From 9a839b29816c8906d4a6b074cf76df790cac9209 Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Fri, 20 Oct 2017 16:37:04 +0200 Subject: Updating the translation for the 1.16.0 release --- src/man/po/fi.po | 3248 ++++++++++++++++++++++++++++++++++-------------------- 1 file changed, 2051 insertions(+), 1197 deletions(-) (limited to 'src/man/po/fi.po') diff --git a/src/man/po/fi.po b/src/man/po/fi.po index 8d487f49c..74dfb431c 100644 --- a/src/man/po/fi.po +++ b/src/man/po/fi.po @@ -1,9 +1,9 @@ # Toni Rantala , 2017. #zanata msgid "" msgstr "" -"Project-Id-Version: sssd-docs 1.12.90\n" +"Project-Id-Version: sssd-docs 1.15.3\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2017-07-25 11:51+0200\n" +"POT-Creation-Date: 2017-10-20 16:15+0200\n" "PO-Revision-Date: 2017-03-24 08:46-0400\n" "Last-Translator: Toni Rantala \n" "Language-Team: Finnish\n" @@ -24,7 +24,8 @@ msgstr "" #: sss_cache.8.xml:5 sss_debuglevel.8.xml:5 sss_seed.8.xml:5 sssd-ifp.5.xml:5 #: sss_rpcidmapd.5.xml:5 sss_ssh_authorizedkeys.1.xml:5 #: sss_ssh_knownhostsproxy.1.xml:5 idmap_sss.8.xml:5 sssctl.8.xml:5 -#: sssd-files.5.xml:5 sssd-secrets.5.xml:5 sssd-kcm.8.xml:5 +#: sssd-files.5.xml:5 sssd-secrets.5.xml:5 sssd-session-recording.5.xml:5 +#: sssd-kcm.8.xml:5 sssd-systemtap.5.xml:5 msgid "SSSD Manual pages" msgstr "SSSD ohjesivut" @@ -66,7 +67,8 @@ msgstr "" #: sss_cache.8.xml:29 sss_debuglevel.8.xml:30 sss_seed.8.xml:31 #: sssd-ifp.5.xml:21 sss_ssh_authorizedkeys.1.xml:30 #: sss_ssh_knownhostsproxy.1.xml:31 idmap_sss.8.xml:20 sssctl.8.xml:30 -#: sssd-files.5.xml:21 sssd-secrets.5.xml:21 sssd-kcm.8.xml:21 +#: sssd-files.5.xml:21 sssd-secrets.5.xml:21 sssd-session-recording.5.xml:21 +#: sssd-kcm.8.xml:21 sssd-systemtap.5.xml:21 msgid "DESCRIPTION" msgstr "KUVAUS" @@ -81,8 +83,8 @@ msgstr "" #: sss_groupmod.8.xml:39 pam_sss.8.xml:64 sssd.8.xml:42 sss_obfuscate.8.xml:58 #: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39 #: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39 -#: sss_cache.8.xml:39 sss_debuglevel.8.xml:38 sss_seed.8.xml:42 -#: sss_ssh_authorizedkeys.1.xml:66 sss_ssh_knownhostsproxy.1.xml:62 +#: sss_cache.8.xml:39 sss_seed.8.xml:42 sss_ssh_authorizedkeys.1.xml:66 +#: sss_ssh_knownhostsproxy.1.xml:62 msgid "OPTIONS" msgstr "VALINNAT" @@ -124,7 +126,8 @@ msgstr "sssd.conf" #: sssd.conf.5.xml:11 sssd-ldap.5.xml:11 sssd-simple.5.xml:11 #: sss-certmap.5.xml:11 sssd-ipa.5.xml:11 sssd-ad.5.xml:11 sssd-sudo.5.xml:11 #: sssd-krb5.5.xml:11 sssd-ifp.5.xml:11 sss_rpcidmapd.5.xml:27 -#: sssd-files.5.xml:11 sssd-secrets.5.xml:11 +#: sssd-files.5.xml:11 sssd-secrets.5.xml:11 sssd-session-recording.5.xml:11 +#: sssd-systemtap.5.xml:11 msgid "5" msgstr "5" @@ -132,7 +135,8 @@ msgstr "5" #: sssd.conf.5.xml:12 sssd-ldap.5.xml:12 sssd-simple.5.xml:12 #: sss-certmap.5.xml:12 sssd-ipa.5.xml:12 sssd-ad.5.xml:12 sssd-sudo.5.xml:12 #: sssd-krb5.5.xml:12 sssd-ifp.5.xml:12 sss_rpcidmapd.5.xml:28 -#: sssd-files.5.xml:12 sssd-secrets.5.xml:12 sssd-kcm.8.xml:12 +#: sssd-files.5.xml:12 sssd-secrets.5.xml:12 sssd-session-recording.5.xml:12 +#: sssd-kcm.8.xml:12 sssd-systemtap.5.xml:12 msgid "File Formats and Conventions" msgstr "" @@ -258,10 +262,8 @@ msgstr "debug_level (integer)" #. type: Content of: #: sssd.conf.5.xml:112 -#, fuzzy -#| msgid "debug_level (integer)" msgid "debug (integer)" -msgstr "debug_level (integer)" +msgstr "" #. type: Content of: #: sssd.conf.5.xml:115 @@ -285,11 +287,11 @@ msgid "" msgstr "" #. type: Content of: -#: sssd.conf.5.xml:133 sssd.conf.5.xml:543 sssd.conf.5.xml:813 -#: sssd.conf.5.xml:1422 sssd-ldap.5.xml:1695 sssd-ldap.5.xml:1792 -#: sssd-ldap.5.xml:1854 sssd-ldap.5.xml:2411 sssd-ldap.5.xml:2476 -#: sssd-ldap.5.xml:2494 sssd-ad.5.xml:211 sssd-ad.5.xml:325 sssd-ad.5.xml:862 -#: sssd-krb5.5.xml:499 sssd-secrets.5.xml:284 sssd-secrets.5.xml:297 +#: sssd.conf.5.xml:133 sssd.conf.5.xml:543 sssd.conf.5.xml:837 +#: sssd.conf.5.xml:1467 sssd-ldap.5.xml:1722 sssd-ldap.5.xml:1819 +#: sssd-ldap.5.xml:1881 sssd-ldap.5.xml:2447 sssd-ldap.5.xml:2512 +#: sssd-ldap.5.xml:2530 sssd-ad.5.xml:211 sssd-ad.5.xml:325 sssd-ad.5.xml:862 +#: sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364 msgid "Default: true" msgstr "Oletus:tosi" @@ -306,17 +308,19 @@ msgid "" msgstr "" #. type: Content of: -#: sssd.conf.5.xml:146 sssd.conf.5.xml:540 sssd.conf.5.xml:697 -#: sssd.conf.5.xml:1376 sssd.conf.5.xml:2691 sssd-ldap.5.xml:708 -#: sssd-ldap.5.xml:1569 sssd-ldap.5.xml:1588 sssd-ldap.5.xml:1764 -#: sssd-ldap.5.xml:2181 sssd-ipa.5.xml:144 sssd-ipa.5.xml:231 -#: sssd-ipa.5.xml:496 sssd-krb5.5.xml:266 sssd-krb5.5.xml:300 +#: sssd.conf.5.xml:146 sssd.conf.5.xml:540 sssd.conf.5.xml:721 +#: sssd.conf.5.xml:1400 sssd.conf.5.xml:2865 sssd-ldap.5.xml:708 +#: sssd-ldap.5.xml:1596 sssd-ldap.5.xml:1615 sssd-ldap.5.xml:1791 +#: sssd-ldap.5.xml:2217 sssd-ipa.5.xml:145 sssd-ipa.5.xml:232 +#: sssd-ipa.5.xml:540 sssd-krb5.5.xml:266 sssd-krb5.5.xml:300 #: sssd-krb5.5.xml:471 msgid "Default: false" msgstr "Oletus:epätosi" -#. type: Content of: -#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:2219 +#. type: Content of: +#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:2255 +#: sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143 sssd-systemtap.5.xml:210 +#: sssd-systemtap.5.xml:248 sssd-systemtap.5.xml:304 msgid "" msgstr "" @@ -339,8 +343,8 @@ msgid "" msgstr "" #. type: Content of: -#: sssd.conf.5.xml:169 sssd.conf.5.xml:1328 sssd.conf.5.xml:2707 -#: sssd-ldap.5.xml:1440 include/ldap_id_mapping.xml:264 +#: sssd.conf.5.xml:169 sssd.conf.5.xml:1352 sssd.conf.5.xml:2881 +#: sssd-ldap.5.xml:1467 include/ldap_id_mapping.xml:264 msgid "Default: 10" msgstr "" @@ -355,7 +359,7 @@ msgid "The [sssd] section" msgstr "" #. type: Content of: -#: sssd.conf.5.xml:191 sssd.conf.5.xml:2796 +#: sssd.conf.5.xml:191 sssd.conf.5.xml:2970 msgid "Section parameters" msgstr "" @@ -403,19 +407,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:231 sssd.conf.5.xml:589 +#: sssd.conf.5.xml:231 sssd.conf.5.xml:613 msgid "reconnection_retries (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:234 sssd.conf.5.xml:592 +#: sssd.conf.5.xml:234 sssd.conf.5.xml:616 msgid "" "Number of times services should attempt to reconnect in the event of a Data " "Provider crash or restart before they give up" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:239 sssd.conf.5.xml:597 +#: sssd.conf.5.xml:239 sssd.conf.5.xml:621 msgid "Default: 3" msgstr "" @@ -435,7 +439,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:259 sssd.conf.5.xml:2340 +#: sssd.conf.5.xml:259 sssd.conf.5.xml:2508 msgid "re_expression (string)" msgstr "" @@ -455,12 +459,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:276 sssd.conf.5.xml:2391 +#: sssd.conf.5.xml:276 sssd.conf.5.xml:2559 msgid "full_name_format (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:279 sssd.conf.5.xml:2394 +#: sssd.conf.5.xml:279 sssd.conf.5.xml:2562 msgid "" "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" "manvolnum> </citerefentry>-compatible format that describes how to compose a " @@ -468,39 +472,39 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:290 sssd.conf.5.xml:2405 +#: sssd.conf.5.xml:290 sssd.conf.5.xml:2573 msgid "%1$s" msgstr "%1$s" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:291 sssd.conf.5.xml:2406 +#: sssd.conf.5.xml:291 sssd.conf.5.xml:2574 msgid "user name" msgstr "käyttäjänimi" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:294 sssd.conf.5.xml:2409 +#: sssd.conf.5.xml:294 sssd.conf.5.xml:2577 msgid "%2$s" msgstr "%2$s" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:297 sssd.conf.5.xml:2412 +#: sssd.conf.5.xml:297 sssd.conf.5.xml:2580 msgid "domain name as specified in the SSSD config file." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:303 sssd.conf.5.xml:2418 +#: sssd.conf.5.xml:303 sssd.conf.5.xml:2586 msgid "%3$s" msgstr "%3$s" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:306 sssd.conf.5.xml:2421 +#: sssd.conf.5.xml:306 sssd.conf.5.xml:2589 msgid "" "domain flat name. Mostly usable for Active Directory domains, both directly " "configured or discovered via IPA trusts." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:287 sssd.conf.5.xml:2402 +#: sssd.conf.5.xml:287 sssd.conf.5.xml:2570 msgid "" "The following expansions are supported: <placeholder type=\"variablelist\" " "id=\"0\"/>" @@ -624,11 +628,11 @@ msgid "" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:418 sssd.conf.5.xml:1132 sssd-ldap.5.xml:679 -#: sssd-ldap.5.xml:1528 sssd-ldap.5.xml:1540 sssd-ldap.5.xml:1622 +#: sssd.conf.5.xml:418 sssd.conf.5.xml:1156 sssd-ldap.5.xml:679 +#: sssd-ldap.5.xml:1555 sssd-ldap.5.xml:1567 sssd-ldap.5.xml:1649 #: sssd-ad.5.xml:667 sssd-ad.5.xml:742 sssd-krb5.5.xml:410 sssd-krb5.5.xml:556 -#: sssd-secrets.5.xml:272 sssd-secrets.5.xml:310 sssd-secrets.5.xml:323 -#: sssd-secrets.5.xml:337 sssd-secrets.5.xml:348 +#: sssd-secrets.5.xml:339 sssd-secrets.5.xml:377 sssd-secrets.5.xml:390 +#: sssd-secrets.5.xml:404 sssd-secrets.5.xml:415 #: include/ldap_id_mapping.xml:205 include/ldap_id_mapping.xml:216 msgid "Default: not set" msgstr "Oletus: ei asetettu" @@ -799,8 +803,24 @@ msgid "" "be looked up in a random order for each parent domain." msgstr "" +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:563 +msgid "" +"Please, note that when this option is set the output format of all commands " +"is always fully-qualified even when using short names for input. In case " +"the administrator wants the output not fully-qualified, the full_name_format " +"option can be used as shown below: <quote>full_name_format=%1$s</quote> " +"However, keep in mind that during login, login applications often " +"canonicalize the username by calling <citerefentry> <refentrytitle>getpwnam</" +"refentrytitle> <manvolnum>3</manvolnum> </citerefentry> which, if a " +"shortname is returned for a qualified input (while trying to reach a user " +"which exists in multiple domains) might re-route the login attempt into the " +"domain which users shortnames, making this workaround totally not " +"recommended in cases where usernames may overlap between domains." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:563 sssd.conf.5.xml:1340 sssd.conf.5.xml:2757 +#: sssd.conf.5.xml:587 sssd.conf.5.xml:1364 sssd.conf.5.xml:2931 #: sssd-ad.5.xml:148 sssd-ad.5.xml:286 sssd-ad.5.xml:300 msgid "Default: Not set" msgstr "" @@ -817,12 +837,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:574 +#: sssd.conf.5.xml:598 msgid "SERVICES SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:576 +#: sssd.conf.5.xml:600 msgid "" "Settings that can be used to configure different services are described in " "this section. They should reside in the [<replaceable>$NAME</replaceable>] " @@ -831,22 +851,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:583 +#: sssd.conf.5.xml:607 msgid "General service configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:585 +#: sssd.conf.5.xml:609 msgid "These options can be used to configure any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:602 +#: sssd.conf.5.xml:626 msgid "fd_limit" msgstr "fd_limit" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:605 +#: sssd.conf.5.xml:629 msgid "" "This option specifies the maximum number of file descriptors that may be " "opened at one time by this SSSD process. On systems where SSSD is granted " @@ -856,17 +876,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:614 +#: sssd.conf.5.xml:638 msgid "Default: 8192 (or limits.conf \"hard\" limit)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:619 +#: sssd.conf.5.xml:643 msgid "client_idle_timeout" msgstr "client_idle_timeout" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:622 +#: sssd.conf.5.xml:646 msgid "" "This option specifies the number of seconds that a client of an SSSD process " "can hold onto a file descriptor without communicating on it. This value is " @@ -876,18 +896,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:631 sssd.conf.5.xml:663 sssd.conf.5.xml:944 -#: sssd.conf.5.xml:1198 sssd-ldap.5.xml:1267 +#: sssd.conf.5.xml:655 sssd.conf.5.xml:687 sssd.conf.5.xml:968 +#: sssd.conf.5.xml:1222 sssd-ldap.5.xml:1294 msgid "Default: 60" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:636 +#: sssd.conf.5.xml:660 msgid "offline_timeout (integer)" msgstr "offline_timeout (integer)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:639 +#: sssd.conf.5.xml:663 msgid "" "When SSSD switches to offline mode the amount of time before it tries to go " "back online will increase based upon the time spent disconnected. This " @@ -895,24 +915,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:646 +#: sssd.conf.5.xml:670 msgid "offline_timeout + random_offset" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:649 +#: sssd.conf.5.xml:673 msgid "" "The random offset can increment up to 30 seconds. After each unsuccessful " "attempt to go online, the new interval is recalculated by the following:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:654 +#: sssd.conf.5.xml:678 msgid "new_interval = old_interval*2 + random_offset" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:657 +#: sssd.conf.5.xml:681 msgid "" "Note that the maximum length of each interval is currently limited to one " "hour. If the calculated length of new_interval is greater than an hour, it " @@ -920,14 +940,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:668 -#, fuzzy -#| msgid "client_idle_timeout" +#: sssd.conf.5.xml:692 msgid "responder_idle_timeout" -msgstr "client_idle_timeout" +msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:671 +#: sssd.conf.5.xml:695 msgid "" "This option specifies the number of seconds that an SSSD responder process " "can be up without being used. This value is limited in order to avoid " @@ -939,58 +957,58 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:685 sssd.conf.5.xml:956 sssd.conf.5.xml:1514 +#: sssd.conf.5.xml:709 sssd.conf.5.xml:980 sssd.conf.5.xml:1559 #: sssd-ldap.5.xml:722 msgid "Default: 300" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:690 +#: sssd.conf.5.xml:714 msgid "cache_first" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:693 +#: sssd.conf.5.xml:717 msgid "" "This option specifies whether the responder should query all caches before " "querying the Data Providers." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:705 +#: sssd.conf.5.xml:729 msgid "NSS configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:707 +#: sssd.conf.5.xml:731 msgid "" "These options can be used to configure the Name Service Switch (NSS) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:712 +#: sssd.conf.5.xml:736 msgid "enum_cache_timeout (integer)" msgstr "enum_cache_timeout (integer)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:715 +#: sssd.conf.5.xml:739 msgid "" "How many seconds should nss_sss cache enumerations (requests for info about " "all users)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:719 +#: sssd.conf.5.xml:743 msgid "Default: 120" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:724 +#: sssd.conf.5.xml:748 msgid "entry_cache_nowait_percentage (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:727 +#: sssd.conf.5.xml:751 msgid "" "The entry cache can be set to automatically update entries in the background " "if they are requested beyond a percentage of the entry_cache_timeout value " @@ -998,7 +1016,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:733 +#: sssd.conf.5.xml:757 msgid "" "For example, if the domain's entry_cache_timeout is set to 30s and " "entry_cache_nowait_percentage is set to 50 (percent), entries that come in " @@ -1008,7 +1026,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:743 +#: sssd.conf.5.xml:767 msgid "" "Valid values for this option are 0-99 and represent a percentage of the " "entry_cache_timeout for each domain. For performance reasons, this " @@ -1017,17 +1035,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:751 +#: sssd.conf.5.xml:775 sssd.conf.5.xml:1421 msgid "Default: 50" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:756 +#: sssd.conf.5.xml:780 msgid "entry_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:759 +#: sssd.conf.5.xml:783 msgid "" "Specifies for how many seconds nss_sss should cache negative cache hits " "(that is, queries for invalid database entries, like nonexistent ones) " @@ -1035,36 +1053,34 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:765 sssd.conf.5.xml:1400 +#: sssd.conf.5.xml:789 sssd.conf.5.xml:1445 msgid "Default: 15" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:770 -#, fuzzy -#| msgid "offline_timeout (integer)" +#: sssd.conf.5.xml:794 msgid "local_negative_timeout (integer)" -msgstr "offline_timeout (integer)" +msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:773 +#: sssd.conf.5.xml:797 msgid "" "Specifies for how many seconds nss_sss should keep local users and groups in " "negative cache before trying to look it up in the back end again." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:778 sssd.conf.5.xml:1186 sssd.conf.5.xml:2641 sssd.8.xml:79 +#: sssd.conf.5.xml:802 sssd.conf.5.xml:1210 sssd.conf.5.xml:2815 sssd.8.xml:79 msgid "Default: 0" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:783 +#: sssd.conf.5.xml:807 msgid "filter_users, filter_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:786 +#: sssd.conf.5.xml:810 msgid "" "Exclude certain users or groups from being fetched from the sss NSS " "database. This is particularly useful for system accounts. This option can " @@ -1073,7 +1089,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:793 +#: sssd.conf.5.xml:817 msgid "" "NOTE: The filter_groups option doesn't affect inheritance of nested group " "members, since filtering happens after they are propagated for returning via " @@ -1082,41 +1098,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:801 +#: sssd.conf.5.xml:825 msgid "Default: root" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:806 +#: sssd.conf.5.xml:830 msgid "filter_users_in_groups (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:809 +#: sssd.conf.5.xml:833 msgid "" "If you want filtered user still be group members set this option to false." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:820 +#: sssd.conf.5.xml:844 msgid "fallback_homedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:823 +#: sssd.conf.5.xml:847 msgid "" "Set a default template for a user's home directory if one is not specified " "explicitly by the domain's data provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:828 +#: sssd.conf.5.xml:852 msgid "" "The available values for this option are the same as for override_homedir." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:834 +#: sssd.conf.5.xml:858 #, no-wrap msgid "" "fallback_homedir = /home/%u\n" @@ -1124,23 +1140,23 @@ msgid "" msgstr "" #. type: Content of: <varlistentry><listitem><para> -#: sssd.conf.5.xml:832 sssd.conf.5.xml:1265 sssd.conf.5.xml:1284 +#: sssd.conf.5.xml:856 sssd.conf.5.xml:1289 sssd.conf.5.xml:1308 #: sssd-krb5.5.xml:539 include/override_homedir.xml:59 msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:838 +#: sssd.conf.5.xml:862 msgid "Default: not set (no substitution for unset home directories)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:844 +#: sssd.conf.5.xml:868 msgid "override_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:847 +#: sssd.conf.5.xml:871 msgid "" "Override the login shell for all users. This option supersedes any other " "shell options if it takes effect and can be set either in the [nss] section " @@ -1148,47 +1164,47 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:853 +#: sssd.conf.5.xml:877 msgid "Default: not set (SSSD will use the value retrieved from LDAP)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:859 +#: sssd.conf.5.xml:883 msgid "allowed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:862 +#: sssd.conf.5.xml:886 msgid "" "Restrict user shell to one of the listed values. The order of evaluation is:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:865 +#: sssd.conf.5.xml:889 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:869 +#: sssd.conf.5.xml:893 msgid "" "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</" "quote>, use the value of the shell_fallback parameter." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:874 +#: sssd.conf.5.xml:898 msgid "" "3. If the shell is not in the allowed_shells list and not in <quote>/etc/" "shells</quote>, a nologin shell is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:879 +#: sssd.conf.5.xml:903 msgid "The wildcard (*) can be used to allow any shell." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:882 +#: sssd.conf.5.xml:906 msgid "" "The (*) is useful if you want to use shell_fallback in case that user's " "shell is not in <quote>/etc/shells</quote> and maintaining list of all " @@ -1196,105 +1212,105 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:889 +#: sssd.conf.5.xml:913 msgid "An empty string for shell is passed as-is to libc." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:892 +#: sssd.conf.5.xml:916 msgid "" "The <quote>/etc/shells</quote> is only read on SSSD start up, which means " "that a restart of the SSSD is required in case a new shell is installed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:896 +#: sssd.conf.5.xml:920 msgid "Default: Not set. The user shell is automatically used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:901 +#: sssd.conf.5.xml:925 msgid "vetoed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:904 +#: sssd.conf.5.xml:928 msgid "Replace any instance of these shells with the shell_fallback" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:909 +#: sssd.conf.5.xml:933 msgid "shell_fallback (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:912 +#: sssd.conf.5.xml:936 msgid "" "The default shell to use if an allowed shell is not installed on the machine." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:916 +#: sssd.conf.5.xml:940 msgid "Default: /bin/sh" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:921 +#: sssd.conf.5.xml:945 msgid "default_shell" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:924 +#: sssd.conf.5.xml:948 msgid "" "The default shell to use if the provider does not return one during lookup. " "This option can be specified globally in the [nss] section or per-domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:930 +#: sssd.conf.5.xml:954 msgid "" "Default: not set (Return NULL if no shell is specified and rely on libc to " "substitute something sensible when necessary, usually /bin/sh)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:937 sssd.conf.5.xml:1191 +#: sssd.conf.5.xml:961 sssd.conf.5.xml:1215 msgid "get_domains_timeout (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:940 sssd.conf.5.xml:1194 +#: sssd.conf.5.xml:964 sssd.conf.5.xml:1218 msgid "" "Specifies time in seconds for which the list of subdomains will be " "considered valid." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:949 +#: sssd.conf.5.xml:973 msgid "memcache_timeout (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:952 +#: sssd.conf.5.xml:976 msgid "" "Specifies time in seconds for which records in the in-memory cache will be " "valid." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:959 +#: sssd.conf.5.xml:983 msgid "" "NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", " "client applications will not use the fast in-memory cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:967 sssd-ifp.5.xml:74 +#: sssd.conf.5.xml:991 sssd-ifp.5.xml:74 msgid "user_attributes (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:970 +#: sssd.conf.5.xml:994 msgid "" "Some of the additional NSS responder requests can return more attributes " "than just the POSIX ones defined by the NSS interface. The list of " @@ -1305,96 +1321,96 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:983 +#: sssd.conf.5.xml:1007 msgid "" "To make configuration more easy the NSS responder will check the InfoPipe " "option if it is not set for the NSS responder." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:988 +#: sssd.conf.5.xml:1012 msgid "Default: not set, fallback to InfoPipe option" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:993 +#: sssd.conf.5.xml:1017 msgid "pwfield (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:996 +#: sssd.conf.5.xml:1020 msgid "" "The value that NSS operations that return users or groups will return for " "the <quote>password</quote> field." msgstr "" #. type: Content of: <varlistentry><listitem><para> -#: sssd.conf.5.xml:1001 include/override_homedir.xml:56 +#: sssd.conf.5.xml:1025 include/override_homedir.xml:56 msgid "This option can also be set per-domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1004 +#: sssd.conf.5.xml:1028 msgid "" "Default: <quote>*</quote> (remote domains) or <quote>x</quote> (the files " "domain)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:1012 +#: sssd.conf.5.xml:1036 msgid "PAM configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:1014 +#: sssd.conf.5.xml:1038 msgid "" "These options can be used to configure the Pluggable Authentication Module " "(PAM) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1019 +#: sssd.conf.5.xml:1043 msgid "offline_credentials_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1022 +#: sssd.conf.5.xml:1046 msgid "" "If the authentication provider is offline, how long should we allow cached " "logins (in days since the last successful online login)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1027 sssd.conf.5.xml:1040 +#: sssd.conf.5.xml:1051 sssd.conf.5.xml:1064 msgid "Default: 0 (No limit)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1033 +#: sssd.conf.5.xml:1057 msgid "offline_failed_login_attempts (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1036 +#: sssd.conf.5.xml:1060 msgid "" "If the authentication provider is offline, how many failed login attempts " "are allowed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1046 +#: sssd.conf.5.xml:1070 msgid "offline_failed_login_delay (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1049 +#: sssd.conf.5.xml:1073 msgid "" "The time in minutes which has to pass after offline_failed_login_attempts " "has been reached before a new login attempt is possible." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1054 +#: sssd.conf.5.xml:1078 msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " @@ -1402,124 +1418,122 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1060 sssd.conf.5.xml:1158 +#: sssd.conf.5.xml:1084 sssd.conf.5.xml:1182 msgid "Default: 5" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1066 +#: sssd.conf.5.xml:1090 msgid "pam_verbosity (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1069 +#: sssd.conf.5.xml:1093 msgid "" "Controls what kind of messages are shown to the user during authentication. " "The higher the number to more messages are displayed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1074 +#: sssd.conf.5.xml:1098 msgid "Currently sssd supports the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1077 +#: sssd.conf.5.xml:1101 msgid "<emphasis>0</emphasis>: do not show any message" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1080 +#: sssd.conf.5.xml:1104 msgid "<emphasis>1</emphasis>: show only important messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1084 +#: sssd.conf.5.xml:1108 msgid "<emphasis>2</emphasis>: show informational messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1087 +#: sssd.conf.5.xml:1111 msgid "<emphasis>3</emphasis>: show all messages and debug information" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1091 sssd.8.xml:63 +#: sssd.conf.5.xml:1115 sssd.8.xml:63 msgid "Default: 1" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1097 +#: sssd.conf.5.xml:1121 msgid "pam_response_filter (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1100 +#: sssd.conf.5.xml:1124 msgid "" -"A comma separated list of strings which allows to remove (filter) data send " +"A comma separated list of strings which allows to remove (filter) data sent " "by the PAM responder to pam_sss PAM module. There are different kind of " -"responses send to pam_sss e.g. messages displayed to the user or environment " +"responses sent to pam_sss e.g. messages displayed to the user or environment " "variables which should be set by pam_sss." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1108 +#: sssd.conf.5.xml:1132 msgid "" "While messages already can be controlled with the help of the pam_verbosity " "option this option allows to filter out other kind of responses as well." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1115 +#: sssd.conf.5.xml:1139 msgid "ENV" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1116 -msgid "Do not sent any environment variables to any service." +#: sssd.conf.5.xml:1140 +msgid "Do not send any environment variables to any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1119 +#: sssd.conf.5.xml:1143 msgid "ENV:var_name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1120 -msgid "Do not sent environment variable var_name to any service." +#: sssd.conf.5.xml:1144 +msgid "Do not send environment variable var_name to any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1124 +#: sssd.conf.5.xml:1148 msgid "ENV:var_name:service" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1125 -msgid "Do not sent environment variable var_name to service." +#: sssd.conf.5.xml:1149 +msgid "Do not send environment variable var_name to service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1113 -#, fuzzy -#| msgid "<placeholder type=\"variablelist\" id=\"0\"/>" +#: sssd.conf.5.xml:1137 msgid "" "Currently the following filters are supported: <placeholder type=" "\"variablelist\" id=\"0\"/>" -msgstr "<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1135 +#: sssd.conf.5.xml:1159 msgid "Example: ENV:KRB5CCNAME:sudo-i" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1141 +#: sssd.conf.5.xml:1165 msgid "pam_id_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1144 +#: sssd.conf.5.xml:1168 msgid "" "For any PAM request while SSSD is online, the SSSD will attempt to " "immediately update the cached identity information for the user in order to " @@ -1527,7 +1541,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1150 +#: sssd.conf.5.xml:1174 msgid "" "A complete PAM conversation may perform multiple PAM requests, such as " "account management and session opening. This option controls (on a per-" @@ -1536,17 +1550,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1164 +#: sssd.conf.5.xml:1188 msgid "pam_pwd_expiration_warning (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1167 sssd.conf.5.xml:1866 +#: sssd.conf.5.xml:1191 sssd.conf.5.xml:2010 msgid "Display a warning N days before the password expires." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1170 +#: sssd.conf.5.xml:1194 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -1554,26 +1568,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1176 sssd.conf.5.xml:1869 +#: sssd.conf.5.xml:1200 sssd.conf.5.xml:2013 msgid "" "If zero is set, then this filter is not applied, i.e. if the expiration " "warning was received from backend server, it will automatically be displayed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1181 +#: sssd.conf.5.xml:1205 msgid "" "This setting can be overridden by setting <emphasis>pwd_expiration_warning</" "emphasis> for a particular domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1203 +#: sssd.conf.5.xml:1227 msgid "pam_trusted_users (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1206 +#: sssd.conf.5.xml:1230 msgid "" "Specifies the comma-separated list of UID values or user names that are " "allowed to run PAM conversations against trusted domains. Users not " @@ -1583,74 +1597,74 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1216 +#: sssd.conf.5.xml:1240 msgid "Default: All users are considered trusted by default" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1220 +#: sssd.conf.5.xml:1244 msgid "" "Please note that UID 0 is always allowed to access the PAM responder even in " "case it is not in the pam_trusted_users list." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1227 +#: sssd.conf.5.xml:1251 msgid "pam_public_domains (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1230 +#: sssd.conf.5.xml:1254 msgid "" "Specifies the comma-separated list of domain names that are accessible even " "to untrusted users." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1234 +#: sssd.conf.5.xml:1258 msgid "Two special values for pam_public_domains option are defined:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1238 +#: sssd.conf.5.xml:1262 msgid "" "all (Untrusted users are allowed to access all domains in PAM responder.)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1242 +#: sssd.conf.5.xml:1266 msgid "" "none (Untrusted users are not allowed to access any domains PAM in " "responder.)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1246 sssd.conf.5.xml:1271 sssd.conf.5.xml:1290 -#: sssd.conf.5.xml:1663 sssd.conf.5.xml:2577 sssd-ldap.5.xml:1823 +#: sssd.conf.5.xml:1270 sssd.conf.5.xml:1295 sssd.conf.5.xml:1314 +#: sssd.conf.5.xml:1807 sssd.conf.5.xml:2751 sssd-ldap.5.xml:1850 msgid "Default: none" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1251 +#: sssd.conf.5.xml:1275 msgid "pam_account_expired_message (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1254 +#: sssd.conf.5.xml:1278 msgid "" "Allows a custom expiration message to be set, replacing the default " "'Permission denied' message." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1259 +#: sssd.conf.5.xml:1283 msgid "" "Note: Please be aware that message is only printed for the SSH service " "unless pam_verbosity is set to 3 (show all messages and debug information)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1267 +#: sssd.conf.5.xml:1291 #, no-wrap msgid "" "pam_account_expired_message = Account expired, please contact help desk.\n" @@ -1658,19 +1672,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1276 +#: sssd.conf.5.xml:1300 msgid "pam_account_locked_message (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1279 +#: sssd.conf.5.xml:1303 msgid "" "Allows a custom lockout message to be set, replacing the default 'Permission " "denied' message." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1286 +#: sssd.conf.5.xml:1310 #, no-wrap msgid "" "pam_account_locked_message = Account locked, please contact help desk.\n" @@ -1678,12 +1692,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1295 +#: sssd.conf.5.xml:1319 msgid "pam_cert_auth (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1298 +#: sssd.conf.5.xml:1322 msgid "" "Enable certificate based Smartcard authentication. Since this requires " "additional communication with the Smartcard which will delay the " @@ -1691,60 +1705,58 @@ msgid "" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1304 sssd-ldap.5.xml:1051 sssd-ldap.5.xml:1078 -#: sssd-ldap.5.xml:1369 sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1896 +#: sssd.conf.5.xml:1328 sssd-ldap.5.xml:1078 sssd-ldap.5.xml:1105 +#: sssd-ldap.5.xml:1396 sssd-ldap.5.xml:1417 sssd-ldap.5.xml:1923 #: include/ldap_id_mapping.xml:244 msgid "Default: False" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1309 +#: sssd.conf.5.xml:1333 msgid "pam_cert_db_path (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1312 +#: sssd.conf.5.xml:1336 msgid "" "The path to the certificate database which contain the PKCS#11 modules to " "access the Smartcard." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1316 +#: sssd.conf.5.xml:1340 msgid "Default: /etc/pki/nssdb (NSS version)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1321 -#, fuzzy -#| msgid "enum_cache_timeout (integer)" +#: sssd.conf.5.xml:1345 msgid "p11_child_timeout (integer)" -msgstr "enum_cache_timeout (integer)" +msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1324 +#: sssd.conf.5.xml:1348 msgid "How many seconds will pam_sss wait for p11_child to finish." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1333 +#: sssd.conf.5.xml:1357 msgid "pam_app_services (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1336 +#: sssd.conf.5.xml:1360 msgid "" "Which PAM services are permitted to contact domains of type " "<quote>application</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:1349 +#: sssd.conf.5.xml:1373 msgid "SUDO configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:1351 +#: sssd.conf.5.xml:1375 msgid "" "These options can be used to configure the sudo service. The detailed " "instructions for configuration of <citerefentry> <refentrytitle>sudo</" @@ -1755,34 +1767,51 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1368 +#: sssd.conf.5.xml:1392 msgid "sudo_timed (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1371 +#: sssd.conf.5.xml:1395 msgid "" "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " "that implement time-dependent sudoers entries." msgstr "" +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1407 +#, fuzzy +#| msgid "debug_level (integer)" +msgid "sudo_threshold (integer)" +msgstr "debug_level (integer)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1410 +msgid "" +"Maximum number of expired rules that can be refreshed at once. If number of " +"expired rules is below threshold, those rules are refreshed with " +"<quote>rules refresh</quote> mechanism. If the threshold is exceeded a " +"<quote>full refresh</quote> of sudo rules is triggered instead. This " +"threshold number also applies to IPA sudo command and command group searches." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:1384 +#: sssd.conf.5.xml:1429 msgid "AUTOFS configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:1386 +#: sssd.conf.5.xml:1431 msgid "These options can be used to configure the autofs service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1390 +#: sssd.conf.5.xml:1435 msgid "autofs_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1393 +#: sssd.conf.5.xml:1438 msgid "" "Specifies for how many seconds should the autofs responder negative cache " "hits (that is, queries for invalid map entries, like nonexistent ones) " @@ -1790,68 +1819,68 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:1409 +#: sssd.conf.5.xml:1454 msgid "SSH configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:1411 +#: sssd.conf.5.xml:1456 msgid "These options can be used to configure the SSH service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1415 +#: sssd.conf.5.xml:1460 msgid "ssh_hash_known_hosts (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1418 +#: sssd.conf.5.xml:1463 msgid "" "Whether or not to hash host names and addresses in the managed known_hosts " "file." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1427 +#: sssd.conf.5.xml:1472 msgid "ssh_known_hosts_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1430 +#: sssd.conf.5.xml:1475 msgid "" "How many seconds to keep a host in the managed known_hosts file after its " "host keys were requested." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1434 +#: sssd.conf.5.xml:1479 msgid "Default: 180" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1439 +#: sssd.conf.5.xml:1484 msgid "ca_db (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1442 +#: sssd.conf.5.xml:1487 msgid "" "Path to a storage of trusted CA certificates. The option is used to validate " "user certificates before deriving public ssh keys from them." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1447 +#: sssd.conf.5.xml:1492 msgid "Default: /etc/pki/nssdb" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:1455 +#: sssd.conf.5.xml:1500 msgid "PAC responder configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:1457 +#: sssd.conf.5.xml:1502 msgid "" "The PAC responder works together with the authorization data plugin for MIT " "Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the " @@ -1862,7 +1891,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1466 +#: sssd.conf.5.xml:1511 msgid "" "If the remote user does not exist in the cache, it is created. The UID is " "determined with the help of the SID, trusted domains will have UPGs and the " @@ -1873,24 +1902,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1474 +#: sssd.conf.5.xml:1519 msgid "" "If there are SIDs of groups from domains sssd knows about, the user will be " "added to those groups." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:1480 +#: sssd.conf.5.xml:1525 msgid "These options can be used to configure the PAC responder." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1484 sssd-ifp.5.xml:50 +#: sssd.conf.5.xml:1529 sssd-ifp.5.xml:50 msgid "allowed_uids (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1487 +#: sssd.conf.5.xml:1532 msgid "" "Specifies the comma-separated list of UID values or user names that are " "allowed to access the PAC responder. User names are resolved to UIDs at " @@ -1898,12 +1927,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1493 +#: sssd.conf.5.xml:1538 msgid "Default: 0 (only the root user is allowed to access the PAC responder)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1497 +#: sssd.conf.5.xml:1542 msgid "" "Please note that although the UID 0 is used as the default it will be " "overwritten with this option. If you still want to allow the root user to " @@ -1912,31 +1941,144 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1506 -#, fuzzy -#| msgid "offline_timeout (integer)" +#: sssd.conf.5.xml:1551 msgid "pac_lifetime (integer)" -msgstr "offline_timeout (integer)" +msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1509 +#: sssd.conf.5.xml:1554 msgid "" "Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC " "data can be used to determine the group memberships of a user." msgstr "" +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:1567 +msgid "Session recording configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:1569 +msgid "" +"Session recording works in conjunction with <citerefentry> " +"<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> </" +"citerefentry>, a part of tlog package, to log what users see and type when " +"they log in on a text terminal. See also <citerefentry> <refentrytitle>sssd-" +"session-recording</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:1582 +msgid "These options can be used to configure session recording." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1586 sssd-session-recording.5.xml:64 +msgid "scope (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1593 sssd-session-recording.5.xml:71 +msgid "\"none\"" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1596 sssd-session-recording.5.xml:74 +msgid "No users are recorded." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1601 sssd-session-recording.5.xml:79 +msgid "\"some\"" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1604 sssd-session-recording.5.xml:82 +msgid "" +"Users/groups specified by <replaceable>users</replaceable> and " +"<replaceable>groups</replaceable> options are recorded." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1613 sssd-session-recording.5.xml:91 +msgid "\"all\"" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1616 sssd-session-recording.5.xml:94 +msgid "All users are recorded." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1589 sssd-session-recording.5.xml:67 +msgid "" +"One of the following strings specifying the scope of session recording: " +"<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1623 sssd-session-recording.5.xml:101 +#, fuzzy +#| msgid "Default: not set" +msgid "Default: \"none\"" +msgstr "Oletus: ei asetettu" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1628 sssd-session-recording.5.xml:106 +msgid "users (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1631 sssd-session-recording.5.xml:109 +msgid "" +"A comma-separated list of users which should have session recording enabled. " +"Matches user names as returned by NSS. I.e. after the possible space " +"replacement, case changes, etc." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1637 sssd-session-recording.5.xml:115 +msgid "Default: Empty. Matches no users." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1642 sssd-session-recording.5.xml:120 +msgid "groups (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1645 sssd-session-recording.5.xml:123 +msgid "" +"A comma-separated list of groups, members of which should have session " +"recording enabled. Matches group names as returned by NSS. I.e. after the " +"possible space replacement, case changes, etc." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1651 sssd-session-recording.5.xml:129 +msgid "" +"NOTE: using this option (having it set to anything) has a considerable " +"performance cost, because each uncached request for a user requires " +"retrieving and matching the groups the user is member of." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1658 sssd-session-recording.5.xml:136 +msgid "Default: Empty. Matches no groups." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:1524 +#: sssd.conf.5.xml:1668 msgid "DOMAIN SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1531 +#: sssd.conf.5.xml:1675 msgid "domain_type (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1534 +#: sssd.conf.5.xml:1678 msgid "" "Specifies whether the domain is meant to be used by POSIX-aware clients such " "as the Name Service Switch or by applications that do not need POSIX data to " @@ -1945,14 +2087,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1542 +#: sssd.conf.5.xml:1686 msgid "" "Allowed values for this option are <quote>posix</quote> and " "<quote>application</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1546 +#: sssd.conf.5.xml:1690 msgid "" "POSIX domains are reachable by all services. Application domains are only " "reachable from the InfoPipe responder (see <citerefentry> " @@ -1961,40 +2103,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1554 +#: sssd.conf.5.xml:1698 msgid "" "NOTE: The application domains are currently well tested with " "<quote>id_provider=ldap</quote> only." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1558 +#: sssd.conf.5.xml:1702 msgid "" "For an easy way to configure a non-POSIX domains, please see the " "<quote>Application domains</quote> section." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1562 -#, fuzzy -#| msgid "Default: not set" +#: sssd.conf.5.xml:1706 msgid "Default: posix" -msgstr "Oletus: ei asetettu" +msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1568 +#: sssd.conf.5.xml:1712 msgid "min_id,max_id (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1571 +#: sssd.conf.5.xml:1715 msgid "" "UID and GID limits for the domain. If a domain contains an entry that is " "outside these limits, it is ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1576 +#: sssd.conf.5.xml:1720 msgid "" "For users, this affects the primary GID limit. The user will not be returned " "to NSS if either the UID or the primary GID is outside the range. For non-" @@ -2003,46 +2143,46 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1583 +#: sssd.conf.5.xml:1727 msgid "" "These ID limits affect even saving entries to cache, not only returning them " "by name or ID." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1587 +#: sssd.conf.5.xml:1731 msgid "Default: 1 for min_id, 0 (no limit) for max_id" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1593 +#: sssd.conf.5.xml:1737 msgid "enumerate (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1596 +#: sssd.conf.5.xml:1740 msgid "" "Determines if a domain can be enumerated. This parameter can have one of the " "following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1600 +#: sssd.conf.5.xml:1744 msgid "TRUE = Users and groups are enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1603 +#: sssd.conf.5.xml:1747 msgid "FALSE = No enumerations for this domain" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1606 sssd.conf.5.xml:1821 sssd.conf.5.xml:1988 +#: sssd.conf.5.xml:1750 sssd.conf.5.xml:1965 sssd.conf.5.xml:2132 msgid "Default: FALSE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1609 +#: sssd.conf.5.xml:1753 msgid "" "Note: Enabling enumeration has a moderate performance impact on SSSD while " "enumeration is running. It may take up to several minutes after SSSD startup " @@ -2054,14 +2194,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1622 +#: sssd.conf.5.xml:1766 msgid "" "While the first enumeration is running, requests for the complete user or " "group lists may return no results until it completes." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1627 +#: sssd.conf.5.xml:1771 msgid "" "Further, enabling enumeration may increase the time necessary to detect " "network disconnection, as longer timeouts are required to ensure that " @@ -2070,39 +2210,39 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1635 +#: sssd.conf.5.xml:1779 msgid "" "For the reasons cited above, enabling enumeration is not recommended, " "especially in large environments." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1643 +#: sssd.conf.5.xml:1787 msgid "subdomain_enumerate (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1650 +#: sssd.conf.5.xml:1794 msgid "all" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1651 +#: sssd.conf.5.xml:1795 msgid "All discovered trusted domains will be enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1654 +#: sssd.conf.5.xml:1798 msgid "none" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1655 +#: sssd.conf.5.xml:1799 msgid "No discovered trusted domains will be enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1646 +#: sssd.conf.5.xml:1790 msgid "" "Whether any of autodetected trusted domains should be enumerated. The " "supported values are: <placeholder type=\"variablelist\" id=\"0\"/> " @@ -2111,19 +2251,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1669 +#: sssd.conf.5.xml:1813 msgid "entry_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1672 +#: sssd.conf.5.xml:1816 msgid "" "How many seconds should nss_sss consider entries valid before asking the " "backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1676 +#: sssd.conf.5.xml:1820 msgid "" "The cache expiration timestamps are stored as attributes of individual " "objects in the cache. Therefore, changing the cache timeout only has effect " @@ -2134,151 +2274,151 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1689 +#: sssd.conf.5.xml:1833 msgid "Default: 5400" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1695 +#: sssd.conf.5.xml:1839 msgid "entry_cache_user_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1698 +#: sssd.conf.5.xml:1842 msgid "" "How many seconds should nss_sss consider user entries valid before asking " "the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1702 sssd.conf.5.xml:1715 sssd.conf.5.xml:1728 -#: sssd.conf.5.xml:1741 sssd.conf.5.xml:1754 sssd.conf.5.xml:1768 -#: sssd.conf.5.xml:1782 +#: sssd.conf.5.xml:1846 sssd.conf.5.xml:1859 sssd.conf.5.xml:1872 +#: sssd.conf.5.xml:1885 sssd.conf.5.xml:1898 sssd.conf.5.xml:1912 +#: sssd.conf.5.xml:1926 msgid "Default: entry_cache_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1708 +#: sssd.conf.5.xml:1852 msgid "entry_cache_group_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1711 +#: sssd.conf.5.xml:1855 msgid "" "How many seconds should nss_sss consider group entries valid before asking " "the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1721 +#: sssd.conf.5.xml:1865 msgid "entry_cache_netgroup_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1724 +#: sssd.conf.5.xml:1868 msgid "" "How many seconds should nss_sss consider netgroup entries valid before " "asking the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1734 +#: sssd.conf.5.xml:1878 msgid "entry_cache_service_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1737 +#: sssd.conf.5.xml:1881 msgid "" "How many seconds should nss_sss consider service entries valid before asking " "the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1747 +#: sssd.conf.5.xml:1891 msgid "entry_cache_sudo_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1750 +#: sssd.conf.5.xml:1894 msgid "" "How many seconds should sudo consider rules valid before asking the backend " "again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1760 +#: sssd.conf.5.xml:1904 msgid "entry_cache_autofs_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1763 +#: sssd.conf.5.xml:1907 msgid "" "How many seconds should the autofs service consider automounter maps valid " "before asking the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1774 +#: sssd.conf.5.xml:1918 msgid "entry_cache_ssh_host_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1777 +#: sssd.conf.5.xml:1921 msgid "" "How many seconds to keep a host ssh key after refresh. IE how long to cache " "the host key for." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1788 +#: sssd.conf.5.xml:1932 msgid "refresh_expired_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1791 +#: sssd.conf.5.xml:1935 msgid "" "Specifies how many seconds SSSD has to wait before triggering a background " "refresh task which will refresh all expired or nearly expired records." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1796 +#: sssd.conf.5.xml:1940 msgid "" "The background refresh will process users, groups and netgroups in the cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1800 +#: sssd.conf.5.xml:1944 msgid "You can consider setting this value to 3/4 * entry_cache_timeout." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1804 sssd-ldap.5.xml:746 sssd-ipa.5.xml:247 +#: sssd.conf.5.xml:1948 sssd-ldap.5.xml:746 sssd-ipa.5.xml:248 msgid "Default: 0 (disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1810 +#: sssd.conf.5.xml:1954 msgid "cache_credentials (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1813 +#: sssd.conf.5.xml:1957 msgid "Determines if user credentials are also cached in the local LDB cache" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1817 +#: sssd.conf.5.xml:1961 msgid "User credentials are stored in a SHA512 hash, not in plaintext" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1827 +#: sssd.conf.5.xml:1971 msgid "cache_credentials_minimal_first_factor_length (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1830 +#: sssd.conf.5.xml:1974 msgid "" "If 2-Factor-Authentication (2FA) is used and credentials should be saved " "this value determines the minimal length the first authentication factor " @@ -2286,24 +2426,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1837 +#: sssd.conf.5.xml:1981 msgid "" "This should avoid that the short PINs of a PIN based 2FA scheme are saved in " "the cache which would make them easy targets for brute-force attacks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1842 +#: sssd.conf.5.xml:1986 msgid "Default: 8" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1848 +#: sssd.conf.5.xml:1992 msgid "account_cache_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1851 +#: sssd.conf.5.xml:1995 msgid "" "Number of days entries are left in cache after last successful login before " "being removed during a cleanup of the cache. 0 means keep forever. The " @@ -2312,17 +2452,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1858 +#: sssd.conf.5.xml:2002 msgid "Default: 0 (unlimited)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1863 +#: sssd.conf.5.xml:2007 msgid "pwd_expiration_warning (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1874 +#: sssd.conf.5.xml:2018 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -2331,33 +2471,33 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1881 +#: sssd.conf.5.xml:2025 msgid "Default: 7 (Kerberos), 0 (LDAP)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1887 +#: sssd.conf.5.xml:2031 msgid "id_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1890 +#: sssd.conf.5.xml:2034 msgid "" "The identification provider used for the domain. Supported ID providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1894 +#: sssd.conf.5.xml:2038 msgid "<quote>proxy</quote>: Support a legacy NSS provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1897 sssd.conf.5.xml:2034 +#: sssd.conf.5.xml:2041 sssd.conf.5.xml:2178 msgid "<quote>local</quote>: SSSD internal provider for local users" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1901 +#: sssd.conf.5.xml:2045 msgid "" "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-" "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " @@ -2365,8 +2505,8 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1909 sssd.conf.5.xml:2014 sssd.conf.5.xml:2069 -#: sssd.conf.5.xml:2132 +#: sssd.conf.5.xml:2053 sssd.conf.5.xml:2158 sssd.conf.5.xml:2213 +#: sssd.conf.5.xml:2276 msgid "" "<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " "provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " @@ -2375,8 +2515,8 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1918 sssd.conf.5.xml:2023 sssd.conf.5.xml:2078 -#: sssd.conf.5.xml:2141 +#: sssd.conf.5.xml:2062 sssd.conf.5.xml:2167 sssd.conf.5.xml:2222 +#: sssd.conf.5.xml:2285 msgid "" "<quote>ad</quote>: Active Directory provider. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" @@ -2384,19 +2524,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1929 +#: sssd.conf.5.xml:2073 msgid "use_fully_qualified_names (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1932 +#: sssd.conf.5.xml:2076 msgid "" "Use the full name and domain (as formatted by the domain's full_name_format) " "as the user's login name reported to NSS." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1937 +#: sssd.conf.5.xml:2081 msgid "" "If set to TRUE, all requests to this domain must use fully qualified names. " "For example, if used in LOCAL domain that contains a \"test\" user, " @@ -2405,7 +2545,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1945 +#: sssd.conf.5.xml:2089 msgid "" "NOTE: This option has no effect on netgroup lookups due to their tendency to " "include nested netgroups without qualified names. For netgroups, all domains " @@ -2413,22 +2553,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1952 +#: sssd.conf.5.xml:2096 msgid "Default: FALSE (TRUE if default_domain_suffix is used)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1958 +#: sssd.conf.5.xml:2102 msgid "ignore_group_members (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1961 +#: sssd.conf.5.xml:2105 msgid "Do not return group members for group lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1964 +#: sssd.conf.5.xml:2108 msgid "" "If set to TRUE, the group membership attribute is not requested from the " "ldap server, and group members are not returned when processing group lookup " @@ -2440,7 +2580,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1982 +#: sssd.conf.5.xml:2126 msgid "" "Enabling this option can also make access provider checks for group " "membership significantly faster, especially for groups containing many " @@ -2448,19 +2588,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1993 +#: sssd.conf.5.xml:2137 msgid "auth_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1996 +#: sssd.conf.5.xml:2140 msgid "" "The authentication provider used for the domain. Supported auth providers " "are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2000 sssd.conf.5.xml:2062 +#: sssd.conf.5.xml:2144 sssd.conf.5.xml:2206 msgid "" "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -2468,7 +2608,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2007 +#: sssd.conf.5.xml:2151 msgid "" "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -2476,30 +2616,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2031 +#: sssd.conf.5.xml:2175 msgid "" "<quote>proxy</quote> for relaying authentication to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2038 +#: sssd.conf.5.xml:2182 msgid "<quote>none</quote> disables authentication explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2041 +#: sssd.conf.5.xml:2185 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "authentication requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2047 +#: sssd.conf.5.xml:2191 msgid "access_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2050 +#: sssd.conf.5.xml:2194 msgid "" "The access control provider used for the domain. There are two built-in " "access providers (in addition to any included in installed backends) " @@ -2507,19 +2647,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2056 +#: sssd.conf.5.xml:2200 msgid "" "<quote>permit</quote> always allow access. It's the only permitted access " "provider for a local domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2059 +#: sssd.conf.5.xml:2203 msgid "<quote>deny</quote> always deny access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2086 +#: sssd.conf.5.xml:2230 msgid "" "<quote>simple</quote> access control based on access or deny lists. See " "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" @@ -2528,7 +2668,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2093 +#: sssd.conf.5.xml:2237 msgid "" "<quote>krb5</quote>: .k5login based access control. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></" @@ -2536,29 +2676,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2100 +#: sssd.conf.5.xml:2244 msgid "<quote>proxy</quote> for relaying access control to another PAM module." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2103 +#: sssd.conf.5.xml:2247 msgid "Default: <quote>permit</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2108 +#: sssd.conf.5.xml:2252 msgid "chpass_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2111 +#: sssd.conf.5.xml:2255 msgid "" "The provider which should handle change password operations for the domain. " "Supported change password providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2116 +#: sssd.conf.5.xml:2260 msgid "" "<quote>ldap</quote> to change a password stored in a LDAP server. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -2566,7 +2706,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2124 +#: sssd.conf.5.xml:2268 msgid "" "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -2574,35 +2714,35 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2149 +#: sssd.conf.5.xml:2293 msgid "" "<quote>proxy</quote> for relaying password changes to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2153 +#: sssd.conf.5.xml:2297 msgid "<quote>none</quote> disallows password changes explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2156 +#: sssd.conf.5.xml:2300 msgid "" "Default: <quote>auth_provider</quote> is used if it is set and can handle " "change password requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2163 +#: sssd.conf.5.xml:2307 msgid "sudo_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2166 +#: sssd.conf.5.xml:2310 msgid "The SUDO provider used for the domain. Supported SUDO providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2170 +#: sssd.conf.5.xml:2314 msgid "" "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -2610,32 +2750,32 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2178 +#: sssd.conf.5.xml:2322 msgid "" "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default " "settings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2182 +#: sssd.conf.5.xml:2326 msgid "" "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default " "settings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2186 +#: sssd.conf.5.xml:2330 msgid "<quote>none</quote> disables SUDO explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2189 sssd.conf.5.xml:2267 sssd.conf.5.xml:2308 -#: sssd.conf.5.xml:2333 +#: sssd.conf.5.xml:2333 sssd.conf.5.xml:2411 sssd.conf.5.xml:2476 +#: sssd.conf.5.xml:2501 msgid "Default: The value of <quote>id_provider</quote> is used if it is set." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2193 +#: sssd.conf.5.xml:2337 msgid "" "The detailed instructions for configuration of sudo_provider are in the " "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " @@ -2646,12 +2786,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2210 +#: sssd.conf.5.xml:2354 msgid "selinux_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2213 +#: sssd.conf.5.xml:2357 msgid "" "The provider which should handle loading of selinux settings. Note that this " "provider will be called right after access provider ends. Supported selinux " @@ -2659,7 +2799,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2219 +#: sssd.conf.5.xml:2363 msgid "" "<quote>ipa</quote> to load selinux settings from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -2667,31 +2807,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2227 +#: sssd.conf.5.xml:2371 msgid "<quote>none</quote> disallows fetching selinux settings explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2230 +#: sssd.conf.5.xml:2374 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "selinux loading requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2236 +#: sssd.conf.5.xml:2380 msgid "subdomains_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2239 +#: sssd.conf.5.xml:2383 msgid "" "The provider which should handle fetching of subdomains. This value should " "be always the same as id_provider. Supported subdomain providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2245 +#: sssd.conf.5.xml:2389 msgid "" "<quote>ipa</quote> to load a list of subdomains from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -2699,7 +2839,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2254 +#: sssd.conf.5.xml:2398 msgid "" "<quote>ad</quote> to load a list of subdomains from an Active Directory " "server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> " @@ -2708,23 +2848,54 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2263 +#: sssd.conf.5.xml:2407 msgid "<quote>none</quote> disallows fetching subdomains explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2274 +#: sssd.conf.5.xml:2417 +msgid "session_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2420 +msgid "" +"The provider which configures and manages user session related tasks. The " +"only user session task currently provided is the integration with Fleet " +"Commander, which works only with IPA. Supported session providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2427 +msgid "<quote>ipa</quote> to allow performing user session related tasks." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2431 +msgid "" +"<quote>none</quote> does not perform any kind of user session related tasks." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2435 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can perform " +"session related tasks." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:2442 msgid "autofs_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2277 +#: sssd.conf.5.xml:2445 msgid "" "The autofs provider used for the domain. Supported autofs providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2281 +#: sssd.conf.5.xml:2449 msgid "" "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -2732,7 +2903,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2288 +#: sssd.conf.5.xml:2456 msgid "" "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> " "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </" @@ -2740,7 +2911,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2296 +#: sssd.conf.5.xml:2464 msgid "" "<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" @@ -2748,24 +2919,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2305 +#: sssd.conf.5.xml:2473 msgid "<quote>none</quote> disables autofs explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2315 +#: sssd.conf.5.xml:2483 msgid "hostid_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2318 +#: sssd.conf.5.xml:2486 msgid "" "The provider used for retrieving host identity information. Supported " "hostid providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2322 +#: sssd.conf.5.xml:2490 msgid "" "<quote>ipa</quote> to load host identity stored in an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -2773,12 +2944,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2330 +#: sssd.conf.5.xml:2498 msgid "<quote>none</quote> disables hostid explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2343 +#: sssd.conf.5.xml:2511 msgid "" "Regular expression for this domain that describes how to parse the string " "containing user name and domain into these components. The \"domain\" can " @@ -2788,7 +2959,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2352 +#: sssd.conf.5.xml:2520 msgid "" "Default for the AD and IPA provider: <quote>(((?P<domain>[^\\\\]+)\\" "\\(?P<name>.+$))|((?P<name>[^@]+)@(?P<domain>.+$))|(^(?" @@ -2797,29 +2968,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2357 +#: sssd.conf.5.xml:2525 msgid "username" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2360 +#: sssd.conf.5.xml:2528 msgid "username@domain.name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2363 +#: sssd.conf.5.xml:2531 msgid "domain\\username" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2366 +#: sssd.conf.5.xml:2534 msgid "" "While the first two correspond to the general default the third one is " "introduced to allow easy integration of users from Windows domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2371 +#: sssd.conf.5.xml:2539 msgid "" "Default: <quote>(?P<name>[^@]+)@?(?P<domain>[^@]*$)</quote> " "which translates to \"the name is everything up to the <quote>@</quote> " @@ -2827,7 +2998,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2377 +#: sssd.conf.5.xml:2545 msgid "" "PLEASE NOTE: the support for non-unique named subpatterns is not available " "on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre " @@ -2835,137 +3006,145 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2384 +#: sssd.conf.5.xml:2552 msgid "" "PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?" "P<name>) to label subpatterns." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2431 +#: sssd.conf.5.xml:2599 msgid "Default: <quote>%1$s@%2$s</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2437 +#: sssd.conf.5.xml:2605 msgid "lookup_family_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2440 +#: sssd.conf.5.xml:2608 msgid "" "Provides the ability to select preferred address family to use when " "performing DNS lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2444 +#: sssd.conf.5.xml:2612 msgid "Supported values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2447 +#: sssd.conf.5.xml:2615 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2450 +#: sssd.conf.5.xml:2618 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2453 +#: sssd.conf.5.xml:2621 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2456 +#: sssd.conf.5.xml:2624 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2459 +#: sssd.conf.5.xml:2627 msgid "Default: ipv4_first" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2465 +#: sssd.conf.5.xml:2633 msgid "dns_resolver_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2468 +#: sssd.conf.5.xml:2636 +msgid "" +"Defines the amount of time (in seconds) to wait for a reply from the " +"internal fail over service before assuming that the service is unreachable. " +"If this timeout is reached, the domain will continue to operate in offline " +"mode." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:2643 msgid "" -"Defines the amount of time (in seconds) to wait for a reply from the DNS " -"resolver before assuming that it is unreachable. If this timeout is reached, " -"the domain will continue to operate in offline mode." +"Please see the section <quote>FAILOVER</quote> for more information about " +"the service resolution." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2474 sssd-ldap.5.xml:1251 sssd-ldap.5.xml:1293 -#: sssd-ldap.5.xml:1311 sssd-krb5.5.xml:248 +#: sssd.conf.5.xml:2648 sssd-ldap.5.xml:1278 sssd-ldap.5.xml:1320 +#: sssd-ldap.5.xml:1338 sssd-krb5.5.xml:248 msgid "Default: 6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2480 +#: sssd.conf.5.xml:2654 msgid "dns_discovery_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2483 +#: sssd.conf.5.xml:2657 msgid "" "If service discovery is used in the back end, specifies the domain part of " "the service discovery DNS query." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2487 +#: sssd.conf.5.xml:2661 msgid "Default: Use the domain part of machine's hostname" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2493 +#: sssd.conf.5.xml:2667 msgid "override_gid (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2496 +#: sssd.conf.5.xml:2670 msgid "Override the primary GID value with the one specified." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2502 +#: sssd.conf.5.xml:2676 msgid "case_sensitive (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2510 +#: sssd.conf.5.xml:2684 msgid "True" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2513 +#: sssd.conf.5.xml:2687 msgid "Case sensitive. This value is invalid for AD provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2519 +#: sssd.conf.5.xml:2693 msgid "False" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2521 +#: sssd.conf.5.xml:2695 msgid "Case insensitive." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2525 +#: sssd.conf.5.xml:2699 msgid "Preserving" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2528 +#: sssd.conf.5.xml:2702 msgid "" "Same as False (case insensitive), but does not lowercase names in the result " "of NSS operations. Note that name aliases (and in case of services also " @@ -2973,7 +3152,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2505 +#: sssd.conf.5.xml:2679 msgid "" "Treat user and group names as case sensitive. At the moment, this option is " "not supported in the local provider. Possible option values are: " @@ -2981,17 +3160,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2540 +#: sssd.conf.5.xml:2714 msgid "Default: True (False for AD provider)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2546 +#: sssd.conf.5.xml:2720 msgid "subdomain_inherit (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2549 +#: sssd.conf.5.xml:2723 msgid "" "Specifies a list of configuration parameters that should be inherited by a " "subdomain. Please note that only selected parameters can be inherited. " @@ -2999,34 +3178,34 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2555 +#: sssd.conf.5.xml:2729 msgid "ignore_group_members" msgstr "ignore_group_members" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2558 +#: sssd.conf.5.xml:2732 msgid "ldap_purge_cache_timeout" msgstr "ldap_purge_cache_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2561 sssd-ldap.5.xml:1084 +#: sssd.conf.5.xml:2735 sssd-ldap.5.xml:1111 msgid "ldap_use_tokengroups" msgstr "ldap_use_tokengroups" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2564 +#: sssd.conf.5.xml:2738 msgid "ldap_user_principal" msgstr "ldap_user_principal" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2567 +#: sssd.conf.5.xml:2741 msgid "" "ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab " "is not set explicitly)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:2573 +#: sssd.conf.5.xml:2747 #, no-wrap msgid "" "subdomain_inherit = ldap_purge_cache_timeout\n" @@ -3036,32 +3215,32 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2571 sssd-secrets.5.xml:381 +#: sssd.conf.5.xml:2745 sssd-secrets.5.xml:448 msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "Esimerkki: <placeholder type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2580 +#: sssd.conf.5.xml:2754 msgid "Note: This option only works with the IPA and AD provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2587 +#: sssd.conf.5.xml:2761 msgid "subdomain_homedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2598 +#: sssd.conf.5.xml:2772 msgid "%F" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2599 +#: sssd.conf.5.xml:2773 msgid "flat (NetBIOS) name of a subdomain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2590 +#: sssd.conf.5.xml:2764 msgid "" "Use this homedir as default value for all subdomains within this domain in " "IPA AD trust. See <emphasis>override_homedir</emphasis> for info about " @@ -3071,36 +3250,34 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2604 +#: sssd.conf.5.xml:2778 msgid "" "The value can be overridden by <emphasis>override_homedir</emphasis> option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2608 +#: sssd.conf.5.xml:2782 msgid "Default: <filename>/home/%d/%u</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2613 +#: sssd.conf.5.xml:2787 msgid "realmd_tags (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2616 +#: sssd.conf.5.xml:2790 msgid "" "Various tags stored by the realmd configuration service for this domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2622 -#, fuzzy -#| msgid "enum_cache_timeout (integer)" +#: sssd.conf.5.xml:2796 msgid "cached_auth_timeout (int)" -msgstr "enum_cache_timeout (integer)" +msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2625 +#: sssd.conf.5.xml:2799 msgid "" "Specifies time in seconds since last successful online authentication for " "which user will be authenticated using cached credentials while SSSD is in " @@ -3108,12 +3285,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2631 +#: sssd.conf.5.xml:2805 msgid "Special value 0 implies that this feature is disabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2635 +#: sssd.conf.5.xml:2809 msgid "" "Please note that if <quote>cached_auth_timeout</quote> is longer than " "<quote>pam_id_timeout</quote> then the back end could be called to handle " @@ -3121,7 +3298,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1526 +#: sssd.conf.5.xml:1670 msgid "" "These configuration options can be present in a domain configuration " "section, that is, in a section called <quote>[domain/<replaceable>NAME</" @@ -3129,29 +3306,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2653 +#: sssd.conf.5.xml:2827 msgid "proxy_pam_target (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2656 +#: sssd.conf.5.xml:2830 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2659 +#: sssd.conf.5.xml:2833 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2667 +#: sssd.conf.5.xml:2841 msgid "proxy_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2670 +#: sssd.conf.5.xml:2844 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -3159,12 +3336,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2680 +#: sssd.conf.5.xml:2854 msgid "proxy_fast_alias (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2683 +#: sssd.conf.5.xml:2857 msgid "" "When a user or group is looked up by name in the proxy provider, a second " "lookup by ID is performed to \"canonicalize\" the name in case the requested " @@ -3173,12 +3350,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2697 +#: sssd.conf.5.xml:2871 msgid "proxy_max_children (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2700 +#: sssd.conf.5.xml:2874 msgid "" "This option specifies the number of pre-forked proxy children. It is useful " "for high-load SSSD environments where sssd may run out of available child " @@ -3186,19 +3363,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:2649 +#: sssd.conf.5.xml:2823 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" id=" "\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2716 +#: sssd.conf.5.xml:2890 msgid "Application domains" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2718 +#: sssd.conf.5.xml:2892 msgid "" "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to " @@ -3215,7 +3392,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2738 +#: sssd.conf.5.xml:2912 msgid "" "Please note that the application domain must still be explicitly enabled in " "the <quote>domains</quote> parameter so that the lookup order between the " @@ -3223,17 +3400,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:2744 +#: sssd.conf.5.xml:2918 msgid "Application domain parameters" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2746 +#: sssd.conf.5.xml:2920 msgid "inherit_from (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2749 +#: sssd.conf.5.xml:2923 msgid "" "The SSSD POSIX-type domain the application domain inherits all settings " "from. The application domain can moreover add its own settings to the " @@ -3242,18 +3419,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2763 +#: sssd.conf.5.xml:2937 msgid "" "The following example illustrates the use of an application domain. In this " "setup, the POSIX domain is connected to an LDAP server and is used by the OS " -"through the NSS responder. In addition, the application domains also " -"requests the telephoneNumber attribute, stores it as the phone attribute in " -"the cache and makes the phone attribute reachable through the D-Bus " -"interface." +"through the NSS responder. In addition, the application domain also requests " +"the telephoneNumber attribute, stores it as the phone attribute in the cache " +"and makes the phone attribute reachable through the D-Bus interface." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting> -#: sssd.conf.5.xml:2771 +#: sssd.conf.5.xml:2945 #, no-wrap msgid "" "[sssd]\n" @@ -3273,12 +3449,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2789 +#: sssd.conf.5.xml:2963 msgid "The local domain section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2791 +#: sssd.conf.5.xml:2965 msgid "" "This section contains settings for domain that stores users and groups in " "SSSD native database, that is, a domain that uses " @@ -3286,73 +3462,73 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2798 +#: sssd.conf.5.xml:2972 msgid "default_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2801 +#: sssd.conf.5.xml:2975 msgid "The default shell for users created with SSSD userspace tools." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2805 +#: sssd.conf.5.xml:2979 msgid "Default: <filename>/bin/bash</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2810 +#: sssd.conf.5.xml:2984 msgid "base_directory (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2813 +#: sssd.conf.5.xml:2987 msgid "" "The tools append the login name to <replaceable>base_directory</replaceable> " "and use that as the home directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2818 +#: sssd.conf.5.xml:2992 msgid "Default: <filename>/home</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2823 +#: sssd.conf.5.xml:2997 msgid "create_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2826 +#: sssd.conf.5.xml:3000 msgid "" "Indicate if a home directory should be created by default for new users. " "Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2830 sssd.conf.5.xml:2842 +#: sssd.conf.5.xml:3004 sssd.conf.5.xml:3016 msgid "Default: TRUE" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2835 +#: sssd.conf.5.xml:3009 msgid "remove_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2838 +#: sssd.conf.5.xml:3012 msgid "" "Indicate if a home directory should be removed by default for deleted " "users. Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2847 +#: sssd.conf.5.xml:3021 msgid "homedir_umask (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2850 +#: sssd.conf.5.xml:3024 msgid "" "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions " @@ -3360,17 +3536,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2858 +#: sssd.conf.5.xml:3032 msgid "Default: 077" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2863 +#: sssd.conf.5.xml:3037 msgid "skel_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2866 +#: sssd.conf.5.xml:3040 msgid "" "The skeleton directory, which contains files and directories to be copied in " "the user's home directory, when the home directory is created by " @@ -3379,17 +3555,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2876 +#: sssd.conf.5.xml:3050 msgid "Default: <filename>/etc/skel</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2881 +#: sssd.conf.5.xml:3055 msgid "mail_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2884 +#: sssd.conf.5.xml:3058 msgid "" "The mail spool directory. This is needed to manipulate the mailbox when its " "corresponding user account is modified or deleted. If not specified, a " @@ -3397,17 +3573,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2891 +#: sssd.conf.5.xml:3065 msgid "Default: <filename>/var/mail</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2896 +#: sssd.conf.5.xml:3070 msgid "userdel_cmd (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2899 +#: sssd.conf.5.xml:3073 msgid "" "The command that is run after a user is removed. The command us passed the " "username of the user being removed as the first and only parameter. The " @@ -3415,88 +3591,85 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2905 +#: sssd.conf.5.xml:3079 msgid "Default: None, no command is run" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:2915 +#: sssd.conf.5.xml:3089 msgid "TRUSTED DOMAIN SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:2917 +#: sssd.conf.5.xml:3091 msgid "" "Some options used in the domain section can also be used in the trusted " "domain section, that is, in a section called <quote>[domain/" "<replaceable>DOMAIN_NAME</replaceable>/<replaceable>TRUSTED_DOMAIN_NAME</" -"replaceable>]</quote>. Currently supported options in the trusted domain " -"section are:" +"replaceable>]</quote>. Where DOMAIN_NAME is the actual joined-to base " +"domain. Please refer to examples below for explanation. Currently supported " +"options in the trusted domain section are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:2922 +#: sssd.conf.5.xml:3098 msgid "ldap_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:2923 -#, fuzzy -#| msgid "ldap_user_principal" +#: sssd.conf.5.xml:3099 msgid "ldap_user_search_base," -msgstr "ldap_user_principal" +msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:2924 +#: sssd.conf.5.xml:3100 msgid "ldap_group_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:2925 +#: sssd.conf.5.xml:3101 msgid "ldap_netgroup_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:2926 +#: sssd.conf.5.xml:3102 msgid "ldap_service_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:2927 +#: sssd.conf.5.xml:3103 msgid "ad_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:2928 +#: sssd.conf.5.xml:3104 msgid "ad_backup_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:2929 +#: sssd.conf.5.xml:3105 msgid "ad_site," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:2930 +#: sssd.conf.5.xml:3106 msgid "use_fully_qualified_names" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:2932 +#: sssd.conf.5.xml:3108 msgid "" "For more details about these options see their individual description in the " "manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:2938 sssd-ldap.5.xml:2662 sssd-simple.5.xml:131 -#: sssd-ipa.5.xml:673 sssd-ad.5.xml:1018 sssd-krb5.5.xml:570 -#: sss_rpcidmapd.5.xml:98 sssd-files.5.xml:71 -msgid "EXAMPLE" +#: sssd.conf.5.xml:3114 idmap_sss.8.xml:43 +msgid "EXAMPLES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:2944 +#: sssd.conf.5.xml:3120 #, no-wrap msgid "" "[sssd]\n" @@ -3526,17 +3699,36 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:2940 +#: sssd.conf.5.xml:3116 msgid "" -"The following example shows a typical SSSD config. It does not describe " +"1. The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " "configuring domains for more details. <placeholder type=\"programlisting\" " "id=\"0\"/>" msgstr "" -#. type: Content of: <reference><refentry><refnamediv><refname> -#: sssd-ldap.5.xml:10 sssd-ldap.5.xml:16 -msgid "sssd-ldap" +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd.conf.5.xml:3153 +#, no-wrap +msgid "" +"[domain/ipa.com/child.ad.com]\n" +"use_fully_qualified_names = false\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd.conf.5.xml:3147 +msgid "" +"2. The following example shows configuration of IPA AD trust where the AD " +"forest consists of two domains in a parent-child structure. Suppose IPA " +"domain (ipa.com) has trust with AD domain(ad.com). ad.com has child domain " +"(child.ad.com). To enable shortnames in the child domain the following " +"configuration should be used. <placeholder type=\"programlisting\" id=\"0\"/" +">" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-ldap.5.xml:10 sssd-ldap.5.xml:16 +msgid "sssd-ldap" msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> @@ -3574,7 +3766,7 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:75 sssd-ad.5.xml:99 #: sssd-krb5.5.xml:63 sssd-ifp.5.xml:44 sssd-files.5.xml:57 -#: sssd-secrets.5.xml:94 sssd-kcm.8.xml:141 +#: sssd-secrets.5.xml:120 sssd-session-recording.5.xml:58 sssd-kcm.8.xml:139 msgid "CONFIGURATION OPTIONS" msgstr "" @@ -3594,7 +3786,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:70 sssd-secrets.5.xml:197 +#: sssd-ldap.5.xml:70 sssd-secrets.5.xml:264 msgid "The format of the URI must match the format defined in RFC 2732:" msgstr "" @@ -3874,7 +4066,7 @@ msgid "The LDAP attribute that corresponds to the user's primary group id." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:297 sssd-ldap.5.xml:893 +#: sssd-ldap.5.xml:297 sssd-ldap.5.xml:920 msgid "Default: gidNumber" msgstr "" @@ -3952,7 +4144,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:364 sssd-ldap.5.xml:919 +#: sssd-ldap.5.xml:364 sssd-ldap.5.xml:946 msgid "" "Default: not set in the general case, objectGUID for AD and ipaUniqueID for " "IPA" @@ -3971,7 +4163,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:379 sssd-ldap.5.xml:934 +#: sssd-ldap.5.xml:379 sssd-ldap.5.xml:961 msgid "Default: objectSid for ActiveDirectory, not set for other servers." msgstr "" @@ -3981,14 +4173,14 @@ msgid "ldap_user_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:389 sssd-ldap.5.xml:944 sssd-ldap.5.xml:1167 +#: sssd-ldap.5.xml:389 sssd-ldap.5.xml:971 sssd-ldap.5.xml:1194 msgid "" "The LDAP attribute that contains timestamp of the last modification of the " "parent object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:393 sssd-ldap.5.xml:948 sssd-ldap.5.xml:1174 +#: sssd-ldap.5.xml:393 sssd-ldap.5.xml:975 sssd-ldap.5.xml:1201 msgid "Default: modifyTimestamp" msgstr "" @@ -4383,8 +4575,8 @@ msgid "The LDAP attribute that corresponds to the user's full name." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:759 sssd-ldap.5.xml:1125 sssd-ldap.5.xml:1199 -#: sssd-ldap.5.xml:2240 sssd-ipa.5.xml:544 +#: sssd-ldap.5.xml:759 sssd-ldap.5.xml:1152 sssd-ldap.5.xml:1226 +#: sssd-ldap.5.xml:2276 sssd-ipa.5.xml:588 msgid "Default: cn" msgstr "" @@ -4471,134 +4663,165 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:833 -msgid "ldap_user_certificate (string)" +msgid "ldap_user_authorized_rhost (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:836 +msgid "" +"If access_provider=ldap and ldap_access_order=rhost, SSSD will use the " +"presence of the rhost attribute in the user's LDAP entry to determine access " +"privilege. Similarly to host verification process." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:843 +msgid "" +"An explicit deny (!rhost) is resolved first. Second, SSSD searches for " +"explicit allow (rhost) and finally for allow_all (*)." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:848 +msgid "" +"Please note that the ldap_access_order configuration option <emphasis>must</" +"emphasis> include <quote>rhost</quote> in order for the " +"ldap_user_authorized_rhost option to work." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:855 +#, fuzzy +#| msgid "Default: not set" +msgid "Default: rhost" +msgstr "Oletus: ei asetettu" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:861 +msgid "ldap_user_certificate (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:864 msgid "Name of the LDAP attribute containing the X509 certificate of the user." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:840 -msgid "Default: no set in the general case, userCertificate;binary for IPA" +#: sssd-ldap.5.xml:868 +msgid "Default: userCertificate;binary" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:847 -#, fuzzy -#| msgid "ldap_user_principal" +#: sssd-ldap.5.xml:874 msgid "ldap_user_email (string)" -msgstr "ldap_user_principal" +msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:850 +#: sssd-ldap.5.xml:877 msgid "Name of the LDAP attribute containing the email address of the user." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:854 -#, fuzzy -#| msgid "Default: false" +#: sssd-ldap.5.xml:881 msgid "Default: mail" -msgstr "Oletus:epätosi" +msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:860 +#: sssd-ldap.5.xml:887 msgid "ldap_group_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:863 +#: sssd-ldap.5.xml:890 msgid "The object class of a group entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:866 +#: sssd-ldap.5.xml:893 msgid "Default: posixGroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:872 +#: sssd-ldap.5.xml:899 msgid "ldap_group_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:875 +#: sssd-ldap.5.xml:902 msgid "The LDAP attribute that corresponds to the group name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:879 +#: sssd-ldap.5.xml:906 msgid "Default: cn (rfc2307, rfc2307bis and IPA), sAMAccountName (AD)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:886 +#: sssd-ldap.5.xml:913 msgid "ldap_group_gid_number (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:889 +#: sssd-ldap.5.xml:916 msgid "The LDAP attribute that corresponds to the group's id." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:899 +#: sssd-ldap.5.xml:926 msgid "ldap_group_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:902 +#: sssd-ldap.5.xml:929 msgid "The LDAP attribute that contains the names of the group's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:906 +#: sssd-ldap.5.xml:933 msgid "Default: memberuid (rfc2307) / member (rfc2307bis)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:912 +#: sssd-ldap.5.xml:939 msgid "ldap_group_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:915 +#: sssd-ldap.5.xml:942 msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:926 +#: sssd-ldap.5.xml:953 msgid "ldap_group_objectsid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:929 +#: sssd-ldap.5.xml:956 msgid "" "The LDAP attribute that contains the objectSID of an LDAP group object. This " "is usually only necessary for ActiveDirectory servers." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:941 +#: sssd-ldap.5.xml:968 msgid "ldap_group_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:954 +#: sssd-ldap.5.xml:981 msgid "ldap_group_type (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:957 +#: sssd-ldap.5.xml:984 msgid "" "The LDAP attribute that contains an integer value indicating the type of the " "group and maybe other flags." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:962 +#: sssd-ldap.5.xml:989 msgid "" "This attribute is currently only used by the AD provider to determine if a " "group is a domain local groups and has to be filtered out for trusted " @@ -4606,34 +4829,34 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:968 +#: sssd-ldap.5.xml:995 msgid "Default: groupType in the AD provider, otherwise not set" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:975 +#: sssd-ldap.5.xml:1002 msgid "ldap_group_external_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:978 +#: sssd-ldap.5.xml:1005 msgid "" "The LDAP attribute that references group members that are defined in an " "external domain. At the moment, only IPA's external members are supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:984 +#: sssd-ldap.5.xml:1011 msgid "Default: ipaExternalMember in the IPA provider, otherwise unset." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:991 +#: sssd-ldap.5.xml:1018 msgid "ldap_group_nesting_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:994 +#: sssd-ldap.5.xml:1021 msgid "" "If ldap_schema is set to a schema format that supports nested groups (e.g. " "RFC2307bis), then this option controls how many levels of nesting SSSD will " @@ -4641,7 +4864,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1001 +#: sssd-ldap.5.xml:1028 msgid "" "Note: This option specifies the guaranteed level of nested groups to be " "processed for any lookup. However, nested groups beyond this limit " @@ -4651,7 +4874,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1010 +#: sssd-ldap.5.xml:1037 msgid "" "If ldap_group_nesting_level is set to 0 then no nested groups are processed " "at all. However, when connected to Active-Directory Server 2008 and later " @@ -4661,17 +4884,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1019 +#: sssd-ldap.5.xml:1046 msgid "Default: 2" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1025 +#: sssd-ldap.5.xml:1052 msgid "ldap_groups_use_matching_rule_in_chain" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1028 +#: sssd-ldap.5.xml:1055 msgid "" "This option tells SSSD to take advantage of an Active Directory-specific " "feature which may speed up group lookup operations on deployments with " @@ -4679,14 +4902,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1034 +#: sssd-ldap.5.xml:1061 msgid "" "In most common cases, it is best to leave this option disabled. It generally " "only provides a performance increase on very complex nestings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1039 sssd-ldap.5.xml:1066 +#: sssd-ldap.5.xml:1066 sssd-ldap.5.xml:1093 msgid "" "If this option is enabled, SSSD will use it if it detects that the server " "supports it during initial connection. So \"True\" here essentially means " @@ -4694,7 +4917,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1045 sssd-ldap.5.xml:1072 +#: sssd-ldap.5.xml:1072 sssd-ldap.5.xml:1099 msgid "" "Note: This feature is currently known to work only with Active Directory " "2008 R1 and later. See <ulink url=\"http://msdn.microsoft.com/en-us/library/" @@ -4703,12 +4926,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1057 +#: sssd-ldap.5.xml:1084 msgid "ldap_initgroups_use_matching_rule_in_chain" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1060 +#: sssd-ldap.5.xml:1087 msgid "" "This option tells SSSD to take advantage of an Active Directory-specific " "feature which might speed up initgroups operations (most notably when " @@ -4716,168 +4939,168 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1087 +#: sssd-ldap.5.xml:1114 msgid "" "This options enables or disables use of Token-Groups attribute when " "performing initgroup for users from Active Directory Server 2008 and later." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1092 +#: sssd-ldap.5.xml:1119 msgid "Default: True for AD and IPA otherwise False." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1098 +#: sssd-ldap.5.xml:1125 msgid "ldap_netgroup_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1101 +#: sssd-ldap.5.xml:1128 msgid "The object class of a netgroup entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1104 +#: sssd-ldap.5.xml:1131 msgid "In IPA provider, ipa_netgroup_object_class should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1108 +#: sssd-ldap.5.xml:1135 msgid "Default: nisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1114 +#: sssd-ldap.5.xml:1141 msgid "ldap_netgroup_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1117 +#: sssd-ldap.5.xml:1144 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1121 +#: sssd-ldap.5.xml:1148 msgid "In IPA provider, ipa_netgroup_name should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1131 +#: sssd-ldap.5.xml:1158 msgid "ldap_netgroup_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1134 +#: sssd-ldap.5.xml:1161 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1138 +#: sssd-ldap.5.xml:1165 msgid "In IPA provider, ipa_netgroup_member should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1142 +#: sssd-ldap.5.xml:1169 msgid "Default: memberNisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1148 +#: sssd-ldap.5.xml:1175 msgid "ldap_netgroup_triple (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1151 +#: sssd-ldap.5.xml:1178 msgid "" "The LDAP attribute that contains the (host, user, domain) netgroup triples." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1155 sssd-ldap.5.xml:1171 +#: sssd-ldap.5.xml:1182 sssd-ldap.5.xml:1198 msgid "This option is not available in IPA provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1158 +#: sssd-ldap.5.xml:1185 msgid "Default: nisNetgroupTriple" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1164 +#: sssd-ldap.5.xml:1191 msgid "ldap_netgroup_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1180 +#: sssd-ldap.5.xml:1207 msgid "ldap_service_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1183 +#: sssd-ldap.5.xml:1210 msgid "The object class of a service entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1186 +#: sssd-ldap.5.xml:1213 msgid "Default: ipService" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1192 +#: sssd-ldap.5.xml:1219 msgid "ldap_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1195 +#: sssd-ldap.5.xml:1222 msgid "" "The LDAP attribute that contains the name of service attributes and their " "aliases." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1205 +#: sssd-ldap.5.xml:1232 msgid "ldap_service_port (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1208 +#: sssd-ldap.5.xml:1235 msgid "The LDAP attribute that contains the port managed by this service." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1212 +#: sssd-ldap.5.xml:1239 msgid "Default: ipServicePort" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1218 +#: sssd-ldap.5.xml:1245 msgid "ldap_service_proto (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1221 +#: sssd-ldap.5.xml:1248 msgid "" "The LDAP attribute that contains the protocols understood by this service." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1225 +#: sssd-ldap.5.xml:1252 msgid "Default: ipServiceProtocol" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1231 +#: sssd-ldap.5.xml:1258 msgid "ldap_service_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1236 +#: sssd-ldap.5.xml:1263 msgid "ldap_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1239 +#: sssd-ldap.5.xml:1266 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " @@ -4885,7 +5108,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1245 +#: sssd-ldap.5.xml:1272 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " @@ -4893,12 +5116,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1257 +#: sssd-ldap.5.xml:1284 msgid "ldap_enumeration_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1260 +#: sssd-ldap.5.xml:1287 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " @@ -4906,12 +5129,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1273 +#: sssd-ldap.5.xml:1300 msgid "ldap_network_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1276 +#: sssd-ldap.5.xml:1303 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" @@ -4922,12 +5145,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1299 +#: sssd-ldap.5.xml:1326 msgid "ldap_opt_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1302 +#: sssd-ldap.5.xml:1329 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " @@ -4936,12 +5159,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1317 +#: sssd-ldap.5.xml:1344 msgid "ldap_connection_expire_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1320 +#: sssd-ldap.5.xml:1347 msgid "" "Specifies a timeout (in seconds) that a connection to an LDAP server will be " "maintained. After this time, the connection will be re-established. If used " @@ -4950,34 +5173,34 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1328 sssd-ldap.5.xml:2397 +#: sssd-ldap.5.xml:1355 sssd-ldap.5.xml:2433 msgid "Default: 900 (15 minutes)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1334 +#: sssd-ldap.5.xml:1361 msgid "ldap_page_size (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1337 +#: sssd-ldap.5.xml:1364 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1342 +#: sssd-ldap.5.xml:1369 msgid "Default: 1000" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1348 +#: sssd-ldap.5.xml:1375 msgid "ldap_disable_paging (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1351 +#: sssd-ldap.5.xml:1378 msgid "" "Disable the LDAP paging control. This option should be used if the LDAP " "server reports that it supports the LDAP paging control in its RootDSE but " @@ -4985,14 +5208,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1357 +#: sssd-ldap.5.xml:1384 msgid "" "Example: OpenLDAP servers with the paging control module installed on the " "server but not enabled will report it in the RootDSE but be unable to use it." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1363 +#: sssd-ldap.5.xml:1390 msgid "" "Example: 389 DS has a bug where it can only support a one paging control at " "a time on a single connection. On busy clients, this can result in some " @@ -5000,17 +5223,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1375 +#: sssd-ldap.5.xml:1402 msgid "ldap_disable_range_retrieval (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1378 +#: sssd-ldap.5.xml:1405 msgid "Disable Active Directory range retrieval." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1381 +#: sssd-ldap.5.xml:1408 msgid "" "Active Directory limits the number of members to be retrieved in a single " "lookup using the MaxValRange policy (which defaults to 1500 members). If a " @@ -5020,12 +5243,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1396 +#: sssd-ldap.5.xml:1423 msgid "ldap_sasl_minssf (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1399 +#: sssd-ldap.5.xml:1426 msgid "" "When communicating with an LDAP server using SASL, specify the minimum " "security level necessary to establish the connection. The values of this " @@ -5033,17 +5256,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1405 +#: sssd-ldap.5.xml:1432 msgid "Default: Use the system default (usually specified by ldap.conf)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1412 +#: sssd-ldap.5.xml:1439 msgid "ldap_deref_threshold (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1415 +#: sssd-ldap.5.xml:1442 msgid "" "Specify the number of group members that must be missing from the internal " "cache in order to trigger a dereference lookup. If less members are missing, " @@ -5051,13 +5274,13 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1421 +#: sssd-ldap.5.xml:1448 msgid "" "You can turn off dereference lookups completely by setting the value to 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1425 +#: sssd-ldap.5.xml:1452 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " @@ -5066,7 +5289,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1433 +#: sssd-ldap.5.xml:1460 msgid "" "<emphasis>Note:</emphasis> If any of the search bases specifies a search " "filter, then the dereference lookup performance enhancement will be disabled " @@ -5074,26 +5297,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1446 +#: sssd-ldap.5.xml:1473 msgid "ldap_tls_reqcert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1449 +#: sssd-ldap.5.xml:1476 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1455 +#: sssd-ldap.5.xml:1482 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1459 +#: sssd-ldap.5.xml:1486 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -5101,7 +5324,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1466 +#: sssd-ldap.5.xml:1493 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -5109,7 +5332,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1472 +#: sssd-ldap.5.xml:1499 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " @@ -5117,41 +5340,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1478 +#: sssd-ldap.5.xml:1505 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1482 +#: sssd-ldap.5.xml:1509 msgid "Default: hard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1488 +#: sssd-ldap.5.xml:1515 msgid "ldap_tls_cacert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1491 +#: sssd-ldap.5.xml:1518 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1496 sssd-ldap.5.xml:1514 sssd-ldap.5.xml:1555 +#: sssd-ldap.5.xml:1523 sssd-ldap.5.xml:1541 sssd-ldap.5.xml:1582 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1503 +#: sssd-ldap.5.xml:1530 msgid "ldap_tls_cacertdir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1506 +#: sssd-ldap.5.xml:1533 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " @@ -5160,32 +5383,32 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1521 +#: sssd-ldap.5.xml:1548 msgid "ldap_tls_cert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1524 +#: sssd-ldap.5.xml:1551 msgid "Specifies the file that contains the certificate for the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1534 +#: sssd-ldap.5.xml:1561 msgid "ldap_tls_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1537 +#: sssd-ldap.5.xml:1564 msgid "Specifies the file that contains the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1546 +#: sssd-ldap.5.xml:1573 msgid "ldap_tls_cipher_suite (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1549 +#: sssd-ldap.5.xml:1576 msgid "" "Specifies acceptable cipher suites. Typically this is a colon separated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " @@ -5193,24 +5416,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1562 +#: sssd-ldap.5.xml:1589 msgid "ldap_id_use_start_tls (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1565 +#: sssd-ldap.5.xml:1592 msgid "" "Specifies that the id_provider connection must also use <systemitem class=" "\"protocol\">tls</systemitem> to protect the channel." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1575 +#: sssd-ldap.5.xml:1602 msgid "ldap_id_mapping (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1578 +#: sssd-ldap.5.xml:1605 msgid "" "Specifies that SSSD should attempt to map user and group IDs from the " "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " @@ -5218,17 +5441,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1584 +#: sssd-ldap.5.xml:1611 msgid "Currently this feature supports only ActiveDirectory objectSID mapping." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1594 +#: sssd-ldap.5.xml:1621 msgid "ldap_min_id, ldap_max_id (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1597 +#: sssd-ldap.5.xml:1624 msgid "" "In contrast to the SID based ID mapping which is used if ldap_id_mapping is " "set to true the allowed ID range for ldap_user_uid_number and " @@ -5239,29 +5462,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1609 +#: sssd-ldap.5.xml:1636 msgid "Default: not set (both options are set to 0)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1615 +#: sssd-ldap.5.xml:1642 msgid "ldap_sasl_mech (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1618 +#: sssd-ldap.5.xml:1645 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI is tested and " "supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1628 +#: sssd-ldap.5.xml:1655 msgid "ldap_sasl_authid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1631 +#: sssd-ldap.5.xml:1658 msgid "" "Specify the SASL authorization id to use. When GSSAPI is used, this " "represents the Kerberos principal used for authentication to the directory. " @@ -5270,17 +5493,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1639 +#: sssd-ldap.5.xml:1666 msgid "Default: host/hostname@REALM" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1645 +#: sssd-ldap.5.xml:1672 msgid "ldap_sasl_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1648 +#: sssd-ldap.5.xml:1675 msgid "" "Specify the SASL realm to use. When not specified, this option defaults to " "the value of krb5_realm. If the ldap_sasl_authid contains the realm as " @@ -5288,49 +5511,49 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1654 +#: sssd-ldap.5.xml:1681 msgid "Default: the value of krb5_realm." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1660 +#: sssd-ldap.5.xml:1687 msgid "ldap_sasl_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1663 +#: sssd-ldap.5.xml:1690 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1668 +#: sssd-ldap.5.xml:1695 msgid "Default: false;" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1674 +#: sssd-ldap.5.xml:1701 msgid "ldap_krb5_keytab (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1677 +#: sssd-ldap.5.xml:1704 msgid "Specify the keytab to use when using SASL/GSSAPI." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1680 +#: sssd-ldap.5.xml:1707 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1686 +#: sssd-ldap.5.xml:1713 msgid "ldap_krb5_init_creds (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1689 +#: sssd-ldap.5.xml:1716 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " @@ -5338,27 +5561,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1701 +#: sssd-ldap.5.xml:1728 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1704 +#: sssd-ldap.5.xml:1731 msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1708 sssd-ad.5.xml:914 +#: sssd-ldap.5.xml:1735 sssd-ad.5.xml:914 msgid "Default: 86400 (24 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1714 sssd-krb5.5.xml:74 +#: sssd-ldap.5.xml:1741 sssd-krb5.5.xml:74 msgid "krb5_server, krb5_backup_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1717 +#: sssd-ldap.5.xml:1744 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of preference. " @@ -5370,7 +5593,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1729 sssd-krb5.5.xml:89 +#: sssd-ldap.5.xml:1756 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " @@ -5378,7 +5601,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1734 sssd-krb5.5.xml:94 +#: sssd-ldap.5.xml:1761 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " @@ -5386,39 +5609,39 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1743 sssd-ipa.5.xml:418 sssd-krb5.5.xml:103 +#: sssd-ldap.5.xml:1770 sssd-ipa.5.xml:432 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1746 +#: sssd-ldap.5.xml:1773 msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1749 +#: sssd-ldap.5.xml:1776 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1755 sssd-krb5.5.xml:462 +#: sssd-ldap.5.xml:1782 sssd-krb5.5.xml:462 msgid "krb5_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1758 +#: sssd-ldap.5.xml:1785 msgid "" "Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1770 sssd-krb5.5.xml:477 +#: sssd-ldap.5.xml:1797 sssd-krb5.5.xml:477 msgid "krb5_use_kdcinfo (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1773 sssd-krb5.5.xml:480 +#: sssd-ldap.5.xml:1800 sssd-krb5.5.xml:480 msgid "" "Specifies if the SSSD should instruct the Kerberos libraries what realm and " "which KDCs to use. This option is on by default, if you disable it, you need " @@ -5428,7 +5651,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1784 sssd-krb5.5.xml:491 +#: sssd-ldap.5.xml:1811 sssd-krb5.5.xml:491 msgid "" "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more " @@ -5436,26 +5659,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1798 +#: sssd-ldap.5.xml:1825 msgid "ldap_pwd_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1801 +#: sssd-ldap.5.xml:1828 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1806 +#: sssd-ldap.5.xml:1833 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1811 +#: sssd-ldap.5.xml:1838 msgid "" "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " @@ -5463,7 +5686,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1817 +#: sssd-ldap.5.xml:1844 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " @@ -5471,31 +5694,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1826 +#: sssd-ldap.5.xml:1853 msgid "" "<emphasis>Note</emphasis>: if a password policy is configured on server " "side, it always takes precedence over policy set with this option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1834 +#: sssd-ldap.5.xml:1861 msgid "ldap_referrals (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1837 +#: sssd-ldap.5.xml:1864 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1841 +#: sssd-ldap.5.xml:1868 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1846 +#: sssd-ldap.5.xml:1873 msgid "" "Chasing referrals may incur a performance penalty in environments that use " "them heavily, a notable example is Microsoft Active Directory. If your setup " @@ -5504,56 +5727,56 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1860 +#: sssd-ldap.5.xml:1887 msgid "ldap_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1863 +#: sssd-ldap.5.xml:1890 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1867 +#: sssd-ldap.5.xml:1894 msgid "Default: ldap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1873 +#: sssd-ldap.5.xml:1900 msgid "ldap_chpass_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1876 +#: sssd-ldap.5.xml:1903 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1881 +#: sssd-ldap.5.xml:1908 msgid "Default: not set, i.e. service discovery is disabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1887 +#: sssd-ldap.5.xml:1914 msgid "ldap_chpass_update_last_change (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1890 +#: sssd-ldap.5.xml:1917 msgid "" "Specifies whether to update the ldap_user_shadow_last_change attribute with " "days since the Epoch after a password change operation." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1902 +#: sssd-ldap.5.xml:1929 msgid "ldap_access_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1905 +#: sssd-ldap.5.xml:1932 msgid "" "If using access_provider = ldap and ldap_access_order = filter (default), " "this option is mandatory. It specifies an LDAP search filter criteria that " @@ -5569,12 +5792,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1925 +#: sssd-ldap.5.xml:1952 msgid "Example:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1928 +#: sssd-ldap.5.xml:1955 #, no-wrap msgid "" "access_provider = ldap\n" @@ -5583,14 +5806,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1932 +#: sssd-ldap.5.xml:1959 msgid "" "This example means that access to this host is restricted to users whose " "employeeType attribute is set to \"admin\"." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1937 +#: sssd-ldap.5.xml:1964 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " @@ -5599,24 +5822,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1945 sssd-ldap.5.xml:2002 +#: sssd-ldap.5.xml:1972 sssd-ldap.5.xml:2029 msgid "Default: Empty" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1951 +#: sssd-ldap.5.xml:1978 msgid "ldap_account_expire_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1954 +#: sssd-ldap.5.xml:1981 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1958 +#: sssd-ldap.5.xml:1985 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " @@ -5624,19 +5847,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1965 +#: sssd-ldap.5.xml:1992 msgid "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1968 +#: sssd-ldap.5.xml:1995 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1973 +#: sssd-ldap.5.xml:2000 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " @@ -5645,7 +5868,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1980 +#: sssd-ldap.5.xml:2007 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: use the value of ldap_ns_account_lock to check if access is " @@ -5653,7 +5876,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1986 +#: sssd-ldap.5.xml:2013 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " @@ -5662,7 +5885,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1995 +#: sssd-ldap.5.xml:2022 msgid "" "Please note that the ldap_access_order configuration option <emphasis>must</" "emphasis> include <quote>expire</quote> in order for the " @@ -5670,22 +5893,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:2008 +#: sssd-ldap.5.xml:2035 msgid "ldap_access_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:2011 +#: sssd-ldap.5.xml:2038 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:2015 +#: sssd-ldap.5.xml:2042 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:2018 +#: sssd-ldap.5.xml:2045 msgid "" "<emphasis>lockout</emphasis>: use account locking. If set, this option " "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " @@ -5695,14 +5918,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:2028 +#: sssd-ldap.5.xml:2055 msgid "" "<emphasis> Please note that this option is superseded by the <quote>ppolicy</" "quote> option and might be removed in a future release. </emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:2035 +#: sssd-ldap.5.xml:2062 msgid "" "<emphasis>ppolicy</emphasis>: use account locking. If set, this option " "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " @@ -5715,12 +5938,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:2052 +#: sssd-ldap.5.xml:2079 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:2056 +#: sssd-ldap.5.xml:2083 msgid "" "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, " "pwd_expire_policy_renew: </emphasis> These options are useful if users are " @@ -5730,7 +5953,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:2066 +#: sssd-ldap.5.xml:2093 msgid "" "The difference between these options is the action taken if user password is " "expired: pwd_expire_policy_reject - user is denied to log in, " @@ -5740,49 +5963,63 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:2074 +#: sssd-ldap.5.xml:2101 msgid "" "Note If user password is expired no explicit message is prompted by SSSD." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:2078 +#: sssd-ldap.5.xml:2105 msgid "" "Please note that 'access_provider = ldap' must be set for this feature to " "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:2083 +#: sssd-ldap.5.xml:2110 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:2088 +#: sssd-ldap.5.xml:2115 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:2092 +#: sssd-ldap.5.xml:2119 +msgid "" +"<emphasis>rhost</emphasis>: use the rhost attribute to determine whether " +"remote host can access" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2123 +msgid "" +"Please note, rhost field in pam is set by application, it is better to check " +"what the application sends to pam, before enabling this access control option" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2128 msgid "Default: filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:2095 +#: sssd-ldap.5.xml:2131 msgid "" "Please note that it is a configuration error if a value is used more than " "once." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:2102 +#: sssd-ldap.5.xml:2138 msgid "ldap_pwdlockout_dn (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:2105 +#: sssd-ldap.5.xml:2141 msgid "" "This option specifies the DN of password policy entry on LDAP server. Please " "note that absence of this option in sssd.conf in case of enabled account " @@ -5791,74 +6028,74 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:2113 +#: sssd-ldap.5.xml:2149 msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:2116 +#: sssd-ldap.5.xml:2152 msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:2122 +#: sssd-ldap.5.xml:2158 msgid "ldap_deref (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:2125 +#: sssd-ldap.5.xml:2161 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:2130 +#: sssd-ldap.5.xml:2166 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:2134 +#: sssd-ldap.5.xml:2170 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:2139 +#: sssd-ldap.5.xml:2175 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:2144 +#: sssd-ldap.5.xml:2180 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:2149 +#: sssd-ldap.5.xml:2185 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:2157 +#: sssd-ldap.5.xml:2193 msgid "ldap_rfc2307_fallback_to_local_users (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:2160 +#: sssd-ldap.5.xml:2196 msgid "" "Allows to retain local users as members of an LDAP group for servers that " "use the RFC2307 schema." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:2164 +#: sssd-ldap.5.xml:2200 msgid "" "In some environments where the RFC2307 schema is used, local users are made " "members of LDAP groups by adding their names to the memberUid attribute. " @@ -5869,7 +6106,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:2175 +#: sssd-ldap.5.xml:2211 msgid "" "This option falls back to checking if local users are referenced, and caches " "them so that later initgroups() calls will augment the local users with the " @@ -5877,26 +6114,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:2187 sssd-ifp.5.xml:136 +#: sssd-ldap.5.xml:2223 sssd-ifp.5.xml:136 #, fuzzy -#| msgid "force_timeout (integer)" -msgid "wildcart_limit (integer)" -msgstr "force_timeout (integer)" +#| msgid "enum_cache_timeout (integer)" +msgid "wildcard_limit (integer)" +msgstr "enum_cache_timeout (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:2190 +#: sssd-ldap.5.xml:2226 msgid "" "Specifies an upper limit on the number of entries that are downloaded during " "a wildcard lookup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:2194 +#: sssd-ldap.5.xml:2230 msgid "At the moment, only the InfoPipe responder supports wildcard lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:2198 +#: sssd-ldap.5.xml:2234 msgid "Default: 1000 (often the size of one page)" msgstr "" @@ -5911,12 +6148,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:2208 +#: sssd-ldap.5.xml:2244 msgid "SUDO OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:2210 +#: sssd-ldap.5.xml:2246 msgid "" "The detailed instructions for configuration of sudo_provider are in the " "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " @@ -5924,208 +6161,208 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:2221 +#: sssd-ldap.5.xml:2257 msgid "ldap_sudorule_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:2224 +#: sssd-ldap.5.xml:2260 msgid "The object class of a sudo rule entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:2227 +#: sssd-ldap.5.xml:2263 msgid "Default: sudoRole" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:2233 +#: sssd-ldap.5.xml:2269 msgid "ldap_sudorule_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:2236 +#: sssd-ldap.5.xml:2272 msgid "The LDAP attribute that corresponds to the sudo rule name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:2246 +#: sssd-ldap.5.xml:2282 msgid "ldap_sudorule_command (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:2249 +#: sssd-ldap.5.xml:2285 msgid "The LDAP attribute that corresponds to the command name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:2253 +#: sssd-ldap.5.xml:2289 msgid "Default: sudoCommand" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:2259 +#: sssd-ldap.5.xml:2295 msgid "ldap_sudorule_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:2262 +#: sssd-ldap.5.xml:2298 msgid "" "The LDAP attribute that corresponds to the host name (or host IP address, " "host IP network, or host netgroup)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:2267 +#: sssd-ldap.5.xml:2303 msgid "Default: sudoHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:2273 +#: sssd-ldap.5.xml:2309 msgid "ldap_sudorule_user (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:2276 +#: sssd-ldap.5.xml:2312 msgid "" "The LDAP attribute that corresponds to the user name (or UID, group name or " "user's netgroup)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:2280 +#: sssd-ldap.5.xml:2316 msgid "Default: sudoUser" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:2286 +#: sssd-ldap.5.xml:2322 msgid "ldap_sudorule_option (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:2289 +#: sssd-ldap.5.xml:2325 msgid "The LDAP attribute that corresponds to the sudo options." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:2293 +#: sssd-ldap.5.xml:2329 msgid "Default: sudoOption" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:2299 +#: sssd-ldap.5.xml:2335 msgid "ldap_sudorule_runasuser (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:2302 +#: sssd-ldap.5.xml:2338 msgid "" "The LDAP attribute that corresponds to the user name that commands may be " "run as." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:2306 +#: sssd-ldap.5.xml:2342 msgid "Default: sudoRunAsUser" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:2312 +#: sssd-ldap.5.xml:2348 msgid "ldap_sudorule_runasgroup (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:2315 +#: sssd-ldap.5.xml:2351 msgid "" "The LDAP attribute that corresponds to the group name or group GID that " "commands may be run as." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:2319 +#: sssd-ldap.5.xml:2355 msgid "Default: sudoRunAsGroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:2325 +#: sssd-ldap.5.xml:2361 msgid "ldap_sudorule_notbefore (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:2328 +#: sssd-ldap.5.xml:2364 msgid "" "The LDAP attribute that corresponds to the start date/time for when the sudo " "rule is valid." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:2332 +#: sssd-ldap.5.xml:2368 msgid "Default: sudoNotBefore" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:2338 +#: sssd-ldap.5.xml:2374 msgid "ldap_sudorule_notafter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:2341 +#: sssd-ldap.5.xml:2377 msgid "" "The LDAP attribute that corresponds to the expiration date/time, after which " "the sudo rule will no longer be valid." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:2346 +#: sssd-ldap.5.xml:2382 msgid "Default: sudoNotAfter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:2352 +#: sssd-ldap.5.xml:2388 msgid "ldap_sudorule_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:2355 +#: sssd-ldap.5.xml:2391 msgid "The LDAP attribute that corresponds to the ordering index of the rule." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:2359 +#: sssd-ldap.5.xml:2395 msgid "Default: sudoOrder" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:2365 +#: sssd-ldap.5.xml:2401 msgid "ldap_sudo_full_refresh_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:2368 +#: sssd-ldap.5.xml:2404 msgid "" "How many seconds SSSD will wait between executing a full refresh of sudo " "rules (which downloads all rules that are stored on the server)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:2373 +#: sssd-ldap.5.xml:2409 msgid "" "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </" "emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:2378 +#: sssd-ldap.5.xml:2414 msgid "Default: 21600 (6 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:2384 +#: sssd-ldap.5.xml:2420 msgid "ldap_sudo_smart_refresh_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:2387 +#: sssd-ldap.5.xml:2423 msgid "" "How many seconds SSSD has to wait before executing a smart refresh of sudo " "rules (which downloads all rules that have USN higher than the highest USN " @@ -6133,101 +6370,101 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:2393 +#: sssd-ldap.5.xml:2429 msgid "" "If USN attributes are not supported by the server, the modifyTimestamp " "attribute is used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:2403 +#: sssd-ldap.5.xml:2439 msgid "ldap_sudo_use_host_filter (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:2406 +#: sssd-ldap.5.xml:2442 msgid "" "If true, SSSD will download only rules that are applicable to this machine " "(using the IPv4 or IPv6 host/network addresses and hostnames)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:2417 +#: sssd-ldap.5.xml:2453 msgid "ldap_sudo_hostnames (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:2420 +#: sssd-ldap.5.xml:2456 msgid "" "Space separated list of hostnames or fully qualified domain names that " "should be used to filter the rules." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:2425 +#: sssd-ldap.5.xml:2461 msgid "" "If this option is empty, SSSD will try to discover the hostname and the " "fully qualified domain name automatically." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:2430 sssd-ldap.5.xml:2453 sssd-ldap.5.xml:2471 -#: sssd-ldap.5.xml:2489 +#: sssd-ldap.5.xml:2466 sssd-ldap.5.xml:2489 sssd-ldap.5.xml:2507 +#: sssd-ldap.5.xml:2525 msgid "" "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</" "emphasis> then this option has no effect." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:2435 sssd-ldap.5.xml:2458 +#: sssd-ldap.5.xml:2471 sssd-ldap.5.xml:2494 msgid "Default: not specified" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:2441 +#: sssd-ldap.5.xml:2477 msgid "ldap_sudo_ip (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:2444 +#: sssd-ldap.5.xml:2480 msgid "" "Space separated list of IPv4 or IPv6 host/network addresses that should be " "used to filter the rules." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:2449 +#: sssd-ldap.5.xml:2485 msgid "" "If this option is empty, SSSD will try to discover the addresses " "automatically." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:2464 +#: sssd-ldap.5.xml:2500 msgid "ldap_sudo_include_netgroups (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:2467 +#: sssd-ldap.5.xml:2503 msgid "" "If true then SSSD will download every rule that contains a netgroup in " "sudoHost attribute." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:2482 +#: sssd-ldap.5.xml:2518 msgid "ldap_sudo_include_regexp (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:2485 +#: sssd-ldap.5.xml:2521 msgid "" "If true then SSSD will download every rule that contains a wildcard in " "sudoHost attribute." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:2501 +#: sssd-ldap.5.xml:2537 msgid "" "This manual page only describes attribute name mapping. For detailed " "explanation of sudo related attribute semantics, see <citerefentry> " @@ -6236,111 +6473,111 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:2511 +#: sssd-ldap.5.xml:2547 msgid "AUTOFS OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:2513 +#: sssd-ldap.5.xml:2549 msgid "" "Some of the defaults for the parameters below are dependent on the LDAP " "schema." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:2519 +#: sssd-ldap.5.xml:2555 msgid "ldap_autofs_map_master_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:2522 +#: sssd-ldap.5.xml:2558 msgid "The name of the automount master map in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:2525 +#: sssd-ldap.5.xml:2561 msgid "Default: auto.master" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:2532 +#: sssd-ldap.5.xml:2568 msgid "ldap_autofs_map_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:2535 +#: sssd-ldap.5.xml:2571 msgid "The object class of an automount map entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:2538 +#: sssd-ldap.5.xml:2574 msgid "Default: nisMap (rfc2307, autofs_provider=ad), otherwise automountMap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:2546 +#: sssd-ldap.5.xml:2582 msgid "ldap_autofs_map_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:2549 +#: sssd-ldap.5.xml:2585 msgid "The name of an automount map entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:2552 +#: sssd-ldap.5.xml:2588 msgid "" "Default: nisMapName (rfc2307, autofs_provider=ad), otherwise automountMapName" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:2560 +#: sssd-ldap.5.xml:2596 msgid "ldap_autofs_entry_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:2563 +#: sssd-ldap.5.xml:2599 msgid "" "The object class of an automount entry in LDAP. The entry usually " "corresponds to a mount point." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:2568 +#: sssd-ldap.5.xml:2604 msgid "Default: nisObject (rfc2307, autofs_provider=ad), otherwise automount" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:2576 +#: sssd-ldap.5.xml:2612 msgid "ldap_autofs_entry_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:2579 sssd-ldap.5.xml:2594 +#: sssd-ldap.5.xml:2615 sssd-ldap.5.xml:2630 msgid "" "The key of an automount entry in LDAP. The entry usually corresponds to a " "mount point." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:2583 +#: sssd-ldap.5.xml:2619 msgid "Default: cn (rfc2307, autofs_provider=ad), otherwise automountKey" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:2591 +#: sssd-ldap.5.xml:2627 msgid "ldap_autofs_entry_value (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:2598 +#: sssd-ldap.5.xml:2634 msgid "" "Default: nisMapEntry (rfc2307, autofs_provider=ad), otherwise " "automountInformation" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:2517 +#: sssd-ldap.5.xml:2553 msgid "" "<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type=" "\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> " @@ -6349,56 +6586,56 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:2609 +#: sssd-ldap.5.xml:2645 msgid "ADVANCED OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:2616 +#: sssd-ldap.5.xml:2652 msgid "ldap_netgroup_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:2621 +#: sssd-ldap.5.xml:2657 msgid "ldap_user_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:2626 +#: sssd-ldap.5.xml:2662 msgid "ldap_group_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><note> -#: sssd-ldap.5.xml:2631 +#: sssd-ldap.5.xml:2667 msgid "<note>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para> -#: sssd-ldap.5.xml:2633 +#: sssd-ldap.5.xml:2669 msgid "" -"If the option <quote>ldap_use_tokengroups</quote> is enabled. The searches " +"If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches " "against Active Directory will not be restricted and return all groups " "memberships, even with no GID mapping. It is recommended to disable this " "feature, if group names are not being displayed correctly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist> -#: sssd-ldap.5.xml:2640 +#: sssd-ldap.5.xml:2676 msgid "</note>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:2642 +#: sssd-ldap.5.xml:2678 msgid "ldap_sudo_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:2647 +#: sssd-ldap.5.xml:2683 msgid "ldap_autofs_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:2611 +#: sssd-ldap.5.xml:2647 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " @@ -6406,8 +6643,15 @@ msgid "" "\"variablelist\" id=\"1\"/>" msgstr "" +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:2698 sssd-simple.5.xml:131 sssd-ipa.5.xml:717 +#: sssd-ad.5.xml:1018 sssd-krb5.5.xml:570 sss_rpcidmapd.5.xml:98 +#: sssd-files.5.xml:71 sssd-session-recording.5.xml:144 +msgid "EXAMPLE" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:2664 +#: sssd-ldap.5.xml:2700 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " @@ -6415,7 +6659,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:2670 +#: sssd-ldap.5.xml:2706 #, no-wrap msgid "" "[domain/LDAP]\n" @@ -6428,26 +6672,27 @@ msgid "" msgstr "" #. type: Content of: <refsect1><refsect2><para> -#: sssd-ldap.5.xml:2669 sssd-ldap.5.xml:2687 sssd-simple.5.xml:139 -#: sssd-ipa.5.xml:681 sssd-ad.5.xml:1026 sssd-sudo.5.xml:56 sssd-krb5.5.xml:579 -#: sssd-files.5.xml:78 include/ldap_id_mapping.xml:105 +#: sssd-ldap.5.xml:2705 sssd-ldap.5.xml:2723 sssd-simple.5.xml:139 +#: sssd-ipa.5.xml:725 sssd-ad.5.xml:1026 sssd-sudo.5.xml:56 sssd-krb5.5.xml:579 +#: sssd-files.5.xml:78 sssd-session-recording.5.xml:150 +#: include/ldap_id_mapping.xml:105 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:2681 +#: sssd-ldap.5.xml:2717 msgid "LDAP ACCESS FILTER EXAMPLE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:2683 +#: sssd-ldap.5.xml:2719 msgid "" "The following example assumes that SSSD is correctly configured and to use " "the ldap_access_order=lockout." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:2688 +#: sssd-ldap.5.xml:2724 #, no-wrap msgid "" "[domain/LDAP]\n" @@ -6463,13 +6708,13 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:2703 sssd_krb5_locator_plugin.8.xml:61 sssd-simple.5.xml:148 +#: sssd-ldap.5.xml:2739 sssd_krb5_locator_plugin.8.xml:61 sssd-simple.5.xml:148 #: sssd-ad.5.xml:1041 sssd.8.xml:195 sss_seed.8.xml:163 msgid "NOTES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:2705 +#: sssd-ldap.5.xml:2741 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " @@ -6970,9 +7215,9 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sss-certmap.5.xml:45 msgid "" -"The rules are process by priority while the number '0' (zero) indicates the " -"highest priority. The higher the number the lower is the priority. A missing " -"value indicates the lowest priority." +"The rules are processed by priority while the number '0' (zero) indicates " +"the highest priority. The higher the number the lower is the priority. A " +"missing value indicates the lowest priority." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> @@ -7056,7 +7301,7 @@ msgstr "" #: sss-certmap.5.xml:112 msgid "" "This option can be used to specify which key usage values the certificate " -"should have. The following value can be used in a comma separate list:" +"should have. The following values can be used in a comma separated list:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> @@ -7409,11 +7654,9 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> #: sss-certmap.5.xml:66 -#, fuzzy -#| msgid "<placeholder type=\"variablelist\" id=\"0\"/>" msgid "" "The available options are: <placeholder type=\"variablelist\" id=\"0\"/>" -msgstr "<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sss-certmap.5.xml:336 @@ -7435,7 +7678,7 @@ msgid "" "exception is the proxy provider which is not of relevance here). Because of " "this the mapping rule is based on LDAP search filter syntax with templates " "to add certificate content to the filter. It is expected that the filter " -"will only contain the specific data needed for the mapping an that the " +"will only contain the specific data needed for the mapping and that the " "caller will embed it in another filter to do the actual search. Because of " "this the filter string should start and stop with '(' and ')' respectively." msgstr "" @@ -7455,8 +7698,8 @@ msgid "" "This should be preferred to read user specific data from the certificate " "like e.g. an email address and search for it in the LDAP server. The reason " "is that the user specific data in LDAP might change for various reasons " -"would would break the mapping. On the other hand it would be hard to break " -"the mapping on purpose for a specific user." +"would break the mapping. On the other hand it would be hard to break the " +"mapping on purpose for a specific user." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> @@ -7550,7 +7793,7 @@ msgstr "" msgid "" "This template will add the Kerberos principal which is taken either from the " "SAN used by pkinit or the one used by AD. The 'short_name' component " -"represent the first part of the principal before the '@' sign." +"represents the first part of the principal before the '@' sign." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> @@ -7568,8 +7811,8 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sss-certmap.5.xml:459 msgid "" -"This template will add the Kerberos principal which is given by then SAN " -"used by pkinit. The 'short_name' component represent the first part of the " +"This template will add the Kerberos principal which is given by the SAN used " +"by pkinit. The 'short_name' component represents the first part of the " "principal before the '@' sign." msgstr "" @@ -7588,9 +7831,9 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sss-certmap.5.xml:473 msgid "" -"This template will add the Kerberos principal which is given by then SAN " -"used by AD. The 'short_name' component represent the first part of the " -"principal before the '@' sign." +"This template will add the Kerberos principal which is given by the SAN used " +"by AD. The 'short_name' component represent the first part of the principal " +"before the '@' sign." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> @@ -7603,7 +7846,7 @@ msgstr "" msgid "" "This template will add the string which is stored in the rfc822Name " "component of the SAN, typically an email address. The 'short_name' component " -"represent the first part of the address before the '@' sign." +"represents the first part of the address before the '@' sign." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> @@ -7623,7 +7866,7 @@ msgstr "" msgid "" "This template will add the string which is stored in the dNSName component " "of the SAN, typically a fully-qualified host name. The 'short_name' " -"component represent the first part of the name before the first '.' sign." +"component represents the first part of the name before the first '.' sign." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> @@ -7739,7 +7982,7 @@ msgstr "" #: sss-certmap.5.xml:367 msgid "" "The templates to add certificate data to the search filter are based on " -"Python-style formatting strings. They consists of a keyword in curly braces " +"Python-style formatting strings. They consist of a keyword in curly braces " "with an optional sub-component specifier separated by a '.' or an optional " "conversion/formatting option separated by a '!'. Allowed values are: " "<placeholder type=\"variablelist\" id=\"0\"/>" @@ -7859,16 +8102,17 @@ msgstr "" #: sssd-ipa.5.xml:113 msgid "" "Optional. May be set on machines where the hostname(5) does not reflect the " -"fully qualified name used in the IPA domain to identify this host." +"fully qualified name used in the IPA domain to identify this host. The " +"hostname must be fully qualified." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:121 sssd-ad.5.xml:843 +#: sssd-ipa.5.xml:122 sssd-ad.5.xml:843 msgid "dyndns_update (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:124 +#: sssd-ipa.5.xml:125 msgid "" "Optional. This option tells SSSD to automatically update the DNS server " "built into FreeIPA with the IP address of this client. The update is secured " @@ -7878,14 +8122,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:133 sssd-ad.5.xml:857 +#: sssd-ipa.5.xml:134 sssd-ad.5.xml:857 msgid "" "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " "the default Kerberos realm must be set properly in /etc/krb5.conf" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:138 +#: sssd-ipa.5.xml:139 msgid "" "NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_update</" "emphasis> option, users should migrate to using <emphasis>dyndns_update</" @@ -7893,12 +8137,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:150 sssd-ad.5.xml:868 +#: sssd-ipa.5.xml:151 sssd-ad.5.xml:868 msgid "dyndns_ttl (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:153 sssd-ad.5.xml:871 +#: sssd-ipa.5.xml:154 sssd-ad.5.xml:871 msgid "" "The TTL to apply to the client DNS record when updating it. If " "dyndns_update is false this has no effect. This will override the TTL " @@ -7906,7 +8150,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:158 +#: sssd-ipa.5.xml:159 msgid "" "NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_ttl</" "emphasis> option, users should migrate to using <emphasis>dyndns_ttl</" @@ -7914,17 +8158,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:164 +#: sssd-ipa.5.xml:165 msgid "Default: 1200 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:170 sssd-ad.5.xml:882 +#: sssd-ipa.5.xml:171 sssd-ad.5.xml:882 msgid "dyndns_iface (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:173 sssd-ad.5.xml:885 +#: sssd-ipa.5.xml:174 sssd-ad.5.xml:885 msgid "" "Optional. Applicable only when dyndns_update is true. Choose the interface " "or a list of interfaces whose IP addresses should be used for dynamic DNS " @@ -7933,7 +8177,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:180 +#: sssd-ipa.5.xml:181 msgid "" "NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_iface</" "emphasis> option, users should migrate to using <emphasis>dyndns_iface</" @@ -7941,24 +8185,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:186 +#: sssd-ipa.5.xml:187 msgid "" "Default: Use the IP addresses of the interface which is used for IPA LDAP " "connection" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:190 sssd-ad.5.xml:896 +#: sssd-ipa.5.xml:191 sssd-ad.5.xml:896 msgid "Example: dyndns_iface = em1, vnet1, vnet2" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:196 sssd-ad.5.xml:947 +#: sssd-ipa.5.xml:197 sssd-ad.5.xml:947 msgid "dyndns_auth (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:199 sssd-ad.5.xml:950 +#: sssd-ipa.5.xml:200 sssd-ad.5.xml:950 msgid "" "Whether the nsupdate utility should use GSS-TSIG authentication for secure " "updates with the DNS server, insecure updates can be sent by setting this " @@ -7966,24 +8210,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:205 sssd-ad.5.xml:956 -#, fuzzy -#| msgid "Default: true" +#: sssd-ipa.5.xml:206 sssd-ad.5.xml:956 msgid "Default: GSS-TSIG" -msgstr "Oletus:tosi" +msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:211 +#: sssd-ipa.5.xml:212 msgid "ipa_enable_dns_sites (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:214 sssd-ad.5.xml:197 +#: sssd-ipa.5.xml:215 sssd-ad.5.xml:197 msgid "Enables DNS sites - location based service discovery." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:218 +#: sssd-ipa.5.xml:219 msgid "" "If true and service discovery (see Service Discovery paragraph at the bottom " "of the man page) is enabled, then the SSSD will first attempt location " @@ -7995,12 +8237,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:237 sssd-ad.5.xml:902 +#: sssd-ipa.5.xml:238 sssd-ad.5.xml:902 msgid "dyndns_refresh_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:240 +#: sssd-ipa.5.xml:241 msgid "" "How often should the back end perform periodic DNS update in addition to the " "automatic update performed when the back end goes online. This option is " @@ -8008,234 +8250,278 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:253 sssd-ad.5.xml:920 +#: sssd-ipa.5.xml:254 sssd-ad.5.xml:920 msgid "dyndns_update_ptr (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:256 sssd-ad.5.xml:923 +#: sssd-ipa.5.xml:257 sssd-ad.5.xml:923 msgid "" "Whether the PTR record should also be explicitly updated when updating the " "client's DNS records. Applicable only when dyndns_update is true." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:261 +#: sssd-ipa.5.xml:262 msgid "" "This option should be False in most IPA deployments as the IPA server " "generates the PTR records automatically when forward records are changed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:267 +#: sssd-ipa.5.xml:268 msgid "Default: False (disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:273 sssd-ad.5.xml:934 +#: sssd-ipa.5.xml:274 sssd-ad.5.xml:934 msgid "dyndns_force_tcp (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:276 sssd-ad.5.xml:937 +#: sssd-ipa.5.xml:277 sssd-ad.5.xml:937 msgid "" "Whether the nsupdate utility should default to using TCP for communicating " "with the DNS server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:280 sssd-ad.5.xml:941 +#: sssd-ipa.5.xml:281 sssd-ad.5.xml:941 msgid "Default: False (let nsupdate choose the protocol)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:286 sssd-ad.5.xml:962 +#: sssd-ipa.5.xml:287 sssd-ad.5.xml:962 msgid "dyndns_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:289 sssd-ad.5.xml:965 +#: sssd-ipa.5.xml:290 sssd-ad.5.xml:965 msgid "" "The DNS server to use when performing a DNS update. In most setups, it's " "recommended to leave this option unset." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:294 sssd-ad.5.xml:970 +#: sssd-ipa.5.xml:295 sssd-ad.5.xml:970 msgid "" "Setting this option makes sense for environments where the DNS server is " "different from the identity server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:299 sssd-ad.5.xml:975 +#: sssd-ipa.5.xml:300 sssd-ad.5.xml:975 msgid "" "Please note that this option will be only used in fallback attempt when " "previous attempt using autodetected settings failed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:304 sssd-ad.5.xml:980 +#: sssd-ipa.5.xml:305 sssd-ad.5.xml:980 msgid "Default: None (let nsupdate choose the server)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:310 -msgid "ipa_hbac_search_base (string)" +#: sssd-ipa.5.xml:311 +msgid "ipa_deskprofile_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:313 -msgid "Optional. Use the given string as search base for HBAC related objects." +#: sssd-ipa.5.xml:314 +msgid "" +"Optional. Use the given string as search base for Desktop Profile related " +"objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:317 +#: sssd-ipa.5.xml:318 sssd-ipa.5.xml:331 msgid "Default: Use base DN" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:323 +#: sssd-ipa.5.xml:324 +msgid "ipa_hbac_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:327 +msgid "Optional. Use the given string as search base for HBAC related objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:337 msgid "ipa_host_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:326 +#: sssd-ipa.5.xml:340 msgid "Optional. Use the given string as search base for host objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:330 sssd-ipa.5.xml:349 sssd-ipa.5.xml:368 sssd-ipa.5.xml:387 -#: sssd-ipa.5.xml:406 +#: sssd-ipa.5.xml:344 sssd-ipa.5.xml:363 sssd-ipa.5.xml:382 sssd-ipa.5.xml:401 +#: sssd-ipa.5.xml:420 msgid "" "See <quote>ldap_search_base</quote> for information about configuring " "multiple search bases." msgstr "" #. type: Content of: <listitem><para> -#: sssd-ipa.5.xml:335 sssd-ipa.5.xml:354 include/ldap_search_bases.xml:27 +#: sssd-ipa.5.xml:349 sssd-ipa.5.xml:368 include/ldap_search_bases.xml:27 msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:342 +#: sssd-ipa.5.xml:356 msgid "ipa_selinux_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:345 +#: sssd-ipa.5.xml:359 msgid "Optional. Use the given string as search base for SELinux user maps." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:361 +#: sssd-ipa.5.xml:375 msgid "ipa_subdomains_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:364 +#: sssd-ipa.5.xml:378 msgid "Optional. Use the given string as search base for trusted domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:373 +#: sssd-ipa.5.xml:387 msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:380 +#: sssd-ipa.5.xml:394 msgid "ipa_master_domain_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:383 +#: sssd-ipa.5.xml:397 msgid "Optional. Use the given string as search base for master domain object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:392 +#: sssd-ipa.5.xml:406 msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:399 +#: sssd-ipa.5.xml:413 msgid "ipa_views_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:402 +#: sssd-ipa.5.xml:416 msgid "Optional. Use the given string as search base for views containers." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:411 +#: sssd-ipa.5.xml:425 msgid "Default: the value of <emphasis>cn=views,cn=accounts,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:421 +#: sssd-ipa.5.xml:435 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:425 +#: sssd-ipa.5.xml:439 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:433 sssd-ad.5.xml:989 +#: sssd-ipa.5.xml:447 sssd-ad.5.xml:989 msgid "krb5_confd_path (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:436 sssd-ad.5.xml:992 +#: sssd-ipa.5.xml:450 sssd-ad.5.xml:992 msgid "" "Absolute path of a directory where SSSD should place Kerberos configuration " "snippets." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:440 sssd-ad.5.xml:996 +#: sssd-ipa.5.xml:454 sssd-ad.5.xml:996 msgid "" "To disable the creation of the configuration snippets set the parameter to " "'none'." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:444 sssd-ad.5.xml:1000 +#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1000 msgid "" "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:451 -msgid "ipa_hbac_refresh (integer)" +#: sssd-ipa.5.xml:465 +msgid "ipa_deskprofile_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:454 +#: sssd-ipa.5.xml:468 msgid "" -"The amount of time between lookups of the HBAC rules against the IPA server. " -"This will reduce the latency and load on the IPA server if there are many " -"access-control requests made in a short period." +"The amount of time between lookups of the Desktop Profile rules against the " +"IPA server. This will reduce the latency and load on the IPA server if there " +"are many desktop profiles requests made in a short period." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:461 sssd-ipa.5.xml:477 sssd-ad.5.xml:408 +#: sssd-ipa.5.xml:475 sssd-ipa.5.xml:505 sssd-ipa.5.xml:521 sssd-ad.5.xml:408 msgid "Default: 5 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:467 +#: sssd-ipa.5.xml:481 +msgid "ipa_deskprofile_request_interval (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:484 +msgid "" +"The amount of time between lookups of the Desktop Profile rules against the " +"IPA server in case the last request did not return any rule." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:489 +#, fuzzy +#| msgid "Default: not set" +msgid "Default: 60 (minutes)" +msgstr "Oletus: ei asetettu" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:495 +msgid "ipa_hbac_refresh (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:498 +msgid "" +"The amount of time between lookups of the HBAC rules against the IPA server. " +"This will reduce the latency and load on the IPA server if there are many " +"access-control requests made in a short period." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:511 msgid "ipa_hbac_selinux (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:470 +#: sssd-ipa.5.xml:514 msgid "" "The amount of time between lookups of the SELinux maps against the IPA " "server. This will reduce the latency and load on the IPA server if there are " @@ -8243,192 +8529,192 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:483 +#: sssd-ipa.5.xml:527 msgid "ipa_server_mode (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:486 +#: sssd-ipa.5.xml:530 msgid "" "This option will be set by the IPA installer (ipa-server-install) " "automatically and denotes if SSSD is running on an IPA server or not." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:491 +#: sssd-ipa.5.xml:535 msgid "" "On an IPA server SSSD will lookup users and groups from trusted domains " "directly while on a client it will ask an IPA server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:502 +#: sssd-ipa.5.xml:546 msgid "ipa_automount_location (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:505 +#: sssd-ipa.5.xml:549 msgid "The automounter location this IPA client will be using" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:508 +#: sssd-ipa.5.xml:552 msgid "Default: The location named \"default\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd-ipa.5.xml:516 +#: sssd-ipa.5.xml:560 msgid "VIEWS AND OVERRIDES" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:525 +#: sssd-ipa.5.xml:569 msgid "ipa_view_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:528 +#: sssd-ipa.5.xml:572 msgid "Objectclass of the view container." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:531 +#: sssd-ipa.5.xml:575 msgid "Default: nsContainer" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:537 +#: sssd-ipa.5.xml:581 msgid "ipa_view_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:540 +#: sssd-ipa.5.xml:584 msgid "Name of the attribute holding the name of the view." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:550 +#: sssd-ipa.5.xml:594 msgid "ipa_override_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:553 +#: sssd-ipa.5.xml:597 msgid "Objectclass of the override objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:556 +#: sssd-ipa.5.xml:600 msgid "Default: ipaOverrideAnchor" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:562 +#: sssd-ipa.5.xml:606 msgid "ipa_anchor_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:565 +#: sssd-ipa.5.xml:609 msgid "" "Name of the attribute containing the reference to the original object in a " "remote domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:569 +#: sssd-ipa.5.xml:613 msgid "Default: ipaAnchorUUID" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:575 +#: sssd-ipa.5.xml:619 msgid "ipa_user_override_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:578 +#: sssd-ipa.5.xml:622 msgid "" "Name of the objectclass for user overrides. It is used to determine if the " "found override object is related to a user or a group." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:583 +#: sssd-ipa.5.xml:627 msgid "User overrides can contain attributes given by" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:586 +#: sssd-ipa.5.xml:630 msgid "ldap_user_name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:589 +#: sssd-ipa.5.xml:633 msgid "ldap_user_uid_number" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:592 +#: sssd-ipa.5.xml:636 msgid "ldap_user_gid_number" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:595 +#: sssd-ipa.5.xml:639 msgid "ldap_user_gecos" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:598 +#: sssd-ipa.5.xml:642 msgid "ldap_user_home_directory" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:601 +#: sssd-ipa.5.xml:645 msgid "ldap_user_shell" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:604 +#: sssd-ipa.5.xml:648 msgid "ldap_user_ssh_public_key" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:609 +#: sssd-ipa.5.xml:653 msgid "Default: ipaUserOverride" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:615 +#: sssd-ipa.5.xml:659 msgid "ipa_group_override_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:618 +#: sssd-ipa.5.xml:662 msgid "" "Name of the objectclass for group overrides. It is used to determine if the " "found override object is related to a user or a group." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:623 +#: sssd-ipa.5.xml:667 msgid "Group overrides can contain attributes given by" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:626 +#: sssd-ipa.5.xml:670 msgid "ldap_group_name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:629 +#: sssd-ipa.5.xml:673 msgid "ldap_group_gid_number" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:634 +#: sssd-ipa.5.xml:678 msgid "Default: ipaGroupOverride" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:518 +#: sssd-ipa.5.xml:562 msgid "" "SSSD can handle views and overrides which are offered by FreeIPA 4.1 and " "later version. Since all paths and objectclasses are fixed on the server " @@ -8438,19 +8724,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ipa.5.xml:646 +#: sssd-ipa.5.xml:690 msgid "SUBDOMAINS PROVIDER" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:648 +#: sssd-ipa.5.xml:692 msgid "" "The IPA subdomains provider behaves slightly differently if it is configured " "explicitly or implicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:652 +#: sssd-ipa.5.xml:696 msgid "" "If the option 'subdomains_provider = ipa' is found in the domain section of " "sssd.conf, the IPA subdomains provider is configured explicitly, and all " @@ -8458,7 +8744,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:658 +#: sssd-ipa.5.xml:702 msgid "" "If the option 'subdomains_provider' is not set in the domain section of sssd." "conf but there is the option 'id_provider = ipa', the IPA subdomains " @@ -8470,7 +8756,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:675 +#: sssd-ipa.5.xml:719 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -8478,7 +8764,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:682 +#: sssd-ipa.5.xml:726 #, no-wrap msgid "" "[domain/example.com]\n" @@ -8632,16 +8918,11 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> #: sssd-ad.5.xml:140 -#, fuzzy, no-wrap -#| msgid "" -#| "subdomain_inherit = ldap_purge_cache_timeout\n" -#| " " +#, no-wrap msgid "" "ad_enabled_domains = sales.example.com, eng.example.com\n" " " msgstr "" -"subdomain_inherit = ldap_purge_cache_timeout\n" -" " #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:136 @@ -9359,10 +9640,8 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ad.5.xml:819 -#, fuzzy -#| msgid "Default: false" msgid "Default: 30 days" -msgstr "Oletus:epätosi" +msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ad.5.xml:825 @@ -9373,10 +9652,10 @@ msgstr "" #: sssd-ad.5.xml:828 msgid "" "This option should only be used to test the machine account renewal task. " -"The option expect 2 integers seperated by a colon (':'). The first integer " +"The option expects 2 integers separated by a colon (':'). The first integer " "defines the interval in seconds how often the task is run. The second " -"specifies the inital timeout in seconds before the task is run for the first " -"time after startup." +"specifies the initial timeout in seconds before the task is run for the " +"first time after startup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> @@ -9480,8 +9759,8 @@ msgid "" "are included in the default Active Directory schema." msgstr "" -#. type: Content of: <reference><refentry><refnamediv><refname> -#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16 +#. type: Content of: <reference><refentry><refmeta><refentrytitle> +#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16 sssd-session-recording.5.xml:10 msgid "sssd-sudo" msgstr "" @@ -9804,12 +10083,12 @@ msgid "Run in the foreground, don't become a daemon." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.8.xml:117 sss_debuglevel.8.xml:42 +#: sssd.8.xml:117 msgid "<option>-c</option>,<option>--config</option>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.8.xml:121 sss_debuglevel.8.xml:46 +#: sssd.8.xml:121 msgid "" "Specify a non-default config file. The default is <filename>/etc/sssd/sssd." "conf</filename>. For reference on the config file syntax and options, " @@ -10235,10 +10514,8 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: sss_override.8.xml:261 sssctl.8.xml:50 -#, fuzzy -#| msgid "OPTIONS" msgid "COMMON OPTIONS" -msgstr "VALINNAT" +msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_override.8.xml:263 sssctl.8.xml:52 @@ -11481,7 +11758,7 @@ msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: sss_debuglevel.8.xml:16 -msgid "change debug level while SSSD is running" +msgid "[DEPRECATED] change debug level while SSSD is running" msgstr "" #. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis> @@ -11495,14 +11772,9 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_debuglevel.8.xml:32 msgid "" -"<command>sss_debuglevel</command> changes debug level of SSSD monitor and " -"providers to <replaceable>NEW_DEBUG_LEVEL</replaceable> while SSSD is " -"running." -msgstr "" - -#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sss_debuglevel.8.xml:59 -msgid "<replaceable>NEW_DEBUG_LEVEL</replaceable>" +"<command>sss_debuglevel</command> is deprecated and replaced by the sssctl " +"debug-level command. Please refer to the <command>sssctl</command> man page " +"for more information on sssctl usage." msgstr "" #. type: Content of: <reference><refentry><refnamediv><refname> @@ -11899,7 +12171,7 @@ msgid "" msgstr "" #. type: Content of: <refsect1><title> -#: sss_rpcidmapd.5.xml:120 sssd-kcm.8.xml:182 include/seealso.xml:2 +#: sss_rpcidmapd.5.xml:120 sssd-kcm.8.xml:180 include/seealso.xml:2 msgid "SEE ALSO" msgstr "" @@ -12072,7 +12344,7 @@ msgstr "" #. type: Content of: <reference><refentry><refnamediv><refpurpose> #: idmap_sss.8.xml:16 -msgid "SSSSD's idmap_sss Backend for Winbind" +msgid "SSSD's idmap_sss Backend for Winbind" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> @@ -12084,10 +12356,8 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><title> #: idmap_sss.8.xml:29 -#, fuzzy -#| msgid "OPTIONS" msgid "IDMAP OPTIONS" -msgstr "VALINNAT" +msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> #: idmap_sss.8.xml:33 @@ -12101,11 +12371,6 @@ msgid "" "authoritative." msgstr "" -#. type: Content of: <reference><refentry><refsect1><title> -#: idmap_sss.8.xml:43 -msgid "EXAMPLES" -msgstr "" - #. type: Content of: <reference><refentry><refsect1><para> #: idmap_sss.8.xml:45 msgid "" @@ -12271,20 +12536,53 @@ msgid "" "nested." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-secrets.5.xml:69 +msgid "secrets" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-secrets.5.xml:70 +msgid "secrets for general usage" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-secrets.5.xml:73 +msgid "kcm" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-secrets.5.xml:75 +msgid "" +"used by the <citerefentry> <refentrytitle>sssd-kcm</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-secrets.5.xml:61 +msgid "" +"Since the secrets responder can be used both externally to store general " +"secrets, as described in the rest of this man page, but also internally by " +"other SSSD components to store their secret material, some configuration " +"options, like quotas can be configured per <quote>hive</quote> in a " +"configuration subsection named after the hive. The currently supported hives " +"are: <placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-secrets.5.xml:63 +#: sssd-secrets.5.xml:89 msgid "USING THE SECRETS RESPONDER" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-secrets.5.xml:65 +#: sssd-secrets.5.xml:91 msgid "" "The UNIX socket the SSSD responder listens on is located at <filename>/var/" "run/secrets.socket</filename>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-secrets.5.xml:84 sssd-kcm.8.xml:132 +#: sssd-secrets.5.xml:110 #, no-wrap msgid "" "systemctl start sssd-secrets.socket\n" @@ -12294,7 +12592,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-secrets.5.xml:69 +#: sssd-secrets.5.xml:95 msgid "" "The secrets responder is socket-activated by <citerefentry> " "<refentrytitle>systemd</refentrytitle> <manvolnum>1</manvolnum> </" @@ -12309,7 +12607,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-secrets.5.xml:96 +#: sssd-secrets.5.xml:122 msgid "" "The generic SSSD responder options such as <quote>debug_level</quote> or " "<quote>fd_limit</quote> are accepted by the secrets responder. Please refer " @@ -12318,18 +12616,27 @@ msgid "" "there are some secrets-specific options as well." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-secrets.5.xml:132 +msgid "" +"The secrets responder is configured with a global <quote>[secrets]</quote> " +"section and an optional per-user <quote>[secrets/users/$uid]</quote> section " +"in <filename>sssd.conf</filename>. Please note that some options, notably as " +"the provider type, can only be specified in the per-user subsections." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd-secrets.5.xml:107 +#: sssd-secrets.5.xml:141 msgid "provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd-secrets.5.xml:120 +#: sssd-secrets.5.xml:157 msgid "local" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd-secrets.5.xml:123 +#: sssd-secrets.5.xml:160 msgid "" "The secrets are stored in a local database, encrypted at rest with a master " "key. The local provider does not have any additional config options at the " @@ -12337,153 +12644,192 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd-secrets.5.xml:131 +#: sssd-secrets.5.xml:168 msgid "proxy" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd-secrets.5.xml:134 +#: sssd-secrets.5.xml:171 msgid "" "The secrets responder forwards the requests to a Custodia server. The proxy " "provider supports several additional options (see below)." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd-secrets.5.xml:110 +#: sssd-secrets.5.xml:144 msgid "" "This option specifies where should the secrets be stored. The secrets " -"responder can configure a per-user subsections that define which provider " -"store the secrets for this particular user. The per-user subsections should " -"contain all options for that user's provider. If a per-user section does not " -"exist, the global settings from the secret responder's section are used. " -"The following providers are supported: <placeholder type=\"variablelist\" id=" -"\"0\"/>" +"responder can configure a per-user subsections (e.g. <quote>[secrets/" +"users/123]</quote> - see bottom of this manual page for a full example using " +"Custodia for a particular user) that define which provider store the secrets " +"for this particular user. The per-user subsections should contain all " +"options for that user's provider. Please note that currently the global " +"provider is always local, the proxy provider can only be specified in a per-" +"user section. The following providers are supported: <placeholder type=" +"\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd-secrets.5.xml:143 -#, fuzzy -#| msgid "Default: false" +#: sssd-secrets.5.xml:180 msgid "Default: local" -msgstr "Oletus:epätosi" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-secrets.5.xml:186 +msgid "" +"The following options affect only the secrets <quote>hive</quote> and " +"therefore should be set in a per-hive subsection. Setting the option to 0 " +"means \"unlimited\"." +msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd-secrets.5.xml:148 -#, fuzzy -#| msgid "debug_level (integer)" +#: sssd-secrets.5.xml:192 msgid "containers_nest_level (integer)" -msgstr "debug_level (integer)" +msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd-secrets.5.xml:151 +#: sssd-secrets.5.xml:195 msgid "This option specifies the maximum allowed number of nested containers." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd-secrets.5.xml:155 -#, fuzzy -#| msgid "Default: true" +#: sssd-secrets.5.xml:199 msgid "Default: 4" -msgstr "Oletus:tosi" +msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd-secrets.5.xml:160 +#: sssd-secrets.5.xml:204 +msgid "max_secrets (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-secrets.5.xml:207 +msgid "" +"This option specifies the maximum number of secrets that can be stored in " +"the hive." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-secrets.5.xml:211 +msgid "Default: 1024 (secrets hive), 256 (kcm hive)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-secrets.5.xml:216 #, fuzzy #| msgid "debug_level (integer)" -msgid "max_secrets (integer)" +msgid "max_uid_secrets (integer)" msgstr "debug_level (integer)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd-secrets.5.xml:163 -msgid "This option specifies the maximum number of secrets that can be stored." +#: sssd-secrets.5.xml:219 +msgid "" +"This option specifies the maximum number of secrets that can be stored per-" +"UID in the hive." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd-secrets.5.xml:167 -#, fuzzy -#| msgid "Default: true" -msgid "Default: 1024" -msgstr "Oletus:tosi" +#: sssd-secrets.5.xml:223 +msgid "Default: 256 (secrets hive), 64 (kcm hive)" +msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd-secrets.5.xml:172 +#: sssd-secrets.5.xml:228 msgid "max_payload_size (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd-secrets.5.xml:175 +#: sssd-secrets.5.xml:231 msgid "" "This option specifies the maximum payload size allowed for a secret payload " "in kilobytes." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd-secrets.5.xml:179 -#, fuzzy -#| msgid "Default: true" -msgid "Default: 16" -msgstr "Oletus:tosi" +#: sssd-secrets.5.xml:235 +msgid "Default: 16 (secrets hive), 65536 (64 MiB) (kcm hive)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-secrets.5.xml:244 +#, no-wrap +msgid "" +"[secrets/secrets]\n" +"max_payload_size = 128\n" +"\n" +"[secrets/kcm]\n" +"max_payload_size = 256\n" +" " +msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-secrets.5.xml:185 +#: sssd-secrets.5.xml:241 +msgid "" +"For example, to adjust quotas differently for both the <quote>secrets</" +"quote> and the <quote>kcm</quote> hives, configure the following: " +"<placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-secrets.5.xml:252 msgid "" "The following options are only applicable for configurations that use the " "<quote>proxy</quote> provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd-secrets.5.xml:190 +#: sssd-secrets.5.xml:257 msgid "proxy_url (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd-secrets.5.xml:193 +#: sssd-secrets.5.xml:260 msgid "" "The URL the Custodia server is listening on. At the moment, http and https " "protocols are supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd-secrets.5.xml:200 +#: sssd-secrets.5.xml:267 msgid "http[s]://<host>[:port]" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd-secrets.5.xml:203 +#: sssd-secrets.5.xml:270 msgid "Example: http://localhost:8080" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd-secrets.5.xml:208 +#: sssd-secrets.5.xml:275 msgid "auth_type (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd-secrets.5.xml:211 +#: sssd-secrets.5.xml:278 msgid "" "The method to use when authenticating to a Custodia server. The following " "authentication methods are supported:" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><variablelist><varlistentry><term> -#: sssd-secrets.5.xml:216 +#: sssd-secrets.5.xml:283 msgid "basic_auth" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><variablelist><varlistentry><listitem><para> -#: sssd-secrets.5.xml:219 +#: sssd-secrets.5.xml:286 msgid "" "Authenticate with a username and a password as set in the <quote>username</" "quote> and <quote>password</quote> options." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><variablelist><varlistentry><term> -#: sssd-secrets.5.xml:226 +#: sssd-secrets.5.xml:293 msgid "header" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><variablelist><varlistentry><listitem><para> -#: sssd-secrets.5.xml:229 +#: sssd-secrets.5.xml:296 msgid "" "Authenticate with HTTP header value as defined in the " "<quote>auth_header_name</quote> and <quote>auth_header_value</quote> " @@ -12491,12 +12837,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd-secrets.5.xml:240 +#: sssd-secrets.5.xml:307 msgid "auth_header_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd-secrets.5.xml:243 +#: sssd-secrets.5.xml:310 msgid "" "If set, the secrets responder would put a header with this name into the " "HTTP request with the value defined in the <quote>auth_header_value</quote> " @@ -12504,81 +12850,81 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd-secrets.5.xml:248 +#: sssd-secrets.5.xml:315 msgid "Example: MYSECRETNAME" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd-secrets.5.xml:253 +#: sssd-secrets.5.xml:320 msgid "auth_header_value (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd-secrets.5.xml:256 +#: sssd-secrets.5.xml:323 msgid "" "The value sssd-secrets would use for the <quote>auth_header_name</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd-secrets.5.xml:260 +#: sssd-secrets.5.xml:327 msgid "Example: mysecret" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd-secrets.5.xml:265 +#: sssd-secrets.5.xml:332 msgid "forward_headers (list of strings)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd-secrets.5.xml:268 +#: sssd-secrets.5.xml:335 msgid "" "The list of HTTP headers to forward to the Custodia server together with the " "request." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd-secrets.5.xml:277 +#: sssd-secrets.5.xml:344 msgid "verify_peer (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd-secrets.5.xml:280 +#: sssd-secrets.5.xml:347 msgid "" "Whether peer's certificate should be verified and valid if HTTPS protocol is " "used with the proxy provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd-secrets.5.xml:289 +#: sssd-secrets.5.xml:356 msgid "verify_host (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd-secrets.5.xml:292 +#: sssd-secrets.5.xml:359 msgid "" "Whether peer's hostname must match with hostname in its certificate if HTTPS " "protocol is used with the proxy provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd-secrets.5.xml:302 +#: sssd-secrets.5.xml:369 msgid "capath (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd-secrets.5.xml:305 +#: sssd-secrets.5.xml:372 msgid "" "Path to directory containing stored certificate authority certificates. " "System default path is used if this option is not set." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd-secrets.5.xml:315 +#: sssd-secrets.5.xml:382 msgid "cacert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd-secrets.5.xml:318 +#: sssd-secrets.5.xml:385 msgid "" "Path to file containing server's certificate authority certificate. If this " "option is not set then the CA's certificate is looked up in <quote>capath</" @@ -12586,12 +12932,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd-secrets.5.xml:328 +#: sssd-secrets.5.xml:395 msgid "cert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd-secrets.5.xml:331 +#: sssd-secrets.5.xml:398 msgid "" "Path to file containing client's certificate if required by the server. This " "file may also contain private key or the private key may be in separate file " @@ -12599,22 +12945,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd-secrets.5.xml:342 +#: sssd-secrets.5.xml:409 msgid "key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd-secrets.5.xml:345 +#: sssd-secrets.5.xml:412 msgid "Path to file containing client's private key." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-secrets.5.xml:355 +#: sssd-secrets.5.xml:422 msgid "USING THE REST API" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-secrets.5.xml:357 +#: sssd-secrets.5.xml:424 msgid "" "This section lists the available commands and includes examples using the " "<citerefentry> <refentrytitle>curl</refentrytitle> <manvolnum>1</manvolnum> " @@ -12629,19 +12975,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd-secrets.5.xml:374 +#: sssd-secrets.5.xml:441 msgid "Listing secrets" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd-secrets.5.xml:377 +#: sssd-secrets.5.xml:444 msgid "" "To list the available secrets, send a HTTP GET request with a trailing slash " "appended to the container path." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting> -#: sssd-secrets.5.xml:383 +#: sssd-secrets.5.xml:450 #, no-wrap msgid "" "curl -H \"Content-Type: application/json\" \\\n" @@ -12651,19 +12997,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd-secrets.5.xml:391 +#: sssd-secrets.5.xml:458 msgid "Retrieving a secret" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd-secrets.5.xml:394 +#: sssd-secrets.5.xml:461 msgid "" "To read a value of a single secret, send a HTTP GET request without a " "trailing slash. The last portion of the URI is the name of the secret." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting> -#: sssd-secrets.5.xml:401 +#: sssd-secrets.5.xml:468 #, no-wrap msgid "" "curl -H \"Content-Type: application/json\" \\\n" @@ -12673,7 +13019,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting> -#: sssd-secrets.5.xml:406 +#: sssd-secrets.5.xml:473 #, no-wrap msgid "" "curl -H \"Content-Type: application/octet-stream\" \\\n" @@ -12683,21 +13029,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd-secrets.5.xml:399 -#, fuzzy -#| msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>" +#: sssd-secrets.5.xml:466 msgid "" "Examples: <placeholder type=\"programlisting\" id=\"0\"/> <placeholder type=" "\"programlisting\" id=\"1\"/>" -msgstr "Esimerkki: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd-secrets.5.xml:414 +#: sssd-secrets.5.xml:481 msgid "Setting a secret" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd-secrets.5.xml:417 +#: sssd-secrets.5.xml:484 msgid "" "To set a secret using the <quote>application/json</quote> type, send a HTTP " "PUT request with a JSON payload that includes type and value. The type " @@ -12706,14 +13050,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd-secrets.5.xml:425 +#: sssd-secrets.5.xml:492 msgid "" "The <quote>application/json</quote> type just sends the secret as the " "message payload." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting> -#: sssd-secrets.5.xml:434 +#: sssd-secrets.5.xml:501 #, no-wrap msgid "" "curl -H \"Content-Type: application/json\" \\\n" @@ -12724,7 +13068,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting> -#: sssd-secrets.5.xml:440 +#: sssd-secrets.5.xml:507 #, no-wrap msgid "" "curl -H \"Content-Type: application/octet-stream\" \\\n" @@ -12735,7 +13079,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd-secrets.5.xml:429 +#: sssd-secrets.5.xml:496 msgid "" "The following example sets a secret named 'foo' to a value of 'foosecret' " "and a secret named 'bar' to a value of 'barsecret' using a different Content " @@ -12744,12 +13088,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd-secrets.5.xml:449 +#: sssd-secrets.5.xml:516 msgid "Creating a container" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd-secrets.5.xml:452 +#: sssd-secrets.5.xml:519 msgid "" "Containers provide an additional namespace for this user's secrets. To " "create a container, send a HTTP POST request, whose URI ends with the " @@ -12757,7 +13101,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting> -#: sssd-secrets.5.xml:462 +#: sssd-secrets.5.xml:529 #, no-wrap msgid "" "curl -H \"Content-Type: application/json\" \\\n" @@ -12767,16 +13111,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd-secrets.5.xml:459 -#, fuzzy -#| msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>" +#: sssd-secrets.5.xml:526 msgid "" "The following example creates a container named 'mycontainer': <placeholder " "type=\"programlisting\" id=\"0\"/>" -msgstr "Esimerkki: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting> -#: sssd-secrets.5.xml:471 +#: sssd-secrets.5.xml:538 #, no-wrap msgid "" "http://localhost/secrets/mycontainer/mysecret\n" @@ -12784,26 +13126,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd-secrets.5.xml:468 +#: sssd-secrets.5.xml:535 msgid "" "To manipulate secrets under this container, just nest the secrets underneath " "the container path: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd-secrets.5.xml:477 +#: sssd-secrets.5.xml:544 msgid "Deleting a secret or a container" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd-secrets.5.xml:480 +#: sssd-secrets.5.xml:547 msgid "" "To delete a secret or a container, send a HTTP DELETE request with a path to " "the secret or the container." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting> -#: sssd-secrets.5.xml:486 +#: sssd-secrets.5.xml:553 #, no-wrap msgid "" "curl -H \"Content-Type: application/json\" \\\n" @@ -12813,21 +13155,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd-secrets.5.xml:484 -#, fuzzy -#| msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>" +#: sssd-secrets.5.xml:551 msgid "" "The following example deletes a secret named 'foo'. <placeholder type=" "\"programlisting\" id=\"0\"/>" -msgstr "Esimerkki: <placeholder type=\"programlisting\" id=\"0\"/>" +msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-secrets.5.xml:496 +#: sssd-secrets.5.xml:563 msgid "EXAMPLE CUSTODIA AND PROXY PROVIDER CONFIGURATION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-secrets.5.xml:498 +#: sssd-secrets.5.xml:565 msgid "" "For testing the proxy provider, you need to set up a Custodia server to " "proxy requests to. Please always consult the Custodia documentation, the " @@ -12835,7 +13175,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-secrets.5.xml:509 +#: sssd-secrets.5.xml:576 #, no-wrap msgid "" "[global]\n" @@ -12865,7 +13205,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-secrets.5.xml:503 +#: sssd-secrets.5.xml:570 msgid "" "This configuration will set up a Custodia server listening on http://" "localhost:8080, allowing anyone with header named MYSECRETNAME set to " @@ -12875,14 +13215,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-secrets.5.xml:535 +#: sssd-secrets.5.xml:602 msgid "" "Then run the <replaceable>custodia</replaceable> command, pointing it at the " "config file as a command line argument." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-secrets.5.xml:539 +#: sssd-secrets.5.xml:606 msgid "" "Please note that currently it's not possible to proxy all requests globally " "to a Custodia instance. Instead, per-user subsections for user IDs that " @@ -12893,7 +13233,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><programlisting> -#: sssd-secrets.5.xml:547 +#: sssd-secrets.5.xml:614 #, no-wrap msgid "" "[secrets]\n" @@ -12907,6 +13247,71 @@ msgid "" " " msgstr "" +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-session-recording.5.xml:16 +msgid "sssd-session-recording" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-session-recording.5.xml:17 +msgid "Configuring session recording with SSSD" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-session-recording.5.xml:23 +msgid "" +"This manual page describes how to configure <citerefentry> " +"<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> " +"to work with <citerefentry> <refentrytitle>tlog-rec-session</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry>, a part of tlog package, to " +"implement user session recording on text terminals. For a detailed " +"configuration syntax reference, refer to the <quote>FILE FORMAT</quote> " +"section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> manual page." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-session-recording.5.xml:41 +msgid "" +"SSSD can be set up to enable recording of everything specific users see or " +"type during their sessions on text terminals. E.g. when users log in on the " +"console, or via SSH. SSSD itself doesn't record anything, but makes sure " +"tlog-rec-session is started upon user login, so it can record according to " +"its configuration." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-session-recording.5.xml:48 +msgid "" +"For users with session recording enabled, SSSD replaces the user shell with " +"tlog-rec-session in NSS responses, and adds a variable specifying the " +"original shell to the user environment, upon PAM session setup. This way " +"tlog-rec-session can be started in place of the user shell, and know which " +"actual shell to start, once it set up the recording." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-session-recording.5.xml:60 +msgid "These options can be used to configure the session recording." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-session-recording.5.xml:146 +msgid "" +"The following snippet of sssd.conf enables session recording for users " +"\"contractor1\" and \"contractor2\", and group \"students\"." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-session-recording.5.xml:151 +#, no-wrap +msgid "" +"[session_recording]\n" +"scope = some\n" +"users = contractor1, contractor2\n" +"groups = students\n" +msgstr "" + #. type: Content of: <reference><refentry><refnamediv><refname> #: sssd-kcm.8.xml:10 sssd-kcm.8.xml:16 msgid "sssd-kcm" @@ -13024,7 +13429,6 @@ msgstr "" msgid "" "systemctl start sssd-kcm.socket\n" "systemctl enable sssd-kcm.socket\n" -"systemctl enable sssd-kcm.service\n" " " msgstr "" @@ -13041,12 +13445,21 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-kcm.8.xml:123 +#: sssd-kcm.8.xml:122 msgid "THE CREDENTIAL CACHE STORAGE" msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><programlisting> +#: sssd-kcm.8.xml:131 +#, no-wrap +msgid "" +"systemctl start sssd-secrets.socket\n" +"systemctl enable sssd-secrets.socket\n" +" " +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-kcm.8.xml:125 +#: sssd-kcm.8.xml:124 msgid "" "The credential caches are stored in the SSSD secrets service (see " "<citerefentry> <refentrytitle>sssd-secrets</refentrytitle><manvolnum>5</" @@ -13057,7 +13470,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-kcm.8.xml:143 +#: sssd-kcm.8.xml:141 msgid "" "The KCM service is configured in the <quote>kcm</quote> section of the sssd." "conf file. Please note that currently, is it not sufficient to restart the " @@ -13070,7 +13483,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-kcm.8.xml:157 +#: sssd-kcm.8.xml:155 msgid "" "The generic SSSD service options such as <quote>debug_level</quote> or " "<quote>fd_limit</quote> are accepted by the kcm service. Please refer to " @@ -13080,28 +13493,410 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd-kcm.8.xml:168 +#: sssd-kcm.8.xml:166 msgid "socket_path (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd-kcm.8.xml:171 +#: sssd-kcm.8.xml:169 msgid "The socket the KCM service will listen on." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd-kcm.8.xml:174 +#: sssd-kcm.8.xml:172 msgid "Default: <replaceable>/var/run/.heim_org.h5l.kcm-socket</replaceable>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-kcm.8.xml:184 +#: sssd-kcm.8.xml:182 msgid "" "<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </" "citerefentry>, <citerefentry> <refentrytitle>sssd.conf</" "refentrytitle><manvolnum>5</manvolnum> </citerefentry>," msgstr "" +#. type: Content of: <reference><refentry><refnamediv><refname> +#: sssd-systemtap.5.xml:10 sssd-systemtap.5.xml:16 +msgid "sssd-systemtap" +msgstr "" + +#. type: Content of: <reference><refentry><refnamediv><refpurpose> +#: sssd-systemtap.5.xml:17 +msgid "SSSD systemtap information" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-systemtap.5.xml:23 +msgid "" +"This manual page provides information about the systemtap functionality in " +"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> " +"</citerefentry>." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-systemtap.5.xml:32 +msgid "" +"SystemTap Probe points have been added into various locations in SSSD code " +"to assist in troubleshooting and analyzing performance related issues." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-systemtap.5.xml:40 +msgid "Sample SystemTap scripts are provided in /usr/share/sssd/systemtap/" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> +#: sssd-systemtap.5.xml:46 +msgid "" +"Probes and miscellaneous functions are defined in /usr/share/systemtap/" +"tapset/sssd.stp and /usr/share/systemtap/tapset/sssd_functions.stp " +"respectively." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-systemtap.5.xml:57 +msgid "PROBE POINTS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd-systemtap.5.xml:59 sssd-systemtap.5.xml:341 +msgid "" +"The information below lists the probe points and arguments available in the " +"following format:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:64 +#, fuzzy +#| msgid "user name" +msgid "probe $name" +msgstr "käyttäjänimi" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:67 +msgid "Description of probe point" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:70 +#, no-wrap +msgid "" +"variable1:datatype\n" +"variable2:datatype\n" +"variable3:datatype\n" +"...\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-systemtap.5.xml:80 +msgid "Database Transaction Probes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:84 +msgid "probe sssd_transaction_start" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:87 +msgid "" +"Start of a sysdb transaction, probes the sysdb_transaction_start() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:91 sssd-systemtap.5.xml:105 sssd-systemtap.5.xml:118 +#: sssd-systemtap.5.xml:131 +#, no-wrap +msgid "" +"nesting:integer\n" +"probestr:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:97 +msgid "probe sssd_transaction_cancel" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:100 +msgid "" +"Cancellation of a sysdb transaction, probes the sysdb_transaction_cancel() " +"function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:111 +msgid "probe sssd_transaction_commit_before" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:114 +msgid "Probes the sysdb_transaction_commit_before() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:124 +msgid "probe sssd_transaction_commit_after" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:127 +msgid "Probes the sysdb_transaction_commit_after() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-systemtap.5.xml:141 +msgid "LDAP Search Probes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:145 +msgid "probe sdap_search_send" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:148 +msgid "Probes the sdap_get_generic_ext_send() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:152 sssd-systemtap.5.xml:167 sssd-systemtap.5.xml:196 +#, no-wrap +msgid "" +"base:string\n" +"scope:integer\n" +"filter:string\n" +"probestr:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:160 +msgid "probe sdap_search_recv" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:163 +msgid "Probes the sdap_get_generic_ext_recv() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:175 +msgid "probe sdap_deref_send" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:178 +msgid "Probes the sdap_deref_search_send() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:182 +#, no-wrap +msgid "" +"base_dn:string\n" +"deref_attr:string\n" +"probestr:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:189 +msgid "probe sdap_deref_recv" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:192 +msgid "Probes the sdap_deref_search_recv() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-systemtap.5.xml:208 +msgid "LDAP Account Request Probes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:212 +msgid "probe sdap_acct_req_send" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:215 +msgid "Probes the sdap_acct_req_send() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:219 sssd-systemtap.5.xml:234 +#, no-wrap +msgid "" +"entry_type:int\n" +"filter_type:int\n" +"filter_value:string\n" +"extra_value:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:227 +msgid "probe sdap_acct_req_recv" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:230 +msgid "Probes the sdap_acct_req_recv() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-systemtap.5.xml:246 +msgid "LDAP User Search Probes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:250 +msgid "probe sdap_search_user_send" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:253 +msgid "Probes the sdap_search_user_send() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:257 sssd-systemtap.5.xml:269 sssd-systemtap.5.xml:281 +#: sssd-systemtap.5.xml:293 +#, no-wrap +msgid "" +"filter:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:262 +msgid "probe sdap_search_user_recv" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:265 +msgid "Probes the sdap_search_user_recv() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:274 +msgid "probe sdap_search_user_save_begin" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:277 +msgid "Probes the sdap_search_user_save_begin() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:286 +msgid "probe sdap_search_user_save_end" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:289 +msgid "Probes the sdap_search_user_save_end() function." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-systemtap.5.xml:302 +msgid "Data Provider Request Probes" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:306 +msgid "probe dp_req_send" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:309 +msgid "A Data Provider request is submitted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:312 +#, no-wrap +msgid "" +"dp_req_domain:string\n" +"dp_req_name:string\n" +"dp_req_target:int\n" +"dp_req_method:int\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:320 +msgid "probe dp_req_done" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:323 +msgid "A Data Provider request is completed." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting> +#: sssd-systemtap.5.xml:326 +#, no-wrap +msgid "" +"dp_req_name:string\n" +"dp_req_target:int\n" +"dp_req_method:int\n" +"dp_ret:int\n" +"dp_errorstr:string\n" +" " +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd-systemtap.5.xml:339 +msgid "MISCELLANEOUS FUNCTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:346 +msgid "function acct_req_desc(entry_type)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:349 +msgid "Convert entry_type to string and return string" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:354 +msgid "" +"function sssd_acct_req_probestr(fc_name, entry_type, filter_type, " +"filter_value, extra_value)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:358 +msgid "Create probe string based on filter type" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:363 +msgid "function dp_target_str(target)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:366 +msgid "Convert target to string and return string" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd-systemtap.5.xml:371 +msgid "function dp_method_str(target)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd-systemtap.5.xml:374 +msgid "Convert method to string and return string" +msgstr "" + #. type: Content of: <refsect1><title> #: include/service_discovery.xml:2 msgid "SERVICE DISCOVERY" @@ -13251,6 +14046,69 @@ msgid "" "offline mode, and then attempts to reconnect every 30 seconds." msgstr "" +#. type: Content of: <refsect1><refsect2><title> +#: include/failover.xml:53 +msgid "Failover time outs and tuning" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:55 +msgid "" +"Resolving a server to connect to can be as simple as running a single DNS " +"query or can involve several steps, such as finding the correct site or " +"trying out multiple host names in case some of the configured servers are " +"not reachable. The more complex scenarios can take some time and SSSD needs " +"to balance between providing enough time to finish the resolution process " +"but on the other hand, not trying for too long before falling back to " +"offline mode. If the SSSD debug logs show that the server resolution is " +"timing out before a live server is contacted, you can consider changing the " +"time outs." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term> +#: include/failover.xml:76 +msgid "dns_resolver_op_timeout" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: include/failover.xml:80 +msgid "How long would SSSD talk to a single DNS server." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term> +#: include/failover.xml:86 +#, fuzzy +#| msgid "client_idle_timeout" +msgid "dns_resolver_timeout" +msgstr "client_idle_timeout" + +#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> +#: include/failover.xml:90 +msgid "" +"How long would SSSD try to resolve a failover service. This service " +"resolution internally might include several steps, such as resolving DNS SRV " +"queries or locating the site." +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:67 +msgid "" +"This section lists the available tunables. Please refer to their description " +"in the <citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" +"manvolnum> </citerefentry>, manual page. <placeholder type=\"variablelist\" " +"id=\"0\"/>" +msgstr "" + +#. type: Content of: <refsect1><refsect2><para> +#: include/failover.xml:100 +msgid "" +"For LDAP-based providers, the resolve operation is performed as part of an " +"LDAP connection operation. Thefore, also the <quote>ldap_opt_timeout></" +"quote> timeout should be set to a larger value than " +"<quote>dns_resolver_timeout</quote> which in turn should be set to a larger " +"value than <quote>dns_resolver_op_timeout</quote>." +msgstr "" + #. type: Content of: <refsect1><title> #: include/ldap_id_mapping.xml:2 msgid "ID MAPPING" @@ -13830,34 +14688,37 @@ msgid "" "<refentrytitle>sssd-sudo</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry>, </phrase> <phrase condition=\"with_secrets\"> <citerefentry> " "<refentrytitle>sssd-secrets</refentrytitle> <manvolnum>5</manvolnum> </" -"citerefentry>, </phrase> <citerefentry> <refentrytitle>sss_cache</" -"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " -"<refentrytitle>sss_debuglevel</refentrytitle><manvolnum>8</manvolnum> </" -"citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</" +"citerefentry>, </phrase> <citerefentry> <refentrytitle>sssd-session-" +"recording</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>, " +"<citerefentry> <refentrytitle>sss_cache</refentrytitle><manvolnum>8</" +"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_debuglevel</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " -"<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> </" -"citerefentry>, <citerefentry> <refentrytitle>sss_groupshow</" +"<refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " -"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> </" -"citerefentry>, <citerefentry> <refentrytitle>sss_useradd</" +"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " -"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> </" -"citerefentry>, <citerefentry> <refentrytitle>sss_usermod</" +"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " -"<refentrytitle>sss_obfuscate</refentrytitle><manvolnum>8</manvolnum> </" -"citerefentry>, <citerefentry> <refentrytitle>sss_seed</" +"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sss_obfuscate</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " -"<refentrytitle>sssd_krb5_locator_plugin</refentrytitle><manvolnum>8</" -"manvolnum> </citerefentry>, <phrase condition=\"with_ssh\"> <citerefentry> " -"<refentrytitle>sss_ssh_authorizedkeys</refentrytitle> <manvolnum>8</" -"manvolnum> </citerefentry>, <citerefentry> " +"<refentrytitle>sss_seed</refentrytitle><manvolnum>8</manvolnum> </" +"citerefentry>, <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" +"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <phrase condition=" +"\"with_ssh\"> <citerefentry> <refentrytitle>sss_ssh_authorizedkeys</" +"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>, <citerefentry> " "<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle> <manvolnum>8</" "manvolnum> </citerefentry>, </phrase> <phrase condition=\"with_ifp\"> " "<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</" "manvolnum> </citerefentry>, </phrase> <citerefentry> <refentrytitle>pam_sss</" "refentrytitle><manvolnum>8</manvolnum> </citerefentry>. <citerefentry> " "<refentrytitle>sss_rpcidmapd</refentrytitle> <manvolnum>5</manvolnum> </" -"citerefentry>" +"citerefentry> <phrase condition=\"with_stap\"> <citerefentry> " +"<refentrytitle>sssd-systemtap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> </phrase>" msgstr "" #. type: Content of: <listitem><para> @@ -14077,10 +14938,8 @@ msgstr "" #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> #: include/ad_modified_defaults.xml:58 include/ipa_modified_defaults.xml:58 -#, fuzzy -#| msgid "ldap_use_tokengroups" msgid "ldap_use_tokengroups = true" -msgstr "ldap_use_tokengroups" +msgstr "" #. type: Content of: <refsect1><para> #: include/ipa_modified_defaults.xml:4 @@ -14150,42 +15009,37 @@ msgstr "" msgid "ldap_user_auth_type = ipaUserAuthType" msgstr "" -#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> -#: include/ipa_modified_defaults.xml:88 -msgid "ldap_user_certificate = userCertificate;binary" -msgstr "" - #. type: Content of: <refsect1><refsect2><title> -#: include/ipa_modified_defaults.xml:94 +#: include/ipa_modified_defaults.xml:89 msgid "LDAP Provider - Group options" msgstr "" #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> -#: include/ipa_modified_defaults.xml:98 +#: include/ipa_modified_defaults.xml:93 msgid "ldap_group_object_class = ipaUserGroup" msgstr "" #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> -#: include/ipa_modified_defaults.xml:103 +#: include/ipa_modified_defaults.xml:98 msgid "ldap_group_object_class_alt = posixGroup" msgstr "" #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> -#: include/ipa_modified_defaults.xml:108 +#: include/ipa_modified_defaults.xml:103 msgid "ldap_group_member = member" msgstr "" #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> -#: include/ipa_modified_defaults.xml:113 +#: include/ipa_modified_defaults.xml:108 msgid "ldap_group_uuid = ipaUniqueID" msgstr "" #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> -#: include/ipa_modified_defaults.xml:118 +#: include/ipa_modified_defaults.xml:113 msgid "ldap_group_objectsid = ipaNTSecurityIdentifier" msgstr "" #. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para> -#: include/ipa_modified_defaults.xml:123 +#: include/ipa_modified_defaults.xml:118 msgid "ldap_group_external_member = ipaExternalMember" msgstr "" -- cgit