:2293
msgid "Default: sudoOption"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2282
+#: sssd-ldap.5.xml:2299
msgid "ldap_sudorule_runasuser (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2285
+#: sssd-ldap.5.xml:2302
msgid ""
"The LDAP attribute that corresponds to the user name that commands may be "
"run as."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2289
+#: sssd-ldap.5.xml:2306
msgid "Default: sudoRunAsUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2295
+#: sssd-ldap.5.xml:2312
msgid "ldap_sudorule_runasgroup (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2298
+#: sssd-ldap.5.xml:2315
msgid ""
"The LDAP attribute that corresponds to the group name or group GID that "
"commands may be run as."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2302
+#: sssd-ldap.5.xml:2319
msgid "Default: sudoRunAsGroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2308
+#: sssd-ldap.5.xml:2325
msgid "ldap_sudorule_notbefore (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2311
+#: sssd-ldap.5.xml:2328
msgid ""
"The LDAP attribute that corresponds to the start date/time for when the sudo "
"rule is valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2315
+#: sssd-ldap.5.xml:2332
msgid "Default: sudoNotBefore"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2321
+#: sssd-ldap.5.xml:2338
msgid "ldap_sudorule_notafter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2324
+#: sssd-ldap.5.xml:2341
msgid ""
"The LDAP attribute that corresponds to the expiration date/time, after which "
"the sudo rule will no longer be valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2329
+#: sssd-ldap.5.xml:2346
msgid "Default: sudoNotAfter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2335
+#: sssd-ldap.5.xml:2352
msgid "ldap_sudorule_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2338
+#: sssd-ldap.5.xml:2355
msgid "The LDAP attribute that corresponds to the ordering index of the rule."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2342
+#: sssd-ldap.5.xml:2359
msgid "Default: sudoOrder"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2348
+#: sssd-ldap.5.xml:2365
msgid "ldap_sudo_full_refresh_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2351
+#: sssd-ldap.5.xml:2368
msgid ""
"How many seconds SSSD will wait between executing a full refresh of sudo "
"rules (which downloads all rules that are stored on the server)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2356
+#: sssd-ldap.5.xml:2373
msgid ""
"The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
"emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2361
+#: sssd-ldap.5.xml:2378
msgid "Default: 21600 (6 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2367
+#: sssd-ldap.5.xml:2384
msgid "ldap_sudo_smart_refresh_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2370
+#: sssd-ldap.5.xml:2387
msgid ""
"How many seconds SSSD has to wait before executing a smart refresh of sudo "
"rules (which downloads all rules that have USN higher than the highest USN "
@@ -5682,101 +5728,101 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2376
+#: sssd-ldap.5.xml:2393
msgid ""
"If USN attributes are not supported by the server, the modifyTimestamp "
"attribute is used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2386
+#: sssd-ldap.5.xml:2403
msgid "ldap_sudo_use_host_filter (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2389
+#: sssd-ldap.5.xml:2406
msgid ""
"If true, SSSD will download only rules that are applicable to this machine "
"(using the IPv4 or IPv6 host/network addresses and hostnames)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2400
+#: sssd-ldap.5.xml:2417
msgid "ldap_sudo_hostnames (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2403
+#: sssd-ldap.5.xml:2420
msgid ""
"Space separated list of hostnames or fully qualified domain names that "
"should be used to filter the rules."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2408
+#: sssd-ldap.5.xml:2425
msgid ""
"If this option is empty, SSSD will try to discover the hostname and the "
"fully qualified domain name automatically."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2413 sssd-ldap.5.xml:2436 sssd-ldap.5.xml:2454
-#: sssd-ldap.5.xml:2472
+#: sssd-ldap.5.xml:2430 sssd-ldap.5.xml:2453 sssd-ldap.5.xml:2471
+#: sssd-ldap.5.xml:2489
msgid ""
"If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
"emphasis> then this option has no effect."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2418 sssd-ldap.5.xml:2441
+#: sssd-ldap.5.xml:2435 sssd-ldap.5.xml:2458
msgid "Default: not specified"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2424
+#: sssd-ldap.5.xml:2441
msgid "ldap_sudo_ip (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2427
+#: sssd-ldap.5.xml:2444
msgid ""
"Space separated list of IPv4 or IPv6 host/network addresses that should be "
"used to filter the rules."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2432
+#: sssd-ldap.5.xml:2449
msgid ""
"If this option is empty, SSSD will try to discover the addresses "
"automatically."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2447
+#: sssd-ldap.5.xml:2464
msgid "ldap_sudo_include_netgroups (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2450
+#: sssd-ldap.5.xml:2467
msgid ""
"If true then SSSD will download every rule that contains a netgroup in "
"sudoHost attribute."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2465
+#: sssd-ldap.5.xml:2482
msgid "ldap_sudo_include_regexp (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2468
+#: sssd-ldap.5.xml:2485
msgid ""
"If true then SSSD will download every rule that contains a wildcard in "
"sudoHost attribute."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2484
+#: sssd-ldap.5.xml:2501
msgid ""
"This manual page only describes attribute name mapping. For detailed "
"explanation of sudo related attribute semantics, see <citerefentry> "
@@ -5785,111 +5831,111 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2494
+#: sssd-ldap.5.xml:2511
msgid "AUTOFS OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2496
+#: sssd-ldap.5.xml:2513
msgid ""
"Some of the defaults for the parameters below are dependent on the LDAP "
"schema."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2502
+#: sssd-ldap.5.xml:2519
msgid "ldap_autofs_map_master_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2505
+#: sssd-ldap.5.xml:2522
msgid "The name of the automount master map in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2508
+#: sssd-ldap.5.xml:2525
msgid "Default: auto.master"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2515
+#: sssd-ldap.5.xml:2532
msgid "ldap_autofs_map_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2518
+#: sssd-ldap.5.xml:2535
msgid "The object class of an automount map entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2521
+#: sssd-ldap.5.xml:2538
msgid "Default: nisMap (rfc2307, autofs_provider=ad), otherwise automountMap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2529
+#: sssd-ldap.5.xml:2546
msgid "ldap_autofs_map_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2532
+#: sssd-ldap.5.xml:2549
msgid "The name of an automount map entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2535
+#: sssd-ldap.5.xml:2552
msgid ""
"Default: nisMapName (rfc2307, autofs_provider=ad), otherwise automountMapName"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2543
+#: sssd-ldap.5.xml:2560
msgid "ldap_autofs_entry_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2546
+#: sssd-ldap.5.xml:2563
msgid ""
"The object class of an automount entry in LDAP. The entry usually "
"corresponds to a mount point."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2551
+#: sssd-ldap.5.xml:2568
msgid "Default: nisObject (rfc2307, autofs_provider=ad), otherwise automount"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2559
+#: sssd-ldap.5.xml:2576
msgid "ldap_autofs_entry_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2562 sssd-ldap.5.xml:2577
+#: sssd-ldap.5.xml:2579 sssd-ldap.5.xml:2594
msgid ""
"The key of an automount entry in LDAP. The entry usually corresponds to a "
"mount point."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2566
+#: sssd-ldap.5.xml:2583
msgid "Default: cn (rfc2307, autofs_provider=ad), otherwise automountKey"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2574
+#: sssd-ldap.5.xml:2591
msgid "ldap_autofs_entry_value (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2581
+#: sssd-ldap.5.xml:2598
msgid ""
"Default: nisMapEntry (rfc2307, autofs_provider=ad), otherwise "
"automountInformation"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2500
+#: sssd-ldap.5.xml:2517
msgid ""
"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
@@ -5898,32 +5944,32 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2592
+#: sssd-ldap.5.xml:2609
msgid "ADVANCED OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2599
+#: sssd-ldap.5.xml:2616
msgid "ldap_netgroup_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2604
+#: sssd-ldap.5.xml:2621
msgid "ldap_user_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2609
+#: sssd-ldap.5.xml:2626
msgid "ldap_group_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><note>
-#: sssd-ldap.5.xml:2614
+#: sssd-ldap.5.xml:2631
msgid "<note>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para>
-#: sssd-ldap.5.xml:2616
+#: sssd-ldap.5.xml:2633
msgid ""
"If the option <quote>ldap_use_tokengroups</quote> is enabled. The searches "
"against Active Directory will not be restricted and return all groups "
@@ -5932,22 +5978,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist>
-#: sssd-ldap.5.xml:2623
+#: sssd-ldap.5.xml:2640
msgid "</note>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2625
+#: sssd-ldap.5.xml:2642
msgid "ldap_sudo_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2630
+#: sssd-ldap.5.xml:2647
msgid "ldap_autofs_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2594
+#: sssd-ldap.5.xml:2611
msgid ""
"These options are supported by LDAP domains, but they should be used with "
"caution. Please include them in your configuration only if you know what you "
@@ -5956,7 +6002,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2647
+#: sssd-ldap.5.xml:2664
msgid ""
"The following example assumes that SSSD is correctly configured and LDAP is "
"set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -5964,7 +6010,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2653
+#: sssd-ldap.5.xml:2670
#, no-wrap
msgid ""
"[domain/LDAP]\n"
@@ -5977,26 +6023,26 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: sssd-ldap.5.xml:2652 sssd-ldap.5.xml:2670 sssd-simple.5.xml:139
+#: sssd-ldap.5.xml:2669 sssd-ldap.5.xml:2687 sssd-simple.5.xml:139
#: sssd-ipa.5.xml:725 sssd-ad.5.xml:1000 sssd-sudo.5.xml:56 sssd-sudo.5.xml:98
#: sssd-krb5.5.xml:579 include/ldap_id_mapping.xml:105
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2664
+#: sssd-ldap.5.xml:2681
msgid "LDAP ACCESS FILTER EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2666
+#: sssd-ldap.5.xml:2683
msgid ""
"The following example assumes that SSSD is correctly configured and to use "
"the ldap_access_order=lockout."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2671
+#: sssd-ldap.5.xml:2688
#, no-wrap
msgid ""
"[domain/LDAP]\n"
@@ -6012,13 +6058,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2686 sssd_krb5_locator_plugin.8.xml:61
-#: sssd-simple.5.xml:148 sssd-ad.5.xml:1015 sssd.8.xml:206 sss_seed.8.xml:163
+#: sssd-ldap.5.xml:2703 sssd_krb5_locator_plugin.8.xml:61 sssd-simple.5.xml:148
+#: sssd-ad.5.xml:1015 sssd.8.xml:195 sss_seed.8.xml:163
msgid "NOTES"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2688
+#: sssd-ldap.5.xml:2705
msgid ""
"The descriptions of some of the configuration options in this manual page "
"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -8304,18 +8350,20 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-sudo.5.xml:112
msgid ""
-"When the SSSD is configured to use IPA as the ID provider, the sudo provider "
-"is automatically enabled. The sudo search base is configured to use the "
-"compat tree (ou=sudoers,$DC)."
+"When SSSD is configured to use IPA as the ID provider, the sudo provider is "
+"automatically enabled. The sudo search base is configured to use the IPA "
+"native LDAP tree (cn=sudo,$SUFFIX). If any other search base is defined in "
+"sssd.conf, this value will be used instead. The compat tree (ou=sudoers,"
+"$SUFFIX) is no longer required for IPA sudo functionality."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-sudo.5.xml:119
+#: sssd-sudo.5.xml:122
msgid "The SUDO rule caching mechanism"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:121
+#: sssd-sudo.5.xml:124
msgid ""
"The biggest challenge, when developing sudo support in SSSD, was to ensure "
"that running sudo with SSSD as the data source provides the same user "
@@ -8326,7 +8374,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:129
+#: sssd-sudo.5.xml:132
msgid ""
"The <emphasis>smart refresh</emphasis> periodically downloads rules that are "
"new or were modified after the last update. Its primary goal is to keep the "
@@ -8335,7 +8383,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:135
+#: sssd-sudo.5.xml:138
msgid ""
"The <emphasis>full refresh</emphasis> simply deletes all sudo rules stored "
"in the cache and replaces them with all rules that are stored on the server. "
@@ -8346,7 +8394,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:143
+#: sssd-sudo.5.xml:146
msgid ""
"The <emphasis>rules refresh</emphasis> ensures that we do not grant the user "
"more permission than defined. It is triggered each time the user runs sudo. "
@@ -8357,7 +8405,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:152
+#: sssd-sudo.5.xml:155
msgid ""
"If enabled, SSSD will store only rules that can be applied to this machine. "
"This means rules that contain one of the following values in "
@@ -8365,37 +8413,37 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
-#: sssd-sudo.5.xml:159
+#: sssd-sudo.5.xml:162
msgid "keyword ALL"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
-#: sssd-sudo.5.xml:164
+#: sssd-sudo.5.xml:167
msgid "wildcard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
-#: sssd-sudo.5.xml:169
+#: sssd-sudo.5.xml:172
msgid "netgroup (in the form \"+netgroup\")"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
-#: sssd-sudo.5.xml:174
+#: sssd-sudo.5.xml:177
msgid "hostname or fully qualified domain name of this machine"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
-#: sssd-sudo.5.xml:179
+#: sssd-sudo.5.xml:182
msgid "one of the IP addresses of this machine"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
-#: sssd-sudo.5.xml:184
+#: sssd-sudo.5.xml:187
msgid "one of the IP addresses of the network (in the form \"address/mask\")"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-sudo.5.xml:190
+#: sssd-sudo.5.xml:193
msgid ""
"There are many configuration options that can be used to adjust the "
"behavior. Please refer to \"ldap_sudo_*\" in <citerefentry> "
@@ -8505,24 +8553,12 @@ msgid "Run in the foreground, don't become a daemon."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:117
-msgid "<option>--disable-netlink</option>"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:121
-msgid ""
-"sssd will ignore Netlink changes when making decisions about resetting "
-"online and offline operational status."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:128 sss_debuglevel.8.xml:42
+#: sssd.8.xml:117 sss_debuglevel.8.xml:42
msgid "<option>-c</option>,<option>--config</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:132 sss_debuglevel.8.xml:46
+#: sssd.8.xml:121 sss_debuglevel.8.xml:46
msgid ""
"Specify a non-default config file. The default is <filename>/etc/sssd/sssd."
"conf</filename>. For reference on the config file syntax and options, "
@@ -8531,39 +8567,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:146
+#: sssd.8.xml:135
msgid "<option>--version</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:150
+#: sssd.8.xml:139
msgid "Print version number and exit."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.8.xml:158
+#: sssd.8.xml:147
msgid "Signals"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:161
+#: sssd.8.xml:150
msgid "SIGTERM/SIGINT"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:164
+#: sssd.8.xml:153
msgid ""
"Informs the SSSD to gracefully terminate all of its child processes and then "
"shut down the monitor."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:170
+#: sssd.8.xml:159
msgid "SIGHUP"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:173
+#: sssd.8.xml:162
msgid ""
"Tells the SSSD to stop writing to its current debug file descriptors and to "
"close and reopen them. This is meant to facilitate log rolling with programs "
@@ -8571,12 +8607,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:181
+#: sssd.8.xml:170
msgid "SIGUSR1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:184
+#: sssd.8.xml:173
msgid ""
"Tells the SSSD to simulate offline operation for the duration of the "
"<quote>offline_timeout</quote> parameter. This is useful for testing. The "
@@ -8585,12 +8621,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:193
+#: sssd.8.xml:182
msgid "SIGUSR2"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:196
+#: sssd.8.xml:185
msgid ""
"Tells the SSSD to go online immediately. This is useful for testing. The "
"signal can be sent to either the sssd process or any sssd_be process "
@@ -8598,7 +8634,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.8.xml:208
+#: sssd.8.xml:197
msgid ""
"If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client "
"applications will not use the fast in memory cache."
@@ -9949,194 +9985,195 @@ msgstr ""
msgid ""
"<command>sss_cache</command> invalidates records in SSSD cache. Invalidated "
"records are forced to be reloaded from server as soon as related SSSD "
-"backend is online."
+"backend is online. Options that invalidate a single object only accept a "
+"single provided argument."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_cache.8.xml:42
+#: sss_cache.8.xml:43
msgid "<option>-E</option>,<option>--everything</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_cache.8.xml:46
+#: sss_cache.8.xml:47
msgid "Invalidate all cached entries."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_cache.8.xml:52
+#: sss_cache.8.xml:53
msgid ""
"<option>-u</option>,<option>--user</option> <replaceable>login</replaceable>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_cache.8.xml:57
+#: sss_cache.8.xml:58
msgid "Invalidate specific user."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_cache.8.xml:63
+#: sss_cache.8.xml:64
msgid "<option>-U</option>,<option>--users</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_cache.8.xml:67
+#: sss_cache.8.xml:68
msgid ""
"Invalidate all user records. This option overrides invalidation of specific "
"user if it was also set."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_cache.8.xml:74
+#: sss_cache.8.xml:75
msgid ""
"<option>-g</option>,<option>--group</option> <replaceable>group</replaceable>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_cache.8.xml:79
+#: sss_cache.8.xml:80
msgid "Invalidate specific group."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_cache.8.xml:85
+#: sss_cache.8.xml:86
msgid "<option>-G</option>,<option>--groups</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_cache.8.xml:89
+#: sss_cache.8.xml:90
msgid ""
"Invalidate all group records. This option overrides invalidation of specific "
"group if it was also set."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_cache.8.xml:96
+#: sss_cache.8.xml:97
msgid ""
"<option>-n</option>,<option>--netgroup</option> <replaceable>netgroup</"
"replaceable>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_cache.8.xml:101
+#: sss_cache.8.xml:102
msgid "Invalidate specific netgroup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_cache.8.xml:107
+#: sss_cache.8.xml:108
msgid "<option>-N</option>,<option>--netgroups</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_cache.8.xml:111
+#: sss_cache.8.xml:112
msgid ""
"Invalidate all netgroup records. This option overrides invalidation of "
"specific netgroup if it was also set."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_cache.8.xml:118
+#: sss_cache.8.xml:119
msgid ""
"<option>-s</option>,<option>--service</option> <replaceable>service</"
"replaceable>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_cache.8.xml:123
+#: sss_cache.8.xml:124
msgid "Invalidate specific service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_cache.8.xml:129
+#: sss_cache.8.xml:130
msgid "<option>-S</option>,<option>--services</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_cache.8.xml:133
+#: sss_cache.8.xml:134
msgid ""
"Invalidate all service records. This option overrides invalidation of "
"specific service if it was also set."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_cache.8.xml:140
+#: sss_cache.8.xml:141
msgid ""
"<option>-a</option>,<option>--autofs-map</option> <replaceable>autofs-map</"
"replaceable>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_cache.8.xml:145
+#: sss_cache.8.xml:146
msgid "Invalidate specific autofs maps."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_cache.8.xml:151
+#: sss_cache.8.xml:152
msgid "<option>-A</option>,<option>--autofs-maps</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_cache.8.xml:155
+#: sss_cache.8.xml:156
msgid ""
"Invalidate all autofs maps. This option overrides invalidation of specific "
"map if it was also set."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_cache.8.xml:162
+#: sss_cache.8.xml:163
msgid ""
"<option>-h</option>,<option>--ssh-host</option> <replaceable>hostname</"
"replaceable>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_cache.8.xml:167
+#: sss_cache.8.xml:168
msgid "Invalidate SSH public keys of a specific host."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_cache.8.xml:173
+#: sss_cache.8.xml:174
msgid "<option>-H</option>,<option>--ssh-hosts</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_cache.8.xml:177
+#: sss_cache.8.xml:178
msgid ""
"Invalidate SSH public keys of all hosts. This option overrides invalidation "
"of SSH public keys of specific host if it was also set."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_cache.8.xml:185
+#: sss_cache.8.xml:186
msgid ""
"<option>-r</option>,<option>--sudo-rule</option> <replaceable>rule</"
"replaceable>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_cache.8.xml:190
+#: sss_cache.8.xml:191
msgid "Invalidate particular sudo rule."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_cache.8.xml:196
+#: sss_cache.8.xml:197
msgid "<option>-R</option>,<option>--sudo-rules</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_cache.8.xml:200
+#: sss_cache.8.xml:201
msgid ""
"Invalidate all cached sudo rules. This option overrides invalidation of "
"specific sudo rule if it was also set."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_cache.8.xml:208
+#: sss_cache.8.xml:209
msgid ""
"<option>-d</option>,<option>--domain</option> <replaceable>domain</"
"replaceable>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_cache.8.xml:213
+#: sss_cache.8.xml:214
msgid "Restrict invalidation process only to a particular domain."
msgstr ""
@@ -10825,6 +10862,587 @@ msgid ""
"help</command>."
msgstr ""
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-secrets.5.xml:10 sssd-secrets.5.xml:16
+msgid "sssd-secrets"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-secrets.5.xml:17
+msgid "SSSD Secrets responder"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-secrets.5.xml:23
+msgid ""
+"This manual page describes the configuration of the Secrets responder for "
+"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
+"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE "
+"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</"
+"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-secrets.5.xml:36
+msgid ""
+"Many system and user applications need to store private information such as "
+"passwords or service keys and have no good way to properly deal with them. "
+"The simple approach is to embed these <quote>secrets</quote> into "
+"configuration files potentially ending up exposing sensitive key material to "
+"backups, config management system and in general making it harder to secure "
+"data."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-secrets.5.xml:45
+msgid ""
+"The <ulink url=\"https://github.com/latchset/custodia\">custodia</ulink> "
+"project was born to deal with this problem in cloud like environments, but "
+"we found the idea compelling even at a single system level. As a security "
+"service, SSSD is ideal to host this capability while offering the same API "
+"via a Unix Socket. This will make it possible to use local calls and have "
+"them transparently routed to a local or a remote key management store like "
+"IPA Vault for storage, escrow and recovery."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-secrets.5.xml:55
+msgid ""
+"The secrets are simple key-value pairs. Each user's secrets are namespaced "
+"using their user ID, which means the secrets will never collide between "
+"users. Secrets can be stored inside <quote>containers</quote> which can be "
+"nested."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd-secrets.5.xml:63
+msgid "USING THE SECRETS RESPONDER"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-secrets.5.xml:65
+msgid ""
+"The UNIX socket the SSSD responder listens on is located at <filename>/var/"
+"run/secrets.socket</filename>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-secrets.5.xml:84
+#, no-wrap
+msgid ""
+"systemctl start sssd-secrets.socket\n"
+"systemctl enable sssd-secrets.socket\n"
+"systemctl enable sssd-secrets.service\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-secrets.5.xml:69
+msgid ""
+"The secrets responder is socket-activated by <citerefentry> "
+"<refentrytitle>systemd</refentrytitle> <manvolnum>1</manvolnum> </"
+"citerefentry>. Unlike other SSSD responders, it cannot be started by adding "
+"the <quote>secrets</quote> string to the <quote>service</quote> directive. "
+"The systemd socket unit is called <quote>sssd-secrets.socket</quote> and the "
+"corresponding service file is called <quote>sssd-secrets.service</quote>. In "
+"order for the service to be socket-activated, make sure the socket is "
+"enabled and active and the service is enabled: <placeholder type="
+"\"programlisting\" id=\"0\"/> Please note your distribution may already "
+"configure the units for you."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-secrets.5.xml:96
+msgid ""
+"The generic SSSD responder options such as <quote>debug_level</quote> or "
+"<quote>fd_limit</quote> are accepted by the secrets responder. Please refer "
+"to the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> manual page for a complete list. In addition, "
+"there are some secrets-specific options as well."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd-secrets.5.xml:107
+msgid "provider (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-secrets.5.xml:120
+msgid "local"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:123
+msgid ""
+"The secrets are stored in a local database, encrypted at rest with a master "
+"key. The local provider does not have any additional config options at the "
+"moment."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-secrets.5.xml:131
+msgid "proxy"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:134
+msgid ""
+"The secrets responder forwards the requests to a Custodia server. The proxy "
+"provider supports several additional options (see below)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:110
+msgid ""
+"This option specifies where should the secrets be stored. The secrets "
+"responder can configure a per-user subsections that define which provider "
+"store the secrets for this particular user. The per-user subsections should "
+"contain all options for that user's provider. If a per-user section does not "
+"exist, the global settings from the secret responder's section are used. "
+"The following providers are supported: <placeholder type=\"variablelist\" id="
+"\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:143
+msgid "Default: local"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd-secrets.5.xml:148
+msgid "containers_nest_level (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:151
+msgid "This option specifies the maximum allowed number of nested containers."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:155
+msgid "Default: 4"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd-secrets.5.xml:160
+msgid "max_secrets (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:163
+msgid "This option specifies the maximum number of secrets that can be stored."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:167
+msgid "Default: 1024"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-secrets.5.xml:173
+msgid ""
+"The following options are only applicable for configurations that use the "
+"<quote>proxy</quote> provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd-secrets.5.xml:178
+msgid "proxy_url (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:181
+msgid ""
+"The URL the Custodia server is listening on. At the moment, http and https "
+"protocols are supported."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:188
+msgid "http[s]://&lt;host&gt;[:port]"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:191
+msgid "Example: http://localhost:8080"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd-secrets.5.xml:196
+msgid "auth_type (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:199
+msgid ""
+"The method to use when authenticating to a Custodia server. The following "
+"authentication methods are supported:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><variablelist><varlistentry><term>
+#: sssd-secrets.5.xml:204
+msgid "basic_auth"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:207
+msgid ""
+"Authenticate with a username and a password as set in the <quote>username</"
+"quote> and <quote>password</quote> options."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><variablelist><varlistentry><term>
+#: sssd-secrets.5.xml:214
+msgid "header"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:217
+msgid ""
+"Authenticate with HTTP header value as defined in the "
+"<quote>auth_header_name</quote> and <quote>auth_header_value</quote> "
+"configuration options."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd-secrets.5.xml:228
+msgid "auth_header_name (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:231
+msgid ""
+"If set, the secrets responder would put a header with this name into the "
+"HTTP request with the value defined in the <quote>auth_header_value</quote> "
+"configuration option."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:236
+msgid "Example: MYSECRETNAME"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd-secrets.5.xml:241
+msgid "auth_header_value (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:244
+msgid ""
+"The value sssd-secrets would use for the <quote>auth_header_name</quote>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:248
+msgid "Example: mysecret"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd-secrets.5.xml:253
+msgid "forward_headers (list of strings)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:256
+msgid ""
+"The list of HTTP headers to forward to the Custodia server together with the "
+"request."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd-secrets.5.xml:267
+msgid "USING THE REST API"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-secrets.5.xml:269
+msgid ""
+"This section lists the available commands and includes examples using the "
+"<citerefentry> <refentrytitle>curl</refentrytitle> <manvolnum>1</manvolnum> "
+"</citerefentry> utility. All requests towards the proxy provider must set "
+"the Content Type header to <quote>application/json</quote>. In addition, the "
+"local provider also supports Content Type set to <quote>application/octet-"
+"stream</quote>. Secrets stored with requests that set the Content Type "
+"header to <quote>application/octet-stream</quote> are base64-encoded when "
+"stored and decoded when retrieved, so it's not possible to store a secret "
+"with one Content Type and retrieve with another. The secret URI must begin "
+"with <filename>/secrets/</filename>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd-secrets.5.xml:286
+msgid "Listing secrets"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:289
+msgid ""
+"To list the available secrets, send a HTTP GET request with a trailing slash "
+"appended to the container path."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd-secrets.5.xml:295
+#, no-wrap
+msgid ""
+"curl -H \"Content-Type: application/json\" \\\n"
+" --unix-socket /var/run/secrets.socket \\\n"
+" -XGET http://localhost/secrets/\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd-secrets.5.xml:303
+msgid "Retrieving a secret"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:306
+msgid ""
+"To read a value of a single secret, send a HTTP GET request without a "
+"trailing slash. The last portion of the URI is the name of the secret."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd-secrets.5.xml:313
+#, no-wrap
+msgid ""
+"curl -H \"Content-Type: application/json\" \\\n"
+" --unix-socket /var/run/secrets.socket \\\n"
+" -XGET http://localhost/secrets/foo\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd-secrets.5.xml:318
+#, no-wrap
+msgid ""
+"curl -H \"Content-Type: application/octet-stream\" \\\n"
+" --unix-socket /var/run/secrets.socket \\\n"
+" -XGET http://localhost/secrets/bar\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:311
+msgid ""
+"Examples: <placeholder type=\"programlisting\" id=\"0\"/> <placeholder type="
+"\"programlisting\" id=\"1\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd-secrets.5.xml:326
+msgid "Setting a secret"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:329
+msgid ""
+"To set a secret using the <quote>application/json</quote> type, send a HTTP "
+"PUT request with a JSON payload that includes type and value. The type "
+"should be set to \"simple\" and the value should be set to the secret value. "
+"If a secret with that name already exists, the response is a 409 HTTP error."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:337
+msgid ""
+"The <quote>application/json</quote> type just sends the secret as the "
+"message payload."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd-secrets.5.xml:346
+#, no-wrap
+msgid ""
+"curl -H \"Content-Type: application/json\" \\\n"
+" --unix-socket /var/run/secrets.socket \\\n"
+" -XPUT http://localhost/secrets/foo \\\n"
+" -d'{\"type\":\"simple\",\"value\":\"foosecret\"}'\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd-secrets.5.xml:352
+#, no-wrap
+msgid ""
+"curl -H \"Content-Type: application/octet-stream\" \\\n"
+" --unix-socket /var/run/secrets.socket \\\n"
+" -XPUT http://localhost/secrets/bar \\\n"
+" -d'barsecret'\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:341
+msgid ""
+"The following example sets a secret named 'foo' to a value of 'foosecret' "
+"and a secret named 'bar' to a value of 'barsecret' using a different Content "
+"Type. <placeholder type=\"programlisting\" id=\"0\"/> <placeholder type="
+"\"programlisting\" id=\"1\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd-secrets.5.xml:361
+msgid "Creating a container"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:364
+msgid ""
+"Containers provide an additional namespace for this user's secrets. To "
+"create a container, send a HTTP POST request, whose URI ends with the "
+"container name. Please note the URI must end with a trailing slash."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd-secrets.5.xml:374
+#, no-wrap
+msgid ""
+"curl -H \"Content-Type: application/json\" \\\n"
+" --unix-socket /var/run/secrets.socket \\\n"
+" -XPOST http://localhost/secrets/mycontainer/\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:371
+msgid ""
+"The following example creates a container named 'mycontainer': <placeholder "
+"type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd-secrets.5.xml:383
+#, no-wrap
+msgid ""
+"http://localhost/secrets/mycontainer/mysecret\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:380
+msgid ""
+"To manipulate secrets under this container, just nest the secrets underneath "
+"the container path: <placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd-secrets.5.xml:389
+msgid "Deleting a secret or a container"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:392
+msgid ""
+"To delete a secret or a container, send a HTTP DELETE request with a path to "
+"the secret or the container."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
+#: sssd-secrets.5.xml:398
+#, no-wrap
+msgid ""
+"curl -H \"Content-Type: application/json\" \\\n"
+" --unix-socket /var/run/secrets.socket \\\n"
+" -XDELETE http://localhost/secrets/foo\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:396
+msgid ""
+"The following example deletes a secret named 'foo'. <placeholder type="
+"\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd-secrets.5.xml:408
+msgid "EXAMPLE CUSTODIA AND PROXY PROVIDER CONFIGURATION"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-secrets.5.xml:410
+msgid ""
+"For testing the proxy provider, you need to set up a Custodia server to "
+"proxy requests to. Please always consult the Custodia documentation, the "
+"configuration directives might change with different Custodia versions."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-secrets.5.xml:421
+#, no-wrap
+msgid ""
+"[global]\n"
+"server_version = \"Secret/0.0.7\"\n"
+"server_url = http://localhost:8080/\n"
+"auditlog = /var/log/custodia.log\n"
+"debug = True\n"
+"\n"
+"[store:simple]\n"
+"handler = custodia.store.sqlite.SqliteStore\n"
+"dburi = /var/lib/custodia.db\n"
+"table = secrets\n"
+"\n"
+"[auth:header]\n"
+"handler = custodia.httpd.authenticators.SimpleHeaderAuth\n"
+"header = MYSECRETNAME\n"
+"value = mysecretkey\n"
+"\n"
+"[authz:paths]\n"
+"handler = custodia.httpd.authorizers.SimplePathAuthz\n"
+"paths = /secrets\n"
+"\n"
+"[/]\n"
+"handler = custodia.root.Root\n"
+"store = simple\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-secrets.5.xml:415
+msgid ""
+"This configuration will set up a Custodia server listening on http://"
+"localhost:8080, allowing anyone with header named MYSECRETNAME set to "
+"mysecretkey to communicate with the Custodia server. Place the contents "
+"into a file (for example, <replaceable>custodia.conf</replaceable>): "
+"<placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-secrets.5.xml:447
+msgid ""
+"Then run the <replaceable>custodia</replaceable> command, pointing it at the "
+"config file as a command line argument."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-secrets.5.xml:451
+msgid ""
+"Please note that currently it's not possible to proxy all requests globally "
+"to a Custodia instance. Instead, per-user subsections for user IDs that "
+"should proxy requests to Custodia must be defined. The following example "
+"illustrates a configuration, where the user with UID 123 would proxy their "
+"requests to Custodia, but all other user's requests would be handled by a "
+"local provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><programlisting>
+#: sssd-secrets.5.xml:459
+#, no-wrap
+msgid ""
+"[secrets]\n"
+"\n"
+"[secrets/users/123]\n"
+"provider = proxy\n"
+"proxy_url = http://localhost:8080/secrets/\n"
+"auth_type = header\n"
+"auth_header_name = MYSECRETNAME\n"
+"auth_header_value = mysecretkey\n"
+" "
+msgstr ""
+
#. type: Content of: <refsect1><title>
#: include/service_discovery.xml:2
msgid "SERVICE DISCOVERY"
@@ -11101,8 +11719,8 @@ msgstr ""
#: include/ldap_id_mapping.xml:111
msgid ""
"The default configuration results in configuring 10,000 slices, each capable "
-"of holding up to 200,000 IDs, starting from 10,001 and going up to "
-"2,000,100,000. This should be sufficient for most deployments."
+"of holding up to 200,000 IDs, starting from 200,000 and going up to "
+"2,000,200,000. This should be sufficient for most deployments."
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><title>
@@ -11362,7 +11980,7 @@ msgid "<option>-h</option>,<option>--help</option>"
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:3
+#: include/debug_levels.xml:3 include/debug_levels_tools.xml:3
msgid ""
"SSSD supports two representations for specifying the debug level. The "
"simplest is to specify a decimal value from 0-9, which represents enabling "
@@ -11392,12 +12010,12 @@ msgid ""
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:29
+#: include/debug_levels.xml:29 include/debug_levels_tools.xml:10
msgid "Currently supported debug levels:"
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:32
+#: include/debug_levels.xml:32 include/debug_levels_tools.xml:13
msgid ""
"<emphasis>0</emphasis>, <emphasis>0x0010</emphasis>: Fatal failures. "
"Anything that would prevent SSSD from starting up or causes it to cease "
@@ -11405,96 +12023,96 @@ msgid ""
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:38
+#: include/debug_levels.xml:38 include/debug_levels_tools.xml:19
msgid ""
"<emphasis>1</emphasis>, <emphasis>0x0020</emphasis>: Critical failures. An "
-"error that doesn't kill the SSSD, but one that indicates that at least one "
-"major feature is not going to work properly."
+"error that doesn't kill SSSD, but one that indicates that at least one major "
+"feature is not going to work properly."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:45
+#: include/debug_levels.xml:45 include/debug_levels_tools.xml:26
msgid ""
"<emphasis>2</emphasis>, <emphasis>0x0040</emphasis>: Serious failures. An "
"error announcing that a particular request or operation has failed."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:50
+#: include/debug_levels.xml:50 include/debug_levels_tools.xml:31
msgid ""
"<emphasis>3</emphasis>, <emphasis>0x0080</emphasis>: Minor failures. These "
"are the errors that would percolate down to cause the operation failure of 2."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:55
+#: include/debug_levels.xml:55 include/debug_levels_tools.xml:36
msgid ""
"<emphasis>4</emphasis>, <emphasis>0x0100</emphasis>: Configuration settings."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:59
+#: include/debug_levels.xml:59 include/debug_levels_tools.xml:40
msgid "<emphasis>5</emphasis>, <emphasis>0x0200</emphasis>: Function data."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:63
+#: include/debug_levels.xml:63 include/debug_levels_tools.xml:44
msgid ""
"<emphasis>6</emphasis>, <emphasis>0x0400</emphasis>: Trace messages for "
"operation functions."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:67
+#: include/debug_levels.xml:67 include/debug_levels_tools.xml:48
msgid ""
"<emphasis>7</emphasis>, <emphasis>0x1000</emphasis>: Trace messages for "
"internal control functions."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:72
+#: include/debug_levels.xml:72 include/debug_levels_tools.xml:53
msgid ""
"<emphasis>8</emphasis>, <emphasis>0x2000</emphasis>: Contents of function-"
"internal variables that may be interesting."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:77
+#: include/debug_levels.xml:77 include/debug_levels_tools.xml:58
msgid ""
"<emphasis>9</emphasis>, <emphasis>0x4000</emphasis>: Extremely low-level "
"tracing information."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:81
+#: include/debug_levels.xml:81 include/debug_levels_tools.xml:62
msgid ""
"To log required bitmask debug levels, simply add their numbers together as "
"shown in following examples:"
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:85
+#: include/debug_levels.xml:85 include/debug_levels_tools.xml:66
msgid ""
"<emphasis>Example</emphasis>: To log fatal failures, critical failures, "
"serious failures and function data use 0x0270."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:89
+#: include/debug_levels.xml:89 include/debug_levels_tools.xml:70
msgid ""
"<emphasis>Example</emphasis>: To log fatal failures, configuration settings, "
"function data, trace messages for internal control functions use 0x1310."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:94
+#: include/debug_levels.xml:94 include/debug_levels_tools.xml:75
msgid ""
"<emphasis>Note</emphasis>: The bitmask format of debug levels was introduced "
"in 1.7.0."
msgstr ""
#. type: Content of: <listitem><para>
-#: include/debug_levels.xml:98
+#: include/debug_levels.xml:98 include/debug_levels_tools.xml:79
msgid "<emphasis>Default</emphasis>: 0"
msgstr ""
generated by cgit (git 2.34.1) at 2024-05-19 15:57:02 +0000