summaryrefslogtreecommitdiffstats
path: root/src/man/po/pt_BR.po
diff options
context:
space:
mode:
Diffstat (limited to 'src/man/po/pt_BR.po')
-rw-r--r--src/man/po/pt_BR.po3129
1 files changed, 2010 insertions, 1119 deletions
diff --git a/src/man/po/pt_BR.po b/src/man/po/pt_BR.po
index 483bd5637..c3aea7c32 100644
--- a/src/man/po/pt_BR.po
+++ b/src/man/po/pt_BR.po
@@ -2,9 +2,9 @@
# Rodrigo de Araujo Sousa Fonseca <rodrigodearaujo@fedoraproject.org>, 2017. #zanata
msgid ""
msgstr ""
-"Project-Id-Version: sssd-docs 1.12.90\n"
+"Project-Id-Version: sssd-docs 1.15.3\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2017-07-25 11:51+0200\n"
+"POT-Creation-Date: 2017-10-20 16:15+0200\n"
"PO-Revision-Date: 2017-01-29 10:11-0500\n"
"Last-Translator: Rodrigo de Araujo Sousa Fonseca "
"<rodrigodearaujo@fedoraproject.org>\n"
@@ -26,7 +26,8 @@ msgstr ""
#: sss_cache.8.xml:5 sss_debuglevel.8.xml:5 sss_seed.8.xml:5 sssd-ifp.5.xml:5
#: sss_rpcidmapd.5.xml:5 sss_ssh_authorizedkeys.1.xml:5
#: sss_ssh_knownhostsproxy.1.xml:5 idmap_sss.8.xml:5 sssctl.8.xml:5
-#: sssd-files.5.xml:5 sssd-secrets.5.xml:5 sssd-kcm.8.xml:5
+#: sssd-files.5.xml:5 sssd-secrets.5.xml:5 sssd-session-recording.5.xml:5
+#: sssd-kcm.8.xml:5 sssd-systemtap.5.xml:5
msgid "SSSD Manual pages"
msgstr ""
@@ -68,7 +69,8 @@ msgstr ""
#: sss_cache.8.xml:29 sss_debuglevel.8.xml:30 sss_seed.8.xml:31
#: sssd-ifp.5.xml:21 sss_ssh_authorizedkeys.1.xml:30
#: sss_ssh_knownhostsproxy.1.xml:31 idmap_sss.8.xml:20 sssctl.8.xml:30
-#: sssd-files.5.xml:21 sssd-secrets.5.xml:21 sssd-kcm.8.xml:21
+#: sssd-files.5.xml:21 sssd-secrets.5.xml:21 sssd-session-recording.5.xml:21
+#: sssd-kcm.8.xml:21 sssd-systemtap.5.xml:21
msgid "DESCRIPTION"
msgstr "DESCRIÇÃO"
@@ -83,8 +85,8 @@ msgstr ""
#: sss_groupmod.8.xml:39 pam_sss.8.xml:64 sssd.8.xml:42 sss_obfuscate.8.xml:58
#: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
#: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
-#: sss_cache.8.xml:39 sss_debuglevel.8.xml:38 sss_seed.8.xml:42
-#: sss_ssh_authorizedkeys.1.xml:66 sss_ssh_knownhostsproxy.1.xml:62
+#: sss_cache.8.xml:39 sss_seed.8.xml:42 sss_ssh_authorizedkeys.1.xml:66
+#: sss_ssh_knownhostsproxy.1.xml:62
msgid "OPTIONS"
msgstr "OPÇÕES"
@@ -126,7 +128,8 @@ msgstr "ssd.conf "
#: sssd.conf.5.xml:11 sssd-ldap.5.xml:11 sssd-simple.5.xml:11
#: sss-certmap.5.xml:11 sssd-ipa.5.xml:11 sssd-ad.5.xml:11 sssd-sudo.5.xml:11
#: sssd-krb5.5.xml:11 sssd-ifp.5.xml:11 sss_rpcidmapd.5.xml:27
-#: sssd-files.5.xml:11 sssd-secrets.5.xml:11
+#: sssd-files.5.xml:11 sssd-secrets.5.xml:11 sssd-session-recording.5.xml:11
+#: sssd-systemtap.5.xml:11
msgid "5"
msgstr "5"
@@ -134,7 +137,8 @@ msgstr "5"
#: sssd.conf.5.xml:12 sssd-ldap.5.xml:12 sssd-simple.5.xml:12
#: sss-certmap.5.xml:12 sssd-ipa.5.xml:12 sssd-ad.5.xml:12 sssd-sudo.5.xml:12
#: sssd-krb5.5.xml:12 sssd-ifp.5.xml:12 sss_rpcidmapd.5.xml:28
-#: sssd-files.5.xml:12 sssd-secrets.5.xml:12 sssd-kcm.8.xml:12
+#: sssd-files.5.xml:12 sssd-secrets.5.xml:12 sssd-session-recording.5.xml:12
+#: sssd-kcm.8.xml:12 sssd-systemtap.5.xml:12
msgid "File Formats and Conventions"
msgstr ""
@@ -285,11 +289,11 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:133 sssd.conf.5.xml:543 sssd.conf.5.xml:813
-#: sssd.conf.5.xml:1422 sssd-ldap.5.xml:1695 sssd-ldap.5.xml:1792
-#: sssd-ldap.5.xml:1854 sssd-ldap.5.xml:2411 sssd-ldap.5.xml:2476
-#: sssd-ldap.5.xml:2494 sssd-ad.5.xml:211 sssd-ad.5.xml:325 sssd-ad.5.xml:862
-#: sssd-krb5.5.xml:499 sssd-secrets.5.xml:284 sssd-secrets.5.xml:297
+#: sssd.conf.5.xml:133 sssd.conf.5.xml:543 sssd.conf.5.xml:837
+#: sssd.conf.5.xml:1467 sssd-ldap.5.xml:1722 sssd-ldap.5.xml:1819
+#: sssd-ldap.5.xml:1881 sssd-ldap.5.xml:2447 sssd-ldap.5.xml:2512
+#: sssd-ldap.5.xml:2530 sssd-ad.5.xml:211 sssd-ad.5.xml:325 sssd-ad.5.xml:862
+#: sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364
msgid "Default: true"
msgstr ""
@@ -306,17 +310,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:146 sssd.conf.5.xml:540 sssd.conf.5.xml:697
-#: sssd.conf.5.xml:1376 sssd.conf.5.xml:2691 sssd-ldap.5.xml:708
-#: sssd-ldap.5.xml:1569 sssd-ldap.5.xml:1588 sssd-ldap.5.xml:1764
-#: sssd-ldap.5.xml:2181 sssd-ipa.5.xml:144 sssd-ipa.5.xml:231
-#: sssd-ipa.5.xml:496 sssd-krb5.5.xml:266 sssd-krb5.5.xml:300
+#: sssd.conf.5.xml:146 sssd.conf.5.xml:540 sssd.conf.5.xml:721
+#: sssd.conf.5.xml:1400 sssd.conf.5.xml:2865 sssd-ldap.5.xml:708
+#: sssd-ldap.5.xml:1596 sssd-ldap.5.xml:1615 sssd-ldap.5.xml:1791
+#: sssd-ldap.5.xml:2217 sssd-ipa.5.xml:145 sssd-ipa.5.xml:232
+#: sssd-ipa.5.xml:540 sssd-krb5.5.xml:266 sssd-krb5.5.xml:300
#: sssd-krb5.5.xml:471
msgid "Default: false"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:2219
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:2255
+#: sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143 sssd-systemtap.5.xml:210
+#: sssd-systemtap.5.xml:248 sssd-systemtap.5.xml:304
msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
msgstr ""
@@ -339,8 +345,8 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:169 sssd.conf.5.xml:1328 sssd.conf.5.xml:2707
-#: sssd-ldap.5.xml:1440 include/ldap_id_mapping.xml:264
+#: sssd.conf.5.xml:169 sssd.conf.5.xml:1352 sssd.conf.5.xml:2881
+#: sssd-ldap.5.xml:1467 include/ldap_id_mapping.xml:264
msgid "Default: 10"
msgstr ""
@@ -355,7 +361,7 @@ msgid "The [sssd] section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:191 sssd.conf.5.xml:2796
+#: sssd.conf.5.xml:191 sssd.conf.5.xml:2970
msgid "Section parameters"
msgstr ""
@@ -403,19 +409,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:231 sssd.conf.5.xml:589
+#: sssd.conf.5.xml:231 sssd.conf.5.xml:613
msgid "reconnection_retries (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:234 sssd.conf.5.xml:592
+#: sssd.conf.5.xml:234 sssd.conf.5.xml:616
msgid ""
"Number of times services should attempt to reconnect in the event of a Data "
"Provider crash or restart before they give up"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:239 sssd.conf.5.xml:597
+#: sssd.conf.5.xml:239 sssd.conf.5.xml:621
msgid "Default: 3"
msgstr ""
@@ -435,7 +441,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:259 sssd.conf.5.xml:2340
+#: sssd.conf.5.xml:259 sssd.conf.5.xml:2508
msgid "re_expression (string)"
msgstr ""
@@ -455,12 +461,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:276 sssd.conf.5.xml:2391
+#: sssd.conf.5.xml:276 sssd.conf.5.xml:2559
msgid "full_name_format (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:279 sssd.conf.5.xml:2394
+#: sssd.conf.5.xml:279 sssd.conf.5.xml:2562
msgid ""
"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
"manvolnum> </citerefentry>-compatible format that describes how to compose a "
@@ -468,39 +474,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:290 sssd.conf.5.xml:2405
+#: sssd.conf.5.xml:290 sssd.conf.5.xml:2573
msgid "%1$s"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:291 sssd.conf.5.xml:2406
+#: sssd.conf.5.xml:291 sssd.conf.5.xml:2574
msgid "user name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:294 sssd.conf.5.xml:2409
+#: sssd.conf.5.xml:294 sssd.conf.5.xml:2577
msgid "%2$s"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:297 sssd.conf.5.xml:2412
+#: sssd.conf.5.xml:297 sssd.conf.5.xml:2580
msgid "domain name as specified in the SSSD config file."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:303 sssd.conf.5.xml:2418
+#: sssd.conf.5.xml:303 sssd.conf.5.xml:2586
msgid "%3$s"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:306 sssd.conf.5.xml:2421
+#: sssd.conf.5.xml:306 sssd.conf.5.xml:2589
msgid ""
"domain flat name. Mostly usable for Active Directory domains, both directly "
"configured or discovered via IPA trusts."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:287 sssd.conf.5.xml:2402
+#: sssd.conf.5.xml:287 sssd.conf.5.xml:2570
msgid ""
"The following expansions are supported: <placeholder type=\"variablelist\" "
"id=\"0\"/>"
@@ -624,11 +630,11 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:418 sssd.conf.5.xml:1132 sssd-ldap.5.xml:679
-#: sssd-ldap.5.xml:1528 sssd-ldap.5.xml:1540 sssd-ldap.5.xml:1622
+#: sssd.conf.5.xml:418 sssd.conf.5.xml:1156 sssd-ldap.5.xml:679
+#: sssd-ldap.5.xml:1555 sssd-ldap.5.xml:1567 sssd-ldap.5.xml:1649
#: sssd-ad.5.xml:667 sssd-ad.5.xml:742 sssd-krb5.5.xml:410 sssd-krb5.5.xml:556
-#: sssd-secrets.5.xml:272 sssd-secrets.5.xml:310 sssd-secrets.5.xml:323
-#: sssd-secrets.5.xml:337 sssd-secrets.5.xml:348
+#: sssd-secrets.5.xml:339 sssd-secrets.5.xml:377 sssd-secrets.5.xml:390
+#: sssd-secrets.5.xml:404 sssd-secrets.5.xml:415
#: include/ldap_id_mapping.xml:205 include/ldap_id_mapping.xml:216
msgid "Default: not set"
msgstr ""
@@ -799,8 +805,24 @@ msgid ""
"be looked up in a random order for each parent domain."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:563
+msgid ""
+"Please, note that when this option is set the output format of all commands "
+"is always fully-qualified even when using short names for input. In case "
+"the administrator wants the output not fully-qualified, the full_name_format "
+"option can be used as shown below: <quote>full_name_format=%1$s</quote> "
+"However, keep in mind that during login, login applications often "
+"canonicalize the username by calling <citerefentry> <refentrytitle>getpwnam</"
+"refentrytitle> <manvolnum>3</manvolnum> </citerefentry> which, if a "
+"shortname is returned for a qualified input (while trying to reach a user "
+"which exists in multiple domains) might re-route the login attempt into the "
+"domain which users shortnames, making this workaround totally not "
+"recommended in cases where usernames may overlap between domains."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:563 sssd.conf.5.xml:1340 sssd.conf.5.xml:2757
+#: sssd.conf.5.xml:587 sssd.conf.5.xml:1364 sssd.conf.5.xml:2931
#: sssd-ad.5.xml:148 sssd-ad.5.xml:286 sssd-ad.5.xml:300
msgid "Default: Not set"
msgstr ""
@@ -817,12 +839,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:574
+#: sssd.conf.5.xml:598
msgid "SERVICES SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:576
+#: sssd.conf.5.xml:600
msgid ""
"Settings that can be used to configure different services are described in "
"this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -831,22 +853,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:583
+#: sssd.conf.5.xml:607
msgid "General service configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:585
+#: sssd.conf.5.xml:609
msgid "These options can be used to configure any service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:602
+#: sssd.conf.5.xml:626
msgid "fd_limit"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:605
+#: sssd.conf.5.xml:629
msgid ""
"This option specifies the maximum number of file descriptors that may be "
"opened at one time by this SSSD process. On systems where SSSD is granted "
@@ -856,17 +878,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:614
+#: sssd.conf.5.xml:638
msgid "Default: 8192 (or limits.conf \"hard\" limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:619
+#: sssd.conf.5.xml:643
msgid "client_idle_timeout"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:622
+#: sssd.conf.5.xml:646
msgid ""
"This option specifies the number of seconds that a client of an SSSD process "
"can hold onto a file descriptor without communicating on it. This value is "
@@ -876,18 +898,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:631 sssd.conf.5.xml:663 sssd.conf.5.xml:944
-#: sssd.conf.5.xml:1198 sssd-ldap.5.xml:1267
+#: sssd.conf.5.xml:655 sssd.conf.5.xml:687 sssd.conf.5.xml:968
+#: sssd.conf.5.xml:1222 sssd-ldap.5.xml:1294
msgid "Default: 60"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:636
+#: sssd.conf.5.xml:660
msgid "offline_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:639
+#: sssd.conf.5.xml:663
msgid ""
"When SSSD switches to offline mode the amount of time before it tries to go "
"back online will increase based upon the time spent disconnected. This "
@@ -895,24 +917,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:646
+#: sssd.conf.5.xml:670
msgid "offline_timeout + random_offset"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:649
+#: sssd.conf.5.xml:673
msgid ""
"The random offset can increment up to 30 seconds. After each unsuccessful "
"attempt to go online, the new interval is recalculated by the following:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:654
+#: sssd.conf.5.xml:678
msgid "new_interval = old_interval*2 + random_offset"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:657
+#: sssd.conf.5.xml:681
msgid ""
"Note that the maximum length of each interval is currently limited to one "
"hour. If the calculated length of new_interval is greater than an hour, it "
@@ -920,12 +942,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:668
+#: sssd.conf.5.xml:692
msgid "responder_idle_timeout"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:671
+#: sssd.conf.5.xml:695
msgid ""
"This option specifies the number of seconds that an SSSD responder process "
"can be up without being used. This value is limited in order to avoid "
@@ -937,58 +959,58 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:685 sssd.conf.5.xml:956 sssd.conf.5.xml:1514
+#: sssd.conf.5.xml:709 sssd.conf.5.xml:980 sssd.conf.5.xml:1559
#: sssd-ldap.5.xml:722
msgid "Default: 300"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:690
+#: sssd.conf.5.xml:714
msgid "cache_first"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:693
+#: sssd.conf.5.xml:717
msgid ""
"This option specifies whether the responder should query all caches before "
"querying the Data Providers."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:705
+#: sssd.conf.5.xml:729
msgid "NSS configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:707
+#: sssd.conf.5.xml:731
msgid ""
"These options can be used to configure the Name Service Switch (NSS) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:712
+#: sssd.conf.5.xml:736
msgid "enum_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:715
+#: sssd.conf.5.xml:739
msgid ""
"How many seconds should nss_sss cache enumerations (requests for info about "
"all users)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:719
+#: sssd.conf.5.xml:743
msgid "Default: 120"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:724
+#: sssd.conf.5.xml:748
msgid "entry_cache_nowait_percentage (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:727
+#: sssd.conf.5.xml:751
msgid ""
"The entry cache can be set to automatically update entries in the background "
"if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -996,7 +1018,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:733
+#: sssd.conf.5.xml:757
msgid ""
"For example, if the domain's entry_cache_timeout is set to 30s and "
"entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -1006,7 +1028,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:743
+#: sssd.conf.5.xml:767
msgid ""
"Valid values for this option are 0-99 and represent a percentage of the "
"entry_cache_timeout for each domain. For performance reasons, this "
@@ -1015,17 +1037,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:751
+#: sssd.conf.5.xml:775 sssd.conf.5.xml:1421
msgid "Default: 50"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:756
+#: sssd.conf.5.xml:780
msgid "entry_negative_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:759
+#: sssd.conf.5.xml:783
msgid ""
"Specifies for how many seconds nss_sss should cache negative cache hits "
"(that is, queries for invalid database entries, like nonexistent ones) "
@@ -1033,34 +1055,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:765 sssd.conf.5.xml:1400
+#: sssd.conf.5.xml:789 sssd.conf.5.xml:1445
msgid "Default: 15"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:770
+#: sssd.conf.5.xml:794
msgid "local_negative_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:773
+#: sssd.conf.5.xml:797
msgid ""
"Specifies for how many seconds nss_sss should keep local users and groups in "
"negative cache before trying to look it up in the back end again."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:778 sssd.conf.5.xml:1186 sssd.conf.5.xml:2641 sssd.8.xml:79
+#: sssd.conf.5.xml:802 sssd.conf.5.xml:1210 sssd.conf.5.xml:2815 sssd.8.xml:79
msgid "Default: 0"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:807
msgid "filter_users, filter_groups (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:786
+#: sssd.conf.5.xml:810
msgid ""
"Exclude certain users or groups from being fetched from the sss NSS "
"database. This is particularly useful for system accounts. This option can "
@@ -1069,7 +1091,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:793
+#: sssd.conf.5.xml:817
msgid ""
"NOTE: The filter_groups option doesn't affect inheritance of nested group "
"members, since filtering happens after they are propagated for returning via "
@@ -1078,41 +1100,41 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:801
+#: sssd.conf.5.xml:825
msgid "Default: root"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:806
+#: sssd.conf.5.xml:830
msgid "filter_users_in_groups (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:809
+#: sssd.conf.5.xml:833
msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:820
+#: sssd.conf.5.xml:844
msgid "fallback_homedir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:823
+#: sssd.conf.5.xml:847
msgid ""
"Set a default template for a user's home directory if one is not specified "
"explicitly by the domain's data provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:828
+#: sssd.conf.5.xml:852
msgid ""
"The available values for this option are the same as for override_homedir."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:834
+#: sssd.conf.5.xml:858
#, no-wrap
msgid ""
"fallback_homedir = /home/%u\n"
@@ -1120,23 +1142,23 @@ msgid ""
msgstr ""
#. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:832 sssd.conf.5.xml:1265 sssd.conf.5.xml:1284
+#: sssd.conf.5.xml:856 sssd.conf.5.xml:1289 sssd.conf.5.xml:1308
#: sssd-krb5.5.xml:539 include/override_homedir.xml:59
msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:838
+#: sssd.conf.5.xml:862
msgid "Default: not set (no substitution for unset home directories)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:844
+#: sssd.conf.5.xml:868
msgid "override_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:847
+#: sssd.conf.5.xml:871
msgid ""
"Override the login shell for all users. This option supersedes any other "
"shell options if it takes effect and can be set either in the [nss] section "
@@ -1144,47 +1166,47 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:853
+#: sssd.conf.5.xml:877
msgid "Default: not set (SSSD will use the value retrieved from LDAP)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:859
+#: sssd.conf.5.xml:883
msgid "allowed_shells (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:862
+#: sssd.conf.5.xml:886
msgid ""
"Restrict user shell to one of the listed values. The order of evaluation is:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:865
+#: sssd.conf.5.xml:889
msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:869
+#: sssd.conf.5.xml:893
msgid ""
"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
"quote>, use the value of the shell_fallback parameter."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:874
+#: sssd.conf.5.xml:898
msgid ""
"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
"shells</quote>, a nologin shell is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:879
+#: sssd.conf.5.xml:903
msgid "The wildcard (*) can be used to allow any shell."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:882
+#: sssd.conf.5.xml:906
msgid ""
"The (*) is useful if you want to use shell_fallback in case that user's "
"shell is not in <quote>/etc/shells</quote> and maintaining list of all "
@@ -1192,105 +1214,105 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:889
+#: sssd.conf.5.xml:913
msgid "An empty string for shell is passed as-is to libc."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:892
+#: sssd.conf.5.xml:916
msgid ""
"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
"that a restart of the SSSD is required in case a new shell is installed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:896
+#: sssd.conf.5.xml:920
msgid "Default: Not set. The user shell is automatically used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:901
+#: sssd.conf.5.xml:925
msgid "vetoed_shells (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:904
+#: sssd.conf.5.xml:928
msgid "Replace any instance of these shells with the shell_fallback"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:909
+#: sssd.conf.5.xml:933
msgid "shell_fallback (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:912
+#: sssd.conf.5.xml:936
msgid ""
"The default shell to use if an allowed shell is not installed on the machine."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:916
+#: sssd.conf.5.xml:940
msgid "Default: /bin/sh"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:921
+#: sssd.conf.5.xml:945
msgid "default_shell"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:924
+#: sssd.conf.5.xml:948
msgid ""
"The default shell to use if the provider does not return one during lookup. "
"This option can be specified globally in the [nss] section or per-domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:930
+#: sssd.conf.5.xml:954
msgid ""
"Default: not set (Return NULL if no shell is specified and rely on libc to "
"substitute something sensible when necessary, usually /bin/sh)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:937 sssd.conf.5.xml:1191
+#: sssd.conf.5.xml:961 sssd.conf.5.xml:1215
msgid "get_domains_timeout (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:940 sssd.conf.5.xml:1194
+#: sssd.conf.5.xml:964 sssd.conf.5.xml:1218
msgid ""
"Specifies time in seconds for which the list of subdomains will be "
"considered valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:949
+#: sssd.conf.5.xml:973
msgid "memcache_timeout (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:952
+#: sssd.conf.5.xml:976
msgid ""
"Specifies time in seconds for which records in the in-memory cache will be "
"valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:959
+#: sssd.conf.5.xml:983
msgid ""
"NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", "
"client applications will not use the fast in-memory cache."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:967 sssd-ifp.5.xml:74
+#: sssd.conf.5.xml:991 sssd-ifp.5.xml:74
msgid "user_attributes (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:970
+#: sssd.conf.5.xml:994
msgid ""
"Some of the additional NSS responder requests can return more attributes "
"than just the POSIX ones defined by the NSS interface. The list of "
@@ -1301,96 +1323,96 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:983
+#: sssd.conf.5.xml:1007
msgid ""
"To make configuration more easy the NSS responder will check the InfoPipe "
"option if it is not set for the NSS responder."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:988
+#: sssd.conf.5.xml:1012
msgid "Default: not set, fallback to InfoPipe option"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:993
+#: sssd.conf.5.xml:1017
msgid "pwfield (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:996
+#: sssd.conf.5.xml:1020
msgid ""
"The value that NSS operations that return users or groups will return for "
"the <quote>password</quote> field."
msgstr ""
#. type: Content of: <varlistentry><listitem><para>
-#: sssd.conf.5.xml:1001 include/override_homedir.xml:56
+#: sssd.conf.5.xml:1025 include/override_homedir.xml:56
msgid "This option can also be set per-domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1004
+#: sssd.conf.5.xml:1028
msgid ""
"Default: <quote>*</quote> (remote domains) or <quote>x</quote> (the files "
"domain)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1012
+#: sssd.conf.5.xml:1036
msgid "PAM configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1014
+#: sssd.conf.5.xml:1038
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1019
+#: sssd.conf.5.xml:1043
msgid "offline_credentials_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1022
+#: sssd.conf.5.xml:1046
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1027 sssd.conf.5.xml:1040
+#: sssd.conf.5.xml:1051 sssd.conf.5.xml:1064
msgid "Default: 0 (No limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1033
+#: sssd.conf.5.xml:1057
msgid "offline_failed_login_attempts (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1036
+#: sssd.conf.5.xml:1060
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1046
+#: sssd.conf.5.xml:1070
msgid "offline_failed_login_delay (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1049
+#: sssd.conf.5.xml:1073
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1054
+#: sssd.conf.5.xml:1078
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -1398,122 +1420,122 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1060 sssd.conf.5.xml:1158
+#: sssd.conf.5.xml:1084 sssd.conf.5.xml:1182
msgid "Default: 5"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1066
+#: sssd.conf.5.xml:1090
msgid "pam_verbosity (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1069
+#: sssd.conf.5.xml:1093
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1074
+#: sssd.conf.5.xml:1098
msgid "Currently sssd supports the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1077
+#: sssd.conf.5.xml:1101
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1080
+#: sssd.conf.5.xml:1104
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1084
+#: sssd.conf.5.xml:1108
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1087
+#: sssd.conf.5.xml:1111
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1091 sssd.8.xml:63
+#: sssd.conf.5.xml:1115 sssd.8.xml:63
msgid "Default: 1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1097
+#: sssd.conf.5.xml:1121
msgid "pam_response_filter (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1100
+#: sssd.conf.5.xml:1124
msgid ""
-"A comma separated list of strings which allows to remove (filter) data send "
+"A comma separated list of strings which allows to remove (filter) data sent "
"by the PAM responder to pam_sss PAM module. There are different kind of "
-"responses send to pam_sss e.g. messages displayed to the user or environment "
+"responses sent to pam_sss e.g. messages displayed to the user or environment "
"variables which should be set by pam_sss."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1108
+#: sssd.conf.5.xml:1132
msgid ""
"While messages already can be controlled with the help of the pam_verbosity "
"option this option allows to filter out other kind of responses as well."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1115
+#: sssd.conf.5.xml:1139
msgid "ENV"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1116
-msgid "Do not sent any environment variables to any service."
+#: sssd.conf.5.xml:1140
+msgid "Do not send any environment variables to any service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1119
+#: sssd.conf.5.xml:1143
msgid "ENV:var_name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1120
-msgid "Do not sent environment variable var_name to any service."
+#: sssd.conf.5.xml:1144
+msgid "Do not send environment variable var_name to any service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1124
+#: sssd.conf.5.xml:1148
msgid "ENV:var_name:service"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1125
-msgid "Do not sent environment variable var_name to service."
+#: sssd.conf.5.xml:1149
+msgid "Do not send environment variable var_name to service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1113
+#: sssd.conf.5.xml:1137
msgid ""
"Currently the following filters are supported: <placeholder type="
"\"variablelist\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1135
+#: sssd.conf.5.xml:1159
msgid "Example: ENV:KRB5CCNAME:sudo-i"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1141
+#: sssd.conf.5.xml:1165
msgid "pam_id_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1144
+#: sssd.conf.5.xml:1168
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -1521,7 +1543,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1150
+#: sssd.conf.5.xml:1174
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
@@ -1530,17 +1552,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1164
+#: sssd.conf.5.xml:1188
msgid "pam_pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1167 sssd.conf.5.xml:1866
+#: sssd.conf.5.xml:1191 sssd.conf.5.xml:2010
msgid "Display a warning N days before the password expires."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1170
+#: sssd.conf.5.xml:1194
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -1548,26 +1570,26 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1176 sssd.conf.5.xml:1869
+#: sssd.conf.5.xml:1200 sssd.conf.5.xml:2013
msgid ""
"If zero is set, then this filter is not applied, i.e. if the expiration "
"warning was received from backend server, it will automatically be displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1181
+#: sssd.conf.5.xml:1205
msgid ""
"This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
"emphasis> for a particular domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1203
+#: sssd.conf.5.xml:1227
msgid "pam_trusted_users (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1206
+#: sssd.conf.5.xml:1230
msgid ""
"Specifies the comma-separated list of UID values or user names that are "
"allowed to run PAM conversations against trusted domains. Users not "
@@ -1577,74 +1599,74 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1216
+#: sssd.conf.5.xml:1240
msgid "Default: All users are considered trusted by default"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1220
+#: sssd.conf.5.xml:1244
msgid ""
"Please note that UID 0 is always allowed to access the PAM responder even in "
"case it is not in the pam_trusted_users list."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1227
+#: sssd.conf.5.xml:1251
msgid "pam_public_domains (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1230
+#: sssd.conf.5.xml:1254
msgid ""
"Specifies the comma-separated list of domain names that are accessible even "
"to untrusted users."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1234
+#: sssd.conf.5.xml:1258
msgid "Two special values for pam_public_domains option are defined:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1238
+#: sssd.conf.5.xml:1262
msgid ""
"all (Untrusted users are allowed to access all domains in PAM responder.)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1242
+#: sssd.conf.5.xml:1266
msgid ""
"none (Untrusted users are not allowed to access any domains PAM in "
"responder.)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1246 sssd.conf.5.xml:1271 sssd.conf.5.xml:1290
-#: sssd.conf.5.xml:1663 sssd.conf.5.xml:2577 sssd-ldap.5.xml:1823
+#: sssd.conf.5.xml:1270 sssd.conf.5.xml:1295 sssd.conf.5.xml:1314
+#: sssd.conf.5.xml:1807 sssd.conf.5.xml:2751 sssd-ldap.5.xml:1850
msgid "Default: none"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1251
+#: sssd.conf.5.xml:1275
msgid "pam_account_expired_message (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1254
+#: sssd.conf.5.xml:1278
msgid ""
"Allows a custom expiration message to be set, replacing the default "
"'Permission denied' message."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1259
+#: sssd.conf.5.xml:1283
msgid ""
"Note: Please be aware that message is only printed for the SSH service "
"unless pam_verbosity is set to 3 (show all messages and debug information)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1267
+#: sssd.conf.5.xml:1291
#, no-wrap
msgid ""
"pam_account_expired_message = Account expired, please contact help desk.\n"
@@ -1652,19 +1674,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1276
+#: sssd.conf.5.xml:1300
msgid "pam_account_locked_message (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1279
+#: sssd.conf.5.xml:1303
msgid ""
"Allows a custom lockout message to be set, replacing the default 'Permission "
"denied' message."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:1286
+#: sssd.conf.5.xml:1310
#, no-wrap
msgid ""
"pam_account_locked_message = Account locked, please contact help desk.\n"
@@ -1672,12 +1694,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1295
+#: sssd.conf.5.xml:1319
msgid "pam_cert_auth (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1298
+#: sssd.conf.5.xml:1322
msgid ""
"Enable certificate based Smartcard authentication. Since this requires "
"additional communication with the Smartcard which will delay the "
@@ -1685,58 +1707,58 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1304 sssd-ldap.5.xml:1051 sssd-ldap.5.xml:1078
-#: sssd-ldap.5.xml:1369 sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1896
+#: sssd.conf.5.xml:1328 sssd-ldap.5.xml:1078 sssd-ldap.5.xml:1105
+#: sssd-ldap.5.xml:1396 sssd-ldap.5.xml:1417 sssd-ldap.5.xml:1923
#: include/ldap_id_mapping.xml:244
msgid "Default: False"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1309
+#: sssd.conf.5.xml:1333
msgid "pam_cert_db_path (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1312
+#: sssd.conf.5.xml:1336
msgid ""
"The path to the certificate database which contain the PKCS#11 modules to "
"access the Smartcard."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1316
+#: sssd.conf.5.xml:1340
msgid "Default: /etc/pki/nssdb (NSS version)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1321
+#: sssd.conf.5.xml:1345
msgid "p11_child_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1324
+#: sssd.conf.5.xml:1348
msgid "How many seconds will pam_sss wait for p11_child to finish."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1333
+#: sssd.conf.5.xml:1357
msgid "pam_app_services (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1336
+#: sssd.conf.5.xml:1360
msgid ""
"Which PAM services are permitted to contact domains of type "
"<quote>application</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1349
+#: sssd.conf.5.xml:1373
msgid "SUDO configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1351
+#: sssd.conf.5.xml:1375
msgid ""
"These options can be used to configure the sudo service. The detailed "
"instructions for configuration of <citerefentry> <refentrytitle>sudo</"
@@ -1747,34 +1769,49 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1368
+#: sssd.conf.5.xml:1392
msgid "sudo_timed (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1371
+#: sssd.conf.5.xml:1395
msgid ""
"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
"that implement time-dependent sudoers entries."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1407
+msgid "sudo_threshold (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1410
+msgid ""
+"Maximum number of expired rules that can be refreshed at once. If number of "
+"expired rules is below threshold, those rules are refreshed with "
+"<quote>rules refresh</quote> mechanism. If the threshold is exceeded a "
+"<quote>full refresh</quote> of sudo rules is triggered instead. This "
+"threshold number also applies to IPA sudo command and command group searches."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1384
+#: sssd.conf.5.xml:1429
msgid "AUTOFS configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1386
+#: sssd.conf.5.xml:1431
msgid "These options can be used to configure the autofs service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1390
+#: sssd.conf.5.xml:1435
msgid "autofs_negative_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1393
+#: sssd.conf.5.xml:1438
msgid ""
"Specifies for how many seconds should the autofs responder negative cache "
"hits (that is, queries for invalid map entries, like nonexistent ones) "
@@ -1782,68 +1819,68 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1409
+#: sssd.conf.5.xml:1454
msgid "SSH configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1411
+#: sssd.conf.5.xml:1456
msgid "These options can be used to configure the SSH service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1415
+#: sssd.conf.5.xml:1460
msgid "ssh_hash_known_hosts (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1418
+#: sssd.conf.5.xml:1463
msgid ""
"Whether or not to hash host names and addresses in the managed known_hosts "
"file."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1427
+#: sssd.conf.5.xml:1472
msgid "ssh_known_hosts_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1430
+#: sssd.conf.5.xml:1475
msgid ""
"How many seconds to keep a host in the managed known_hosts file after its "
"host keys were requested."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1434
+#: sssd.conf.5.xml:1479
msgid "Default: 180"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1439
+#: sssd.conf.5.xml:1484
msgid "ca_db (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1442
+#: sssd.conf.5.xml:1487
msgid ""
"Path to a storage of trusted CA certificates. The option is used to validate "
"user certificates before deriving public ssh keys from them."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1447
+#: sssd.conf.5.xml:1492
msgid "Default: /etc/pki/nssdb"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1455
+#: sssd.conf.5.xml:1500
msgid "PAC responder configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1457
+#: sssd.conf.5.xml:1502
msgid ""
"The PAC responder works together with the authorization data plugin for MIT "
"Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the "
@@ -1854,7 +1891,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1466
+#: sssd.conf.5.xml:1511
msgid ""
"If the remote user does not exist in the cache, it is created. The UID is "
"determined with the help of the SID, trusted domains will have UPGs and the "
@@ -1865,24 +1902,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:1474
+#: sssd.conf.5.xml:1519
msgid ""
"If there are SIDs of groups from domains sssd knows about, the user will be "
"added to those groups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1480
+#: sssd.conf.5.xml:1525
msgid "These options can be used to configure the PAC responder."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1484 sssd-ifp.5.xml:50
+#: sssd.conf.5.xml:1529 sssd-ifp.5.xml:50
msgid "allowed_uids (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1487
+#: sssd.conf.5.xml:1532
msgid ""
"Specifies the comma-separated list of UID values or user names that are "
"allowed to access the PAC responder. User names are resolved to UIDs at "
@@ -1890,12 +1927,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1493
+#: sssd.conf.5.xml:1538
msgid "Default: 0 (only the root user is allowed to access the PAC responder)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1497
+#: sssd.conf.5.xml:1542
msgid ""
"Please note that although the UID 0 is used as the default it will be "
"overwritten with this option. If you still want to allow the root user to "
@@ -1904,29 +1941,142 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1506
+#: sssd.conf.5.xml:1551
msgid "pac_lifetime (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1509
+#: sssd.conf.5.xml:1554
msgid ""
"Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC "
"data can be used to determine the group memberships of a user."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:1567
+msgid "Session recording configuration options"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:1569
+msgid ""
+"Session recording works in conjunction with <citerefentry> "
+"<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> </"
+"citerefentry>, a part of tlog package, to log what users see and type when "
+"they log in on a text terminal. See also <citerefentry> <refentrytitle>sssd-"
+"session-recording</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:1582
+msgid "These options can be used to configure session recording."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1586 sssd-session-recording.5.xml:64
+msgid "scope (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1593 sssd-session-recording.5.xml:71
+msgid "\"none\""
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1596 sssd-session-recording.5.xml:74
+msgid "No users are recorded."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1601 sssd-session-recording.5.xml:79
+msgid "\"some\""
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1604 sssd-session-recording.5.xml:82
+msgid ""
+"Users/groups specified by <replaceable>users</replaceable> and "
+"<replaceable>groups</replaceable> options are recorded."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1613 sssd-session-recording.5.xml:91
+msgid "\"all\""
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1616 sssd-session-recording.5.xml:94
+msgid "All users are recorded."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1589 sssd-session-recording.5.xml:67
+msgid ""
+"One of the following strings specifying the scope of session recording: "
+"<placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1623 sssd-session-recording.5.xml:101
+msgid "Default: \"none\""
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1628 sssd-session-recording.5.xml:106
+msgid "users (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1631 sssd-session-recording.5.xml:109
+msgid ""
+"A comma-separated list of users which should have session recording enabled. "
+"Matches user names as returned by NSS. I.e. after the possible space "
+"replacement, case changes, etc."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1637 sssd-session-recording.5.xml:115
+msgid "Default: Empty. Matches no users."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1642 sssd-session-recording.5.xml:120
+msgid "groups (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1645 sssd-session-recording.5.xml:123
+msgid ""
+"A comma-separated list of groups, members of which should have session "
+"recording enabled. Matches group names as returned by NSS. I.e. after the "
+"possible space replacement, case changes, etc."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1651 sssd-session-recording.5.xml:129
+msgid ""
+"NOTE: using this option (having it set to anything) has a considerable "
+"performance cost, because each uncached request for a user requires "
+"retrieving and matching the groups the user is member of."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1658 sssd-session-recording.5.xml:136
+msgid "Default: Empty. Matches no groups."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1524
+#: sssd.conf.5.xml:1668
msgid "DOMAIN SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1531
+#: sssd.conf.5.xml:1675
msgid "domain_type (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1534
+#: sssd.conf.5.xml:1678
msgid ""
"Specifies whether the domain is meant to be used by POSIX-aware clients such "
"as the Name Service Switch or by applications that do not need POSIX data to "
@@ -1935,14 +2085,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1542
+#: sssd.conf.5.xml:1686
msgid ""
"Allowed values for this option are <quote>posix</quote> and "
"<quote>application</quote>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1546
+#: sssd.conf.5.xml:1690
msgid ""
"POSIX domains are reachable by all services. Application domains are only "
"reachable from the InfoPipe responder (see <citerefentry> "
@@ -1951,38 +2101,38 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1554
+#: sssd.conf.5.xml:1698
msgid ""
"NOTE: The application domains are currently well tested with "
"<quote>id_provider=ldap</quote> only."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1558
+#: sssd.conf.5.xml:1702
msgid ""
"For an easy way to configure a non-POSIX domains, please see the "
"<quote>Application domains</quote> section."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1562
+#: sssd.conf.5.xml:1706
msgid "Default: posix"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1568
+#: sssd.conf.5.xml:1712
msgid "min_id,max_id (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1571
+#: sssd.conf.5.xml:1715
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1576
+#: sssd.conf.5.xml:1720
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -1991,46 +2141,46 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1583
+#: sssd.conf.5.xml:1727
msgid ""
"These ID limits affect even saving entries to cache, not only returning them "
"by name or ID."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1587
+#: sssd.conf.5.xml:1731
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1593
+#: sssd.conf.5.xml:1737
msgid "enumerate (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1596
+#: sssd.conf.5.xml:1740
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1600
+#: sssd.conf.5.xml:1744
msgid "TRUE = Users and groups are enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1603
+#: sssd.conf.5.xml:1747
msgid "FALSE = No enumerations for this domain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1606 sssd.conf.5.xml:1821 sssd.conf.5.xml:1988
+#: sssd.conf.5.xml:1750 sssd.conf.5.xml:1965 sssd.conf.5.xml:2132
msgid "Default: FALSE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1609
+#: sssd.conf.5.xml:1753
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -2042,14 +2192,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1622
+#: sssd.conf.5.xml:1766
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1627
+#: sssd.conf.5.xml:1771
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -2058,39 +2208,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1635
+#: sssd.conf.5.xml:1779
msgid ""
"For the reasons cited above, enabling enumeration is not recommended, "
"especially in large environments."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1643
+#: sssd.conf.5.xml:1787
msgid "subdomain_enumerate (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1650
+#: sssd.conf.5.xml:1794
msgid "all"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1651
+#: sssd.conf.5.xml:1795
msgid "All discovered trusted domains will be enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1654
+#: sssd.conf.5.xml:1798
msgid "none"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1655
+#: sssd.conf.5.xml:1799
msgid "No discovered trusted domains will be enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1646
+#: sssd.conf.5.xml:1790
msgid ""
"Whether any of autodetected trusted domains should be enumerated. The "
"supported values are: <placeholder type=\"variablelist\" id=\"0\"/> "
@@ -2099,19 +2249,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1669
+#: sssd.conf.5.xml:1813
msgid "entry_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1672
+#: sssd.conf.5.xml:1816
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1676
+#: sssd.conf.5.xml:1820
msgid ""
"The cache expiration timestamps are stored as attributes of individual "
"objects in the cache. Therefore, changing the cache timeout only has effect "
@@ -2122,151 +2272,151 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1689
+#: sssd.conf.5.xml:1833
msgid "Default: 5400"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1695
+#: sssd.conf.5.xml:1839
msgid "entry_cache_user_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1698
+#: sssd.conf.5.xml:1842
msgid ""
"How many seconds should nss_sss consider user entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1702 sssd.conf.5.xml:1715 sssd.conf.5.xml:1728
-#: sssd.conf.5.xml:1741 sssd.conf.5.xml:1754 sssd.conf.5.xml:1768
-#: sssd.conf.5.xml:1782
+#: sssd.conf.5.xml:1846 sssd.conf.5.xml:1859 sssd.conf.5.xml:1872
+#: sssd.conf.5.xml:1885 sssd.conf.5.xml:1898 sssd.conf.5.xml:1912
+#: sssd.conf.5.xml:1926
msgid "Default: entry_cache_timeout"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1708
+#: sssd.conf.5.xml:1852
msgid "entry_cache_group_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1711
+#: sssd.conf.5.xml:1855
msgid ""
"How many seconds should nss_sss consider group entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1721
+#: sssd.conf.5.xml:1865
msgid "entry_cache_netgroup_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1724
+#: sssd.conf.5.xml:1868
msgid ""
"How many seconds should nss_sss consider netgroup entries valid before "
"asking the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1734
+#: sssd.conf.5.xml:1878
msgid "entry_cache_service_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1737
+#: sssd.conf.5.xml:1881
msgid ""
"How many seconds should nss_sss consider service entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1747
+#: sssd.conf.5.xml:1891
msgid "entry_cache_sudo_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1750
+#: sssd.conf.5.xml:1894
msgid ""
"How many seconds should sudo consider rules valid before asking the backend "
"again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1760
+#: sssd.conf.5.xml:1904
msgid "entry_cache_autofs_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1763
+#: sssd.conf.5.xml:1907
msgid ""
"How many seconds should the autofs service consider automounter maps valid "
"before asking the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1774
+#: sssd.conf.5.xml:1918
msgid "entry_cache_ssh_host_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1777
+#: sssd.conf.5.xml:1921
msgid ""
"How many seconds to keep a host ssh key after refresh. IE how long to cache "
"the host key for."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1788
+#: sssd.conf.5.xml:1932
msgid "refresh_expired_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1791
+#: sssd.conf.5.xml:1935
msgid ""
"Specifies how many seconds SSSD has to wait before triggering a background "
"refresh task which will refresh all expired or nearly expired records."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1796
+#: sssd.conf.5.xml:1940
msgid ""
"The background refresh will process users, groups and netgroups in the cache."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1800
+#: sssd.conf.5.xml:1944
msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1804 sssd-ldap.5.xml:746 sssd-ipa.5.xml:247
+#: sssd.conf.5.xml:1948 sssd-ldap.5.xml:746 sssd-ipa.5.xml:248
msgid "Default: 0 (disabled)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1810
+#: sssd.conf.5.xml:1954
msgid "cache_credentials (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1813
+#: sssd.conf.5.xml:1957
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1817
+#: sssd.conf.5.xml:1961
msgid "User credentials are stored in a SHA512 hash, not in plaintext"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1827
+#: sssd.conf.5.xml:1971
msgid "cache_credentials_minimal_first_factor_length (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1830
+#: sssd.conf.5.xml:1974
msgid ""
"If 2-Factor-Authentication (2FA) is used and credentials should be saved "
"this value determines the minimal length the first authentication factor "
@@ -2274,24 +2424,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1837
+#: sssd.conf.5.xml:1981
msgid ""
"This should avoid that the short PINs of a PIN based 2FA scheme are saved in "
"the cache which would make them easy targets for brute-force attacks."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1842
+#: sssd.conf.5.xml:1986
msgid "Default: 8"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1848
+#: sssd.conf.5.xml:1992
msgid "account_cache_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1851
+#: sssd.conf.5.xml:1995
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -2300,17 +2450,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1858
+#: sssd.conf.5.xml:2002
msgid "Default: 0 (unlimited)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1863
+#: sssd.conf.5.xml:2007
msgid "pwd_expiration_warning (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1874
+#: sssd.conf.5.xml:2018
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -2319,33 +2469,33 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1881
+#: sssd.conf.5.xml:2025
msgid "Default: 7 (Kerberos), 0 (LDAP)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1887
+#: sssd.conf.5.xml:2031
msgid "id_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1890
+#: sssd.conf.5.xml:2034
msgid ""
"The identification provider used for the domain. Supported ID providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1894
+#: sssd.conf.5.xml:2038
msgid "<quote>proxy</quote>: Support a legacy NSS provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1897 sssd.conf.5.xml:2034
+#: sssd.conf.5.xml:2041 sssd.conf.5.xml:2178
msgid "<quote>local</quote>: SSSD internal provider for local users"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1901
+#: sssd.conf.5.xml:2045
msgid ""
"<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-"
"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
@@ -2353,8 +2503,8 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1909 sssd.conf.5.xml:2014 sssd.conf.5.xml:2069
-#: sssd.conf.5.xml:2132
+#: sssd.conf.5.xml:2053 sssd.conf.5.xml:2158 sssd.conf.5.xml:2213
+#: sssd.conf.5.xml:2276
msgid ""
"<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management "
"provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
@@ -2363,8 +2513,8 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1918 sssd.conf.5.xml:2023 sssd.conf.5.xml:2078
-#: sssd.conf.5.xml:2141
+#: sssd.conf.5.xml:2062 sssd.conf.5.xml:2167 sssd.conf.5.xml:2222
+#: sssd.conf.5.xml:2285
msgid ""
"<quote>ad</quote>: Active Directory provider. See <citerefentry> "
"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2372,19 +2522,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1929
+#: sssd.conf.5.xml:2073
msgid "use_fully_qualified_names (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1932
+#: sssd.conf.5.xml:2076
msgid ""
"Use the full name and domain (as formatted by the domain's full_name_format) "
"as the user's login name reported to NSS."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1937
+#: sssd.conf.5.xml:2081
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -2393,7 +2543,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1945
+#: sssd.conf.5.xml:2089
msgid ""
"NOTE: This option has no effect on netgroup lookups due to their tendency to "
"include nested netgroups without qualified names. For netgroups, all domains "
@@ -2401,22 +2551,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1952
+#: sssd.conf.5.xml:2096
msgid "Default: FALSE (TRUE if default_domain_suffix is used)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1958
+#: sssd.conf.5.xml:2102
msgid "ignore_group_members (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1961
+#: sssd.conf.5.xml:2105
msgid "Do not return group members for group lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1964
+#: sssd.conf.5.xml:2108
msgid ""
"If set to TRUE, the group membership attribute is not requested from the "
"ldap server, and group members are not returned when processing group lookup "
@@ -2428,7 +2578,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1982
+#: sssd.conf.5.xml:2126
msgid ""
"Enabling this option can also make access provider checks for group "
"membership significantly faster, especially for groups containing many "
@@ -2436,19 +2586,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1993
+#: sssd.conf.5.xml:2137
msgid "auth_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1996
+#: sssd.conf.5.xml:2140
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2000 sssd.conf.5.xml:2062
+#: sssd.conf.5.xml:2144 sssd.conf.5.xml:2206
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2456,7 +2606,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2007
+#: sssd.conf.5.xml:2151
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2464,30 +2614,30 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2031
+#: sssd.conf.5.xml:2175
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2038
+#: sssd.conf.5.xml:2182
msgid "<quote>none</quote> disables authentication explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2041
+#: sssd.conf.5.xml:2185
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2047
+#: sssd.conf.5.xml:2191
msgid "access_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2050
+#: sssd.conf.5.xml:2194
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -2495,19 +2645,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2056
+#: sssd.conf.5.xml:2200
msgid ""
"<quote>permit</quote> always allow access. It's the only permitted access "
"provider for a local domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2059
+#: sssd.conf.5.xml:2203
msgid "<quote>deny</quote> always deny access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2086
+#: sssd.conf.5.xml:2230
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -2516,7 +2666,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2093
+#: sssd.conf.5.xml:2237
msgid ""
"<quote>krb5</quote>: .k5login based access control. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></"
@@ -2524,29 +2674,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2100
+#: sssd.conf.5.xml:2244
msgid "<quote>proxy</quote> for relaying access control to another PAM module."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2103
+#: sssd.conf.5.xml:2247
msgid "Default: <quote>permit</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2108
+#: sssd.conf.5.xml:2252
msgid "chpass_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2111
+#: sssd.conf.5.xml:2255
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2116
+#: sssd.conf.5.xml:2260
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -2554,7 +2704,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2124
+#: sssd.conf.5.xml:2268
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2562,35 +2712,35 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2149
+#: sssd.conf.5.xml:2293
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2153
+#: sssd.conf.5.xml:2297
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2156
+#: sssd.conf.5.xml:2300
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2163
+#: sssd.conf.5.xml:2307
msgid "sudo_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2166
+#: sssd.conf.5.xml:2310
msgid "The SUDO provider used for the domain. Supported SUDO providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2170
+#: sssd.conf.5.xml:2314
msgid ""
"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2598,32 +2748,32 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2178
+#: sssd.conf.5.xml:2322
msgid ""
"<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default "
"settings."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2182
+#: sssd.conf.5.xml:2326
msgid ""
"<quote>ad</quote> the same as <quote>ldap</quote> but with AD default "
"settings."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2186
+#: sssd.conf.5.xml:2330
msgid "<quote>none</quote> disables SUDO explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2189 sssd.conf.5.xml:2267 sssd.conf.5.xml:2308
-#: sssd.conf.5.xml:2333
+#: sssd.conf.5.xml:2333 sssd.conf.5.xml:2411 sssd.conf.5.xml:2476
+#: sssd.conf.5.xml:2501
msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2193
+#: sssd.conf.5.xml:2337
msgid ""
"The detailed instructions for configuration of sudo_provider are in the "
"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -2634,12 +2784,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2210
+#: sssd.conf.5.xml:2354
msgid "selinux_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2213
+#: sssd.conf.5.xml:2357
msgid ""
"The provider which should handle loading of selinux settings. Note that this "
"provider will be called right after access provider ends. Supported selinux "
@@ -2647,7 +2797,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2219
+#: sssd.conf.5.xml:2363
msgid ""
"<quote>ipa</quote> to load selinux settings from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2655,31 +2805,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2227
+#: sssd.conf.5.xml:2371
msgid "<quote>none</quote> disallows fetching selinux settings explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2230
+#: sssd.conf.5.xml:2374
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"selinux loading requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2236
+#: sssd.conf.5.xml:2380
msgid "subdomains_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2239
+#: sssd.conf.5.xml:2383
msgid ""
"The provider which should handle fetching of subdomains. This value should "
"be always the same as id_provider. Supported subdomain providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2245
+#: sssd.conf.5.xml:2389
msgid ""
"<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2687,7 +2837,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2254
+#: sssd.conf.5.xml:2398
msgid ""
"<quote>ad</quote> to load a list of subdomains from an Active Directory "
"server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> "
@@ -2696,23 +2846,54 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2263
+#: sssd.conf.5.xml:2407
msgid "<quote>none</quote> disallows fetching subdomains explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2274
+#: sssd.conf.5.xml:2417
+msgid "session_provider (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2420
+msgid ""
+"The provider which configures and manages user session related tasks. The "
+"only user session task currently provided is the integration with Fleet "
+"Commander, which works only with IPA. Supported session providers are:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2427
+msgid "<quote>ipa</quote> to allow performing user session related tasks."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2431
+msgid ""
+"<quote>none</quote> does not perform any kind of user session related tasks."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2435
+msgid ""
+"Default: <quote>id_provider</quote> is used if it is set and can perform "
+"session related tasks."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:2442
msgid "autofs_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2277
+#: sssd.conf.5.xml:2445
msgid ""
"The autofs provider used for the domain. Supported autofs providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2281
+#: sssd.conf.5.xml:2449
msgid ""
"<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2720,7 +2901,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2288
+#: sssd.conf.5.xml:2456
msgid ""
"<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2728,7 +2909,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2296
+#: sssd.conf.5.xml:2464
msgid ""
"<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> "
"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -2736,24 +2917,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2305
+#: sssd.conf.5.xml:2473
msgid "<quote>none</quote> disables autofs explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2315
+#: sssd.conf.5.xml:2483
msgid "hostid_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2318
+#: sssd.conf.5.xml:2486
msgid ""
"The provider used for retrieving host identity information. Supported "
"hostid providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2322
+#: sssd.conf.5.xml:2490
msgid ""
"<quote>ipa</quote> to load host identity stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -2761,12 +2942,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2330
+#: sssd.conf.5.xml:2498
msgid "<quote>none</quote> disables hostid explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2343
+#: sssd.conf.5.xml:2511
msgid ""
"Regular expression for this domain that describes how to parse the string "
"containing user name and domain into these components. The \"domain\" can "
@@ -2776,7 +2957,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2352
+#: sssd.conf.5.xml:2520
msgid ""
"Default for the AD and IPA provider: <quote>(((?P&lt;domain&gt;[^\\\\]+)\\"
"\\(?P&lt;name&gt;.+$))|((?P&lt;name&gt;[^@]+)@(?P&lt;domain&gt;.+$))|(^(?"
@@ -2785,29 +2966,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2357
+#: sssd.conf.5.xml:2525
msgid "username"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2360
+#: sssd.conf.5.xml:2528
msgid "username@domain.name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd.conf.5.xml:2363
+#: sssd.conf.5.xml:2531
msgid "domain\\username"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2366
+#: sssd.conf.5.xml:2534
msgid ""
"While the first two correspond to the general default the third one is "
"introduced to allow easy integration of users from Windows domains."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2371
+#: sssd.conf.5.xml:2539
msgid ""
"Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
"which translates to \"the name is everything up to the <quote>@</quote> "
@@ -2815,7 +2996,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2377
+#: sssd.conf.5.xml:2545
msgid ""
"PLEASE NOTE: the support for non-unique named subpatterns is not available "
"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
@@ -2823,137 +3004,145 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2384
+#: sssd.conf.5.xml:2552
msgid ""
"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
"P&lt;name&gt;) to label subpatterns."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2431
+#: sssd.conf.5.xml:2599
msgid "Default: <quote>%1$s@%2$s</quote>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2437
+#: sssd.conf.5.xml:2605
msgid "lookup_family_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2440
+#: sssd.conf.5.xml:2608
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2444
+#: sssd.conf.5.xml:2612
msgid "Supported values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2447
+#: sssd.conf.5.xml:2615
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2450
+#: sssd.conf.5.xml:2618
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2453
+#: sssd.conf.5.xml:2621
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2456
+#: sssd.conf.5.xml:2624
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2459
+#: sssd.conf.5.xml:2627
msgid "Default: ipv4_first"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2465
+#: sssd.conf.5.xml:2633
msgid "dns_resolver_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2468
+#: sssd.conf.5.xml:2636
msgid ""
-"Defines the amount of time (in seconds) to wait for a reply from the DNS "
-"resolver before assuming that it is unreachable. If this timeout is reached, "
-"the domain will continue to operate in offline mode."
+"Defines the amount of time (in seconds) to wait for a reply from the "
+"internal fail over service before assuming that the service is unreachable. "
+"If this timeout is reached, the domain will continue to operate in offline "
+"mode."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2474 sssd-ldap.5.xml:1251 sssd-ldap.5.xml:1293
-#: sssd-ldap.5.xml:1311 sssd-krb5.5.xml:248
+#: sssd.conf.5.xml:2643
+msgid ""
+"Please see the section <quote>FAILOVER</quote> for more information about "
+"the service resolution."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:2648 sssd-ldap.5.xml:1278 sssd-ldap.5.xml:1320
+#: sssd-ldap.5.xml:1338 sssd-krb5.5.xml:248
msgid "Default: 6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2480
+#: sssd.conf.5.xml:2654
msgid "dns_discovery_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2483
+#: sssd.conf.5.xml:2657
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2487
+#: sssd.conf.5.xml:2661
msgid "Default: Use the domain part of machine's hostname"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2493
+#: sssd.conf.5.xml:2667
msgid "override_gid (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2496
+#: sssd.conf.5.xml:2670
msgid "Override the primary GID value with the one specified."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2502
+#: sssd.conf.5.xml:2676
msgid "case_sensitive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2510
+#: sssd.conf.5.xml:2684
msgid "True"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2513
+#: sssd.conf.5.xml:2687
msgid "Case sensitive. This value is invalid for AD provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2519
+#: sssd.conf.5.xml:2693
msgid "False"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2521
+#: sssd.conf.5.xml:2695
msgid "Case insensitive."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2525
+#: sssd.conf.5.xml:2699
msgid "Preserving"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2528
+#: sssd.conf.5.xml:2702
msgid ""
"Same as False (case insensitive), but does not lowercase names in the result "
"of NSS operations. Note that name aliases (and in case of services also "
@@ -2961,7 +3150,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2505
+#: sssd.conf.5.xml:2679
msgid ""
"Treat user and group names as case sensitive. At the moment, this option is "
"not supported in the local provider. Possible option values are: "
@@ -2969,17 +3158,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2540
+#: sssd.conf.5.xml:2714
msgid "Default: True (False for AD provider)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2546
+#: sssd.conf.5.xml:2720
msgid "subdomain_inherit (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2549
+#: sssd.conf.5.xml:2723
msgid ""
"Specifies a list of configuration parameters that should be inherited by a "
"subdomain. Please note that only selected parameters can be inherited. "
@@ -2987,34 +3176,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2555
+#: sssd.conf.5.xml:2729
msgid "ignore_group_members"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2558
+#: sssd.conf.5.xml:2732
msgid "ldap_purge_cache_timeout"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2561 sssd-ldap.5.xml:1084
+#: sssd.conf.5.xml:2735 sssd-ldap.5.xml:1111
msgid "ldap_use_tokengroups"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2564
+#: sssd.conf.5.xml:2738
msgid "ldap_user_principal"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2567
+#: sssd.conf.5.xml:2741
msgid ""
"ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab "
"is not set explicitly)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd.conf.5.xml:2573
+#: sssd.conf.5.xml:2747
#, no-wrap
msgid ""
"subdomain_inherit = ldap_purge_cache_timeout\n"
@@ -3022,32 +3211,32 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2571 sssd-secrets.5.xml:381
+#: sssd.conf.5.xml:2745 sssd-secrets.5.xml:448
msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2580
+#: sssd.conf.5.xml:2754
msgid "Note: This option only works with the IPA and AD provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2587
+#: sssd.conf.5.xml:2761
msgid "subdomain_homedir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2598
+#: sssd.conf.5.xml:2772
msgid "%F"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2599
+#: sssd.conf.5.xml:2773
msgid "flat (NetBIOS) name of a subdomain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2590
+#: sssd.conf.5.xml:2764
msgid ""
"Use this homedir as default value for all subdomains within this domain in "
"IPA AD trust. See <emphasis>override_homedir</emphasis> for info about "
@@ -3057,34 +3246,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2604
+#: sssd.conf.5.xml:2778
msgid ""
"The value can be overridden by <emphasis>override_homedir</emphasis> option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2608
+#: sssd.conf.5.xml:2782
msgid "Default: <filename>/home/%d/%u</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2613
+#: sssd.conf.5.xml:2787
msgid "realmd_tags (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2616
+#: sssd.conf.5.xml:2790
msgid ""
"Various tags stored by the realmd configuration service for this domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2622
+#: sssd.conf.5.xml:2796
msgid "cached_auth_timeout (int)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2625
+#: sssd.conf.5.xml:2799
msgid ""
"Specifies time in seconds since last successful online authentication for "
"which user will be authenticated using cached credentials while SSSD is in "
@@ -3092,12 +3281,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2631
+#: sssd.conf.5.xml:2805
msgid "Special value 0 implies that this feature is disabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2635
+#: sssd.conf.5.xml:2809
msgid ""
"Please note that if <quote>cached_auth_timeout</quote> is longer than "
"<quote>pam_id_timeout</quote> then the back end could be called to handle "
@@ -3105,7 +3294,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1526
+#: sssd.conf.5.xml:1670
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -3113,29 +3302,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2653
+#: sssd.conf.5.xml:2827
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2656
+#: sssd.conf.5.xml:2830
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2659
+#: sssd.conf.5.xml:2833
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2667
+#: sssd.conf.5.xml:2841
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2670
+#: sssd.conf.5.xml:2844
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -3143,12 +3332,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2680
+#: sssd.conf.5.xml:2854
msgid "proxy_fast_alias (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2683
+#: sssd.conf.5.xml:2857
msgid ""
"When a user or group is looked up by name in the proxy provider, a second "
"lookup by ID is performed to \"canonicalize\" the name in case the requested "
@@ -3157,12 +3346,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2697
+#: sssd.conf.5.xml:2871
msgid "proxy_max_children (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2700
+#: sssd.conf.5.xml:2874
msgid ""
"This option specifies the number of pre-forked proxy children. It is useful "
"for high-load SSSD environments where sssd may run out of available child "
@@ -3170,19 +3359,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2649
+#: sssd.conf.5.xml:2823
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2716
+#: sssd.conf.5.xml:2890
msgid "Application domains"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2718
+#: sssd.conf.5.xml:2892
msgid ""
"SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</"
"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to "
@@ -3199,7 +3388,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2738
+#: sssd.conf.5.xml:2912
msgid ""
"Please note that the application domain must still be explicitly enabled in "
"the <quote>domains</quote> parameter so that the lookup order between the "
@@ -3207,17 +3396,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:2744
+#: sssd.conf.5.xml:2918
msgid "Application domain parameters"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2746
+#: sssd.conf.5.xml:2920
msgid "inherit_from (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2749
+#: sssd.conf.5.xml:2923
msgid ""
"The SSSD POSIX-type domain the application domain inherits all settings "
"from. The application domain can moreover add its own settings to the "
@@ -3226,18 +3415,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2763
+#: sssd.conf.5.xml:2937
msgid ""
"The following example illustrates the use of an application domain. In this "
"setup, the POSIX domain is connected to an LDAP server and is used by the OS "
-"through the NSS responder. In addition, the application domains also "
-"requests the telephoneNumber attribute, stores it as the phone attribute in "
-"the cache and makes the phone attribute reachable through the D-Bus "
-"interface."
+"through the NSS responder. In addition, the application domain also requests "
+"the telephoneNumber attribute, stores it as the phone attribute in the cache "
+"and makes the phone attribute reachable through the D-Bus interface."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><programlisting>
-#: sssd.conf.5.xml:2771
+#: sssd.conf.5.xml:2945
#, no-wrap
msgid ""
"[sssd]\n"
@@ -3257,12 +3445,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:2789
+#: sssd.conf.5.xml:2963
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:2791
+#: sssd.conf.5.xml:2965
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -3270,73 +3458,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2798
+#: sssd.conf.5.xml:2972
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2801
+#: sssd.conf.5.xml:2975
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2805
+#: sssd.conf.5.xml:2979
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2810
+#: sssd.conf.5.xml:2984
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2813
+#: sssd.conf.5.xml:2987
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2818
+#: sssd.conf.5.xml:2992
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2823
+#: sssd.conf.5.xml:2997
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2826
+#: sssd.conf.5.xml:3000
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2830 sssd.conf.5.xml:2842
+#: sssd.conf.5.xml:3004 sssd.conf.5.xml:3016
msgid "Default: TRUE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2835
+#: sssd.conf.5.xml:3009
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2838
+#: sssd.conf.5.xml:3012
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2847
+#: sssd.conf.5.xml:3021
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2850
+#: sssd.conf.5.xml:3024
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -3344,17 +3532,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2858
+#: sssd.conf.5.xml:3032
msgid "Default: 077"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2863
+#: sssd.conf.5.xml:3037
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2866
+#: sssd.conf.5.xml:3040
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -3363,17 +3551,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2876
+#: sssd.conf.5.xml:3050
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2881
+#: sssd.conf.5.xml:3055
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2884
+#: sssd.conf.5.xml:3058
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -3381,17 +3569,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2891
+#: sssd.conf.5.xml:3065
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:2896
+#: sssd.conf.5.xml:3070
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2899
+#: sssd.conf.5.xml:3073
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -3399,86 +3587,85 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:2905
+#: sssd.conf.5.xml:3079
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:2915
+#: sssd.conf.5.xml:3089
msgid "TRUSTED DOMAIN SECTION"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2917
+#: sssd.conf.5.xml:3091
msgid ""
"Some options used in the domain section can also be used in the trusted "
"domain section, that is, in a section called <quote>[domain/"
"<replaceable>DOMAIN_NAME</replaceable>/<replaceable>TRUSTED_DOMAIN_NAME</"
-"replaceable>]</quote>. Currently supported options in the trusted domain "
-"section are:"
+"replaceable>]</quote>. Where DOMAIN_NAME is the actual joined-to base "
+"domain. Please refer to examples below for explanation. Currently supported "
+"options in the trusted domain section are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2922
+#: sssd.conf.5.xml:3098
msgid "ldap_search_base,"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2923
+#: sssd.conf.5.xml:3099
msgid "ldap_user_search_base,"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2924
+#: sssd.conf.5.xml:3100
msgid "ldap_group_search_base,"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2925
+#: sssd.conf.5.xml:3101
msgid "ldap_netgroup_search_base,"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2926
+#: sssd.conf.5.xml:3102
msgid "ldap_service_search_base,"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2927
+#: sssd.conf.5.xml:3103
msgid "ad_server,"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2928
+#: sssd.conf.5.xml:3104
msgid "ad_backup_server,"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2929
+#: sssd.conf.5.xml:3105
msgid "ad_site,"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2930
+#: sssd.conf.5.xml:3106
msgid "use_fully_qualified_names"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2932
+#: sssd.conf.5.xml:3108
msgid ""
"For more details about these options see their individual description in the "
"manual page."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:2938 sssd-ldap.5.xml:2662 sssd-simple.5.xml:131
-#: sssd-ipa.5.xml:673 sssd-ad.5.xml:1018 sssd-krb5.5.xml:570
-#: sss_rpcidmapd.5.xml:98 sssd-files.5.xml:71
-msgid "EXAMPLE"
+#: sssd.conf.5.xml:3114 idmap_sss.8.xml:43
+msgid "EXAMPLES"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:2944
+#: sssd.conf.5.xml:3120
#, no-wrap
msgid ""
"[sssd]\n"
@@ -3508,14 +3695,33 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:2940
+#: sssd.conf.5.xml:3116
msgid ""
-"The following example shows a typical SSSD config. It does not describe "
+"1. The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
"configuring domains for more details. <placeholder type=\"programlisting\" "
"id=\"0\"/>"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd.conf.5.xml:3153
+#, no-wrap
+msgid ""
+"[domain/ipa.com/child.ad.com]\n"
+"use_fully_qualified_names = false\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:3147
+msgid ""
+"2. The following example shows configuration of IPA AD trust where the AD "
+"forest consists of two domains in a parent-child structure. Suppose IPA "
+"domain (ipa.com) has trust with AD domain(ad.com). ad.com has child domain "
+"(child.ad.com). To enable shortnames in the child domain the following "
+"configuration should be used. <placeholder type=\"programlisting\" id=\"0\"/"
+">"
+msgstr ""
+
#. type: Content of: <reference><refentry><refnamediv><refname>
#: sssd-ldap.5.xml:10 sssd-ldap.5.xml:16
msgid "sssd-ldap"
@@ -3556,7 +3762,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:75 sssd-ad.5.xml:99
#: sssd-krb5.5.xml:63 sssd-ifp.5.xml:44 sssd-files.5.xml:57
-#: sssd-secrets.5.xml:94 sssd-kcm.8.xml:141
+#: sssd-secrets.5.xml:120 sssd-session-recording.5.xml:58 sssd-kcm.8.xml:139
msgid "CONFIGURATION OPTIONS"
msgstr ""
@@ -3576,7 +3782,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:70 sssd-secrets.5.xml:197
+#: sssd-ldap.5.xml:70 sssd-secrets.5.xml:264
msgid "The format of the URI must match the format defined in RFC 2732:"
msgstr ""
@@ -3856,7 +4062,7 @@ msgid "The LDAP attribute that corresponds to the user's primary group id."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:297 sssd-ldap.5.xml:893
+#: sssd-ldap.5.xml:297 sssd-ldap.5.xml:920
msgid "Default: gidNumber"
msgstr ""
@@ -3934,7 +4140,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:364 sssd-ldap.5.xml:919
+#: sssd-ldap.5.xml:364 sssd-ldap.5.xml:946
msgid ""
"Default: not set in the general case, objectGUID for AD and ipaUniqueID for "
"IPA"
@@ -3953,7 +4159,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:379 sssd-ldap.5.xml:934
+#: sssd-ldap.5.xml:379 sssd-ldap.5.xml:961
msgid "Default: objectSid for ActiveDirectory, not set for other servers."
msgstr ""
@@ -3963,14 +4169,14 @@ msgid "ldap_user_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:389 sssd-ldap.5.xml:944 sssd-ldap.5.xml:1167
+#: sssd-ldap.5.xml:389 sssd-ldap.5.xml:971 sssd-ldap.5.xml:1194
msgid ""
"The LDAP attribute that contains timestamp of the last modification of the "
"parent object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:393 sssd-ldap.5.xml:948 sssd-ldap.5.xml:1174
+#: sssd-ldap.5.xml:393 sssd-ldap.5.xml:975 sssd-ldap.5.xml:1201
msgid "Default: modifyTimestamp"
msgstr ""
@@ -4365,8 +4571,8 @@ msgid "The LDAP attribute that corresponds to the user's full name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:759 sssd-ldap.5.xml:1125 sssd-ldap.5.xml:1199
-#: sssd-ldap.5.xml:2240 sssd-ipa.5.xml:544
+#: sssd-ldap.5.xml:759 sssd-ldap.5.xml:1152 sssd-ldap.5.xml:1226
+#: sssd-ldap.5.xml:2276 sssd-ipa.5.xml:588
msgid "Default: cn"
msgstr ""
@@ -4453,130 +4659,163 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ldap.5.xml:833
-msgid "ldap_user_certificate (string)"
+msgid "ldap_user_authorized_rhost (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:836
+msgid ""
+"If access_provider=ldap and ldap_access_order=rhost, SSSD will use the "
+"presence of the rhost attribute in the user's LDAP entry to determine access "
+"privilege. Similarly to host verification process."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:843
+msgid ""
+"An explicit deny (!rhost) is resolved first. Second, SSSD searches for "
+"explicit allow (rhost) and finally for allow_all (*)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:848
+msgid ""
+"Please note that the ldap_access_order configuration option <emphasis>must</"
+"emphasis> include <quote>rhost</quote> in order for the "
+"ldap_user_authorized_rhost option to work."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:855
+msgid "Default: rhost"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:861
+msgid "ldap_user_certificate (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:864
msgid "Name of the LDAP attribute containing the X509 certificate of the user."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:840
-msgid "Default: no set in the general case, userCertificate;binary for IPA"
+#: sssd-ldap.5.xml:868
+msgid "Default: userCertificate;binary"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:847
+#: sssd-ldap.5.xml:874
msgid "ldap_user_email (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:850
+#: sssd-ldap.5.xml:877
msgid "Name of the LDAP attribute containing the email address of the user."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:854
+#: sssd-ldap.5.xml:881
msgid "Default: mail"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:860
+#: sssd-ldap.5.xml:887
msgid "ldap_group_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:863
+#: sssd-ldap.5.xml:890
msgid "The object class of a group entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:866
+#: sssd-ldap.5.xml:893
msgid "Default: posixGroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:872
+#: sssd-ldap.5.xml:899
msgid "ldap_group_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:875
+#: sssd-ldap.5.xml:902
msgid "The LDAP attribute that corresponds to the group name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:879
+#: sssd-ldap.5.xml:906
msgid "Default: cn (rfc2307, rfc2307bis and IPA), sAMAccountName (AD)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:886
+#: sssd-ldap.5.xml:913
msgid "ldap_group_gid_number (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:889
+#: sssd-ldap.5.xml:916
msgid "The LDAP attribute that corresponds to the group's id."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:899
+#: sssd-ldap.5.xml:926
msgid "ldap_group_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:902
+#: sssd-ldap.5.xml:929
msgid "The LDAP attribute that contains the names of the group's members."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:906
+#: sssd-ldap.5.xml:933
msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:912
+#: sssd-ldap.5.xml:939
msgid "ldap_group_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:915
+#: sssd-ldap.5.xml:942
msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:926
+#: sssd-ldap.5.xml:953
msgid "ldap_group_objectsid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:929
+#: sssd-ldap.5.xml:956
msgid ""
"The LDAP attribute that contains the objectSID of an LDAP group object. This "
"is usually only necessary for ActiveDirectory servers."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:941
+#: sssd-ldap.5.xml:968
msgid "ldap_group_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:954
+#: sssd-ldap.5.xml:981
msgid "ldap_group_type (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:957
+#: sssd-ldap.5.xml:984
msgid ""
"The LDAP attribute that contains an integer value indicating the type of the "
"group and maybe other flags."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:962
+#: sssd-ldap.5.xml:989
msgid ""
"This attribute is currently only used by the AD provider to determine if a "
"group is a domain local groups and has to be filtered out for trusted "
@@ -4584,34 +4823,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:968
+#: sssd-ldap.5.xml:995
msgid "Default: groupType in the AD provider, otherwise not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:975
+#: sssd-ldap.5.xml:1002
msgid "ldap_group_external_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:978
+#: sssd-ldap.5.xml:1005
msgid ""
"The LDAP attribute that references group members that are defined in an "
"external domain. At the moment, only IPA's external members are supported."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:984
+#: sssd-ldap.5.xml:1011
msgid "Default: ipaExternalMember in the IPA provider, otherwise unset."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:991
+#: sssd-ldap.5.xml:1018
msgid "ldap_group_nesting_level (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:994
+#: sssd-ldap.5.xml:1021
msgid ""
"If ldap_schema is set to a schema format that supports nested groups (e.g. "
"RFC2307bis), then this option controls how many levels of nesting SSSD will "
@@ -4619,7 +4858,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1001
+#: sssd-ldap.5.xml:1028
msgid ""
"Note: This option specifies the guaranteed level of nested groups to be "
"processed for any lookup. However, nested groups beyond this limit "
@@ -4629,7 +4868,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1010
+#: sssd-ldap.5.xml:1037
msgid ""
"If ldap_group_nesting_level is set to 0 then no nested groups are processed "
"at all. However, when connected to Active-Directory Server 2008 and later "
@@ -4639,17 +4878,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1019
+#: sssd-ldap.5.xml:1046
msgid "Default: 2"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1025
+#: sssd-ldap.5.xml:1052
msgid "ldap_groups_use_matching_rule_in_chain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1028
+#: sssd-ldap.5.xml:1055
msgid ""
"This option tells SSSD to take advantage of an Active Directory-specific "
"feature which may speed up group lookup operations on deployments with "
@@ -4657,14 +4896,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1034
+#: sssd-ldap.5.xml:1061
msgid ""
"In most common cases, it is best to leave this option disabled. It generally "
"only provides a performance increase on very complex nestings."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1039 sssd-ldap.5.xml:1066
+#: sssd-ldap.5.xml:1066 sssd-ldap.5.xml:1093
msgid ""
"If this option is enabled, SSSD will use it if it detects that the server "
"supports it during initial connection. So \"True\" here essentially means "
@@ -4672,7 +4911,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1045 sssd-ldap.5.xml:1072
+#: sssd-ldap.5.xml:1072 sssd-ldap.5.xml:1099
msgid ""
"Note: This feature is currently known to work only with Active Directory "
"2008 R1 and later. See <ulink url=\"http://msdn.microsoft.com/en-us/library/"
@@ -4681,12 +4920,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1057
+#: sssd-ldap.5.xml:1084
msgid "ldap_initgroups_use_matching_rule_in_chain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1060
+#: sssd-ldap.5.xml:1087
msgid ""
"This option tells SSSD to take advantage of an Active Directory-specific "
"feature which might speed up initgroups operations (most notably when "
@@ -4694,168 +4933,168 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1087
+#: sssd-ldap.5.xml:1114
msgid ""
"This options enables or disables use of Token-Groups attribute when "
"performing initgroup for users from Active Directory Server 2008 and later."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1092
+#: sssd-ldap.5.xml:1119
msgid "Default: True for AD and IPA otherwise False."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1098
+#: sssd-ldap.5.xml:1125
msgid "ldap_netgroup_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1101
+#: sssd-ldap.5.xml:1128
msgid "The object class of a netgroup entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1104
+#: sssd-ldap.5.xml:1131
msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1108
+#: sssd-ldap.5.xml:1135
msgid "Default: nisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1114
+#: sssd-ldap.5.xml:1141
msgid "ldap_netgroup_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1117
+#: sssd-ldap.5.xml:1144
msgid "The LDAP attribute that corresponds to the netgroup name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1121
+#: sssd-ldap.5.xml:1148
msgid "In IPA provider, ipa_netgroup_name should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1131
+#: sssd-ldap.5.xml:1158
msgid "ldap_netgroup_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1134
+#: sssd-ldap.5.xml:1161
msgid "The LDAP attribute that contains the names of the netgroup's members."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1138
+#: sssd-ldap.5.xml:1165
msgid "In IPA provider, ipa_netgroup_member should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1142
+#: sssd-ldap.5.xml:1169
msgid "Default: memberNisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1148
+#: sssd-ldap.5.xml:1175
msgid "ldap_netgroup_triple (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1151
+#: sssd-ldap.5.xml:1178
msgid ""
"The LDAP attribute that contains the (host, user, domain) netgroup triples."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1155 sssd-ldap.5.xml:1171
+#: sssd-ldap.5.xml:1182 sssd-ldap.5.xml:1198
msgid "This option is not available in IPA provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1158
+#: sssd-ldap.5.xml:1185
msgid "Default: nisNetgroupTriple"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1164
+#: sssd-ldap.5.xml:1191
msgid "ldap_netgroup_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1180
+#: sssd-ldap.5.xml:1207
msgid "ldap_service_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1183
+#: sssd-ldap.5.xml:1210
msgid "The object class of a service entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1186
+#: sssd-ldap.5.xml:1213
msgid "Default: ipService"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1192
+#: sssd-ldap.5.xml:1219
msgid "ldap_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1195
+#: sssd-ldap.5.xml:1222
msgid ""
"The LDAP attribute that contains the name of service attributes and their "
"aliases."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1205
+#: sssd-ldap.5.xml:1232
msgid "ldap_service_port (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1208
+#: sssd-ldap.5.xml:1235
msgid "The LDAP attribute that contains the port managed by this service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1212
+#: sssd-ldap.5.xml:1239
msgid "Default: ipServicePort"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1218
+#: sssd-ldap.5.xml:1245
msgid "ldap_service_proto (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1221
+#: sssd-ldap.5.xml:1248
msgid ""
"The LDAP attribute that contains the protocols understood by this service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1225
+#: sssd-ldap.5.xml:1252
msgid "Default: ipServiceProtocol"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1231
+#: sssd-ldap.5.xml:1258
msgid "ldap_service_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1236
+#: sssd-ldap.5.xml:1263
msgid "ldap_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1239
+#: sssd-ldap.5.xml:1266
msgid ""
"Specifies the timeout (in seconds) that ldap searches are allowed to run "
"before they are cancelled and cached results are returned (and offline mode "
@@ -4863,7 +5102,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1245
+#: sssd-ldap.5.xml:1272
msgid ""
"Note: this option is subject to change in future versions of the SSSD. It "
"will likely be replaced at some point by a series of timeouts for specific "
@@ -4871,12 +5110,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1257
+#: sssd-ldap.5.xml:1284
msgid "ldap_enumeration_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1260
+#: sssd-ldap.5.xml:1287
msgid ""
"Specifies the timeout (in seconds) that ldap searches for user and group "
"enumerations are allowed to run before they are cancelled and cached results "
@@ -4884,12 +5123,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1273
+#: sssd-ldap.5.xml:1300
msgid "ldap_network_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1276
+#: sssd-ldap.5.xml:1303
msgid ""
"Specifies the timeout (in seconds) after which the <citerefentry> "
"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
@@ -4900,12 +5139,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1299
+#: sssd-ldap.5.xml:1326
msgid "ldap_opt_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1302
+#: sssd-ldap.5.xml:1329
msgid ""
"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
"will abort if no response is received. Also controls the timeout when "
@@ -4914,12 +5153,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1317
+#: sssd-ldap.5.xml:1344
msgid "ldap_connection_expire_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1320
+#: sssd-ldap.5.xml:1347
msgid ""
"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
"maintained. After this time, the connection will be re-established. If used "
@@ -4928,34 +5167,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1328 sssd-ldap.5.xml:2397
+#: sssd-ldap.5.xml:1355 sssd-ldap.5.xml:2433
msgid "Default: 900 (15 minutes)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1334
+#: sssd-ldap.5.xml:1361
msgid "ldap_page_size (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1337
+#: sssd-ldap.5.xml:1364
msgid ""
"Specify the number of records to retrieve from LDAP in a single request. "
"Some LDAP servers enforce a maximum limit per-request."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1342
+#: sssd-ldap.5.xml:1369
msgid "Default: 1000"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1348
+#: sssd-ldap.5.xml:1375
msgid "ldap_disable_paging (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1351
+#: sssd-ldap.5.xml:1378
msgid ""
"Disable the LDAP paging control. This option should be used if the LDAP "
"server reports that it supports the LDAP paging control in its RootDSE but "
@@ -4963,14 +5202,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1357
+#: sssd-ldap.5.xml:1384
msgid ""
"Example: OpenLDAP servers with the paging control module installed on the "
"server but not enabled will report it in the RootDSE but be unable to use it."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1363
+#: sssd-ldap.5.xml:1390
msgid ""
"Example: 389 DS has a bug where it can only support a one paging control at "
"a time on a single connection. On busy clients, this can result in some "
@@ -4978,17 +5217,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1375
+#: sssd-ldap.5.xml:1402
msgid "ldap_disable_range_retrieval (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1378
+#: sssd-ldap.5.xml:1405
msgid "Disable Active Directory range retrieval."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1381
+#: sssd-ldap.5.xml:1408
msgid ""
"Active Directory limits the number of members to be retrieved in a single "
"lookup using the MaxValRange policy (which defaults to 1500 members). If a "
@@ -4998,12 +5237,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1396
+#: sssd-ldap.5.xml:1423
msgid "ldap_sasl_minssf (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1399
+#: sssd-ldap.5.xml:1426
msgid ""
"When communicating with an LDAP server using SASL, specify the minimum "
"security level necessary to establish the connection. The values of this "
@@ -5011,17 +5250,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1405
+#: sssd-ldap.5.xml:1432
msgid "Default: Use the system default (usually specified by ldap.conf)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1412
+#: sssd-ldap.5.xml:1439
msgid "ldap_deref_threshold (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1415
+#: sssd-ldap.5.xml:1442
msgid ""
"Specify the number of group members that must be missing from the internal "
"cache in order to trigger a dereference lookup. If less members are missing, "
@@ -5029,13 +5268,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1421
+#: sssd-ldap.5.xml:1448
msgid ""
"You can turn off dereference lookups completely by setting the value to 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1425
+#: sssd-ldap.5.xml:1452
msgid ""
"A dereference lookup is a means of fetching all group members in a single "
"LDAP call. Different LDAP servers may implement different dereference "
@@ -5044,7 +5283,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1433
+#: sssd-ldap.5.xml:1460
msgid ""
"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
"filter, then the dereference lookup performance enhancement will be disabled "
@@ -5052,26 +5291,26 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1446
+#: sssd-ldap.5.xml:1473
msgid "ldap_tls_reqcert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1449
+#: sssd-ldap.5.xml:1476
msgid ""
"Specifies what checks to perform on server certificates in a TLS session, if "
"any. It can be specified as one of the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1455
+#: sssd-ldap.5.xml:1482
msgid ""
"<emphasis>never</emphasis> = The client will not request or check any server "
"certificate."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1459
+#: sssd-ldap.5.xml:1486
msgid ""
"<emphasis>allow</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -5079,7 +5318,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1466
+#: sssd-ldap.5.xml:1493
msgid ""
"<emphasis>try</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -5087,7 +5326,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1472
+#: sssd-ldap.5.xml:1499
msgid ""
"<emphasis>demand</emphasis> = The server certificate is requested. If no "
"certificate is provided, or a bad certificate is provided, the session is "
@@ -5095,41 +5334,41 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1478
+#: sssd-ldap.5.xml:1505
msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1482
+#: sssd-ldap.5.xml:1509
msgid "Default: hard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1488
+#: sssd-ldap.5.xml:1515
msgid "ldap_tls_cacert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1491
+#: sssd-ldap.5.xml:1518
msgid ""
"Specifies the file that contains certificates for all of the Certificate "
"Authorities that <command>sssd</command> will recognize."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1496 sssd-ldap.5.xml:1514 sssd-ldap.5.xml:1555
+#: sssd-ldap.5.xml:1523 sssd-ldap.5.xml:1541 sssd-ldap.5.xml:1582
msgid ""
"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
"conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1503
+#: sssd-ldap.5.xml:1530
msgid "ldap_tls_cacertdir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1506
+#: sssd-ldap.5.xml:1533
msgid ""
"Specifies the path of a directory that contains Certificate Authority "
"certificates in separate individual files. Typically the file names need to "
@@ -5138,32 +5377,32 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1521
+#: sssd-ldap.5.xml:1548
msgid "ldap_tls_cert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1524
+#: sssd-ldap.5.xml:1551
msgid "Specifies the file that contains the certificate for the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1534
+#: sssd-ldap.5.xml:1561
msgid "ldap_tls_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1537
+#: sssd-ldap.5.xml:1564
msgid "Specifies the file that contains the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1546
+#: sssd-ldap.5.xml:1573
msgid "ldap_tls_cipher_suite (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1549
+#: sssd-ldap.5.xml:1576
msgid ""
"Specifies acceptable cipher suites. Typically this is a colon separated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -5171,24 +5410,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1562
+#: sssd-ldap.5.xml:1589
msgid "ldap_id_use_start_tls (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1565
+#: sssd-ldap.5.xml:1592
msgid ""
"Specifies that the id_provider connection must also use <systemitem class="
"\"protocol\">tls</systemitem> to protect the channel."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1575
+#: sssd-ldap.5.xml:1602
msgid "ldap_id_mapping (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1578
+#: sssd-ldap.5.xml:1605
msgid ""
"Specifies that SSSD should attempt to map user and group IDs from the "
"ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
@@ -5196,17 +5435,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1584
+#: sssd-ldap.5.xml:1611
msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1594
+#: sssd-ldap.5.xml:1621
msgid "ldap_min_id, ldap_max_id (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1597
+#: sssd-ldap.5.xml:1624
msgid ""
"In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
"set to true the allowed ID range for ldap_user_uid_number and "
@@ -5217,29 +5456,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1609
+#: sssd-ldap.5.xml:1636
msgid "Default: not set (both options are set to 0)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1615
+#: sssd-ldap.5.xml:1642
msgid "ldap_sasl_mech (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1618
+#: sssd-ldap.5.xml:1645
msgid ""
"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
"supported."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1628
+#: sssd-ldap.5.xml:1655
msgid "ldap_sasl_authid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1631
+#: sssd-ldap.5.xml:1658
msgid ""
"Specify the SASL authorization id to use. When GSSAPI is used, this "
"represents the Kerberos principal used for authentication to the directory. "
@@ -5248,17 +5487,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1639
+#: sssd-ldap.5.xml:1666
msgid "Default: host/hostname@REALM"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1645
+#: sssd-ldap.5.xml:1672
msgid "ldap_sasl_realm (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1648
+#: sssd-ldap.5.xml:1675
msgid ""
"Specify the SASL realm to use. When not specified, this option defaults to "
"the value of krb5_realm. If the ldap_sasl_authid contains the realm as "
@@ -5266,49 +5505,49 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1654
+#: sssd-ldap.5.xml:1681
msgid "Default: the value of krb5_realm."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1660
+#: sssd-ldap.5.xml:1687
msgid "ldap_sasl_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1663
+#: sssd-ldap.5.xml:1690
msgid ""
"If set to true, the LDAP library would perform a reverse lookup to "
"canonicalize the host name during a SASL bind."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1668
+#: sssd-ldap.5.xml:1695
msgid "Default: false;"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1674
+#: sssd-ldap.5.xml:1701
msgid "ldap_krb5_keytab (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1677
+#: sssd-ldap.5.xml:1704
msgid "Specify the keytab to use when using SASL/GSSAPI."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1680
+#: sssd-ldap.5.xml:1707
msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1686
+#: sssd-ldap.5.xml:1713
msgid "ldap_krb5_init_creds (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1689
+#: sssd-ldap.5.xml:1716
msgid ""
"Specifies that the id_provider should init Kerberos credentials (TGT). This "
"action is performed only if SASL is used and the mechanism selected is "
@@ -5316,27 +5555,27 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1701
+#: sssd-ldap.5.xml:1728
msgid "ldap_krb5_ticket_lifetime (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1704
+#: sssd-ldap.5.xml:1731
msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1708 sssd-ad.5.xml:914
+#: sssd-ldap.5.xml:1735 sssd-ad.5.xml:914
msgid "Default: 86400 (24 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1714 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1741 sssd-krb5.5.xml:74
msgid "krb5_server, krb5_backup_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1717
+#: sssd-ldap.5.xml:1744
msgid ""
"Specifies the comma-separated list of IP addresses or hostnames of the "
"Kerberos servers to which SSSD should connect in the order of preference. "
@@ -5348,7 +5587,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1729 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1756 sssd-krb5.5.xml:89
msgid ""
"When using service discovery for KDC or kpasswd servers, SSSD first searches "
"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -5356,7 +5595,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1734 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1761 sssd-krb5.5.xml:94
msgid ""
"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
"While the legacy name is recognized for the time being, users are advised to "
@@ -5364,39 +5603,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1743 sssd-ipa.5.xml:418 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1770 sssd-ipa.5.xml:432 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1746
+#: sssd-ldap.5.xml:1773
msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1749
+#: sssd-ldap.5.xml:1776
msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1755 sssd-krb5.5.xml:462
+#: sssd-ldap.5.xml:1782 sssd-krb5.5.xml:462
msgid "krb5_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1758
+#: sssd-ldap.5.xml:1785
msgid ""
"Specifies if the host principal should be canonicalized when connecting to "
"LDAP server. This feature is available with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1770 sssd-krb5.5.xml:477
+#: sssd-ldap.5.xml:1797 sssd-krb5.5.xml:477
msgid "krb5_use_kdcinfo (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1773 sssd-krb5.5.xml:480
+#: sssd-ldap.5.xml:1800 sssd-krb5.5.xml:480
msgid ""
"Specifies if the SSSD should instruct the Kerberos libraries what realm and "
"which KDCs to use. This option is on by default, if you disable it, you need "
@@ -5406,7 +5645,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1784 sssd-krb5.5.xml:491
+#: sssd-ldap.5.xml:1811 sssd-krb5.5.xml:491
msgid ""
"See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
@@ -5414,26 +5653,26 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1798
+#: sssd-ldap.5.xml:1825
msgid "ldap_pwd_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1801
+#: sssd-ldap.5.xml:1828
msgid ""
"Select the policy to evaluate the password expiration on the client side. "
"The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1806
+#: sssd-ldap.5.xml:1833
msgid ""
"<emphasis>none</emphasis> - No evaluation on the client side. This option "
"cannot disable server-side password policies."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1811
+#: sssd-ldap.5.xml:1838
msgid ""
"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -5441,7 +5680,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1817
+#: sssd-ldap.5.xml:1844
msgid ""
"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
"to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -5449,31 +5688,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1826
+#: sssd-ldap.5.xml:1853
msgid ""
"<emphasis>Note</emphasis>: if a password policy is configured on server "
"side, it always takes precedence over policy set with this option."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1834
+#: sssd-ldap.5.xml:1861
msgid "ldap_referrals (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1837
+#: sssd-ldap.5.xml:1864
msgid "Specifies whether automatic referral chasing should be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1841
+#: sssd-ldap.5.xml:1868
msgid ""
"Please note that sssd only supports referral chasing when it is compiled "
"with OpenLDAP version 2.4.13 or higher."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1846
+#: sssd-ldap.5.xml:1873
msgid ""
"Chasing referrals may incur a performance penalty in environments that use "
"them heavily, a notable example is Microsoft Active Directory. If your setup "
@@ -5482,56 +5721,56 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1860
+#: sssd-ldap.5.xml:1887
msgid "ldap_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1863
+#: sssd-ldap.5.xml:1890
msgid "Specifies the service name to use when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1867
+#: sssd-ldap.5.xml:1894
msgid "Default: ldap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1873
+#: sssd-ldap.5.xml:1900
msgid "ldap_chpass_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1876
+#: sssd-ldap.5.xml:1903
msgid ""
"Specifies the service name to use to find an LDAP server which allows "
"password changes when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1881
+#: sssd-ldap.5.xml:1908
msgid "Default: not set, i.e. service discovery is disabled"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1887
+#: sssd-ldap.5.xml:1914
msgid "ldap_chpass_update_last_change (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1890
+#: sssd-ldap.5.xml:1917
msgid ""
"Specifies whether to update the ldap_user_shadow_last_change attribute with "
"days since the Epoch after a password change operation."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1902
+#: sssd-ldap.5.xml:1929
msgid "ldap_access_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1905
+#: sssd-ldap.5.xml:1932
msgid ""
"If using access_provider = ldap and ldap_access_order = filter (default), "
"this option is mandatory. It specifies an LDAP search filter criteria that "
@@ -5547,12 +5786,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1925
+#: sssd-ldap.5.xml:1952
msgid "Example:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1928
+#: sssd-ldap.5.xml:1955
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -5561,14 +5800,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1932
+#: sssd-ldap.5.xml:1959
msgid ""
"This example means that access to this host is restricted to users whose "
"employeeType attribute is set to \"admin\"."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1937
+#: sssd-ldap.5.xml:1964
msgid ""
"Offline caching for this feature is limited to determining whether the "
"user's last online login was granted access permission. If they were granted "
@@ -5577,24 +5816,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1945 sssd-ldap.5.xml:2002
+#: sssd-ldap.5.xml:1972 sssd-ldap.5.xml:2029
msgid "Default: Empty"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1951
+#: sssd-ldap.5.xml:1978
msgid "ldap_account_expire_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1954
+#: sssd-ldap.5.xml:1981
msgid ""
"With this option a client side evaluation of access control attributes can "
"be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1958
+#: sssd-ldap.5.xml:1985
msgid ""
"Please note that it is always recommended to use server side access control, "
"i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -5602,19 +5841,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1965
+#: sssd-ldap.5.xml:1992
msgid "The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1968
+#: sssd-ldap.5.xml:1995
msgid ""
"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
"determine if the account is expired."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1973
+#: sssd-ldap.5.xml:2000
msgid ""
"<emphasis>ad</emphasis>: use the value of the 32bit field "
"ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -5623,7 +5862,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1980
+#: sssd-ldap.5.xml:2007
msgid ""
"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
"emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -5631,7 +5870,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1986
+#: sssd-ldap.5.xml:2013
msgid ""
"<emphasis>nds</emphasis>: the values of "
"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -5640,7 +5879,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1995
+#: sssd-ldap.5.xml:2022
msgid ""
"Please note that the ldap_access_order configuration option <emphasis>must</"
"emphasis> include <quote>expire</quote> in order for the "
@@ -5648,22 +5887,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2008
+#: sssd-ldap.5.xml:2035
msgid "ldap_access_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2011
+#: sssd-ldap.5.xml:2038
msgid "Comma separated list of access control options. Allowed values are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2015
+#: sssd-ldap.5.xml:2042
msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2018
+#: sssd-ldap.5.xml:2045
msgid ""
"<emphasis>lockout</emphasis>: use account locking. If set, this option "
"denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -5673,14 +5912,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2028
+#: sssd-ldap.5.xml:2055
msgid ""
"<emphasis> Please note that this option is superseded by the <quote>ppolicy</"
"quote> option and might be removed in a future release. </emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2035
+#: sssd-ldap.5.xml:2062
msgid ""
"<emphasis>ppolicy</emphasis>: use account locking. If set, this option "
"denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
@@ -5693,12 +5932,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2052
+#: sssd-ldap.5.xml:2079
msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2056
+#: sssd-ldap.5.xml:2083
msgid ""
"<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, "
"pwd_expire_policy_renew: </emphasis> These options are useful if users are "
@@ -5708,7 +5947,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2066
+#: sssd-ldap.5.xml:2093
msgid ""
"The difference between these options is the action taken if user password is "
"expired: pwd_expire_policy_reject - user is denied to log in, "
@@ -5718,49 +5957,63 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2074
+#: sssd-ldap.5.xml:2101
msgid ""
"Note If user password is expired no explicit message is prompted by SSSD."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2078
+#: sssd-ldap.5.xml:2105
msgid ""
"Please note that 'access_provider = ldap' must be set for this feature to "
"work. Also 'ldap_pwd_policy' must be set to an appropriate password policy."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2083
+#: sssd-ldap.5.xml:2110
msgid ""
"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
"to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2088
+#: sssd-ldap.5.xml:2115
msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2092
+#: sssd-ldap.5.xml:2119
+msgid ""
+"<emphasis>rhost</emphasis>: use the rhost attribute to determine whether "
+"remote host can access"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2123
+msgid ""
+"Please note, rhost field in pam is set by application, it is better to check "
+"what the application sends to pam, before enabling this access control option"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:2128
msgid "Default: filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2095
+#: sssd-ldap.5.xml:2131
msgid ""
"Please note that it is a configuration error if a value is used more than "
"once."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2102
+#: sssd-ldap.5.xml:2138
msgid "ldap_pwdlockout_dn (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2105
+#: sssd-ldap.5.xml:2141
msgid ""
"This option specifies the DN of password policy entry on LDAP server. Please "
"note that absence of this option in sssd.conf in case of enabled account "
@@ -5769,74 +6022,74 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2113
+#: sssd-ldap.5.xml:2149
msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2116
+#: sssd-ldap.5.xml:2152
msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2122
+#: sssd-ldap.5.xml:2158
msgid "ldap_deref (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2125
+#: sssd-ldap.5.xml:2161
msgid ""
"Specifies how alias dereferencing is done when performing a search. The "
"following options are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2130
+#: sssd-ldap.5.xml:2166
msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2134
+#: sssd-ldap.5.xml:2170
msgid ""
"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
"the base object, but not in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2139
+#: sssd-ldap.5.xml:2175
msgid ""
"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
"the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2144
+#: sssd-ldap.5.xml:2180
msgid ""
"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
"in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2149
+#: sssd-ldap.5.xml:2185
msgid ""
"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
"client libraries)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2157
+#: sssd-ldap.5.xml:2193
msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2160
+#: sssd-ldap.5.xml:2196
msgid ""
"Allows to retain local users as members of an LDAP group for servers that "
"use the RFC2307 schema."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2164
+#: sssd-ldap.5.xml:2200
msgid ""
"In some environments where the RFC2307 schema is used, local users are made "
"members of LDAP groups by adding their names to the memberUid attribute. "
@@ -5847,7 +6100,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2175
+#: sssd-ldap.5.xml:2211
msgid ""
"This option falls back to checking if local users are referenced, and caches "
"them so that later initgroups() calls will augment the local users with the "
@@ -5855,24 +6108,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2187 sssd-ifp.5.xml:136
-msgid "wildcart_limit (integer)"
+#: sssd-ldap.5.xml:2223 sssd-ifp.5.xml:136
+msgid "wildcard_limit (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2190
+#: sssd-ldap.5.xml:2226
msgid ""
"Specifies an upper limit on the number of entries that are downloaded during "
"a wildcard lookup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2194
+#: sssd-ldap.5.xml:2230
msgid "At the moment, only the InfoPipe responder supports wildcard lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2198
+#: sssd-ldap.5.xml:2234
msgid "Default: 1000 (often the size of one page)"
msgstr ""
@@ -5887,12 +6140,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2208
+#: sssd-ldap.5.xml:2244
msgid "SUDO OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2210
+#: sssd-ldap.5.xml:2246
msgid ""
"The detailed instructions for configuration of sudo_provider are in the "
"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
@@ -5900,208 +6153,208 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2221
+#: sssd-ldap.5.xml:2257
msgid "ldap_sudorule_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2224
+#: sssd-ldap.5.xml:2260
msgid "The object class of a sudo rule entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2227
+#: sssd-ldap.5.xml:2263
msgid "Default: sudoRole"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2233
+#: sssd-ldap.5.xml:2269
msgid "ldap_sudorule_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2236
+#: sssd-ldap.5.xml:2272
msgid "The LDAP attribute that corresponds to the sudo rule name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2246
+#: sssd-ldap.5.xml:2282
msgid "ldap_sudorule_command (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2249
+#: sssd-ldap.5.xml:2285
msgid "The LDAP attribute that corresponds to the command name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2253
+#: sssd-ldap.5.xml:2289
msgid "Default: sudoCommand"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2259
+#: sssd-ldap.5.xml:2295
msgid "ldap_sudorule_host (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2262
+#: sssd-ldap.5.xml:2298
msgid ""
"The LDAP attribute that corresponds to the host name (or host IP address, "
"host IP network, or host netgroup)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2267
+#: sssd-ldap.5.xml:2303
msgid "Default: sudoHost"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2273
+#: sssd-ldap.5.xml:2309
msgid "ldap_sudorule_user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2276
+#: sssd-ldap.5.xml:2312
msgid ""
"The LDAP attribute that corresponds to the user name (or UID, group name or "
"user's netgroup)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2280
+#: sssd-ldap.5.xml:2316
msgid "Default: sudoUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2286
+#: sssd-ldap.5.xml:2322
msgid "ldap_sudorule_option (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2289
+#: sssd-ldap.5.xml:2325
msgid "The LDAP attribute that corresponds to the sudo options."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2293
+#: sssd-ldap.5.xml:2329
msgid "Default: sudoOption"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2299
+#: sssd-ldap.5.xml:2335
msgid "ldap_sudorule_runasuser (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2302
+#: sssd-ldap.5.xml:2338
msgid ""
"The LDAP attribute that corresponds to the user name that commands may be "
"run as."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2306
+#: sssd-ldap.5.xml:2342
msgid "Default: sudoRunAsUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2312
+#: sssd-ldap.5.xml:2348
msgid "ldap_sudorule_runasgroup (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2315
+#: sssd-ldap.5.xml:2351
msgid ""
"The LDAP attribute that corresponds to the group name or group GID that "
"commands may be run as."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2319
+#: sssd-ldap.5.xml:2355
msgid "Default: sudoRunAsGroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2325
+#: sssd-ldap.5.xml:2361
msgid "ldap_sudorule_notbefore (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2328
+#: sssd-ldap.5.xml:2364
msgid ""
"The LDAP attribute that corresponds to the start date/time for when the sudo "
"rule is valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2332
+#: sssd-ldap.5.xml:2368
msgid "Default: sudoNotBefore"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2338
+#: sssd-ldap.5.xml:2374
msgid "ldap_sudorule_notafter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2341
+#: sssd-ldap.5.xml:2377
msgid ""
"The LDAP attribute that corresponds to the expiration date/time, after which "
"the sudo rule will no longer be valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2346
+#: sssd-ldap.5.xml:2382
msgid "Default: sudoNotAfter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2352
+#: sssd-ldap.5.xml:2388
msgid "ldap_sudorule_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2355
+#: sssd-ldap.5.xml:2391
msgid "The LDAP attribute that corresponds to the ordering index of the rule."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2359
+#: sssd-ldap.5.xml:2395
msgid "Default: sudoOrder"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2365
+#: sssd-ldap.5.xml:2401
msgid "ldap_sudo_full_refresh_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2368
+#: sssd-ldap.5.xml:2404
msgid ""
"How many seconds SSSD will wait between executing a full refresh of sudo "
"rules (which downloads all rules that are stored on the server)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2373
+#: sssd-ldap.5.xml:2409
msgid ""
"The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
"emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2378
+#: sssd-ldap.5.xml:2414
msgid "Default: 21600 (6 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2384
+#: sssd-ldap.5.xml:2420
msgid "ldap_sudo_smart_refresh_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2387
+#: sssd-ldap.5.xml:2423
msgid ""
"How many seconds SSSD has to wait before executing a smart refresh of sudo "
"rules (which downloads all rules that have USN higher than the highest USN "
@@ -6109,101 +6362,101 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2393
+#: sssd-ldap.5.xml:2429
msgid ""
"If USN attributes are not supported by the server, the modifyTimestamp "
"attribute is used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2403
+#: sssd-ldap.5.xml:2439
msgid "ldap_sudo_use_host_filter (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2406
+#: sssd-ldap.5.xml:2442
msgid ""
"If true, SSSD will download only rules that are applicable to this machine "
"(using the IPv4 or IPv6 host/network addresses and hostnames)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2417
+#: sssd-ldap.5.xml:2453
msgid "ldap_sudo_hostnames (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2420
+#: sssd-ldap.5.xml:2456
msgid ""
"Space separated list of hostnames or fully qualified domain names that "
"should be used to filter the rules."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2425
+#: sssd-ldap.5.xml:2461
msgid ""
"If this option is empty, SSSD will try to discover the hostname and the "
"fully qualified domain name automatically."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2430 sssd-ldap.5.xml:2453 sssd-ldap.5.xml:2471
-#: sssd-ldap.5.xml:2489
+#: sssd-ldap.5.xml:2466 sssd-ldap.5.xml:2489 sssd-ldap.5.xml:2507
+#: sssd-ldap.5.xml:2525
msgid ""
"If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
"emphasis> then this option has no effect."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2435 sssd-ldap.5.xml:2458
+#: sssd-ldap.5.xml:2471 sssd-ldap.5.xml:2494
msgid "Default: not specified"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2441
+#: sssd-ldap.5.xml:2477
msgid "ldap_sudo_ip (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2444
+#: sssd-ldap.5.xml:2480
msgid ""
"Space separated list of IPv4 or IPv6 host/network addresses that should be "
"used to filter the rules."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2449
+#: sssd-ldap.5.xml:2485
msgid ""
"If this option is empty, SSSD will try to discover the addresses "
"automatically."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2464
+#: sssd-ldap.5.xml:2500
msgid "ldap_sudo_include_netgroups (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2467
+#: sssd-ldap.5.xml:2503
msgid ""
"If true then SSSD will download every rule that contains a netgroup in "
"sudoHost attribute."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2482
+#: sssd-ldap.5.xml:2518
msgid "ldap_sudo_include_regexp (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2485
+#: sssd-ldap.5.xml:2521
msgid ""
"If true then SSSD will download every rule that contains a wildcard in "
"sudoHost attribute."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2501
+#: sssd-ldap.5.xml:2537
msgid ""
"This manual page only describes attribute name mapping. For detailed "
"explanation of sudo related attribute semantics, see <citerefentry> "
@@ -6212,111 +6465,111 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2511
+#: sssd-ldap.5.xml:2547
msgid "AUTOFS OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2513
+#: sssd-ldap.5.xml:2549
msgid ""
"Some of the defaults for the parameters below are dependent on the LDAP "
"schema."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2519
+#: sssd-ldap.5.xml:2555
msgid "ldap_autofs_map_master_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2522
+#: sssd-ldap.5.xml:2558
msgid "The name of the automount master map in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2525
+#: sssd-ldap.5.xml:2561
msgid "Default: auto.master"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2532
+#: sssd-ldap.5.xml:2568
msgid "ldap_autofs_map_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2535
+#: sssd-ldap.5.xml:2571
msgid "The object class of an automount map entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2538
+#: sssd-ldap.5.xml:2574
msgid "Default: nisMap (rfc2307, autofs_provider=ad), otherwise automountMap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2546
+#: sssd-ldap.5.xml:2582
msgid "ldap_autofs_map_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2549
+#: sssd-ldap.5.xml:2585
msgid "The name of an automount map entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2552
+#: sssd-ldap.5.xml:2588
msgid ""
"Default: nisMapName (rfc2307, autofs_provider=ad), otherwise automountMapName"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2560
+#: sssd-ldap.5.xml:2596
msgid "ldap_autofs_entry_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2563
+#: sssd-ldap.5.xml:2599
msgid ""
"The object class of an automount entry in LDAP. The entry usually "
"corresponds to a mount point."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2568
+#: sssd-ldap.5.xml:2604
msgid "Default: nisObject (rfc2307, autofs_provider=ad), otherwise automount"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2576
+#: sssd-ldap.5.xml:2612
msgid "ldap_autofs_entry_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2579 sssd-ldap.5.xml:2594
+#: sssd-ldap.5.xml:2615 sssd-ldap.5.xml:2630
msgid ""
"The key of an automount entry in LDAP. The entry usually corresponds to a "
"mount point."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2583
+#: sssd-ldap.5.xml:2619
msgid "Default: cn (rfc2307, autofs_provider=ad), otherwise automountKey"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2591
+#: sssd-ldap.5.xml:2627
msgid "ldap_autofs_entry_value (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2598
+#: sssd-ldap.5.xml:2634
msgid ""
"Default: nisMapEntry (rfc2307, autofs_provider=ad), otherwise "
"automountInformation"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2517
+#: sssd-ldap.5.xml:2553
msgid ""
"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
@@ -6325,56 +6578,56 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2609
+#: sssd-ldap.5.xml:2645
msgid "ADVANCED OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2616
+#: sssd-ldap.5.xml:2652
msgid "ldap_netgroup_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2621
+#: sssd-ldap.5.xml:2657
msgid "ldap_user_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2626
+#: sssd-ldap.5.xml:2662
msgid "ldap_group_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><note>
-#: sssd-ldap.5.xml:2631
+#: sssd-ldap.5.xml:2667
msgid "<note>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para>
-#: sssd-ldap.5.xml:2633
+#: sssd-ldap.5.xml:2669
msgid ""
-"If the option <quote>ldap_use_tokengroups</quote> is enabled. The searches "
+"If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches "
"against Active Directory will not be restricted and return all groups "
"memberships, even with no GID mapping. It is recommended to disable this "
"feature, if group names are not being displayed correctly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist>
-#: sssd-ldap.5.xml:2640
+#: sssd-ldap.5.xml:2676
msgid "</note>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2642
+#: sssd-ldap.5.xml:2678
msgid "ldap_sudo_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2647
+#: sssd-ldap.5.xml:2683
msgid "ldap_autofs_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2611
+#: sssd-ldap.5.xml:2647
msgid ""
"These options are supported by LDAP domains, but they should be used with "
"caution. Please include them in your configuration only if you know what you "
@@ -6382,8 +6635,15 @@ msgid ""
"\"variablelist\" id=\"1\"/>"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd-ldap.5.xml:2698 sssd-simple.5.xml:131 sssd-ipa.5.xml:717
+#: sssd-ad.5.xml:1018 sssd-krb5.5.xml:570 sss_rpcidmapd.5.xml:98
+#: sssd-files.5.xml:71 sssd-session-recording.5.xml:144
+msgid "EXAMPLE"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2664
+#: sssd-ldap.5.xml:2700
msgid ""
"The following example assumes that SSSD is correctly configured and LDAP is "
"set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -6391,7 +6651,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2670
+#: sssd-ldap.5.xml:2706
#, no-wrap
msgid ""
"[domain/LDAP]\n"
@@ -6404,26 +6664,27 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><para>
-#: sssd-ldap.5.xml:2669 sssd-ldap.5.xml:2687 sssd-simple.5.xml:139
-#: sssd-ipa.5.xml:681 sssd-ad.5.xml:1026 sssd-sudo.5.xml:56 sssd-krb5.5.xml:579
-#: sssd-files.5.xml:78 include/ldap_id_mapping.xml:105
+#: sssd-ldap.5.xml:2705 sssd-ldap.5.xml:2723 sssd-simple.5.xml:139
+#: sssd-ipa.5.xml:725 sssd-ad.5.xml:1026 sssd-sudo.5.xml:56 sssd-krb5.5.xml:579
+#: sssd-files.5.xml:78 sssd-session-recording.5.xml:150
+#: include/ldap_id_mapping.xml:105
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2681
+#: sssd-ldap.5.xml:2717
msgid "LDAP ACCESS FILTER EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2683
+#: sssd-ldap.5.xml:2719
msgid ""
"The following example assumes that SSSD is correctly configured and to use "
"the ldap_access_order=lockout."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2688
+#: sssd-ldap.5.xml:2724
#, no-wrap
msgid ""
"[domain/LDAP]\n"
@@ -6439,13 +6700,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2703 sssd_krb5_locator_plugin.8.xml:61 sssd-simple.5.xml:148
+#: sssd-ldap.5.xml:2739 sssd_krb5_locator_plugin.8.xml:61 sssd-simple.5.xml:148
#: sssd-ad.5.xml:1041 sssd.8.xml:195 sss_seed.8.xml:163
msgid "NOTES"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2705
+#: sssd-ldap.5.xml:2741
msgid ""
"The descriptions of some of the configuration options in this manual page "
"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -6946,9 +7207,9 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
#: sss-certmap.5.xml:45
msgid ""
-"The rules are process by priority while the number '0' (zero) indicates the "
-"highest priority. The higher the number the lower is the priority. A missing "
-"value indicates the lowest priority."
+"The rules are processed by priority while the number '0' (zero) indicates "
+"the highest priority. The higher the number the lower is the priority. A "
+"missing value indicates the lowest priority."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
@@ -7032,7 +7293,7 @@ msgstr ""
#: sss-certmap.5.xml:112
msgid ""
"This option can be used to specify which key usage values the certificate "
-"should have. The following value can be used in a comma separate list:"
+"should have. The following values can be used in a comma separated list:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
@@ -7409,7 +7670,7 @@ msgid ""
"exception is the proxy provider which is not of relevance here). Because of "
"this the mapping rule is based on LDAP search filter syntax with templates "
"to add certificate content to the filter. It is expected that the filter "
-"will only contain the specific data needed for the mapping an that the "
+"will only contain the specific data needed for the mapping and that the "
"caller will embed it in another filter to do the actual search. Because of "
"this the filter string should start and stop with '(' and ')' respectively."
msgstr ""
@@ -7429,8 +7690,8 @@ msgid ""
"This should be preferred to read user specific data from the certificate "
"like e.g. an email address and search for it in the LDAP server. The reason "
"is that the user specific data in LDAP might change for various reasons "
-"would would break the mapping. On the other hand it would be hard to break "
-"the mapping on purpose for a specific user."
+"would break the mapping. On the other hand it would be hard to break the "
+"mapping on purpose for a specific user."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
@@ -7524,7 +7785,7 @@ msgstr ""
msgid ""
"This template will add the Kerberos principal which is taken either from the "
"SAN used by pkinit or the one used by AD. The 'short_name' component "
-"represent the first part of the principal before the '@' sign."
+"represents the first part of the principal before the '@' sign."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
@@ -7542,8 +7803,8 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sss-certmap.5.xml:459
msgid ""
-"This template will add the Kerberos principal which is given by then SAN "
-"used by pkinit. The 'short_name' component represent the first part of the "
+"This template will add the Kerberos principal which is given by the SAN used "
+"by pkinit. The 'short_name' component represents the first part of the "
"principal before the '@' sign."
msgstr ""
@@ -7562,9 +7823,9 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sss-certmap.5.xml:473
msgid ""
-"This template will add the Kerberos principal which is given by then SAN "
-"used by AD. The 'short_name' component represent the first part of the "
-"principal before the '@' sign."
+"This template will add the Kerberos principal which is given by the SAN used "
+"by AD. The 'short_name' component represent the first part of the principal "
+"before the '@' sign."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
@@ -7577,7 +7838,7 @@ msgstr ""
msgid ""
"This template will add the string which is stored in the rfc822Name "
"component of the SAN, typically an email address. The 'short_name' component "
-"represent the first part of the address before the '@' sign."
+"represents the first part of the address before the '@' sign."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
@@ -7597,7 +7858,7 @@ msgstr ""
msgid ""
"This template will add the string which is stored in the dNSName component "
"of the SAN, typically a fully-qualified host name. The 'short_name' "
-"component represent the first part of the name before the first '.' sign."
+"component represents the first part of the name before the first '.' sign."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
@@ -7713,7 +7974,7 @@ msgstr ""
#: sss-certmap.5.xml:367
msgid ""
"The templates to add certificate data to the search filter are based on "
-"Python-style formatting strings. They consists of a keyword in curly braces "
+"Python-style formatting strings. They consist of a keyword in curly braces "
"with an optional sub-component specifier separated by a '.' or an optional "
"conversion/formatting option separated by a '!'. Allowed values are: "
"<placeholder type=\"variablelist\" id=\"0\"/>"
@@ -7833,16 +8094,17 @@ msgstr ""
#: sssd-ipa.5.xml:113
msgid ""
"Optional. May be set on machines where the hostname(5) does not reflect the "
-"fully qualified name used in the IPA domain to identify this host."
+"fully qualified name used in the IPA domain to identify this host. The "
+"hostname must be fully qualified."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:121 sssd-ad.5.xml:843
+#: sssd-ipa.5.xml:122 sssd-ad.5.xml:843
msgid "dyndns_update (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:124
+#: sssd-ipa.5.xml:125
msgid ""
"Optional. This option tells SSSD to automatically update the DNS server "
"built into FreeIPA with the IP address of this client. The update is secured "
@@ -7852,14 +8114,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:133 sssd-ad.5.xml:857
+#: sssd-ipa.5.xml:134 sssd-ad.5.xml:857
msgid ""
"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
"the default Kerberos realm must be set properly in /etc/krb5.conf"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:138
+#: sssd-ipa.5.xml:139
msgid ""
"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_update</"
"emphasis> option, users should migrate to using <emphasis>dyndns_update</"
@@ -7867,12 +8129,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:150 sssd-ad.5.xml:868
+#: sssd-ipa.5.xml:151 sssd-ad.5.xml:868
msgid "dyndns_ttl (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:153 sssd-ad.5.xml:871
+#: sssd-ipa.5.xml:154 sssd-ad.5.xml:871
msgid ""
"The TTL to apply to the client DNS record when updating it. If "
"dyndns_update is false this has no effect. This will override the TTL "
@@ -7880,7 +8142,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:158
+#: sssd-ipa.5.xml:159
msgid ""
"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_ttl</"
"emphasis> option, users should migrate to using <emphasis>dyndns_ttl</"
@@ -7888,17 +8150,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:164
+#: sssd-ipa.5.xml:165
msgid "Default: 1200 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:170 sssd-ad.5.xml:882
+#: sssd-ipa.5.xml:171 sssd-ad.5.xml:882
msgid "dyndns_iface (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:173 sssd-ad.5.xml:885
+#: sssd-ipa.5.xml:174 sssd-ad.5.xml:885
msgid ""
"Optional. Applicable only when dyndns_update is true. Choose the interface "
"or a list of interfaces whose IP addresses should be used for dynamic DNS "
@@ -7907,7 +8169,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:180
+#: sssd-ipa.5.xml:181
msgid ""
"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_iface</"
"emphasis> option, users should migrate to using <emphasis>dyndns_iface</"
@@ -7915,24 +8177,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:186
+#: sssd-ipa.5.xml:187
msgid ""
"Default: Use the IP addresses of the interface which is used for IPA LDAP "
"connection"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:190 sssd-ad.5.xml:896
+#: sssd-ipa.5.xml:191 sssd-ad.5.xml:896
msgid "Example: dyndns_iface = em1, vnet1, vnet2"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:196 sssd-ad.5.xml:947
+#: sssd-ipa.5.xml:197 sssd-ad.5.xml:947
msgid "dyndns_auth (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:199 sssd-ad.5.xml:950
+#: sssd-ipa.5.xml:200 sssd-ad.5.xml:950
msgid ""
"Whether the nsupdate utility should use GSS-TSIG authentication for secure "
"updates with the DNS server, insecure updates can be sent by setting this "
@@ -7940,22 +8202,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:205 sssd-ad.5.xml:956
+#: sssd-ipa.5.xml:206 sssd-ad.5.xml:956
msgid "Default: GSS-TSIG"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:211
+#: sssd-ipa.5.xml:212
msgid "ipa_enable_dns_sites (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:214 sssd-ad.5.xml:197
+#: sssd-ipa.5.xml:215 sssd-ad.5.xml:197
msgid "Enables DNS sites - location based service discovery."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:218
+#: sssd-ipa.5.xml:219
msgid ""
"If true and service discovery (see Service Discovery paragraph at the bottom "
"of the man page) is enabled, then the SSSD will first attempt location "
@@ -7967,12 +8229,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:237 sssd-ad.5.xml:902
+#: sssd-ipa.5.xml:238 sssd-ad.5.xml:902
msgid "dyndns_refresh_interval (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:240
+#: sssd-ipa.5.xml:241
msgid ""
"How often should the back end perform periodic DNS update in addition to the "
"automatic update performed when the back end goes online. This option is "
@@ -7980,234 +8242,276 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:253 sssd-ad.5.xml:920
+#: sssd-ipa.5.xml:254 sssd-ad.5.xml:920
msgid "dyndns_update_ptr (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:256 sssd-ad.5.xml:923
+#: sssd-ipa.5.xml:257 sssd-ad.5.xml:923
msgid ""
"Whether the PTR record should also be explicitly updated when updating the "
"client's DNS records. Applicable only when dyndns_update is true."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:261
+#: sssd-ipa.5.xml:262
msgid ""
"This option should be False in most IPA deployments as the IPA server "
"generates the PTR records automatically when forward records are changed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:267
+#: sssd-ipa.5.xml:268
msgid "Default: False (disabled)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:273 sssd-ad.5.xml:934
+#: sssd-ipa.5.xml:274 sssd-ad.5.xml:934
msgid "dyndns_force_tcp (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:276 sssd-ad.5.xml:937
+#: sssd-ipa.5.xml:277 sssd-ad.5.xml:937
msgid ""
"Whether the nsupdate utility should default to using TCP for communicating "
"with the DNS server."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:280 sssd-ad.5.xml:941
+#: sssd-ipa.5.xml:281 sssd-ad.5.xml:941
msgid "Default: False (let nsupdate choose the protocol)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:286 sssd-ad.5.xml:962
+#: sssd-ipa.5.xml:287 sssd-ad.5.xml:962
msgid "dyndns_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:289 sssd-ad.5.xml:965
+#: sssd-ipa.5.xml:290 sssd-ad.5.xml:965
msgid ""
"The DNS server to use when performing a DNS update. In most setups, it's "
"recommended to leave this option unset."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:294 sssd-ad.5.xml:970
+#: sssd-ipa.5.xml:295 sssd-ad.5.xml:970
msgid ""
"Setting this option makes sense for environments where the DNS server is "
"different from the identity server."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:299 sssd-ad.5.xml:975
+#: sssd-ipa.5.xml:300 sssd-ad.5.xml:975
msgid ""
"Please note that this option will be only used in fallback attempt when "
"previous attempt using autodetected settings failed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:304 sssd-ad.5.xml:980
+#: sssd-ipa.5.xml:305 sssd-ad.5.xml:980
msgid "Default: None (let nsupdate choose the server)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:310
-msgid "ipa_hbac_search_base (string)"
+#: sssd-ipa.5.xml:311
+msgid "ipa_deskprofile_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:313
-msgid "Optional. Use the given string as search base for HBAC related objects."
+#: sssd-ipa.5.xml:314
+msgid ""
+"Optional. Use the given string as search base for Desktop Profile related "
+"objects."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:317
+#: sssd-ipa.5.xml:318 sssd-ipa.5.xml:331
msgid "Default: Use base DN"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:323
+#: sssd-ipa.5.xml:324
+msgid "ipa_hbac_search_base (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:327
+msgid "Optional. Use the given string as search base for HBAC related objects."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:337
msgid "ipa_host_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:326
+#: sssd-ipa.5.xml:340
msgid "Optional. Use the given string as search base for host objects."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:330 sssd-ipa.5.xml:349 sssd-ipa.5.xml:368 sssd-ipa.5.xml:387
-#: sssd-ipa.5.xml:406
+#: sssd-ipa.5.xml:344 sssd-ipa.5.xml:363 sssd-ipa.5.xml:382 sssd-ipa.5.xml:401
+#: sssd-ipa.5.xml:420
msgid ""
"See <quote>ldap_search_base</quote> for information about configuring "
"multiple search bases."
msgstr ""
#. type: Content of: <listitem><para>
-#: sssd-ipa.5.xml:335 sssd-ipa.5.xml:354 include/ldap_search_bases.xml:27
+#: sssd-ipa.5.xml:349 sssd-ipa.5.xml:368 include/ldap_search_bases.xml:27
msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:342
+#: sssd-ipa.5.xml:356
msgid "ipa_selinux_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:345
+#: sssd-ipa.5.xml:359
msgid "Optional. Use the given string as search base for SELinux user maps."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:361
+#: sssd-ipa.5.xml:375
msgid "ipa_subdomains_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:364
+#: sssd-ipa.5.xml:378
msgid "Optional. Use the given string as search base for trusted domains."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:373
+#: sssd-ipa.5.xml:387
msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:380
+#: sssd-ipa.5.xml:394
msgid "ipa_master_domain_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:383
+#: sssd-ipa.5.xml:397
msgid "Optional. Use the given string as search base for master domain object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:392
+#: sssd-ipa.5.xml:406
msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:399
+#: sssd-ipa.5.xml:413
msgid "ipa_views_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:402
+#: sssd-ipa.5.xml:416
msgid "Optional. Use the given string as search base for views containers."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:411
+#: sssd-ipa.5.xml:425
msgid "Default: the value of <emphasis>cn=views,cn=accounts,%basedn</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:421
+#: sssd-ipa.5.xml:435
msgid ""
"The name of the Kerberos realm. This is optional and defaults to the value "
"of <quote>ipa_domain</quote>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:425
+#: sssd-ipa.5.xml:439
msgid ""
"The name of the Kerberos realm has a special meaning in IPA - it is "
"converted into the base DN to use for performing LDAP operations."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:433 sssd-ad.5.xml:989
+#: sssd-ipa.5.xml:447 sssd-ad.5.xml:989
msgid "krb5_confd_path (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:436 sssd-ad.5.xml:992
+#: sssd-ipa.5.xml:450 sssd-ad.5.xml:992
msgid ""
"Absolute path of a directory where SSSD should place Kerberos configuration "
"snippets."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:440 sssd-ad.5.xml:996
+#: sssd-ipa.5.xml:454 sssd-ad.5.xml:996
msgid ""
"To disable the creation of the configuration snippets set the parameter to "
"'none'."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:444 sssd-ad.5.xml:1000
+#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1000
msgid ""
"Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:451
-msgid "ipa_hbac_refresh (integer)"
+#: sssd-ipa.5.xml:465
+msgid "ipa_deskprofile_refresh (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:454
+#: sssd-ipa.5.xml:468
msgid ""
-"The amount of time between lookups of the HBAC rules against the IPA server. "
-"This will reduce the latency and load on the IPA server if there are many "
-"access-control requests made in a short period."
+"The amount of time between lookups of the Desktop Profile rules against the "
+"IPA server. This will reduce the latency and load on the IPA server if there "
+"are many desktop profiles requests made in a short period."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:461 sssd-ipa.5.xml:477 sssd-ad.5.xml:408
+#: sssd-ipa.5.xml:475 sssd-ipa.5.xml:505 sssd-ipa.5.xml:521 sssd-ad.5.xml:408
msgid "Default: 5 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:467
+#: sssd-ipa.5.xml:481
+msgid "ipa_deskprofile_request_interval (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:484
+msgid ""
+"The amount of time between lookups of the Desktop Profile rules against the "
+"IPA server in case the last request did not return any rule."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:489
+msgid "Default: 60 (minutes)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:495
+msgid "ipa_hbac_refresh (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:498
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server. "
+"This will reduce the latency and load on the IPA server if there are many "
+"access-control requests made in a short period."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:511
msgid "ipa_hbac_selinux (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:470
+#: sssd-ipa.5.xml:514
msgid ""
"The amount of time between lookups of the SELinux maps against the IPA "
"server. This will reduce the latency and load on the IPA server if there are "
@@ -8215,192 +8519,192 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:483
+#: sssd-ipa.5.xml:527
msgid "ipa_server_mode (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:486
+#: sssd-ipa.5.xml:530
msgid ""
"This option will be set by the IPA installer (ipa-server-install) "
"automatically and denotes if SSSD is running on an IPA server or not."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:491
+#: sssd-ipa.5.xml:535
msgid ""
"On an IPA server SSSD will lookup users and groups from trusted domains "
"directly while on a client it will ask an IPA server."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:502
+#: sssd-ipa.5.xml:546
msgid "ipa_automount_location (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:505
+#: sssd-ipa.5.xml:549
msgid "The automounter location this IPA client will be using"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:508
+#: sssd-ipa.5.xml:552
msgid "Default: The location named \"default\""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd-ipa.5.xml:516
+#: sssd-ipa.5.xml:560
msgid "VIEWS AND OVERRIDES"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:525
+#: sssd-ipa.5.xml:569
msgid "ipa_view_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:528
+#: sssd-ipa.5.xml:572
msgid "Objectclass of the view container."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:531
+#: sssd-ipa.5.xml:575
msgid "Default: nsContainer"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:537
+#: sssd-ipa.5.xml:581
msgid "ipa_view_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:540
+#: sssd-ipa.5.xml:584
msgid "Name of the attribute holding the name of the view."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:550
+#: sssd-ipa.5.xml:594
msgid "ipa_override_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:553
+#: sssd-ipa.5.xml:597
msgid "Objectclass of the override objects."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:556
+#: sssd-ipa.5.xml:600
msgid "Default: ipaOverrideAnchor"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:562
+#: sssd-ipa.5.xml:606
msgid "ipa_anchor_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:565
+#: sssd-ipa.5.xml:609
msgid ""
"Name of the attribute containing the reference to the original object in a "
"remote domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:569
+#: sssd-ipa.5.xml:613
msgid "Default: ipaAnchorUUID"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:575
+#: sssd-ipa.5.xml:619
msgid "ipa_user_override_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:578
+#: sssd-ipa.5.xml:622
msgid ""
"Name of the objectclass for user overrides. It is used to determine if the "
"found override object is related to a user or a group."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:583
+#: sssd-ipa.5.xml:627
msgid "User overrides can contain attributes given by"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:586
+#: sssd-ipa.5.xml:630
msgid "ldap_user_name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:589
+#: sssd-ipa.5.xml:633
msgid "ldap_user_uid_number"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:592
+#: sssd-ipa.5.xml:636
msgid "ldap_user_gid_number"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:595
+#: sssd-ipa.5.xml:639
msgid "ldap_user_gecos"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:598
+#: sssd-ipa.5.xml:642
msgid "ldap_user_home_directory"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:601
+#: sssd-ipa.5.xml:645
msgid "ldap_user_shell"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:604
+#: sssd-ipa.5.xml:648
msgid "ldap_user_ssh_public_key"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:609
+#: sssd-ipa.5.xml:653
msgid "Default: ipaUserOverride"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:615
+#: sssd-ipa.5.xml:659
msgid "ipa_group_override_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:618
+#: sssd-ipa.5.xml:662
msgid ""
"Name of the objectclass for group overrides. It is used to determine if the "
"found override object is related to a user or a group."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:623
+#: sssd-ipa.5.xml:667
msgid "Group overrides can contain attributes given by"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:626
+#: sssd-ipa.5.xml:670
msgid "ldap_group_name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
-#: sssd-ipa.5.xml:629
+#: sssd-ipa.5.xml:673
msgid "ldap_group_gid_number"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:634
+#: sssd-ipa.5.xml:678
msgid "Default: ipaGroupOverride"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd-ipa.5.xml:518
+#: sssd-ipa.5.xml:562
msgid ""
"SSSD can handle views and overrides which are offered by FreeIPA 4.1 and "
"later version. Since all paths and objectclasses are fixed on the server "
@@ -8410,19 +8714,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ipa.5.xml:646
+#: sssd-ipa.5.xml:690
msgid "SUBDOMAINS PROVIDER"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:648
+#: sssd-ipa.5.xml:692
msgid ""
"The IPA subdomains provider behaves slightly differently if it is configured "
"explicitly or implicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:652
+#: sssd-ipa.5.xml:696
msgid ""
"If the option 'subdomains_provider = ipa' is found in the domain section of "
"sssd.conf, the IPA subdomains provider is configured explicitly, and all "
@@ -8430,7 +8734,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:658
+#: sssd-ipa.5.xml:702
msgid ""
"If the option 'subdomains_provider' is not set in the domain section of sssd."
"conf but there is the option 'id_provider = ipa', the IPA subdomains "
@@ -8442,7 +8746,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:675
+#: sssd-ipa.5.xml:719
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -8450,7 +8754,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:682
+#: sssd-ipa.5.xml:726
#, no-wrap
msgid ""
"[domain/example.com]\n"
@@ -9338,10 +9642,10 @@ msgstr ""
#: sssd-ad.5.xml:828
msgid ""
"This option should only be used to test the machine account renewal task. "
-"The option expect 2 integers seperated by a colon (':'). The first integer "
+"The option expects 2 integers separated by a colon (':'). The first integer "
"defines the interval in seconds how often the task is run. The second "
-"specifies the inital timeout in seconds before the task is run for the first "
-"time after startup."
+"specifies the initial timeout in seconds before the task is run for the "
+"first time after startup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
@@ -9445,8 +9749,8 @@ msgid ""
"are included in the default Active Directory schema."
msgstr ""
-#. type: Content of: <reference><refentry><refnamediv><refname>
-#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16
+#. type: Content of: <reference><refentry><refmeta><refentrytitle>
+#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16 sssd-session-recording.5.xml:10
msgid "sssd-sudo"
msgstr ""
@@ -9769,12 +10073,12 @@ msgid "Run in the foreground, don't become a daemon."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:117 sss_debuglevel.8.xml:42
+#: sssd.8.xml:117
msgid "<option>-c</option>,<option>--config</option>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:121 sss_debuglevel.8.xml:46
+#: sssd.8.xml:121
msgid ""
"Specify a non-default config file. The default is <filename>/etc/sssd/sssd."
"conf</filename>. For reference on the config file syntax and options, "
@@ -10200,10 +10504,8 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
#: sss_override.8.xml:261 sssctl.8.xml:50
-#, fuzzy
-#| msgid "OPTIONS"
msgid "COMMON OPTIONS"
-msgstr "OPÇÕES"
+msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_override.8.xml:263 sssctl.8.xml:52
@@ -11446,7 +11748,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
#: sss_debuglevel.8.xml:16
-msgid "change debug level while SSSD is running"
+msgid "[DEPRECATED] change debug level while SSSD is running"
msgstr ""
#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
@@ -11460,14 +11762,9 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sss_debuglevel.8.xml:32
msgid ""
-"<command>sss_debuglevel</command> changes debug level of SSSD monitor and "
-"providers to <replaceable>NEW_DEBUG_LEVEL</replaceable> while SSSD is "
-"running."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sss_debuglevel.8.xml:59
-msgid "<replaceable>NEW_DEBUG_LEVEL</replaceable>"
+"<command>sss_debuglevel</command> is deprecated and replaced by the sssctl "
+"debug-level command. Please refer to the <command>sssctl</command> man page "
+"for more information on sssctl usage."
msgstr ""
#. type: Content of: <reference><refentry><refnamediv><refname>
@@ -11864,7 +12161,7 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><title>
-#: sss_rpcidmapd.5.xml:120 sssd-kcm.8.xml:182 include/seealso.xml:2
+#: sss_rpcidmapd.5.xml:120 sssd-kcm.8.xml:180 include/seealso.xml:2
msgid "SEE ALSO"
msgstr ""
@@ -12037,7 +12334,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
#: idmap_sss.8.xml:16
-msgid "SSSSD's idmap_sss Backend for Winbind"
+msgid "SSSD's idmap_sss Backend for Winbind"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
@@ -12049,10 +12346,8 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
#: idmap_sss.8.xml:29
-#, fuzzy
-#| msgid "OPTIONS"
msgid "IDMAP OPTIONS"
-msgstr "OPÇÕES"
+msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: idmap_sss.8.xml:33
@@ -12066,11 +12361,6 @@ msgid ""
"authoritative."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><title>
-#: idmap_sss.8.xml:43
-msgid "EXAMPLES"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para>
#: idmap_sss.8.xml:45
msgid ""
@@ -12236,20 +12526,53 @@ msgid ""
"nested."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-secrets.5.xml:69
+msgid "secrets"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:70
+msgid "secrets for general usage"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-secrets.5.xml:73
+msgid "kcm"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:75
+msgid ""
+"used by the <citerefentry> <refentrytitle>sssd-kcm</refentrytitle> "
+"<manvolnum>8</manvolnum> </citerefentry> service."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-secrets.5.xml:61
+msgid ""
+"Since the secrets responder can be used both externally to store general "
+"secrets, as described in the rest of this man page, but also internally by "
+"other SSSD components to store their secret material, some configuration "
+"options, like quotas can be configured per <quote>hive</quote> in a "
+"configuration subsection named after the hive. The currently supported hives "
+"are: <placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-secrets.5.xml:63
+#: sssd-secrets.5.xml:89
msgid "USING THE SECRETS RESPONDER"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:65
+#: sssd-secrets.5.xml:91
msgid ""
"The UNIX socket the SSSD responder listens on is located at <filename>/var/"
"run/secrets.socket</filename>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-secrets.5.xml:84 sssd-kcm.8.xml:132
+#: sssd-secrets.5.xml:110
#, no-wrap
msgid ""
"systemctl start sssd-secrets.socket\n"
@@ -12259,7 +12582,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:69
+#: sssd-secrets.5.xml:95
msgid ""
"The secrets responder is socket-activated by <citerefentry> "
"<refentrytitle>systemd</refentrytitle> <manvolnum>1</manvolnum> </"
@@ -12274,7 +12597,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:96
+#: sssd-secrets.5.xml:122
msgid ""
"The generic SSSD responder options such as <quote>debug_level</quote> or "
"<quote>fd_limit</quote> are accepted by the secrets responder. Please refer "
@@ -12283,18 +12606,27 @@ msgid ""
"there are some secrets-specific options as well."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-secrets.5.xml:132
+msgid ""
+"The secrets responder is configured with a global <quote>[secrets]</quote> "
+"section and an optional per-user <quote>[secrets/users/$uid]</quote> section "
+"in <filename>sssd.conf</filename>. Please note that some options, notably as "
+"the provider type, can only be specified in the per-user subsections."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:107
+#: sssd-secrets.5.xml:141
msgid "provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:120
+#: sssd-secrets.5.xml:157
msgid "local"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:123
+#: sssd-secrets.5.xml:160
msgid ""
"The secrets are stored in a local database, encrypted at rest with a master "
"key. The local provider does not have any additional config options at the "
@@ -12302,141 +12634,190 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:131
+#: sssd-secrets.5.xml:168
msgid "proxy"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:134
+#: sssd-secrets.5.xml:171
msgid ""
"The secrets responder forwards the requests to a Custodia server. The proxy "
"provider supports several additional options (see below)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:110
+#: sssd-secrets.5.xml:144
msgid ""
"This option specifies where should the secrets be stored. The secrets "
-"responder can configure a per-user subsections that define which provider "
-"store the secrets for this particular user. The per-user subsections should "
-"contain all options for that user's provider. If a per-user section does not "
-"exist, the global settings from the secret responder's section are used. "
-"The following providers are supported: <placeholder type=\"variablelist\" id="
-"\"0\"/>"
+"responder can configure a per-user subsections (e.g. <quote>[secrets/"
+"users/123]</quote> - see bottom of this manual page for a full example using "
+"Custodia for a particular user) that define which provider store the secrets "
+"for this particular user. The per-user subsections should contain all "
+"options for that user's provider. Please note that currently the global "
+"provider is always local, the proxy provider can only be specified in a per-"
+"user section. The following providers are supported: <placeholder type="
+"\"variablelist\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:143
+#: sssd-secrets.5.xml:180
msgid "Default: local"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-secrets.5.xml:186
+msgid ""
+"The following options affect only the secrets <quote>hive</quote> and "
+"therefore should be set in a per-hive subsection. Setting the option to 0 "
+"means \"unlimited\"."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:148
+#: sssd-secrets.5.xml:192
msgid "containers_nest_level (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:151
+#: sssd-secrets.5.xml:195
msgid "This option specifies the maximum allowed number of nested containers."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:155
+#: sssd-secrets.5.xml:199
msgid "Default: 4"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:160
+#: sssd-secrets.5.xml:204
msgid "max_secrets (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:163
-msgid "This option specifies the maximum number of secrets that can be stored."
+#: sssd-secrets.5.xml:207
+msgid ""
+"This option specifies the maximum number of secrets that can be stored in "
+"the hive."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:167
-msgid "Default: 1024"
+#: sssd-secrets.5.xml:211
+msgid "Default: 1024 (secrets hive), 256 (kcm hive)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:172
+#: sssd-secrets.5.xml:216
+msgid "max_uid_secrets (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:219
+msgid ""
+"This option specifies the maximum number of secrets that can be stored per-"
+"UID in the hive."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-secrets.5.xml:223
+msgid "Default: 256 (secrets hive), 64 (kcm hive)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd-secrets.5.xml:228
msgid "max_payload_size (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:175
+#: sssd-secrets.5.xml:231
msgid ""
"This option specifies the maximum payload size allowed for a secret payload "
"in kilobytes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:179
-msgid "Default: 16"
+#: sssd-secrets.5.xml:235
+msgid "Default: 16 (secrets hive), 65536 (64 MiB) (kcm hive)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-secrets.5.xml:244
+#, no-wrap
+msgid ""
+"[secrets/secrets]\n"
+"max_payload_size = 128\n"
+"\n"
+"[secrets/kcm]\n"
+"max_payload_size = 256\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-secrets.5.xml:241
+msgid ""
+"For example, to adjust quotas differently for both the <quote>secrets</"
+"quote> and the <quote>kcm</quote> hives, configure the following: "
+"<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:185
+#: sssd-secrets.5.xml:252
msgid ""
"The following options are only applicable for configurations that use the "
"<quote>proxy</quote> provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:190
+#: sssd-secrets.5.xml:257
msgid "proxy_url (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:193
+#: sssd-secrets.5.xml:260
msgid ""
"The URL the Custodia server is listening on. At the moment, http and https "
"protocols are supported."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:200
+#: sssd-secrets.5.xml:267
msgid "http[s]://&lt;host&gt;[:port]"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:203
+#: sssd-secrets.5.xml:270
msgid "Example: http://localhost:8080"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:208
+#: sssd-secrets.5.xml:275
msgid "auth_type (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:211
+#: sssd-secrets.5.xml:278
msgid ""
"The method to use when authenticating to a Custodia server. The following "
"authentication methods are supported:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:216
+#: sssd-secrets.5.xml:283
msgid "basic_auth"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:219
+#: sssd-secrets.5.xml:286
msgid ""
"Authenticate with a username and a password as set in the <quote>username</"
"quote> and <quote>password</quote> options."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:226
+#: sssd-secrets.5.xml:293
msgid "header"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:229
+#: sssd-secrets.5.xml:296
msgid ""
"Authenticate with HTTP header value as defined in the "
"<quote>auth_header_name</quote> and <quote>auth_header_value</quote> "
@@ -12444,12 +12825,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:240
+#: sssd-secrets.5.xml:307
msgid "auth_header_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:243
+#: sssd-secrets.5.xml:310
msgid ""
"If set, the secrets responder would put a header with this name into the "
"HTTP request with the value defined in the <quote>auth_header_value</quote> "
@@ -12457,81 +12838,81 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:248
+#: sssd-secrets.5.xml:315
msgid "Example: MYSECRETNAME"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:253
+#: sssd-secrets.5.xml:320
msgid "auth_header_value (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:256
+#: sssd-secrets.5.xml:323
msgid ""
"The value sssd-secrets would use for the <quote>auth_header_name</quote>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:260
+#: sssd-secrets.5.xml:327
msgid "Example: mysecret"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:265
+#: sssd-secrets.5.xml:332
msgid "forward_headers (list of strings)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:268
+#: sssd-secrets.5.xml:335
msgid ""
"The list of HTTP headers to forward to the Custodia server together with the "
"request."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:277
+#: sssd-secrets.5.xml:344
msgid "verify_peer (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:280
+#: sssd-secrets.5.xml:347
msgid ""
"Whether peer's certificate should be verified and valid if HTTPS protocol is "
"used with the proxy provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:289
+#: sssd-secrets.5.xml:356
msgid "verify_host (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:292
+#: sssd-secrets.5.xml:359
msgid ""
"Whether peer's hostname must match with hostname in its certificate if HTTPS "
"protocol is used with the proxy provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:302
+#: sssd-secrets.5.xml:369
msgid "capath (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:305
+#: sssd-secrets.5.xml:372
msgid ""
"Path to directory containing stored certificate authority certificates. "
"System default path is used if this option is not set."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:315
+#: sssd-secrets.5.xml:382
msgid "cacert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:318
+#: sssd-secrets.5.xml:385
msgid ""
"Path to file containing server's certificate authority certificate. If this "
"option is not set then the CA's certificate is looked up in <quote>capath</"
@@ -12539,12 +12920,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:328
+#: sssd-secrets.5.xml:395
msgid "cert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:331
+#: sssd-secrets.5.xml:398
msgid ""
"Path to file containing client's certificate if required by the server. This "
"file may also contain private key or the private key may be in separate file "
@@ -12552,22 +12933,22 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:342
+#: sssd-secrets.5.xml:409
msgid "key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:345
+#: sssd-secrets.5.xml:412
msgid "Path to file containing client's private key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-secrets.5.xml:355
+#: sssd-secrets.5.xml:422
msgid "USING THE REST API"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:357
+#: sssd-secrets.5.xml:424
msgid ""
"This section lists the available commands and includes examples using the "
"<citerefentry> <refentrytitle>curl</refentrytitle> <manvolnum>1</manvolnum> "
@@ -12582,19 +12963,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:374
+#: sssd-secrets.5.xml:441
msgid "Listing secrets"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:377
+#: sssd-secrets.5.xml:444
msgid ""
"To list the available secrets, send a HTTP GET request with a trailing slash "
"appended to the container path."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:383
+#: sssd-secrets.5.xml:450
#, no-wrap
msgid ""
"curl -H \"Content-Type: application/json\" \\\n"
@@ -12604,19 +12985,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:391
+#: sssd-secrets.5.xml:458
msgid "Retrieving a secret"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:394
+#: sssd-secrets.5.xml:461
msgid ""
"To read a value of a single secret, send a HTTP GET request without a "
"trailing slash. The last portion of the URI is the name of the secret."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:401
+#: sssd-secrets.5.xml:468
#, no-wrap
msgid ""
"curl -H \"Content-Type: application/json\" \\\n"
@@ -12626,7 +13007,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:406
+#: sssd-secrets.5.xml:473
#, no-wrap
msgid ""
"curl -H \"Content-Type: application/octet-stream\" \\\n"
@@ -12636,19 +13017,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:399
+#: sssd-secrets.5.xml:466
msgid ""
"Examples: <placeholder type=\"programlisting\" id=\"0\"/> <placeholder type="
"\"programlisting\" id=\"1\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:414
+#: sssd-secrets.5.xml:481
msgid "Setting a secret"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:417
+#: sssd-secrets.5.xml:484
msgid ""
"To set a secret using the <quote>application/json</quote> type, send a HTTP "
"PUT request with a JSON payload that includes type and value. The type "
@@ -12657,14 +13038,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:425
+#: sssd-secrets.5.xml:492
msgid ""
"The <quote>application/json</quote> type just sends the secret as the "
"message payload."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:434
+#: sssd-secrets.5.xml:501
#, no-wrap
msgid ""
"curl -H \"Content-Type: application/json\" \\\n"
@@ -12675,7 +13056,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:440
+#: sssd-secrets.5.xml:507
#, no-wrap
msgid ""
"curl -H \"Content-Type: application/octet-stream\" \\\n"
@@ -12686,7 +13067,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:429
+#: sssd-secrets.5.xml:496
msgid ""
"The following example sets a secret named 'foo' to a value of 'foosecret' "
"and a secret named 'bar' to a value of 'barsecret' using a different Content "
@@ -12695,12 +13076,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:449
+#: sssd-secrets.5.xml:516
msgid "Creating a container"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:452
+#: sssd-secrets.5.xml:519
msgid ""
"Containers provide an additional namespace for this user's secrets. To "
"create a container, send a HTTP POST request, whose URI ends with the "
@@ -12708,7 +13089,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:462
+#: sssd-secrets.5.xml:529
#, no-wrap
msgid ""
"curl -H \"Content-Type: application/json\" \\\n"
@@ -12718,14 +13099,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:459
+#: sssd-secrets.5.xml:526
msgid ""
"The following example creates a container named 'mycontainer': <placeholder "
"type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:471
+#: sssd-secrets.5.xml:538
#, no-wrap
msgid ""
"http://localhost/secrets/mycontainer/mysecret\n"
@@ -12733,26 +13114,26 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:468
+#: sssd-secrets.5.xml:535
msgid ""
"To manipulate secrets under this container, just nest the secrets underneath "
"the container path: <placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-secrets.5.xml:477
+#: sssd-secrets.5.xml:544
msgid "Deleting a secret or a container"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:480
+#: sssd-secrets.5.xml:547
msgid ""
"To delete a secret or a container, send a HTTP DELETE request with a path to "
"the secret or the container."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
-#: sssd-secrets.5.xml:486
+#: sssd-secrets.5.xml:553
#, no-wrap
msgid ""
"curl -H \"Content-Type: application/json\" \\\n"
@@ -12762,19 +13143,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-secrets.5.xml:484
+#: sssd-secrets.5.xml:551
msgid ""
"The following example deletes a secret named 'foo'. <placeholder type="
"\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-secrets.5.xml:496
+#: sssd-secrets.5.xml:563
msgid "EXAMPLE CUSTODIA AND PROXY PROVIDER CONFIGURATION"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:498
+#: sssd-secrets.5.xml:565
msgid ""
"For testing the proxy provider, you need to set up a Custodia server to "
"proxy requests to. Please always consult the Custodia documentation, the "
@@ -12782,7 +13163,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-secrets.5.xml:509
+#: sssd-secrets.5.xml:576
#, no-wrap
msgid ""
"[global]\n"
@@ -12812,7 +13193,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:503
+#: sssd-secrets.5.xml:570
msgid ""
"This configuration will set up a Custodia server listening on http://"
"localhost:8080, allowing anyone with header named MYSECRETNAME set to "
@@ -12822,14 +13203,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:535
+#: sssd-secrets.5.xml:602
msgid ""
"Then run the <replaceable>custodia</replaceable> command, pointing it at the "
"config file as a command line argument."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-secrets.5.xml:539
+#: sssd-secrets.5.xml:606
msgid ""
"Please note that currently it's not possible to proxy all requests globally "
"to a Custodia instance. Instead, per-user subsections for user IDs that "
@@ -12840,7 +13221,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><programlisting>
-#: sssd-secrets.5.xml:547
+#: sssd-secrets.5.xml:614
#, no-wrap
msgid ""
"[secrets]\n"
@@ -12855,6 +13236,71 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-session-recording.5.xml:16
+msgid "sssd-session-recording"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-session-recording.5.xml:17
+msgid "Configuring session recording with SSSD"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-session-recording.5.xml:23
+msgid ""
+"This manual page describes how to configure <citerefentry> "
+"<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> "
+"to work with <citerefentry> <refentrytitle>tlog-rec-session</refentrytitle> "
+"<manvolnum>8</manvolnum> </citerefentry>, a part of tlog package, to "
+"implement user session recording on text terminals. For a detailed "
+"configuration syntax reference, refer to the <quote>FILE FORMAT</quote> "
+"section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry> manual page."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-session-recording.5.xml:41
+msgid ""
+"SSSD can be set up to enable recording of everything specific users see or "
+"type during their sessions on text terminals. E.g. when users log in on the "
+"console, or via SSH. SSSD itself doesn't record anything, but makes sure "
+"tlog-rec-session is started upon user login, so it can record according to "
+"its configuration."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-session-recording.5.xml:48
+msgid ""
+"For users with session recording enabled, SSSD replaces the user shell with "
+"tlog-rec-session in NSS responses, and adds a variable specifying the "
+"original shell to the user environment, upon PAM session setup. This way "
+"tlog-rec-session can be started in place of the user shell, and know which "
+"actual shell to start, once it set up the recording."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-session-recording.5.xml:60
+msgid "These options can be used to configure the session recording."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-session-recording.5.xml:146
+msgid ""
+"The following snippet of sssd.conf enables session recording for users "
+"\"contractor1\" and \"contractor2\", and group \"students\"."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-session-recording.5.xml:151
+#, no-wrap
+msgid ""
+"[session_recording]\n"
+"scope = some\n"
+"users = contractor1, contractor2\n"
+"groups = students\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
#: sssd-kcm.8.xml:10 sssd-kcm.8.xml:16
msgid "sssd-kcm"
msgstr ""
@@ -12971,7 +13417,6 @@ msgstr ""
msgid ""
"systemctl start sssd-kcm.socket\n"
"systemctl enable sssd-kcm.socket\n"
-"systemctl enable sssd-kcm.service\n"
" "
msgstr ""
@@ -12988,12 +13433,21 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-kcm.8.xml:123
+#: sssd-kcm.8.xml:122
msgid "THE CREDENTIAL CACHE STORAGE"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-kcm.8.xml:131
+#, no-wrap
+msgid ""
+"systemctl start sssd-secrets.socket\n"
+"systemctl enable sssd-secrets.socket\n"
+" "
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-kcm.8.xml:125
+#: sssd-kcm.8.xml:124
msgid ""
"The credential caches are stored in the SSSD secrets service (see "
"<citerefentry> <refentrytitle>sssd-secrets</refentrytitle><manvolnum>5</"
@@ -13004,7 +13458,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-kcm.8.xml:143
+#: sssd-kcm.8.xml:141
msgid ""
"The KCM service is configured in the <quote>kcm</quote> section of the sssd."
"conf file. Please note that currently, is it not sufficient to restart the "
@@ -13017,7 +13471,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-kcm.8.xml:157
+#: sssd-kcm.8.xml:155
msgid ""
"The generic SSSD service options such as <quote>debug_level</quote> or "
"<quote>fd_limit</quote> are accepted by the kcm service. Please refer to "
@@ -13027,28 +13481,408 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd-kcm.8.xml:168
+#: sssd-kcm.8.xml:166
msgid "socket_path (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-kcm.8.xml:171
+#: sssd-kcm.8.xml:169
msgid "The socket the KCM service will listen on."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd-kcm.8.xml:174
+#: sssd-kcm.8.xml:172
msgid "Default: <replaceable>/var/run/.heim_org.h5l.kcm-socket</replaceable>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-kcm.8.xml:184
+#: sssd-kcm.8.xml:182
msgid ""
"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </"
"citerefentry>, <citerefentry> <refentrytitle>sssd.conf</"
"refentrytitle><manvolnum>5</manvolnum> </citerefentry>,"
msgstr ""
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-systemtap.5.xml:10 sssd-systemtap.5.xml:16
+msgid "sssd-systemtap"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-systemtap.5.xml:17
+msgid "SSSD systemtap information"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-systemtap.5.xml:23
+msgid ""
+"This manual page provides information about the systemtap functionality in "
+"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
+"</citerefentry>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-systemtap.5.xml:32
+msgid ""
+"SystemTap Probe points have been added into various locations in SSSD code "
+"to assist in troubleshooting and analyzing performance related issues."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
+#: sssd-systemtap.5.xml:40
+msgid "Sample SystemTap scripts are provided in /usr/share/sssd/systemtap/"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
+#: sssd-systemtap.5.xml:46
+msgid ""
+"Probes and miscellaneous functions are defined in /usr/share/systemtap/"
+"tapset/sssd.stp and /usr/share/systemtap/tapset/sssd_functions.stp "
+"respectively."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd-systemtap.5.xml:57
+msgid "PROBE POINTS"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd-systemtap.5.xml:59 sssd-systemtap.5.xml:341
+msgid ""
+"The information below lists the probe points and arguments available in the "
+"following format:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:64
+msgid "probe $name"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:67
+msgid "Description of probe point"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:70
+#, no-wrap
+msgid ""
+"variable1:datatype\n"
+"variable2:datatype\n"
+"variable3:datatype\n"
+"...\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:80
+msgid "Database Transaction Probes"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:84
+msgid "probe sssd_transaction_start"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:87
+msgid ""
+"Start of a sysdb transaction, probes the sysdb_transaction_start() function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:91 sssd-systemtap.5.xml:105 sssd-systemtap.5.xml:118
+#: sssd-systemtap.5.xml:131
+#, no-wrap
+msgid ""
+"nesting:integer\n"
+"probestr:string\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:97
+msgid "probe sssd_transaction_cancel"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:100
+msgid ""
+"Cancellation of a sysdb transaction, probes the sysdb_transaction_cancel() "
+"function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:111
+msgid "probe sssd_transaction_commit_before"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:114
+msgid "Probes the sysdb_transaction_commit_before() function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:124
+msgid "probe sssd_transaction_commit_after"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:127
+msgid "Probes the sysdb_transaction_commit_after() function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:141
+msgid "LDAP Search Probes"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:145
+msgid "probe sdap_search_send"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:148
+msgid "Probes the sdap_get_generic_ext_send() function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:152 sssd-systemtap.5.xml:167 sssd-systemtap.5.xml:196
+#, no-wrap
+msgid ""
+"base:string\n"
+"scope:integer\n"
+"filter:string\n"
+"probestr:string\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:160
+msgid "probe sdap_search_recv"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:163
+msgid "Probes the sdap_get_generic_ext_recv() function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:175
+msgid "probe sdap_deref_send"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:178
+msgid "Probes the sdap_deref_search_send() function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:182
+#, no-wrap
+msgid ""
+"base_dn:string\n"
+"deref_attr:string\n"
+"probestr:string\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:189
+msgid "probe sdap_deref_recv"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:192
+msgid "Probes the sdap_deref_search_recv() function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:208
+msgid "LDAP Account Request Probes"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:212
+msgid "probe sdap_acct_req_send"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:215
+msgid "Probes the sdap_acct_req_send() function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:219 sssd-systemtap.5.xml:234
+#, no-wrap
+msgid ""
+"entry_type:int\n"
+"filter_type:int\n"
+"filter_value:string\n"
+"extra_value:string\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:227
+msgid "probe sdap_acct_req_recv"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:230
+msgid "Probes the sdap_acct_req_recv() function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:246
+msgid "LDAP User Search Probes"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:250
+msgid "probe sdap_search_user_send"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:253
+msgid "Probes the sdap_search_user_send() function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:257 sssd-systemtap.5.xml:269 sssd-systemtap.5.xml:281
+#: sssd-systemtap.5.xml:293
+#, no-wrap
+msgid ""
+"filter:string\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:262
+msgid "probe sdap_search_user_recv"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:265
+msgid "Probes the sdap_search_user_recv() function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:274
+msgid "probe sdap_search_user_save_begin"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:277
+msgid "Probes the sdap_search_user_save_begin() function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:286
+msgid "probe sdap_search_user_save_end"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:289
+msgid "Probes the sdap_search_user_save_end() function."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:302
+msgid "Data Provider Request Probes"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:306
+msgid "probe dp_req_send"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:309
+msgid "A Data Provider request is submitted."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:312
+#, no-wrap
+msgid ""
+"dp_req_domain:string\n"
+"dp_req_name:string\n"
+"dp_req_target:int\n"
+"dp_req_method:int\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:320
+msgid "probe dp_req_done"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:323
+msgid "A Data Provider request is completed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-systemtap.5.xml:326
+#, no-wrap
+msgid ""
+"dp_req_name:string\n"
+"dp_req_target:int\n"
+"dp_req_method:int\n"
+"dp_ret:int\n"
+"dp_errorstr:string\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd-systemtap.5.xml:339
+msgid "MISCELLANEOUS FUNCTIONS"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:346
+msgid "function acct_req_desc(entry_type)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:349
+msgid "Convert entry_type to string and return string"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:354
+msgid ""
+"function sssd_acct_req_probestr(fc_name, entry_type, filter_type, "
+"filter_value, extra_value)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:358
+msgid "Create probe string based on filter type"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:363
+msgid "function dp_target_str(target)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:366
+msgid "Convert target to string and return string"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd-systemtap.5.xml:371
+msgid "function dp_method_str(target)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd-systemtap.5.xml:374
+msgid "Convert method to string and return string"
+msgstr ""
+
#. type: Content of: <refsect1><title>
#: include/service_discovery.xml:2
msgid "SERVICE DISCOVERY"
@@ -13198,6 +14032,67 @@ msgid ""
"offline mode, and then attempts to reconnect every 30 seconds."
msgstr ""
+#. type: Content of: <refsect1><refsect2><title>
+#: include/failover.xml:53
+msgid "Failover time outs and tuning"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/failover.xml:55
+msgid ""
+"Resolving a server to connect to can be as simple as running a single DNS "
+"query or can involve several steps, such as finding the correct site or "
+"trying out multiple host names in case some of the configured servers are "
+"not reachable. The more complex scenarios can take some time and SSSD needs "
+"to balance between providing enough time to finish the resolution process "
+"but on the other hand, not trying for too long before falling back to "
+"offline mode. If the SSSD debug logs show that the server resolution is "
+"timing out before a live server is contacted, you can consider changing the "
+"time outs."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term>
+#: include/failover.xml:76
+msgid "dns_resolver_op_timeout"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: include/failover.xml:80
+msgid "How long would SSSD talk to a single DNS server."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term>
+#: include/failover.xml:86
+msgid "dns_resolver_timeout"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: include/failover.xml:90
+msgid ""
+"How long would SSSD try to resolve a failover service. This service "
+"resolution internally might include several steps, such as resolving DNS SRV "
+"queries or locating the site."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/failover.xml:67
+msgid ""
+"This section lists the available tunables. Please refer to their description "
+"in the <citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
+"manvolnum> </citerefentry>, manual page. <placeholder type=\"variablelist\" "
+"id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/failover.xml:100
+msgid ""
+"For LDAP-based providers, the resolve operation is performed as part of an "
+"LDAP connection operation. Thefore, also the <quote>ldap_opt_timeout></"
+"quote> timeout should be set to a larger value than "
+"<quote>dns_resolver_timeout</quote> which in turn should be set to a larger "
+"value than <quote>dns_resolver_op_timeout</quote>."
+msgstr ""
+
#. type: Content of: <refsect1><title>
#: include/ldap_id_mapping.xml:2
msgid "ID MAPPING"
@@ -13777,34 +14672,37 @@ msgid ""
"<refentrytitle>sssd-sudo</refentrytitle> <manvolnum>5</manvolnum> </"
"citerefentry>, </phrase> <phrase condition=\"with_secrets\"> <citerefentry> "
"<refentrytitle>sssd-secrets</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry>, </phrase> <citerefentry> <refentrytitle>sss_cache</"
-"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_debuglevel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
+"citerefentry>, </phrase> <citerefentry> <refentrytitle>sssd-session-"
+"recording</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>, "
+"<citerefentry> <refentrytitle>sss_cache</refentrytitle><manvolnum>8</"
+"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_debuglevel</"
"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</"
+"<refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</"
+"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</"
+"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sss_obfuscate</refentrytitle><manvolnum>8</manvolnum> </"
-"citerefentry>, <citerefentry> <refentrytitle>sss_seed</"
+"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sss_obfuscate</"
"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-"<refentrytitle>sssd_krb5_locator_plugin</refentrytitle><manvolnum>8</"
-"manvolnum> </citerefentry>, <phrase condition=\"with_ssh\"> <citerefentry> "
-"<refentrytitle>sss_ssh_authorizedkeys</refentrytitle> <manvolnum>8</"
-"manvolnum> </citerefentry>, <citerefentry> "
+"<refentrytitle>sss_seed</refentrytitle><manvolnum>8</manvolnum> </"
+"citerefentry>, <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
+"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <phrase condition="
+"\"with_ssh\"> <citerefentry> <refentrytitle>sss_ssh_authorizedkeys</"
+"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
"<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle> <manvolnum>8</"
"manvolnum> </citerefentry>, </phrase> <phrase condition=\"with_ifp\"> "
"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</"
"manvolnum> </citerefentry>, </phrase> <citerefentry> <refentrytitle>pam_sss</"
"refentrytitle><manvolnum>8</manvolnum> </citerefentry>. <citerefentry> "
"<refentrytitle>sss_rpcidmapd</refentrytitle> <manvolnum>5</manvolnum> </"
-"citerefentry>"
+"citerefentry> <phrase condition=\"with_stap\"> <citerefentry> "
+"<refentrytitle>sssd-systemtap</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> </phrase>"
msgstr ""
#. type: Content of: <listitem><para>
@@ -13961,10 +14859,8 @@ msgstr ""
#. type: Content of: <refsect1><title>
#: include/ad_modified_defaults.xml:2 include/ipa_modified_defaults.xml:2
-#, fuzzy
-#| msgid "GENERAL OPTIONS"
msgid "MODIFIED DEFAULT OPTIONS"
-msgstr "OPÇÕES GERAIS "
+msgstr ""
#. type: Content of: <refsect1><para>
#: include/ad_modified_defaults.xml:4
@@ -14097,42 +14993,37 @@ msgstr ""
msgid "ldap_user_auth_type = ipaUserAuthType"
msgstr ""
-#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:88
-msgid "ldap_user_certificate = userCertificate;binary"
-msgstr ""
-
#. type: Content of: <refsect1><refsect2><title>
-#: include/ipa_modified_defaults.xml:94
+#: include/ipa_modified_defaults.xml:89
msgid "LDAP Provider - Group options"
msgstr ""
#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:98
+#: include/ipa_modified_defaults.xml:93
msgid "ldap_group_object_class = ipaUserGroup"
msgstr ""
#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:103
+#: include/ipa_modified_defaults.xml:98
msgid "ldap_group_object_class_alt = posixGroup"
msgstr ""
#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:108
+#: include/ipa_modified_defaults.xml:103
msgid "ldap_group_member = member"
msgstr ""
#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:113
+#: include/ipa_modified_defaults.xml:108
msgid "ldap_group_uuid = ipaUniqueID"
msgstr ""
#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:118
+#: include/ipa_modified_defaults.xml:113
msgid "ldap_group_objectsid = ipaNTSecurityIdentifier"
msgstr ""
#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
-#: include/ipa_modified_defaults.xml:123
+#: include/ipa_modified_defaults.xml:118
msgid "ldap_group_external_member = ipaExternalMember"
msgstr ""
generated by cgit (git 2.34.1) at 2024-05-04 18:59:54 +0000