diff options
-rw-r--r-- | src/man/po/cs.po | 708 | ||||
-rw-r--r-- | src/man/po/sssd-docs.pot | 699 | ||||
-rw-r--r-- | src/man/po/uk.po | 756 |
3 files changed, 1313 insertions, 850 deletions
diff --git a/src/man/po/cs.po b/src/man/po/cs.po index 6b2f76e7..70703401 100644 --- a/src/man/po/cs.po +++ b/src/man/po/cs.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: sss_daemon 1.2.3\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2011-01-17 08:11-0500\n" +"POT-Creation-Date: 2011-01-24 13:36-0500\n" "PO-Revision-Date: 2010-10-25 10:46+0300\n" "Last-Translator: Automatically generated\n" "Language-Team: none\n" @@ -118,9 +118,9 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><title> #. type: Content of: <reference><refentry><refsect1><title> -#: sss_groupmod.8.xml:72 sssd.conf.5.xml:990 sssd-ldap.5.xml:1293 +#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1008 sssd-ldap.5.xml:1389 #: pam_sss.8.xml:128 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143 -#: sssd-ipa.5.xml:178 sssd.8.xml:166 sss_obfuscate.8.xml:104 +#: sssd-ipa.5.xml:191 sssd.8.xml:166 sss_obfuscate.8.xml:104 #: sss_useradd.8.xml:167 sssd-krb5.5.xml:424 sss_groupadd.8.xml:58 #: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58 #: sss_usermod.8.xml:138 @@ -241,7 +241,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:70 sssd.conf.5.xml:836 +#: sssd.conf.5.xml:70 sssd.conf.5.xml:854 msgid "Section parameters" msgstr "" @@ -488,8 +488,8 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:229 sssd.conf.5.xml:353 sssd-ldap.5.xml:932 -#: sssd-ldap.5.xml:1037 sssd-ipa.5.xml:142 +#: sssd.conf.5.xml:229 sssd.conf.5.xml:353 sssd-ldap.5.xml:1015 +#: sssd-ldap.5.xml:1120 sssd-ipa.5.xml:155 msgid "Default: true" msgstr "" @@ -712,7 +712,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:408 sssd.conf.5.xml:461 sssd.conf.5.xml:775 +#: sssd.conf.5.xml:408 sssd.conf.5.xml:461 sssd.conf.5.xml:793 msgid "Default: 5" msgstr "" @@ -788,21 +788,44 @@ msgid "" "information to avoid excessive round-trips to the identity provider." msgstr "" +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:467 +msgid "pam_pwd_expiration_warning (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:470 +msgid "Display a warning N days before the password expires." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:473 +msgid "" +"Please note that the backend server has to provide information about the " +"expiration time of the password. If this information is missing, sssd " +"cannot display a warning." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:479 +msgid "Default: 7" +msgstr "" + # type: Content of: <reference><refentry><refsect1><title> #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:470 +#: sssd.conf.5.xml:488 msgid "DOMAIN SECTIONS" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:477 +#: sssd.conf.5.xml:495 msgid "min_id,max_id (integer)" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:480 +#: sssd.conf.5.xml:498 msgid "" "UID and GID limits for the domain. If a domain contains an entry that is " "outside these limits, it is ignored." @@ -810,7 +833,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:485 +#: sssd.conf.5.xml:503 msgid "" "For users, this affects the primary GID limit. The user will not be returned " "to NSS if either the UID or the primary GID is outside the range. For non-" @@ -820,19 +843,19 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:492 +#: sssd.conf.5.xml:510 msgid "Default: 1 for min_id, 0 (no limit) for max_id" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:498 +#: sssd.conf.5.xml:516 msgid "timeout (integer)" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:501 +#: sssd.conf.5.xml:519 msgid "" "Timeout in seconds between heartbeats for this domain. This is used to " "ensure that the backend process is alive and capable of answering requests." @@ -840,19 +863,19 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:506 +#: sssd.conf.5.xml:524 msgid "Default: 10" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:512 +#: sssd.conf.5.xml:530 msgid "enumerate (bool)" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:515 +#: sssd.conf.5.xml:533 msgid "" "Determines if a domain can be enumerated. This parameter can have one of the " "following values:" @@ -860,25 +883,25 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:519 +#: sssd.conf.5.xml:537 msgid "TRUE = Users and groups are enumerated" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:522 +#: sssd.conf.5.xml:540 msgid "FALSE = No enumerations for this domain" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:525 sssd.conf.5.xml:573 sssd.conf.5.xml:627 +#: sssd.conf.5.xml:543 sssd.conf.5.xml:591 sssd.conf.5.xml:645 msgid "Default: FALSE" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:528 +#: sssd.conf.5.xml:546 msgid "" "Note: Enabling enumeration has a moderate performance impact on SSSD while " "enumeration is running. It may take up to several minutes after SSSD startup " @@ -888,7 +911,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:538 +#: sssd.conf.5.xml:556 msgid "" "While the first enumeration is running, requests for the complete user or " "group lists may return no results until it completes." @@ -896,7 +919,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:543 +#: sssd.conf.5.xml:561 msgid "" "Further, enabling enumeration may increase the time necessary to detect " "network disconnection, as longer timeouts are required to ensure that " @@ -906,13 +929,13 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:554 +#: sssd.conf.5.xml:572 msgid "entry_cache_timeout (integer)" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:557 +#: sssd.conf.5.xml:575 msgid "" "How many seconds should nss_sss consider entries valid before asking the " "backend again" @@ -920,31 +943,31 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:561 +#: sssd.conf.5.xml:579 msgid "Default: 5400" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:566 +#: sssd.conf.5.xml:584 msgid "cache_credentials (bool)" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:569 +#: sssd.conf.5.xml:587 msgid "Determines if user credentials are also cached in the local LDB cache" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:578 +#: sssd.conf.5.xml:596 msgid "account_cache_expiration (integer)" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:581 +#: sssd.conf.5.xml:599 msgid "" "Number of days entries are left in cache after last successful login before " "being removed during a cleanup of the cache. 0 means keep forever. The " @@ -954,55 +977,55 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:588 +#: sssd.conf.5.xml:606 msgid "Default: 0 (unlimited)" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:594 +#: sssd.conf.5.xml:612 msgid "id_provider (string)" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:597 +#: sssd.conf.5.xml:615 msgid "The Data Provider identity backend to use for this domain." msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:601 +#: sssd.conf.5.xml:619 msgid "Supported backends:" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:604 +#: sssd.conf.5.xml:622 msgid "proxy: Support a legacy NSS provider" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:607 +#: sssd.conf.5.xml:625 msgid "local: SSSD internal local provider" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:610 +#: sssd.conf.5.xml:628 msgid "ldap: LDAP provider" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:616 +#: sssd.conf.5.xml:634 msgid "use_fully_qualified_names (bool)" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:619 +#: sssd.conf.5.xml:637 msgid "" "If set to TRUE, all requests to this domain must use fully qualified names. " "For example, if used in LOCAL domain that contains a \"test\" user, " @@ -1012,13 +1035,13 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:632 +#: sssd.conf.5.xml:650 msgid "auth_provider (string)" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:635 +#: sssd.conf.5.xml:653 msgid "" "The authentication provider used for the domain. Supported auth providers " "are:" @@ -1026,7 +1049,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:639 +#: sssd.conf.5.xml:657 msgid "" "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -1035,7 +1058,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:646 +#: sssd.conf.5.xml:664 msgid "" "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -1044,20 +1067,20 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:653 +#: sssd.conf.5.xml:671 msgid "" "<quote>proxy</quote> for relaying authentication to some other PAM target." msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:656 +#: sssd.conf.5.xml:674 msgid "<quote>none</quote> disables authentication explicitly." msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:659 +#: sssd.conf.5.xml:677 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "authentication requests." @@ -1065,13 +1088,13 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:665 +#: sssd.conf.5.xml:683 msgid "access_provider (string)" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:668 +#: sssd.conf.5.xml:686 msgid "" "The access control provider used for the domain. There are two built-in " "access providers (in addition to any included in installed backends) " @@ -1080,19 +1103,19 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:674 +#: sssd.conf.5.xml:692 msgid "<quote>permit</quote> always allow access." msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:677 +#: sssd.conf.5.xml:695 msgid "<quote>deny</quote> always deny access." msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:680 +#: sssd.conf.5.xml:698 msgid "" "<quote>simple</quote> access control based on access or deny lists. See " "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" @@ -1102,19 +1125,19 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:687 +#: sssd.conf.5.xml:705 msgid "Default: <quote>permit</quote>" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:692 +#: sssd.conf.5.xml:710 msgid "chpass_provider (string)" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:695 +#: sssd.conf.5.xml:713 msgid "" "The provider which should handle change password operations for the domain. " "Supported change password providers are:" @@ -1122,7 +1145,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:700 +#: sssd.conf.5.xml:718 msgid "" "<quote>ipa</quote> to change a password stored in an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -1131,7 +1154,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:708 +#: sssd.conf.5.xml:726 msgid "" "<quote>ldap</quote> to change a password stored in a LDAP server. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -1140,7 +1163,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:716 +#: sssd.conf.5.xml:734 msgid "" "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -1149,20 +1172,20 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:724 +#: sssd.conf.5.xml:742 msgid "" "<quote>proxy</quote> for relaying password changes to some other PAM target." msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:728 +#: sssd.conf.5.xml:746 msgid "<quote>none</quote> disallows password changes explicitly." msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:731 +#: sssd.conf.5.xml:749 msgid "" "Default: <quote>auth_provider</quote> is used if it is set and can handle " "change password requests." @@ -1170,13 +1193,13 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:738 +#: sssd.conf.5.xml:756 msgid "lookup_family_order (string)" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:741 +#: sssd.conf.5.xml:759 msgid "" "Provides the ability to select preferred address family to use when " "performing DNS lookups." @@ -1184,49 +1207,49 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:745 +#: sssd.conf.5.xml:763 msgid "Supported values:" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:748 +#: sssd.conf.5.xml:766 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:751 +#: sssd.conf.5.xml:769 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:754 +#: sssd.conf.5.xml:772 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:757 +#: sssd.conf.5.xml:775 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:760 +#: sssd.conf.5.xml:778 msgid "Default: ipv4_first" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:766 +#: sssd.conf.5.xml:784 msgid "dns_resolver_timeout (integer)" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:769 +#: sssd.conf.5.xml:787 msgid "" "Defines the amount of time (in seconds) to wait for a reply from the DNS " "resolver before assuming that it is unreachable. If this timeout is reached, " @@ -1235,13 +1258,13 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:781 +#: sssd.conf.5.xml:799 msgid "dns_discovery_domain (string)" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:784 +#: sssd.conf.5.xml:802 msgid "" "If service discovery is used in the back end, specifies the domain part of " "the service discovery DNS query." @@ -1249,12 +1272,12 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:788 +#: sssd.conf.5.xml:806 msgid "Default: Use the domain part of machine's hostname" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:472 +#: sssd.conf.5.xml:490 msgid "" "These configuration options can be present in a domain configuration " "section, that is, in a section called <quote>[domain/<replaceable>NAME</" @@ -1263,19 +1286,19 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:800 +#: sssd.conf.5.xml:818 msgid "proxy_pam_target (string)" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:803 +#: sssd.conf.5.xml:821 msgid "The proxy target PAM proxies to." msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:806 +#: sssd.conf.5.xml:824 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here." @@ -1283,13 +1306,13 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:814 +#: sssd.conf.5.xml:832 msgid "proxy_lib_name (string)" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:817 +#: sssd.conf.5.xml:835 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -1297,7 +1320,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:796 +#: sssd.conf.5.xml:814 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" id=" "\"0\"/>" @@ -1305,13 +1328,13 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><refsect2><title> #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:829 +#: sssd.conf.5.xml:847 msgid "The local domain section" msgstr "" # type: Content of: <reference><refentry><refsect1><refsect2><para> #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:831 +#: sssd.conf.5.xml:849 msgid "" "This section contains settings for domain that stores users and groups in " "SSSD native database, that is, a domain that uses " @@ -1320,31 +1343,31 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:838 +#: sssd.conf.5.xml:856 msgid "default_shell (string)" msgstr "" # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:841 +#: sssd.conf.5.xml:859 msgid "The default shell for users created with SSSD userspace tools." msgstr "" # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:845 +#: sssd.conf.5.xml:863 msgid "Default: <filename>/bin/bash</filename>" msgstr "" # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:850 +#: sssd.conf.5.xml:868 msgid "base_directory (string)" msgstr "" # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:853 +#: sssd.conf.5.xml:871 msgid "" "The tools append the login name to <replaceable>base_directory</replaceable> " "and use that as the home directory." @@ -1352,18 +1375,18 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:858 +#: sssd.conf.5.xml:876 msgid "Default: <filename>/home</filename>" msgstr "" # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:863 +#: sssd.conf.5.xml:881 msgid "create_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:866 +#: sssd.conf.5.xml:884 msgid "" "Indicate if a home directory should be created by default for new users. " "Can be overridden on command line." @@ -1371,18 +1394,18 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:870 sssd.conf.5.xml:882 +#: sssd.conf.5.xml:888 sssd.conf.5.xml:900 msgid "Default: TRUE" msgstr "" # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:875 +#: sssd.conf.5.xml:893 msgid "remove_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:878 +#: sssd.conf.5.xml:896 msgid "" "Indicate if a home directory should be removed by default for deleted " "users. Can be overridden on command line." @@ -1390,13 +1413,13 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:887 +#: sssd.conf.5.xml:905 msgid "homedir_umask (integer)" msgstr "" # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:890 +#: sssd.conf.5.xml:908 msgid "" "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions " @@ -1405,19 +1428,19 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:898 +#: sssd.conf.5.xml:916 msgid "Default: 077" msgstr "" # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:903 +#: sssd.conf.5.xml:921 msgid "skel_dir (string)" msgstr "" # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:906 +#: sssd.conf.5.xml:924 msgid "" "The skeleton directory, which contains files and directories to be copied in " "the user's home directory, when the home directory is created by " @@ -1427,19 +1450,19 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:916 +#: sssd.conf.5.xml:934 msgid "Default: <filename>/etc/skel</filename>" msgstr "" # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:921 +#: sssd.conf.5.xml:939 msgid "mail_dir (string)" msgstr "" # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:924 +#: sssd.conf.5.xml:942 msgid "" "The mail spool directory. This is needed to manipulate the mailbox when its " "corresponding user account is modified or deleted. If not specified, a " @@ -1448,19 +1471,19 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:931 +#: sssd.conf.5.xml:949 msgid "Default: <filename>/var/mail</filename>" msgstr "" # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:936 +#: sssd.conf.5.xml:954 msgid "userdel_cmd (string)" msgstr "" # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:939 +#: sssd.conf.5.xml:957 msgid "" "The command that is run after a user is removed. The command us passed the " "username of the user being removed as the first and only parameter. The " @@ -1469,20 +1492,20 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:945 +#: sssd.conf.5.xml:963 msgid "Default: None, no command is run" msgstr "" # type: Content of: <reference><refentry><refsect1><title> #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:955 sssd-ldap.5.xml:1261 sssd-simple.5.xml:126 -#: sssd-ipa.5.xml:160 sssd-krb5.5.xml:405 +#: sssd.conf.5.xml:973 sssd-ldap.5.xml:1357 sssd-simple.5.xml:126 +#: sssd-ipa.5.xml:173 sssd-krb5.5.xml:405 msgid "EXAMPLE" msgstr "" # type: Content of: <reference><refentry><refsect1><para><programlisting> #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:961 +#: sssd.conf.5.xml:979 #, no-wrap msgid "" "[sssd]\n" @@ -1512,7 +1535,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:957 +#: sssd.conf.5.xml:975 msgid "" "The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -1522,7 +1545,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para> #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:992 +#: sssd.conf.5.xml:1010 msgid "" "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -1799,7 +1822,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:226 sssd-ldap.5.xml:580 +#: sssd-ldap.5.xml:226 sssd-ldap.5.xml:622 msgid "Default: gidNumber" msgstr "" @@ -1871,7 +1894,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:278 sssd-ldap.5.xml:606 sssd-ldap.5.xml:699 +#: sssd-ldap.5.xml:278 sssd-ldap.5.xml:648 sssd-ldap.5.xml:741 msgid "Default: nsUniqueId" msgstr "" @@ -1883,7 +1906,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:287 sssd-ldap.5.xml:615 sssd-ldap.5.xml:708 +#: sssd-ldap.5.xml:287 sssd-ldap.5.xml:657 sssd-ldap.5.xml:750 msgid "" "The LDAP attribute that contains timestamp of the last modification of the " "parent object." @@ -1891,7 +1914,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:291 sssd-ldap.5.xml:619 sssd-ldap.5.xml:712 +#: sssd-ldap.5.xml:291 sssd-ldap.5.xml:661 sssd-ldap.5.xml:754 msgid "Default: modifyTimestamp" msgstr "" @@ -2067,15 +2090,66 @@ msgstr "" msgid "Default: krbPasswordExpiration" msgstr "" -# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:439 +msgid "ldap_user_ad_account_expires (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:442 +msgid "" +"When using ldap_account_expire_policy=ad, this parameter contains the name " +"of an LDAP attribute storing the expiration time of the account." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:447 +msgid "Default: accountExpires" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:453 +msgid "ldap_user_ad_user_account_control (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:456 +msgid "" +"When using ldap_account_expire_policy=ad, this parameter contains the name " +"of an LDAP attribute storing the user account control bit field." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:461 +msgid "Default: userAccountControl" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:467 +msgid "ldap_ns_account_lock (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:470 +msgid "" +"When using ldap_account_expire_policy=rhds or equivalent, this parameter " +"determines if access is allowed or not." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:475 +msgid "Default: nsAccountLock" +msgstr "" + +# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:481 msgid "ldap_user_principal (string)" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:442 +#: sssd-ldap.5.xml:484 msgid "" "The LDAP attribute that contains the user's Kerberos User Principal Name " "(UPN)." @@ -2083,19 +2157,19 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:446 +#: sssd-ldap.5.xml:488 msgid "Default: krbPrincipalName" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:452 +#: sssd-ldap.5.xml:494 msgid "ldap_force_upper_case_realm (boolean)" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:455 +#: sssd-ldap.5.xml:497 msgid "" "Some directory servers, for example Active Directory, might deliver the " "realm part of the UPN in lower case, which might cause the authentication to " @@ -2105,20 +2179,20 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:462 sssd-ldap.5.xml:878 sssd-ipa.5.xml:115 sssd.8.xml:64 +#: sssd-ldap.5.xml:504 sssd-ldap.5.xml:961 sssd-ipa.5.xml:115 sssd.8.xml:64 #: sssd-krb5.5.xml:235 sssd-krb5.5.xml:266 msgid "Default: false" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:468 +#: sssd-ldap.5.xml:510 msgid "ldap_enumeration_refresh_timeout (integer)" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:471 +#: sssd-ldap.5.xml:513 msgid "" "The LDAP attribute that contains how many seconds SSSD has to wait before " "refreshing its cache of enumerated records." @@ -2126,19 +2200,19 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:476 +#: sssd-ldap.5.xml:518 msgid "Default: 300" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:482 +#: sssd-ldap.5.xml:524 msgid "ldap_purge_cache_timeout" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:485 +#: sssd-ldap.5.xml:527 msgid "" "Determine how often to check the cache for inactive entries (such as groups " "with no members and users who have never logged in) and remove them to save " @@ -2147,59 +2221,59 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:491 +#: sssd-ldap.5.xml:533 msgid "Setting this option to zero will disable the cache cleanup operation." msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:495 +#: sssd-ldap.5.xml:537 msgid "Default: 10800 (12 hours)" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:501 +#: sssd-ldap.5.xml:543 msgid "ldap_user_fullname (string)" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:504 +#: sssd-ldap.5.xml:546 msgid "The LDAP attribute that corresponds to the user's full name." msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:508 sssd-ldap.5.xml:567 sssd-ldap.5.xml:660 +#: sssd-ldap.5.xml:550 sssd-ldap.5.xml:609 sssd-ldap.5.xml:702 msgid "Default: cn" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:514 +#: sssd-ldap.5.xml:556 msgid "ldap_user_member_of (string)" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:517 +#: sssd-ldap.5.xml:559 msgid "The LDAP attribute that lists the user's group memberships." msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:521 +#: sssd-ldap.5.xml:563 msgid "Default: memberOf" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:527 +#: sssd-ldap.5.xml:569 msgid "ldap_user_authorized_service (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:530 +#: sssd-ldap.5.xml:572 msgid "" "If access_provider=ldap and ldap_access_order=authorized_service, SSSD will " "use the presence of the authorizedService attribute in the user's LDAP entry " @@ -2207,104 +2281,104 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:537 +#: sssd-ldap.5.xml:579 msgid "" "An explicit deny (!svc) is resolved first. Second, SSSD searches for " "explicit allow (svc) and finally for allow_all (*)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:542 +#: sssd-ldap.5.xml:584 msgid "Default: authorizedService" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:548 +#: sssd-ldap.5.xml:590 msgid "ldap_group_object_class (string)" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:551 +#: sssd-ldap.5.xml:593 msgid "The object class of a group entry in LDAP." msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:554 +#: sssd-ldap.5.xml:596 msgid "Default: posixGroup" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:560 +#: sssd-ldap.5.xml:602 msgid "ldap_group_name (string)" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:563 +#: sssd-ldap.5.xml:605 msgid "The LDAP attribute that corresponds to the group name." msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:573 +#: sssd-ldap.5.xml:615 msgid "ldap_group_gid_number (string)" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:576 +#: sssd-ldap.5.xml:618 msgid "The LDAP attribute that corresponds to the group's id." msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:586 +#: sssd-ldap.5.xml:628 msgid "ldap_group_member (string)" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:589 +#: sssd-ldap.5.xml:631 msgid "The LDAP attribute that contains the names of the group's members." msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:593 +#: sssd-ldap.5.xml:635 msgid "Default: memberuid (rfc2307) / member (rfc2307bis)" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:599 +#: sssd-ldap.5.xml:641 msgid "ldap_group_uuid (string)" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:602 +#: sssd-ldap.5.xml:644 msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object." msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:612 +#: sssd-ldap.5.xml:654 msgid "ldap_group_modify_timestamp (string)" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:625 +#: sssd-ldap.5.xml:667 msgid "ldap_group_nesting_level (integer)" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:628 +#: sssd-ldap.5.xml:670 msgid "" "If ldap_schema is set to a schema format that supports nested groups (e.g. " "RFC2307bis), then this option controls how many levels of nesting SSSD will " @@ -2313,104 +2387,104 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:635 +#: sssd-ldap.5.xml:677 msgid "Default: 2" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:641 +#: sssd-ldap.5.xml:683 msgid "ldap_netgroup_object_class (string)" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:644 +#: sssd-ldap.5.xml:686 msgid "The object class of a netgroup entry in LDAP." msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:647 +#: sssd-ldap.5.xml:689 msgid "Default: nisNetgroup" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:653 +#: sssd-ldap.5.xml:695 msgid "ldap_netgroup_name (string)" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:656 +#: sssd-ldap.5.xml:698 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:666 +#: sssd-ldap.5.xml:708 msgid "ldap_netgroup_member (string)" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:669 +#: sssd-ldap.5.xml:711 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:673 +#: sssd-ldap.5.xml:715 msgid "Default: memberNisNetgroup" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:679 +#: sssd-ldap.5.xml:721 msgid "ldap_netgroup_triple (string)" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:682 +#: sssd-ldap.5.xml:724 msgid "" "The LDAP attribute that contains the (host, user, domain) netgroup triples." msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:686 +#: sssd-ldap.5.xml:728 msgid "Default: nisNetgroupTriple" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:692 +#: sssd-ldap.5.xml:734 msgid "ldap_netgroup_uuid (string)" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:695 +#: sssd-ldap.5.xml:737 msgid "" "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:705 +#: sssd-ldap.5.xml:747 msgid "ldap_netgroup_modify_timestamp (string)" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:718 +#: sssd-ldap.5.xml:760 msgid "ldap_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:721 +#: sssd-ldap.5.xml:763 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " @@ -2418,7 +2492,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:727 +#: sssd-ldap.5.xml:769 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " @@ -2427,17 +2501,17 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:733 sssd-ldap.5.xml:775 sssd-ldap.5.xml:790 +#: sssd-ldap.5.xml:775 sssd-ldap.5.xml:817 sssd-ldap.5.xml:832 msgid "Default: 6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:739 +#: sssd-ldap.5.xml:781 msgid "ldap_enumeration_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:742 +#: sssd-ldap.5.xml:784 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " @@ -2446,19 +2520,19 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:749 +#: sssd-ldap.5.xml:791 msgid "Default: 60" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:755 +#: sssd-ldap.5.xml:797 msgid "ldap_network_timeout (integer)" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:758 +#: sssd-ldap.5.xml:800 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" @@ -2470,13 +2544,13 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:781 +#: sssd-ldap.5.xml:823 msgid "ldap_opt_timeout (integer)" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:784 +#: sssd-ldap.5.xml:826 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " @@ -2485,13 +2559,13 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:796 +#: sssd-ldap.5.xml:838 msgid "ldap_tls_reqcert (string)" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:799 +#: sssd-ldap.5.xml:841 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" @@ -2499,7 +2573,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:805 +#: sssd-ldap.5.xml:847 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." @@ -2507,7 +2581,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:809 +#: sssd-ldap.5.xml:851 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2516,7 +2590,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:816 +#: sssd-ldap.5.xml:858 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2525,7 +2599,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:822 +#: sssd-ldap.5.xml:864 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " @@ -2534,25 +2608,25 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:828 +#: sssd-ldap.5.xml:870 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:832 +#: sssd-ldap.5.xml:874 msgid "Default: hard" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:838 +#: sssd-ldap.5.xml:880 msgid "ldap_tls_cacert (string)" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:841 +#: sssd-ldap.5.xml:883 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." @@ -2560,7 +2634,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:846 sssd-ldap.5.xml:864 +#: sssd-ldap.5.xml:888 sssd-ldap.5.xml:906 sssd-ldap.5.xml:947 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" @@ -2568,13 +2642,13 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:853 +#: sssd-ldap.5.xml:895 msgid "ldap_tls_cacertdir (string)" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:856 +#: sssd-ldap.5.xml:898 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " @@ -2582,15 +2656,53 @@ msgid "" "<command>cacertdir_rehash</command> can be used to create the correct names." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:913 +msgid "ldap_tls_cert (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:916 +msgid "Specifies the file that contains the certificate for the client's key." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:920 sssd-ldap.5.xml:932 sssd-krb5.5.xml:356 +msgid "Default: not set" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:926 +msgid "ldap_tls_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:929 +msgid "Specifies the file that contains the client's key." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:938 +msgid "ldap_tls_cipher_suite (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:941 +msgid "" +"Specifies acceptable cipher suites. Typically this is a colon sperated " +"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry> for format." +msgstr "" + # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:871 +#: sssd-ldap.5.xml:954 msgid "ldap_id_use_start_tls (boolean)" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:874 +#: sssd-ldap.5.xml:957 msgid "" "Specifies that the id_provider connection must also use <systemitem class=" "\"protocol\">tls</systemitem> to protect the channel." @@ -2598,13 +2710,13 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:884 +#: sssd-ldap.5.xml:967 msgid "ldap_sasl_mech (string)" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:887 +#: sssd-ldap.5.xml:970 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI is tested and " "supported." @@ -2612,19 +2724,19 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:891 sssd-ldap.5.xml:1019 +#: sssd-ldap.5.xml:974 sssd-ldap.5.xml:1102 msgid "Default: none" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:897 +#: sssd-ldap.5.xml:980 msgid "ldap_sasl_authid (string)" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:900 +#: sssd-ldap.5.xml:983 msgid "" "Specify the SASL authorization id to use. When GSSAPI is used, this " "represents the Kerberos principal used for authentication to the directory." @@ -2632,37 +2744,37 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:905 +#: sssd-ldap.5.xml:988 msgid "Default: host/machine.fqdn@REALM" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:911 +#: sssd-ldap.5.xml:994 msgid "ldap_krb5_keytab (string)" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:914 +#: sssd-ldap.5.xml:997 msgid "Specify the keytab to use when using SASL/GSSAPI." msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:917 +#: sssd-ldap.5.xml:1000 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:923 +#: sssd-ldap.5.xml:1006 msgid "ldap_krb5_init_creds (boolean)" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:926 +#: sssd-ldap.5.xml:1009 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " @@ -2671,31 +2783,31 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:938 +#: sssd-ldap.5.xml:1021 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:941 +#: sssd-ldap.5.xml:1024 msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used." msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:945 +#: sssd-ldap.5.xml:1028 msgid "Default: 86400 (24 hours)" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:951 sssd-krb5.5.xml:74 +#: sssd-ldap.5.xml:1034 sssd-krb5.5.xml:74 msgid "krb5_server (string)" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:954 sssd-krb5.5.xml:77 +#: sssd-ldap.5.xml:1037 sssd-krb5.5.xml:77 msgid "" "Specifies the list of IP addresses or hostnames of the Kerberos servers to " "which SSSD should connect in the order of preference. For more information " @@ -2706,7 +2818,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:966 sssd-krb5.5.xml:89 +#: sssd-ldap.5.xml:1049 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " @@ -2715,7 +2827,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:971 sssd-krb5.5.xml:94 +#: sssd-ldap.5.xml:1054 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " @@ -2724,31 +2836,31 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:980 sssd-krb5.5.xml:103 +#: sssd-ldap.5.xml:1063 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:983 +#: sssd-ldap.5.xml:1066 msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)." msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:986 +#: sssd-ldap.5.xml:1069 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:992 +#: sssd-ldap.5.xml:1075 msgid "ldap_pwd_policy (string)" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:995 +#: sssd-ldap.5.xml:1078 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" @@ -2756,7 +2868,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1000 +#: sssd-ldap.5.xml:1083 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." @@ -2764,7 +2876,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1005 +#: sssd-ldap.5.xml:1088 msgid "" "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " @@ -2774,7 +2886,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1013 +#: sssd-ldap.5.xml:1096 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " @@ -2783,19 +2895,19 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1025 +#: sssd-ldap.5.xml:1108 msgid "ldap_referrals (boolean)" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1028 +#: sssd-ldap.5.xml:1111 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1032 +#: sssd-ldap.5.xml:1115 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." @@ -2803,48 +2915,48 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1043 +#: sssd-ldap.5.xml:1126 msgid "ldap_dns_service_name (string)" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1046 +#: sssd-ldap.5.xml:1129 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1050 +#: sssd-ldap.5.xml:1133 msgid "Default: ldap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1056 +#: sssd-ldap.5.xml:1139 msgid "ldap_chpass_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1059 +#: sssd-ldap.5.xml:1142 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1064 +#: sssd-ldap.5.xml:1147 msgid "Default: not set, i.e. service discovery is disabled" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1070 +#: sssd-ldap.5.xml:1153 msgid "ldap_access_filter (string)" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1073 +#: sssd-ldap.5.xml:1156 msgid "" "If using access_provider = ldap, this option is mandatory. It specifies an " "LDAP search filter criteria that must be met for the user to be granted " @@ -2855,13 +2967,13 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1083 +#: sssd-ldap.5.xml:1166 msgid "Example:" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1086 +#: sssd-ldap.5.xml:1169 #, no-wrap msgid "" "access_provider = ldap\n" @@ -2871,7 +2983,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1090 +#: sssd-ldap.5.xml:1173 msgid "" "This example means that access to this host is restricted to members of the " "\"allowedusers\" group in ldap." @@ -2879,7 +2991,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1095 +#: sssd-ldap.5.xml:1178 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " @@ -2889,24 +3001,24 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1103 sssd-ldap.5.xml:1131 +#: sssd-ldap.5.xml:1186 sssd-ldap.5.xml:1227 msgid "Default: Empty" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1109 +#: sssd-ldap.5.xml:1192 msgid "ldap_account_expire_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1112 +#: sssd-ldap.5.xml:1195 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1116 +#: sssd-ldap.5.xml:1199 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " @@ -2914,51 +3026,68 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1123 +#: sssd-ldap.5.xml:1206 msgid "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1126 +#: sssd-ldap.5.xml:1209 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1214 +msgid "" +"<emphasis>ad</emphasis>: use the value of the 32bit field " +"ldap_user_ad_user_account_control and allow access if the second bit is not " +"set. If the attribute is missing access is granted. Also the expiration time " +"of the account is checked." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1221 +msgid "" +"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" +"emphasis>: use the value of ldap_ns_account_lock to check if access is " +"allowed or not." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1137 +#: sssd-ldap.5.xml:1233 msgid "ldap_access_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1140 +#: sssd-ldap.5.xml:1236 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1144 +#: sssd-ldap.5.xml:1240 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1147 +#: sssd-ldap.5.xml:1243 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1151 +#: sssd-ldap.5.xml:1247 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1156 +#: sssd-ldap.5.xml:1252 msgid "Default: filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1159 +#: sssd-ldap.5.xml:1255 msgid "" "Please note that it is a configuration error if a value is used more than " "once." @@ -2966,13 +3095,13 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1166 +#: sssd-ldap.5.xml:1262 msgid "ldap_deref (string)" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1169 +#: sssd-ldap.5.xml:1265 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" @@ -2980,13 +3109,13 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1174 +#: sssd-ldap.5.xml:1270 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1178 +#: sssd-ldap.5.xml:1274 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." @@ -2994,7 +3123,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1183 +#: sssd-ldap.5.xml:1279 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." @@ -3002,7 +3131,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1188 +#: sssd-ldap.5.xml:1284 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." @@ -3010,7 +3139,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1193 +#: sssd-ldap.5.xml:1289 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" @@ -3028,55 +3157,55 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><title> #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1205 +#: sssd-ldap.5.xml:1301 msgid "ADVANCED OPTIONS" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1212 +#: sssd-ldap.5.xml:1308 msgid "ldap_netgroup_search_base (string)" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1215 +#: sssd-ldap.5.xml:1311 msgid "" "An optional base DN to restrict netgroup searches to a specific subtree." msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1219 sssd-ldap.5.xml:1233 sssd-ldap.5.xml:1247 +#: sssd-ldap.5.xml:1315 sssd-ldap.5.xml:1329 sssd-ldap.5.xml:1343 msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1226 +#: sssd-ldap.5.xml:1322 msgid "ldap_user_search_base (string)" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1229 +#: sssd-ldap.5.xml:1325 msgid "An optional base DN to restrict user searches to a specific subtree." msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1240 +#: sssd-ldap.5.xml:1336 msgid "ldap_group_search_base (string)" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1243 +#: sssd-ldap.5.xml:1339 msgid "An optional base DN to restrict group searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1207 +#: sssd-ldap.5.xml:1303 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " @@ -3085,7 +3214,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para> #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1263 +#: sssd-ldap.5.xml:1359 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " @@ -3094,7 +3223,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><programlisting> #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1269 +#: sssd-ldap.5.xml:1365 #, no-wrap msgid "" " [domain/LDAP]\n" @@ -3108,20 +3237,20 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1268 sssd-simple.5.xml:134 sssd-ipa.5.xml:168 +#: sssd-ldap.5.xml:1364 sssd-simple.5.xml:134 sssd-ipa.5.xml:181 #: sssd-krb5.5.xml:414 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" # type: Content of: <reference><refentry><refsect1><title> #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1282 sssd_krb5_locator_plugin.8.xml:61 +#: sssd-ldap.5.xml:1378 sssd_krb5_locator_plugin.8.xml:61 msgid "NOTES" msgstr "" # type: Content of: <reference><refentry><refsect1><para> #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1284 +#: sssd-ldap.5.xml:1380 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " @@ -3131,7 +3260,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para> #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1295 +#: sssd-ldap.5.xml:1391 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -3637,15 +3766,30 @@ msgstr "" msgid "Default: Use the IP address of the IPA LDAP connection" msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:135 +msgid "ipa_hbac_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:138 +msgid "Optional. Use the given string as search base for HBAC related objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:142 +msgid "Default: Use base DN" +msgstr "" + # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:135 sssd-krb5.5.xml:229 +#: sssd-ipa.5.xml:148 sssd-krb5.5.xml:229 msgid "krb5_validate (boolean)" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:138 sssd-krb5.5.xml:232 +#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:232 msgid "" "Verify with the help of krb5_keytab that the TGT obtained has not been " "spoofed." @@ -3653,7 +3797,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:145 +#: sssd-ipa.5.xml:158 msgid "" "Note that this default differs from the traditional Kerberos provider back " "end." @@ -3661,7 +3805,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para> #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:162 +#: sssd-ipa.5.xml:175 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -3670,7 +3814,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><programlisting> #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:169 +#: sssd-ipa.5.xml:182 #, no-wrap msgid "" " [domain/example.com]\n" @@ -3681,7 +3825,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para> #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:180 +#: sssd-ipa.5.xml:193 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</" @@ -3906,14 +4050,13 @@ msgid "" "config file." msgstr "" -# type: Content of: <reference><refentry><refsect1><para> #. type: Content of: <reference><refentry><refsect1><para> #: sss_obfuscate.8.xml:37 msgid "" -"The cleartext password can be specified as an extra argument to the program " -"or read from standard input. The obfuscated password is put into " -"<quote>ldap_default_authtok</quote> parameter of a given SSSD domain and the " -"<quote>ldap_default_authtok_type</quote> parameter is set to " +"The cleartext password can be specified as an argument to the program, read " +"from standard input or entered interactively. The obfuscated password is " +"put into <quote>ldap_default_authtok</quote> parameter of a given SSSD " +"domain and the <quote>ldap_default_authtok_type</quote> parameter is set to " "<quote>obfuscated_password</quote>. Refer to <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> for more details on these parameters." @@ -4560,11 +4703,6 @@ msgstr "" msgid "If this option is not set or 0 the automatic renewal is disabled." msgstr "" -#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-krb5.5.xml:356 -msgid "Default: not set" -msgstr "" - #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:362 msgid "krb5_use_fast (string)" diff --git a/src/man/po/sssd-docs.pot b/src/man/po/sssd-docs.pot index a837f06a..97e784b7 100644 --- a/src/man/po/sssd-docs.pot +++ b/src/man/po/sssd-docs.pot @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: sssd-docs 1.5.1\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2011-01-17 08:11-0500\n" +"POT-Creation-Date: 2011-01-24 13:36-0500\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: LANGUAGE <LL@li.org>\n" @@ -93,7 +93,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sss_groupmod.8.xml:72 sssd.conf.5.xml:990 sssd-ldap.5.xml:1293 pam_sss.8.xml:128 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143 sssd-ipa.5.xml:178 sssd.8.xml:166 sss_obfuscate.8.xml:104 sss_useradd.8.xml:167 sssd-krb5.5.xml:424 sss_groupadd.8.xml:58 sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58 sss_usermod.8.xml:138 +#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1008 sssd-ldap.5.xml:1389 pam_sss.8.xml:128 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143 sssd-ipa.5.xml:191 sssd.8.xml:166 sss_obfuscate.8.xml:104 sss_useradd.8.xml:167 sssd-krb5.5.xml:424 sss_groupadd.8.xml:58 sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58 sss_usermod.8.xml:138 msgid "SEE ALSO" msgstr "" @@ -200,7 +200,7 @@ msgid "The [sssd] section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:70 sssd.conf.5.xml:836 +#: sssd.conf.5.xml:70 sssd.conf.5.xml:854 msgid "Section parameters" msgstr "" @@ -414,7 +414,7 @@ msgid "Add a timestamp to the debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:229 sssd.conf.5.xml:353 sssd-ldap.5.xml:932 sssd-ldap.5.xml:1037 sssd-ipa.5.xml:142 +#: sssd.conf.5.xml:229 sssd.conf.5.xml:353 sssd-ldap.5.xml:1015 sssd-ldap.5.xml:1120 sssd-ipa.5.xml:155 msgid "Default: true" msgstr "" @@ -607,7 +607,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:408 sssd.conf.5.xml:461 sssd.conf.5.xml:775 +#: sssd.conf.5.xml:408 sssd.conf.5.xml:461 sssd.conf.5.xml:793 msgid "Default: 5" msgstr "" @@ -676,25 +676,48 @@ msgid "" "provider." msgstr "" -#. type: Content of: <reference><refentry><refsect1><title> +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:467 +msgid "pam_pwd_expiration_warning (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:470 +msgid "Display a warning N days before the password expires." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:473 +msgid "" +"Please note that the backend server has to provide information about the " +"expiration time of the password. If this information is missing, sssd " +"cannot display a warning." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:479 +msgid "Default: 7" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:488 msgid "DOMAIN SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:477 +#: sssd.conf.5.xml:495 msgid "min_id,max_id (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:480 +#: sssd.conf.5.xml:498 msgid "" "UID and GID limits for the domain. If a domain contains an entry that is " "outside these limits, it is ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:485 +#: sssd.conf.5.xml:503 msgid "" "For users, this affects the primary GID limit. The user will not be returned " "to NSS if either the UID or the primary GID is outside the range. For " @@ -703,56 +726,56 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:492 +#: sssd.conf.5.xml:510 msgid "Default: 1 for min_id, 0 (no limit) for max_id" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:498 +#: sssd.conf.5.xml:516 msgid "timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:501 +#: sssd.conf.5.xml:519 msgid "" "Timeout in seconds between heartbeats for this domain. This is used to " "ensure that the backend process is alive and capable of answering requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:506 +#: sssd.conf.5.xml:524 msgid "Default: 10" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:512 +#: sssd.conf.5.xml:530 msgid "enumerate (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:515 +#: sssd.conf.5.xml:533 msgid "" "Determines if a domain can be enumerated. This parameter can have one of the " "following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:519 +#: sssd.conf.5.xml:537 msgid "TRUE = Users and groups are enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:522 +#: sssd.conf.5.xml:540 msgid "FALSE = No enumerations for this domain" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:525 sssd.conf.5.xml:573 sssd.conf.5.xml:627 +#: sssd.conf.5.xml:543 sssd.conf.5.xml:591 sssd.conf.5.xml:645 msgid "Default: FALSE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:528 +#: sssd.conf.5.xml:546 msgid "" "Note: Enabling enumeration has a moderate performance impact on SSSD while " "enumeration is running. It may take up to several minutes after SSSD startup " @@ -762,14 +785,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:538 +#: sssd.conf.5.xml:556 msgid "" "While the first enumeration is running, requests for the complete user or " "group lists may return no results until it completes." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:543 +#: sssd.conf.5.xml:561 msgid "" "Further, enabling enumeration may increase the time necessary to detect " "network disconnection, as longer timeouts are required to ensure that " @@ -778,39 +801,39 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:554 +#: sssd.conf.5.xml:572 msgid "entry_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:557 +#: sssd.conf.5.xml:575 msgid "" "How many seconds should nss_sss consider entries valid before asking the " "backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:561 +#: sssd.conf.5.xml:579 msgid "Default: 5400" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:566 +#: sssd.conf.5.xml:584 msgid "cache_credentials (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:569 +#: sssd.conf.5.xml:587 msgid "Determines if user credentials are also cached in the local LDB cache" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:578 +#: sssd.conf.5.xml:596 msgid "account_cache_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:581 +#: sssd.conf.5.xml:599 msgid "" "Number of days entries are left in cache after last successful login before " "being removed during a cleanup of the cache. 0 means keep forever. The " @@ -819,47 +842,47 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:588 +#: sssd.conf.5.xml:606 msgid "Default: 0 (unlimited)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:594 +#: sssd.conf.5.xml:612 msgid "id_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:597 +#: sssd.conf.5.xml:615 msgid "The Data Provider identity backend to use for this domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:601 +#: sssd.conf.5.xml:619 msgid "Supported backends:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:604 +#: sssd.conf.5.xml:622 msgid "proxy: Support a legacy NSS provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:607 +#: sssd.conf.5.xml:625 msgid "local: SSSD internal local provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:610 +#: sssd.conf.5.xml:628 msgid "ldap: LDAP provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:616 +#: sssd.conf.5.xml:634 msgid "use_fully_qualified_names (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:619 +#: sssd.conf.5.xml:637 msgid "" "If set to TRUE, all requests to this domain must use fully qualified " "names. For example, if used in LOCAL domain that contains a \"test\" user, " @@ -868,19 +891,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:632 +#: sssd.conf.5.xml:650 msgid "auth_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:635 +#: sssd.conf.5.xml:653 msgid "" "The authentication provider used for the domain. Supported auth providers " "are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:639 +#: sssd.conf.5.xml:657 msgid "" "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> " @@ -888,7 +911,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:646 +#: sssd.conf.5.xml:664 msgid "" "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> " @@ -896,29 +919,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:653 +#: sssd.conf.5.xml:671 msgid "<quote>proxy</quote> for relaying authentication to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:656 +#: sssd.conf.5.xml:674 msgid "<quote>none</quote> disables authentication explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:659 +#: sssd.conf.5.xml:677 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "authentication requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:665 +#: sssd.conf.5.xml:683 msgid "access_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:668 +#: sssd.conf.5.xml:686 msgid "" "The access control provider used for the domain. There are two built-in " "access providers (in addition to any included in installed backends) " @@ -926,17 +949,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:674 +#: sssd.conf.5.xml:692 msgid "<quote>permit</quote> always allow access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:677 +#: sssd.conf.5.xml:695 msgid "<quote>deny</quote> always deny access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:680 +#: sssd.conf.5.xml:698 msgid "" "<quote>simple</quote> access control based on access or deny lists. See " "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> " @@ -945,24 +968,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:687 +#: sssd.conf.5.xml:705 msgid "Default: <quote>permit</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:692 +#: sssd.conf.5.xml:710 msgid "chpass_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:695 +#: sssd.conf.5.xml:713 msgid "" "The provider which should handle change password operations for the domain. " "Supported change password providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:700 +#: sssd.conf.5.xml:718 msgid "" "<quote>ipa</quote> to change a password stored in an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " @@ -971,7 +994,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:708 +#: sssd.conf.5.xml:726 msgid "" "<quote>ldap</quote> to change a password stored in a LDAP server. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> " @@ -980,7 +1003,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:716 +#: sssd.conf.5.xml:734 msgid "" "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> " @@ -988,71 +1011,71 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:724 +#: sssd.conf.5.xml:742 msgid "<quote>proxy</quote> for relaying password changes to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:728 +#: sssd.conf.5.xml:746 msgid "<quote>none</quote> disallows password changes explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:731 +#: sssd.conf.5.xml:749 msgid "" "Default: <quote>auth_provider</quote> is used if it is set and can handle " "change password requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:738 +#: sssd.conf.5.xml:756 msgid "lookup_family_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:741 +#: sssd.conf.5.xml:759 msgid "" "Provides the ability to select preferred address family to use when " "performing DNS lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:745 +#: sssd.conf.5.xml:763 msgid "Supported values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:748 +#: sssd.conf.5.xml:766 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:751 +#: sssd.conf.5.xml:769 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:754 +#: sssd.conf.5.xml:772 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:757 +#: sssd.conf.5.xml:775 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:760 +#: sssd.conf.5.xml:778 msgid "Default: ipv4_first" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:766 +#: sssd.conf.5.xml:784 msgid "dns_resolver_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:769 +#: sssd.conf.5.xml:787 msgid "" "Defines the amount of time (in seconds) to wait for a reply from the DNS " "resolver before assuming that it is unreachable. If this timeout is reached, " @@ -1060,24 +1083,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:781 +#: sssd.conf.5.xml:799 msgid "dns_discovery_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:784 +#: sssd.conf.5.xml:802 msgid "" "If service discovery is used in the back end, specifies the domain part of " "the service discovery DNS query." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:788 +#: sssd.conf.5.xml:806 msgid "Default: Use the domain part of machine's hostname" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:472 +#: sssd.conf.5.xml:490 msgid "" "These configuration options can be present in a domain configuration " "section, that is, in a section called " @@ -1086,29 +1109,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:800 +#: sssd.conf.5.xml:818 msgid "proxy_pam_target (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:803 +#: sssd.conf.5.xml:821 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:806 +#: sssd.conf.5.xml:824 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:814 +#: sssd.conf.5.xml:832 msgid "proxy_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:817 +#: sssd.conf.5.xml:835 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -1116,19 +1139,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:796 +#: sssd.conf.5.xml:814 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" " "id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:829 +#: sssd.conf.5.xml:847 msgid "The local domain section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:831 +#: sssd.conf.5.xml:849 msgid "" "This section contains settings for domain that stores users and groups in " "SSSD native database, that is, a domain that uses " @@ -1136,73 +1159,73 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:838 +#: sssd.conf.5.xml:856 msgid "default_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:841 +#: sssd.conf.5.xml:859 msgid "The default shell for users created with SSSD userspace tools." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:845 +#: sssd.conf.5.xml:863 msgid "Default: <filename>/bin/bash</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:850 +#: sssd.conf.5.xml:868 msgid "base_directory (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:853 +#: sssd.conf.5.xml:871 msgid "" "The tools append the login name to <replaceable>base_directory</replaceable> " "and use that as the home directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:858 +#: sssd.conf.5.xml:876 msgid "Default: <filename>/home</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:863 +#: sssd.conf.5.xml:881 msgid "create_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:866 +#: sssd.conf.5.xml:884 msgid "" "Indicate if a home directory should be created by default for new users. " "Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:870 sssd.conf.5.xml:882 +#: sssd.conf.5.xml:888 sssd.conf.5.xml:900 msgid "Default: TRUE" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:875 +#: sssd.conf.5.xml:893 msgid "remove_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:878 +#: sssd.conf.5.xml:896 msgid "" "Indicate if a home directory should be removed by default for deleted " "users. Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:887 +#: sssd.conf.5.xml:905 msgid "homedir_umask (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:890 +#: sssd.conf.5.xml:908 msgid "" "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions " @@ -1210,17 +1233,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:898 +#: sssd.conf.5.xml:916 msgid "Default: 077" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:903 +#: sssd.conf.5.xml:921 msgid "skel_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:906 +#: sssd.conf.5.xml:924 msgid "" "The skeleton directory, which contains files and directories to be copied in " "the user's home directory, when the home directory is created by " @@ -1229,17 +1252,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:916 +#: sssd.conf.5.xml:934 msgid "Default: <filename>/etc/skel</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:921 +#: sssd.conf.5.xml:939 msgid "mail_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:924 +#: sssd.conf.5.xml:942 msgid "" "The mail spool directory. This is needed to manipulate the mailbox when its " "corresponding user account is modified or deleted. If not specified, a " @@ -1247,17 +1270,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:931 +#: sssd.conf.5.xml:949 msgid "Default: <filename>/var/mail</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:936 +#: sssd.conf.5.xml:954 msgid "userdel_cmd (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:939 +#: sssd.conf.5.xml:957 msgid "" "The command that is run after a user is removed. The command us passed the " "username of the user being removed as the first and only parameter. The " @@ -1265,17 +1288,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:945 +#: sssd.conf.5.xml:963 msgid "Default: None, no command is run" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:955 sssd-ldap.5.xml:1261 sssd-simple.5.xml:126 sssd-ipa.5.xml:160 sssd-krb5.5.xml:405 +#: sssd.conf.5.xml:973 sssd-ldap.5.xml:1357 sssd-simple.5.xml:126 sssd-ipa.5.xml:173 sssd-krb5.5.xml:405 msgid "EXAMPLE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:961 +#: sssd.conf.5.xml:979 #, no-wrap msgid "" "[sssd]\n" @@ -1305,7 +1328,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:957 +#: sssd.conf.5.xml:975 msgid "" "The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -1314,7 +1337,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:992 +#: sssd.conf.5.xml:1010 msgid "" "<citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> " @@ -1562,7 +1585,7 @@ msgid "The LDAP attribute that corresponds to the user's primary group id." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:226 sssd-ldap.5.xml:580 +#: sssd-ldap.5.xml:226 sssd-ldap.5.xml:622 msgid "Default: gidNumber" msgstr "" @@ -1622,7 +1645,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:278 sssd-ldap.5.xml:606 sssd-ldap.5.xml:699 +#: sssd-ldap.5.xml:278 sssd-ldap.5.xml:648 sssd-ldap.5.xml:741 msgid "Default: nsUniqueId" msgstr "" @@ -1632,14 +1655,14 @@ msgid "ldap_user_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:287 sssd-ldap.5.xml:615 sssd-ldap.5.xml:708 +#: sssd-ldap.5.xml:287 sssd-ldap.5.xml:657 sssd-ldap.5.xml:750 msgid "" "The LDAP attribute that contains timestamp of the last modification of the " "parent object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:291 sssd-ldap.5.xml:619 sssd-ldap.5.xml:712 +#: sssd-ldap.5.xml:291 sssd-ldap.5.xml:661 sssd-ldap.5.xml:754 msgid "Default: modifyTimestamp" msgstr "" @@ -1795,28 +1818,79 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:439 -msgid "ldap_user_principal (string)" +msgid "ldap_user_ad_account_expires (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:442 msgid "" +"When using ldap_account_expire_policy=ad, this parameter contains the name " +"of an LDAP attribute storing the expiration time of the account." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:447 +msgid "Default: accountExpires" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:453 +msgid "ldap_user_ad_user_account_control (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:456 +msgid "" +"When using ldap_account_expire_policy=ad, this parameter contains the name " +"of an LDAP attribute storing the user account control bit field." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:461 +msgid "Default: userAccountControl" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:467 +msgid "ldap_ns_account_lock (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:470 +msgid "" +"When using ldap_account_expire_policy=rhds or equivalent, this parameter " +"determines if access is allowed or not." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:475 +msgid "Default: nsAccountLock" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:481 +msgid "ldap_user_principal (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:484 +msgid "" "The LDAP attribute that contains the user's Kerberos User Principal Name " "(UPN)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:446 +#: sssd-ldap.5.xml:488 msgid "Default: krbPrincipalName" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:452 +#: sssd-ldap.5.xml:494 msgid "ldap_force_upper_case_realm (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:455 +#: sssd-ldap.5.xml:497 msgid "" "Some directory servers, for example Active Directory, might deliver the " "realm part of the UPN in lower case, which might cause the authentication to " @@ -1825,34 +1899,34 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:462 sssd-ldap.5.xml:878 sssd-ipa.5.xml:115 sssd.8.xml:64 sssd-krb5.5.xml:235 sssd-krb5.5.xml:266 +#: sssd-ldap.5.xml:504 sssd-ldap.5.xml:961 sssd-ipa.5.xml:115 sssd.8.xml:64 sssd-krb5.5.xml:235 sssd-krb5.5.xml:266 msgid "Default: false" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:468 +#: sssd-ldap.5.xml:510 msgid "ldap_enumeration_refresh_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:471 +#: sssd-ldap.5.xml:513 msgid "" "The LDAP attribute that contains how many seconds SSSD has to wait before " "refreshing its cache of enumerated records." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:476 +#: sssd-ldap.5.xml:518 msgid "Default: 300" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:482 +#: sssd-ldap.5.xml:524 msgid "ldap_purge_cache_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:485 +#: sssd-ldap.5.xml:527 msgid "" "Determine how often to check the cache for inactive entries (such as groups " "with no members and users who have never logged in) and remove them to save " @@ -1860,52 +1934,52 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:491 +#: sssd-ldap.5.xml:533 msgid "Setting this option to zero will disable the cache cleanup operation." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:495 +#: sssd-ldap.5.xml:537 msgid "Default: 10800 (12 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:501 +#: sssd-ldap.5.xml:543 msgid "ldap_user_fullname (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:504 +#: sssd-ldap.5.xml:546 msgid "The LDAP attribute that corresponds to the user's full name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:508 sssd-ldap.5.xml:567 sssd-ldap.5.xml:660 +#: sssd-ldap.5.xml:550 sssd-ldap.5.xml:609 sssd-ldap.5.xml:702 msgid "Default: cn" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:514 +#: sssd-ldap.5.xml:556 msgid "ldap_user_member_of (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:517 +#: sssd-ldap.5.xml:559 msgid "The LDAP attribute that lists the user's group memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:521 +#: sssd-ldap.5.xml:563 msgid "Default: memberOf" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:527 +#: sssd-ldap.5.xml:569 msgid "ldap_user_authorized_service (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:530 +#: sssd-ldap.5.xml:572 msgid "" "If access_provider=ldap and ldap_access_order=authorized_service, SSSD will " "use the presence of the authorizedService attribute in the user's LDAP entry " @@ -1913,89 +1987,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:537 +#: sssd-ldap.5.xml:579 msgid "" "An explicit deny (!svc) is resolved first. Second, SSSD searches for " "explicit allow (svc) and finally for allow_all (*)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:542 +#: sssd-ldap.5.xml:584 msgid "Default: authorizedService" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:548 +#: sssd-ldap.5.xml:590 msgid "ldap_group_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:551 +#: sssd-ldap.5.xml:593 msgid "The object class of a group entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:554 +#: sssd-ldap.5.xml:596 msgid "Default: posixGroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:560 +#: sssd-ldap.5.xml:602 msgid "ldap_group_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:563 +#: sssd-ldap.5.xml:605 msgid "The LDAP attribute that corresponds to the group name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:573 +#: sssd-ldap.5.xml:615 msgid "ldap_group_gid_number (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:576 +#: sssd-ldap.5.xml:618 msgid "The LDAP attribute that corresponds to the group's id." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:586 +#: sssd-ldap.5.xml:628 msgid "ldap_group_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:589 +#: sssd-ldap.5.xml:631 msgid "The LDAP attribute that contains the names of the group's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:593 +#: sssd-ldap.5.xml:635 msgid "Default: memberuid (rfc2307) / member (rfc2307bis)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:599 +#: sssd-ldap.5.xml:641 msgid "ldap_group_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:602 +#: sssd-ldap.5.xml:644 msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:612 +#: sssd-ldap.5.xml:654 msgid "ldap_group_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:625 +#: sssd-ldap.5.xml:667 msgid "ldap_group_nesting_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:628 +#: sssd-ldap.5.xml:670 msgid "" "If ldap_schema is set to a schema format that supports nested groups " "(e.g. RFC2307bis), then this option controls how many levels of nesting SSSD " @@ -2003,87 +2077,87 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:635 +#: sssd-ldap.5.xml:677 msgid "Default: 2" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:641 +#: sssd-ldap.5.xml:683 msgid "ldap_netgroup_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:644 +#: sssd-ldap.5.xml:686 msgid "The object class of a netgroup entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:647 +#: sssd-ldap.5.xml:689 msgid "Default: nisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:653 +#: sssd-ldap.5.xml:695 msgid "ldap_netgroup_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:656 +#: sssd-ldap.5.xml:698 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:666 +#: sssd-ldap.5.xml:708 msgid "ldap_netgroup_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:669 +#: sssd-ldap.5.xml:711 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:673 +#: sssd-ldap.5.xml:715 msgid "Default: memberNisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:679 +#: sssd-ldap.5.xml:721 msgid "ldap_netgroup_triple (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:682 +#: sssd-ldap.5.xml:724 msgid "The LDAP attribute that contains the (host, user, domain) netgroup triples." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:686 +#: sssd-ldap.5.xml:728 msgid "Default: nisNetgroupTriple" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:692 +#: sssd-ldap.5.xml:734 msgid "ldap_netgroup_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:695 +#: sssd-ldap.5.xml:737 msgid "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:705 +#: sssd-ldap.5.xml:747 msgid "ldap_netgroup_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:718 +#: sssd-ldap.5.xml:760 msgid "ldap_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:721 +#: sssd-ldap.5.xml:763 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " @@ -2091,7 +2165,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:727 +#: sssd-ldap.5.xml:769 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " @@ -2099,17 +2173,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:733 sssd-ldap.5.xml:775 sssd-ldap.5.xml:790 +#: sssd-ldap.5.xml:775 sssd-ldap.5.xml:817 sssd-ldap.5.xml:832 msgid "Default: 6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:739 +#: sssd-ldap.5.xml:781 msgid "ldap_enumeration_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:742 +#: sssd-ldap.5.xml:784 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " @@ -2117,17 +2191,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:749 +#: sssd-ldap.5.xml:791 msgid "Default: 60" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:755 +#: sssd-ldap.5.xml:797 msgid "ldap_network_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:758 +#: sssd-ldap.5.xml:800 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> " @@ -2138,12 +2212,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:781 +#: sssd-ldap.5.xml:823 msgid "ldap_opt_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:784 +#: sssd-ldap.5.xml:826 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " @@ -2151,26 +2225,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:796 +#: sssd-ldap.5.xml:838 msgid "ldap_tls_reqcert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:799 +#: sssd-ldap.5.xml:841 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:805 +#: sssd-ldap.5.xml:847 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:809 +#: sssd-ldap.5.xml:851 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2178,7 +2252,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:816 +#: sssd-ldap.5.xml:858 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2186,7 +2260,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:822 +#: sssd-ldap.5.xml:864 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " @@ -2194,41 +2268,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:828 +#: sssd-ldap.5.xml:870 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:832 +#: sssd-ldap.5.xml:874 msgid "Default: hard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:838 +#: sssd-ldap.5.xml:880 msgid "ldap_tls_cacert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:841 +#: sssd-ldap.5.xml:883 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:846 sssd-ldap.5.xml:864 +#: sssd-ldap.5.xml:888 sssd-ldap.5.xml:906 sssd-ldap.5.xml:947 msgid "" "Default: use OpenLDAP defaults, typically in " "<filename>/etc/openldap/ldap.conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:853 +#: sssd-ldap.5.xml:895 msgid "ldap_tls_cacertdir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:856 +#: sssd-ldap.5.xml:898 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " @@ -2237,73 +2311,111 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:871 +#: sssd-ldap.5.xml:913 +msgid "ldap_tls_cert (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:916 +msgid "Specifies the file that contains the certificate for the client's key." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:920 sssd-ldap.5.xml:932 sssd-krb5.5.xml:356 +msgid "Default: not set" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:926 +msgid "ldap_tls_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:929 +msgid "Specifies the file that contains the client's key." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:938 +msgid "ldap_tls_cipher_suite (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:941 +msgid "" +"Specifies acceptable cipher suites. Typically this is a colon sperated " +"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry> for format." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:954 msgid "ldap_id_use_start_tls (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:874 +#: sssd-ldap.5.xml:957 msgid "" "Specifies that the id_provider connection must also use <systemitem " "class=\"protocol\">tls</systemitem> to protect the channel." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:884 +#: sssd-ldap.5.xml:967 msgid "ldap_sasl_mech (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:887 +#: sssd-ldap.5.xml:970 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI is tested and " "supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:891 sssd-ldap.5.xml:1019 +#: sssd-ldap.5.xml:974 sssd-ldap.5.xml:1102 msgid "Default: none" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:897 +#: sssd-ldap.5.xml:980 msgid "ldap_sasl_authid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:900 +#: sssd-ldap.5.xml:983 msgid "" "Specify the SASL authorization id to use. When GSSAPI is used, this " "represents the Kerberos principal used for authentication to the directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:905 +#: sssd-ldap.5.xml:988 msgid "Default: host/machine.fqdn@REALM" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:911 +#: sssd-ldap.5.xml:994 msgid "ldap_krb5_keytab (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:914 +#: sssd-ldap.5.xml:997 msgid "Specify the keytab to use when using SASL/GSSAPI." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:917 +#: sssd-ldap.5.xml:1000 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:923 +#: sssd-ldap.5.xml:1006 msgid "ldap_krb5_init_creds (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:926 +#: sssd-ldap.5.xml:1009 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " @@ -2311,27 +2423,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:938 +#: sssd-ldap.5.xml:1021 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:941 +#: sssd-ldap.5.xml:1024 msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:945 +#: sssd-ldap.5.xml:1028 msgid "Default: 86400 (24 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:951 sssd-krb5.5.xml:74 +#: sssd-ldap.5.xml:1034 sssd-krb5.5.xml:74 msgid "krb5_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:954 sssd-krb5.5.xml:77 +#: sssd-ldap.5.xml:1037 sssd-krb5.5.xml:77 msgid "" "Specifies the list of IP addresses or hostnames of the Kerberos servers to " "which SSSD should connect in the order of preference. For more information " @@ -2342,7 +2454,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:966 sssd-krb5.5.xml:89 +#: sssd-ldap.5.xml:1049 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " @@ -2350,7 +2462,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:971 sssd-krb5.5.xml:94 +#: sssd-ldap.5.xml:1054 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of " "SSSD. While the legacy name is recognized for the time being, users are " @@ -2359,41 +2471,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:980 sssd-krb5.5.xml:103 +#: sssd-ldap.5.xml:1063 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:983 +#: sssd-ldap.5.xml:1066 msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:986 +#: sssd-ldap.5.xml:1069 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:992 +#: sssd-ldap.5.xml:1075 msgid "ldap_pwd_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:995 +#: sssd-ldap.5.xml:1078 msgid "" "Select the policy to evaluate the password expiration on the client " "side. The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1000 +#: sssd-ldap.5.xml:1083 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1005 +#: sssd-ldap.5.xml:1088 msgid "" "<emphasis>shadow</emphasis> - Use " "<citerefentry><refentrytitle>shadow</refentrytitle> " @@ -2403,7 +2515,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1013 +#: sssd-ldap.5.xml:1096 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " @@ -2411,61 +2523,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1025 +#: sssd-ldap.5.xml:1108 msgid "ldap_referrals (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1028 +#: sssd-ldap.5.xml:1111 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1032 +#: sssd-ldap.5.xml:1115 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1043 +#: sssd-ldap.5.xml:1126 msgid "ldap_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1046 +#: sssd-ldap.5.xml:1129 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1050 +#: sssd-ldap.5.xml:1133 msgid "Default: ldap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1056 +#: sssd-ldap.5.xml:1139 msgid "ldap_chpass_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1059 +#: sssd-ldap.5.xml:1142 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1064 +#: sssd-ldap.5.xml:1147 msgid "Default: not set, i.e. service discovery is disabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1070 +#: sssd-ldap.5.xml:1153 msgid "ldap_access_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1073 +#: sssd-ldap.5.xml:1156 msgid "" "If using access_provider = ldap, this option is mandatory. It specifies an " "LDAP search filter criteria that must be met for the user to be granted " @@ -2475,12 +2587,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1083 +#: sssd-ldap.5.xml:1166 msgid "Example:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1086 +#: sssd-ldap.5.xml:1169 #, no-wrap msgid "" "access_provider = ldap\n" @@ -2489,14 +2601,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1090 +#: sssd-ldap.5.xml:1173 msgid "" "This example means that access to this host is restricted to members of the " "\"allowedusers\" group in ldap." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1095 +#: sssd-ldap.5.xml:1178 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " @@ -2505,24 +2617,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1103 sssd-ldap.5.xml:1131 +#: sssd-ldap.5.xml:1186 sssd-ldap.5.xml:1227 msgid "Default: Empty" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1109 +#: sssd-ldap.5.xml:1192 msgid "ldap_account_expire_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1112 +#: sssd-ldap.5.xml:1195 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1116 +#: sssd-ldap.5.xml:1199 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " @@ -2530,96 +2642,113 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1123 +#: sssd-ldap.5.xml:1206 msgid "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1126 +#: sssd-ldap.5.xml:1209 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1214 +msgid "" +"<emphasis>ad</emphasis>: use the value of the 32bit field " +"ldap_user_ad_user_account_control and allow access if the second bit is not " +"set. If the attribute is missing access is granted. Also the expiration time " +"of the account is checked." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1221 +msgid "" +"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, " +"<emphasis>389ds</emphasis>: use the value of ldap_ns_account_lock to check " +"if access is allowed or not." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1137 +#: sssd-ldap.5.xml:1233 msgid "ldap_access_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1140 +#: sssd-ldap.5.xml:1236 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1144 +#: sssd-ldap.5.xml:1240 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1147 +#: sssd-ldap.5.xml:1243 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1151 +#: sssd-ldap.5.xml:1247 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1156 +#: sssd-ldap.5.xml:1252 msgid "Default: filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1159 +#: sssd-ldap.5.xml:1255 msgid "" "Please note that it is a configuration error if a value is used more than " "once." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1166 +#: sssd-ldap.5.xml:1262 msgid "ldap_deref (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1169 +#: sssd-ldap.5.xml:1265 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1174 +#: sssd-ldap.5.xml:1270 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1178 +#: sssd-ldap.5.xml:1274 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1183 +#: sssd-ldap.5.xml:1279 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1188 +#: sssd-ldap.5.xml:1284 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1193 +#: sssd-ldap.5.xml:1289 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" @@ -2636,47 +2765,47 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1205 +#: sssd-ldap.5.xml:1301 msgid "ADVANCED OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1212 +#: sssd-ldap.5.xml:1308 msgid "ldap_netgroup_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1215 +#: sssd-ldap.5.xml:1311 msgid "An optional base DN to restrict netgroup searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1219 sssd-ldap.5.xml:1233 sssd-ldap.5.xml:1247 +#: sssd-ldap.5.xml:1315 sssd-ldap.5.xml:1329 sssd-ldap.5.xml:1343 msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1226 +#: sssd-ldap.5.xml:1322 msgid "ldap_user_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1229 +#: sssd-ldap.5.xml:1325 msgid "An optional base DN to restrict user searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1240 +#: sssd-ldap.5.xml:1336 msgid "ldap_group_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1243 +#: sssd-ldap.5.xml:1339 msgid "An optional base DN to restrict group searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1207 +#: sssd-ldap.5.xml:1303 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " @@ -2684,7 +2813,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1263 +#: sssd-ldap.5.xml:1359 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " @@ -2692,7 +2821,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1269 +#: sssd-ldap.5.xml:1365 #, no-wrap msgid "" " [domain/LDAP]\n" @@ -2706,17 +2835,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1268 sssd-simple.5.xml:134 sssd-ipa.5.xml:168 sssd-krb5.5.xml:414 +#: sssd-ldap.5.xml:1364 sssd-simple.5.xml:134 sssd-ipa.5.xml:181 sssd-krb5.5.xml:414 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1282 sssd_krb5_locator_plugin.8.xml:61 +#: sssd-ldap.5.xml:1378 sssd_krb5_locator_plugin.8.xml:61 msgid "NOTES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1284 +#: sssd-ldap.5.xml:1380 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " @@ -2725,7 +2854,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1295 +#: sssd-ldap.5.xml:1391 msgid "" "<citerefentry> " "<refentrytitle>sssd.conf</refentrytitle><manvolnum>5</manvolnum> " @@ -3192,26 +3321,41 @@ msgid "Default: Use the IP address of the IPA LDAP connection" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:135 sssd-krb5.5.xml:229 +#: sssd-ipa.5.xml:135 +msgid "ipa_hbac_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:138 +msgid "Optional. Use the given string as search base for HBAC related objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:142 +msgid "Default: Use base DN" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:148 sssd-krb5.5.xml:229 msgid "krb5_validate (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:138 sssd-krb5.5.xml:232 +#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:232 msgid "" "Verify with the help of krb5_keytab that the TGT obtained has not been " "spoofed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:145 +#: sssd-ipa.5.xml:158 msgid "" "Note that this default differs from the traditional Kerberos provider back " "end." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:162 +#: sssd-ipa.5.xml:175 msgid "" "The following example assumes that SSSD is correctly configured and " "example.com is one of the domains in the <replaceable>[sssd]</replaceable> " @@ -3219,7 +3363,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:169 +#: sssd-ipa.5.xml:182 #, no-wrap msgid "" " [domain/example.com]\n" @@ -3229,7 +3373,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:180 +#: sssd-ipa.5.xml:193 msgid "" "<citerefentry> " "<refentrytitle>sssd.conf</refentrytitle><manvolnum>5</manvolnum> " @@ -3436,10 +3580,10 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sss_obfuscate.8.xml:37 msgid "" -"The cleartext password can be specified as an extra argument to the program " -"or read from standard input. The obfuscated password is put into " -"<quote>ldap_default_authtok</quote> parameter of a given SSSD domain and the " -"<quote>ldap_default_authtok_type</quote> parameter is set to " +"The cleartext password can be specified as an argument to the program, read " +"from standard input or entered interactively. The obfuscated password is " +"put into <quote>ldap_default_authtok</quote> parameter of a given SSSD " +"domain and the <quote>ldap_default_authtok_type</quote> parameter is set to " "<quote>obfuscated_password</quote>. Refer to <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> " "</citerefentry> for more details on these parameters." @@ -4016,11 +4160,6 @@ msgstr "" msgid "If this option is not set or 0 the automatic renewal is disabled." msgstr "" -#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-krb5.5.xml:356 -msgid "Default: not set" -msgstr "" - #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:362 msgid "krb5_use_fast (string)" diff --git a/src/man/po/uk.po b/src/man/po/uk.po index 18c9ea95..36b2f27c 100644 --- a/src/man/po/uk.po +++ b/src/man/po/uk.po @@ -6,7 +6,7 @@ msgid "" msgstr "" "Project-Id-Version: sssd-docs 1.5.0\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2011-01-17 08:11-0500\n" +"POT-Creation-Date: 2011-01-24 13:36-0500\n" "PO-Revision-Date: 2011-01-21 20:30+0200\n" "Last-Translator: Yuri Chornoivan <yurchor@ukr.net>\n" "Language-Team: Ukrainian <translation@linux.org.ua>\n" @@ -132,9 +132,9 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><title> #. type: Content of: <reference><refentry><refsect1><title> -#: sss_groupmod.8.xml:72 sssd.conf.5.xml:990 sssd-ldap.5.xml:1293 +#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1008 sssd-ldap.5.xml:1389 #: pam_sss.8.xml:128 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143 -#: sssd-ipa.5.xml:178 sssd.8.xml:166 sss_obfuscate.8.xml:104 +#: sssd-ipa.5.xml:191 sssd.8.xml:166 sss_obfuscate.8.xml:104 #: sss_useradd.8.xml:167 sssd-krb5.5.xml:424 sss_groupadd.8.xml:58 #: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58 #: sss_usermod.8.xml:138 @@ -282,7 +282,7 @@ msgstr "Розділ [sssd]" # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:70 sssd.conf.5.xml:836 +#: sssd.conf.5.xml:70 sssd.conf.5.xml:854 msgid "Section parameters" msgstr "Параметри розділу" @@ -579,8 +579,8 @@ msgstr "Додати часову позначку до діагностични # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:229 sssd.conf.5.xml:353 sssd-ldap.5.xml:932 -#: sssd-ldap.5.xml:1037 sssd-ipa.5.xml:142 +#: sssd.conf.5.xml:229 sssd.conf.5.xml:353 sssd-ldap.5.xml:1015 +#: sssd-ldap.5.xml:1120 sssd-ipa.5.xml:155 msgid "Default: true" msgstr "Типове значення: true" @@ -814,7 +814,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:408 sssd.conf.5.xml:461 sssd.conf.5.xml:775 +#: sssd.conf.5.xml:408 sssd.conf.5.xml:461 sssd.conf.5.xml:793 msgid "Default: 5" msgstr "Типове значення: 5" @@ -892,21 +892,50 @@ msgid "" "information to avoid excessive round-trips to the identity provider." msgstr "" +# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:467 +#, fuzzy +#| msgid "account_cache_expiration (integer)" +msgid "pam_pwd_expiration_warning (integer)" +msgstr "account_cache_expiration (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:470 +msgid "Display a warning N days before the password expires." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:473 +msgid "" +"Please note that the backend server has to provide information about the " +"expiration time of the password. If this information is missing, sssd " +"cannot display a warning." +msgstr "" + +# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:479 +#, fuzzy +#| msgid "Default: 077" +msgid "Default: 7" +msgstr "Типове значення: 077" + # type: Content of: <reference><refentry><refsect1><title> #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:470 +#: sssd.conf.5.xml:488 msgid "DOMAIN SECTIONS" msgstr "РОЗДІЛИ ДОМЕНІВ" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:477 +#: sssd.conf.5.xml:495 msgid "min_id,max_id (integer)" msgstr "min_id,max_id (ціле значення)" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:480 +#: sssd.conf.5.xml:498 msgid "" "UID and GID limits for the domain. If a domain contains an entry that is " "outside these limits, it is ignored." @@ -914,7 +943,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:485 +#: sssd.conf.5.xml:503 msgid "" "For users, this affects the primary GID limit. The user will not be returned " "to NSS if either the UID or the primary GID is outside the range. For non-" @@ -924,19 +953,19 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:492 +#: sssd.conf.5.xml:510 msgid "Default: 1 for min_id, 0 (no limit) for max_id" msgstr "Типові значення: 1 для min_id, 0 (без обмежень) для max_id" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:498 +#: sssd.conf.5.xml:516 msgid "timeout (integer)" msgstr "timeout (ціле число)" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:501 +#: sssd.conf.5.xml:519 msgid "" "Timeout in seconds between heartbeats for this domain. This is used to " "ensure that the backend process is alive and capable of answering requests." @@ -944,19 +973,19 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:506 +#: sssd.conf.5.xml:524 msgid "Default: 10" msgstr "Типове значення: 10" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:512 +#: sssd.conf.5.xml:530 msgid "enumerate (bool)" msgstr "enumerate (булеве значення)" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:515 +#: sssd.conf.5.xml:533 msgid "" "Determines if a domain can be enumerated. This parameter can have one of the " "following values:" @@ -964,25 +993,25 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:519 +#: sssd.conf.5.xml:537 msgid "TRUE = Users and groups are enumerated" msgstr "TRUE = користувачі і групи нумеруються" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:522 +#: sssd.conf.5.xml:540 msgid "FALSE = No enumerations for this domain" msgstr "FALSE = не використовувати нумерацію для цього домену" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:525 sssd.conf.5.xml:573 sssd.conf.5.xml:627 +#: sssd.conf.5.xml:543 sssd.conf.5.xml:591 sssd.conf.5.xml:645 msgid "Default: FALSE" msgstr "Типове значення: FALSE" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:528 +#: sssd.conf.5.xml:546 msgid "" "Note: Enabling enumeration has a moderate performance impact on SSSD while " "enumeration is running. It may take up to several minutes after SSSD startup " @@ -992,7 +1021,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:538 +#: sssd.conf.5.xml:556 msgid "" "While the first enumeration is running, requests for the complete user or " "group lists may return no results until it completes." @@ -1000,7 +1029,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:543 +#: sssd.conf.5.xml:561 msgid "" "Further, enabling enumeration may increase the time necessary to detect " "network disconnection, as longer timeouts are required to ensure that " @@ -1010,13 +1039,13 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:554 +#: sssd.conf.5.xml:572 msgid "entry_cache_timeout (integer)" msgstr "entry_cache_timeout (ціле число)" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:557 +#: sssd.conf.5.xml:575 msgid "" "How many seconds should nss_sss consider entries valid before asking the " "backend again" @@ -1024,31 +1053,31 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:561 +#: sssd.conf.5.xml:579 msgid "Default: 5400" msgstr "Типове значення: 5400" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:566 +#: sssd.conf.5.xml:584 msgid "cache_credentials (bool)" msgstr "cache_credentials (булеве значення)" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:569 +#: sssd.conf.5.xml:587 msgid "Determines if user credentials are also cached in the local LDB cache" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:578 +#: sssd.conf.5.xml:596 msgid "account_cache_expiration (integer)" msgstr "account_cache_expiration (ціле число)" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:581 +#: sssd.conf.5.xml:599 msgid "" "Number of days entries are left in cache after last successful login before " "being removed during a cleanup of the cache. 0 means keep forever. The " @@ -1058,55 +1087,55 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:588 +#: sssd.conf.5.xml:606 msgid "Default: 0 (unlimited)" msgstr "Типове значення: 0 (без обмежень)" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:594 +#: sssd.conf.5.xml:612 msgid "id_provider (string)" msgstr "id_provider (рядок)" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:597 +#: sssd.conf.5.xml:615 msgid "The Data Provider identity backend to use for this domain." msgstr "Модуль надання даних щодо профілів користувачів для цього домену." # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:601 +#: sssd.conf.5.xml:619 msgid "Supported backends:" msgstr "Підтримувані модулі:" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:604 +#: sssd.conf.5.xml:622 msgid "proxy: Support a legacy NSS provider" msgstr "proxy: підтримка застарілого модуля надання даних NSS" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:607 +#: sssd.conf.5.xml:625 msgid "local: SSSD internal local provider" msgstr "local: вбудований модуль надання локальних даних SSSD" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:610 +#: sssd.conf.5.xml:628 msgid "ldap: LDAP provider" msgstr "ldap: модуль надання даних LDAP" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:616 +#: sssd.conf.5.xml:634 msgid "use_fully_qualified_names (bool)" msgstr "use_fully_qualified_names (булеве значення)" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:619 +#: sssd.conf.5.xml:637 msgid "" "If set to TRUE, all requests to this domain must use fully qualified names. " "For example, if used in LOCAL domain that contains a \"test\" user, " @@ -1116,13 +1145,13 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:632 +#: sssd.conf.5.xml:650 msgid "auth_provider (string)" msgstr "auth_provider (рядок)" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:635 +#: sssd.conf.5.xml:653 msgid "" "The authentication provider used for the domain. Supported auth providers " "are:" @@ -1132,7 +1161,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:639 +#: sssd.conf.5.xml:657 msgid "" "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -1145,7 +1174,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:646 +#: sssd.conf.5.xml:664 msgid "" "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -1158,20 +1187,20 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:653 +#: sssd.conf.5.xml:671 msgid "" "<quote>proxy</quote> for relaying authentication to some other PAM target." msgstr "<quote>proxy</quote> — трансльоване розпізнавання у іншій системі PAM." # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:656 +#: sssd.conf.5.xml:674 msgid "<quote>none</quote> disables authentication explicitly." msgstr "<quote>none</quote> — вимкнути розпізнавання повністю." # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:659 +#: sssd.conf.5.xml:677 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "authentication requests." @@ -1181,13 +1210,13 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:665 +#: sssd.conf.5.xml:683 msgid "access_provider (string)" msgstr "access_provider (рядок)" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:668 +#: sssd.conf.5.xml:686 msgid "" "The access control provider used for the domain. There are two built-in " "access providers (in addition to any included in installed backends) " @@ -1196,19 +1225,19 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:674 +#: sssd.conf.5.xml:692 msgid "<quote>permit</quote> always allow access." msgstr "<quote>permit</quote> — завжди дозволяти доступ." # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:677 +#: sssd.conf.5.xml:695 msgid "<quote>deny</quote> always deny access." msgstr "<quote>deny</quote> — завжди забороняти доступ." # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:680 +#: sssd.conf.5.xml:698 msgid "" "<quote>simple</quote> access control based on access or deny lists. See " "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" @@ -1218,19 +1247,19 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:687 +#: sssd.conf.5.xml:705 msgid "Default: <quote>permit</quote>" msgstr "Типове значення: <quote>permit</quote>" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:692 +#: sssd.conf.5.xml:710 msgid "chpass_provider (string)" msgstr "chpass_provider (рядок)" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:695 +#: sssd.conf.5.xml:713 msgid "" "The provider which should handle change password operations for the domain. " "Supported change password providers are:" @@ -1238,7 +1267,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:700 +#: sssd.conf.5.xml:718 msgid "" "<quote>ipa</quote> to change a password stored in an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -1251,7 +1280,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:708 +#: sssd.conf.5.xml:726 msgid "" "<quote>ldap</quote> to change a password stored in a LDAP server. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -1264,7 +1293,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:716 +#: sssd.conf.5.xml:734 msgid "" "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -1277,20 +1306,20 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:724 +#: sssd.conf.5.xml:742 msgid "" "<quote>proxy</quote> for relaying password changes to some other PAM target." msgstr "<quote>proxy</quote> — трансльована зміна пароля у іншій системі PAM." # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:728 +#: sssd.conf.5.xml:746 msgid "<quote>none</quote> disallows password changes explicitly." msgstr "<quote>none</quote> — явно вимкнути можливість зміни пароля." # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:731 +#: sssd.conf.5.xml:749 msgid "" "Default: <quote>auth_provider</quote> is used if it is set and can handle " "change password requests." @@ -1298,13 +1327,13 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:738 +#: sssd.conf.5.xml:756 msgid "lookup_family_order (string)" msgstr "lookup_family_order (рядок)" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:741 +#: sssd.conf.5.xml:759 msgid "" "Provides the ability to select preferred address family to use when " "performing DNS lookups." @@ -1314,13 +1343,13 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:745 +#: sssd.conf.5.xml:763 msgid "Supported values:" msgstr "Передбачено підтримку таких значень:" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:748 +#: sssd.conf.5.xml:766 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" msgstr "" "ipv4_first: спробувати визначити адресу у форматі IPv4, у разі невдачі " @@ -1328,14 +1357,14 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:751 +#: sssd.conf.5.xml:769 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." msgstr "" "ipv4_only: намагатися визначити назви вузлів лише у форматі адрес IPv4." # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:754 +#: sssd.conf.5.xml:772 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" msgstr "" "ipv6_first: спробувати визначити адресу у форматі IPv6, у разі невдачі " @@ -1343,26 +1372,26 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:757 +#: sssd.conf.5.xml:775 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." msgstr "" "ipv6_only: намагатися визначити назви вузлів лише у форматі адрес IPv6." # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:760 +#: sssd.conf.5.xml:778 msgid "Default: ipv4_first" msgstr "Типове значення: ipv4_first" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:766 +#: sssd.conf.5.xml:784 msgid "dns_resolver_timeout (integer)" msgstr "dns_resolver_timeout (ціле число)" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:769 +#: sssd.conf.5.xml:787 msgid "" "Defines the amount of time (in seconds) to wait for a reply from the DNS " "resolver before assuming that it is unreachable. If this timeout is reached, " @@ -1371,13 +1400,13 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:781 +#: sssd.conf.5.xml:799 msgid "dns_discovery_domain (string)" msgstr "dns_discovery_domain (рядок)" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:784 +#: sssd.conf.5.xml:802 msgid "" "If service discovery is used in the back end, specifies the domain part of " "the service discovery DNS query." @@ -1385,13 +1414,13 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:788 +#: sssd.conf.5.xml:806 msgid "Default: Use the domain part of machine's hostname" msgstr "" "Типова поведінка: використовувати назву домену з назви вузла комп’ютера." #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:472 +#: sssd.conf.5.xml:490 msgid "" "These configuration options can be present in a domain configuration " "section, that is, in a section called <quote>[domain/<replaceable>NAME</" @@ -1400,19 +1429,19 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:800 +#: sssd.conf.5.xml:818 msgid "proxy_pam_target (string)" msgstr "proxy_pam_target (рядок)" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:803 +#: sssd.conf.5.xml:821 msgid "The proxy target PAM proxies to." msgstr "Комп’ютер, для якого виконує проксі-сервер PAM." # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:806 +#: sssd.conf.5.xml:824 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here." @@ -1420,13 +1449,13 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:814 +#: sssd.conf.5.xml:832 msgid "proxy_lib_name (string)" msgstr "proxy_lib_name (рядок)" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:817 +#: sssd.conf.5.xml:835 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -1434,7 +1463,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:796 +#: sssd.conf.5.xml:814 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" id=" "\"0\"/>" @@ -1444,13 +1473,13 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><refsect2><title> #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:829 +#: sssd.conf.5.xml:847 msgid "The local domain section" msgstr "Розділ локального домену" # type: Content of: <reference><refentry><refsect1><refsect2><para> #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:831 +#: sssd.conf.5.xml:849 msgid "" "This section contains settings for domain that stores users and groups in " "SSSD native database, that is, a domain that uses " @@ -1459,13 +1488,13 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:838 +#: sssd.conf.5.xml:856 msgid "default_shell (string)" msgstr "default_shell (рядок)" # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:841 +#: sssd.conf.5.xml:859 msgid "The default shell for users created with SSSD userspace tools." msgstr "" "Типова оболонка для записів користувачів, створених за допомогою " @@ -1473,19 +1502,19 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:845 +#: sssd.conf.5.xml:863 msgid "Default: <filename>/bin/bash</filename>" msgstr "Типове значення: <filename>/bin/bash</filename>" # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:850 +#: sssd.conf.5.xml:868 msgid "base_directory (string)" msgstr "base_directory (рядок)" # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:853 +#: sssd.conf.5.xml:871 msgid "" "The tools append the login name to <replaceable>base_directory</replaceable> " "and use that as the home directory." @@ -1493,18 +1522,18 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:858 +#: sssd.conf.5.xml:876 msgid "Default: <filename>/home</filename>" msgstr "Типове значення: <filename>/home</filename>" # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:863 +#: sssd.conf.5.xml:881 msgid "create_homedir (bool)" msgstr "create_homedir (булеве значення)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:866 +#: sssd.conf.5.xml:884 msgid "" "Indicate if a home directory should be created by default for new users. " "Can be overridden on command line." @@ -1512,18 +1541,18 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:870 sssd.conf.5.xml:882 +#: sssd.conf.5.xml:888 sssd.conf.5.xml:900 msgid "Default: TRUE" msgstr "Типове значення: TRUE" # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:875 +#: sssd.conf.5.xml:893 msgid "remove_homedir (bool)" msgstr "remove_homedir (булівське значення)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:878 +#: sssd.conf.5.xml:896 msgid "" "Indicate if a home directory should be removed by default for deleted " "users. Can be overridden on command line." @@ -1531,13 +1560,13 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:887 +#: sssd.conf.5.xml:905 msgid "homedir_umask (integer)" msgstr "homedir_umask (ціле число)" # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:890 +#: sssd.conf.5.xml:908 msgid "" "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions " @@ -1549,19 +1578,19 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:898 +#: sssd.conf.5.xml:916 msgid "Default: 077" msgstr "Типове значення: 077" # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:903 +#: sssd.conf.5.xml:921 msgid "skel_dir (string)" msgstr "skel_dir (рядок)" # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:906 +#: sssd.conf.5.xml:924 msgid "" "The skeleton directory, which contains files and directories to be copied in " "the user's home directory, when the home directory is created by " @@ -1571,19 +1600,19 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:916 +#: sssd.conf.5.xml:934 msgid "Default: <filename>/etc/skel</filename>" msgstr "Типове значення: <filename>/etc/skel</filename>" # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:921 +#: sssd.conf.5.xml:939 msgid "mail_dir (string)" msgstr "mail_dir (рядок)" # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:924 +#: sssd.conf.5.xml:942 msgid "" "The mail spool directory. This is needed to manipulate the mailbox when its " "corresponding user account is modified or deleted. If not specified, a " @@ -1592,19 +1621,19 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:931 +#: sssd.conf.5.xml:949 msgid "Default: <filename>/var/mail</filename>" msgstr "Типове значення: <filename>/var/mail</filename>" # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:936 +#: sssd.conf.5.xml:954 msgid "userdel_cmd (string)" msgstr "userdel_cmd (рядок)" # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:939 +#: sssd.conf.5.xml:957 msgid "" "The command that is run after a user is removed. The command us passed the " "username of the user being removed as the first and only parameter. The " @@ -1613,20 +1642,20 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:945 +#: sssd.conf.5.xml:963 msgid "Default: None, no command is run" msgstr "Типове значення: None, не виконувати жодних команд" # type: Content of: <reference><refentry><refsect1><title> #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:955 sssd-ldap.5.xml:1261 sssd-simple.5.xml:126 -#: sssd-ipa.5.xml:160 sssd-krb5.5.xml:405 +#: sssd.conf.5.xml:973 sssd-ldap.5.xml:1357 sssd-simple.5.xml:126 +#: sssd-ipa.5.xml:173 sssd-krb5.5.xml:405 msgid "EXAMPLE" msgstr "ПРИКЛАД" # type: Content of: <reference><refentry><refsect1><para><programlisting> #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:961 +#: sssd.conf.5.xml:979 #, no-wrap msgid "" "[sssd]\n" @@ -1680,7 +1709,7 @@ msgstr "" "enumerate = False\n" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:957 +#: sssd.conf.5.xml:975 msgid "" "The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -1690,7 +1719,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para> #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:992 +#: sssd.conf.5.xml:1010 msgid "" "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -1990,7 +2019,7 @@ msgstr "Атрибут LDAP, що відповідає ідентифікато # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:226 sssd-ldap.5.xml:580 +#: sssd-ldap.5.xml:226 sssd-ldap.5.xml:622 msgid "Default: gidNumber" msgstr "Типове значення: gidNumber" @@ -2062,7 +2091,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:278 sssd-ldap.5.xml:606 sssd-ldap.5.xml:699 +#: sssd-ldap.5.xml:278 sssd-ldap.5.xml:648 sssd-ldap.5.xml:741 msgid "Default: nsUniqueId" msgstr "Типове значення: nsUniqueId" @@ -2074,7 +2103,7 @@ msgstr "ldap_user_modify_timestamp (рядок)" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:287 sssd-ldap.5.xml:615 sssd-ldap.5.xml:708 +#: sssd-ldap.5.xml:287 sssd-ldap.5.xml:657 sssd-ldap.5.xml:750 msgid "" "The LDAP attribute that contains timestamp of the last modification of the " "parent object." @@ -2082,7 +2111,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:291 sssd-ldap.5.xml:619 sssd-ldap.5.xml:712 +#: sssd-ldap.5.xml:291 sssd-ldap.5.xml:661 sssd-ldap.5.xml:754 msgid "Default: modifyTimestamp" msgstr "Типове значення: modifyTimestamp" @@ -2261,12 +2290,81 @@ msgstr "Типове значення: krbPasswordExpiration" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:439 +#, fuzzy +#| msgid "ldap_user_shadow_expire (string)" +msgid "ldap_user_ad_account_expires (string)" +msgstr "ldap_user_shadow_expire (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:442 +msgid "" +"When using ldap_account_expire_policy=ad, this parameter contains the name " +"of an LDAP attribute storing the expiration time of the account." +msgstr "" + +# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:447 +#, fuzzy +#| msgid "Default: shadowExpire" +msgid "Default: accountExpires" +msgstr "Типове значення: shadowExpire" + +# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:453 +#, fuzzy +#| msgid "ldap_user_object_class (string)" +msgid "ldap_user_ad_user_account_control (string)" +msgstr "ldap_user_object_class (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:456 +msgid "" +"When using ldap_account_expire_policy=ad, this parameter contains the name " +"of an LDAP attribute storing the user account control bit field." +msgstr "" + +# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:461 +#, fuzzy +#| msgid "Default: posixAccount" +msgid "Default: userAccountControl" +msgstr "Типове значення: posixAccount" + +# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:467 +#, fuzzy +#| msgid "ldap_account_expire_policy (string)" +msgid "ldap_ns_account_lock (string)" +msgstr "ldap_account_expire_policy (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:470 +msgid "" +"When using ldap_account_expire_policy=rhds or equivalent, this parameter " +"determines if access is allowed or not." +msgstr "" + +# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:475 +#, fuzzy +#| msgid "Default: posixAccount" +msgid "Default: nsAccountLock" +msgstr "Типове значення: posixAccount" + +# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:481 msgid "ldap_user_principal (string)" msgstr "ldap_user_principal (рядок)" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:442 +#: sssd-ldap.5.xml:484 msgid "" "The LDAP attribute that contains the user's Kerberos User Principal Name " "(UPN)." @@ -2274,19 +2372,19 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:446 +#: sssd-ldap.5.xml:488 msgid "Default: krbPrincipalName" msgstr "Типове значення: krbPrincipalName" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:452 +#: sssd-ldap.5.xml:494 msgid "ldap_force_upper_case_realm (boolean)" msgstr "ldap_force_upper_case_realm (булеве значення)" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:455 +#: sssd-ldap.5.xml:497 msgid "" "Some directory servers, for example Active Directory, might deliver the " "realm part of the UPN in lower case, which might cause the authentication to " @@ -2296,20 +2394,20 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:462 sssd-ldap.5.xml:878 sssd-ipa.5.xml:115 sssd.8.xml:64 +#: sssd-ldap.5.xml:504 sssd-ldap.5.xml:961 sssd-ipa.5.xml:115 sssd.8.xml:64 #: sssd-krb5.5.xml:235 sssd-krb5.5.xml:266 msgid "Default: false" msgstr "Типове значення: false" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:468 +#: sssd-ldap.5.xml:510 msgid "ldap_enumeration_refresh_timeout (integer)" msgstr "ldap_enumeration_refresh_timeout (ціле число)" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:471 +#: sssd-ldap.5.xml:513 msgid "" "The LDAP attribute that contains how many seconds SSSD has to wait before " "refreshing its cache of enumerated records." @@ -2317,19 +2415,19 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:476 +#: sssd-ldap.5.xml:518 msgid "Default: 300" msgstr "Типове значення: 300" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:482 +#: sssd-ldap.5.xml:524 msgid "ldap_purge_cache_timeout" msgstr "ldap_purge_cache_timeout" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:485 +#: sssd-ldap.5.xml:527 msgid "" "Determine how often to check the cache for inactive entries (such as groups " "with no members and users who have never logged in) and remove them to save " @@ -2338,60 +2436,60 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:491 +#: sssd-ldap.5.xml:533 msgid "Setting this option to zero will disable the cache cleanup operation." msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:495 +#: sssd-ldap.5.xml:537 msgid "Default: 10800 (12 hours)" msgstr "Типове значення: 10800 (12 годин)" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:501 +#: sssd-ldap.5.xml:543 msgid "ldap_user_fullname (string)" msgstr "ldap_user_fullname (рядок)" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:504 +#: sssd-ldap.5.xml:546 msgid "The LDAP attribute that corresponds to the user's full name." msgstr "Атрибут LDAP, що відповідає повному імені користувача." # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:508 sssd-ldap.5.xml:567 sssd-ldap.5.xml:660 +#: sssd-ldap.5.xml:550 sssd-ldap.5.xml:609 sssd-ldap.5.xml:702 msgid "Default: cn" msgstr "Типове значення: cn" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:514 +#: sssd-ldap.5.xml:556 msgid "ldap_user_member_of (string)" msgstr "ldap_user_member_of (рядок)" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:517 +#: sssd-ldap.5.xml:559 msgid "The LDAP attribute that lists the user's group memberships." msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:521 +#: sssd-ldap.5.xml:563 msgid "Default: memberOf" msgstr "Типове значення: memberOf" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:527 +#: sssd-ldap.5.xml:569 msgid "ldap_user_authorized_service (string)" msgstr "ldap_user_authorized_service (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:530 +#: sssd-ldap.5.xml:572 msgid "" "If access_provider=ldap and ldap_access_order=authorized_service, SSSD will " "use the presence of the authorizedService attribute in the user's LDAP entry " @@ -2399,104 +2497,104 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:537 +#: sssd-ldap.5.xml:579 msgid "" "An explicit deny (!svc) is resolved first. Second, SSSD searches for " "explicit allow (svc) and finally for allow_all (*)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:542 +#: sssd-ldap.5.xml:584 msgid "Default: authorizedService" msgstr "Типове значення: authorizedService" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:548 +#: sssd-ldap.5.xml:590 msgid "ldap_group_object_class (string)" msgstr "ldap_group_object_class (рядок)" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:551 +#: sssd-ldap.5.xml:593 msgid "The object class of a group entry in LDAP." msgstr "Клас об’єктів запису групи у LDAP." # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:554 +#: sssd-ldap.5.xml:596 msgid "Default: posixGroup" msgstr "Типове значення: posixGroup" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:560 +#: sssd-ldap.5.xml:602 msgid "ldap_group_name (string)" msgstr "ldap_group_name (рядок)" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:563 +#: sssd-ldap.5.xml:605 msgid "The LDAP attribute that corresponds to the group name." msgstr "Атрибут LDAP, що відповідає назві групи." # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:573 +#: sssd-ldap.5.xml:615 msgid "ldap_group_gid_number (string)" msgstr "ldap_group_gid_number (рядок)" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:576 +#: sssd-ldap.5.xml:618 msgid "The LDAP attribute that corresponds to the group's id." msgstr "Атрибут LDAP, що відповідає ідентифікатору групи." # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:586 +#: sssd-ldap.5.xml:628 msgid "ldap_group_member (string)" msgstr "ldap_group_member (рядок)" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:589 +#: sssd-ldap.5.xml:631 msgid "The LDAP attribute that contains the names of the group's members." msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:593 +#: sssd-ldap.5.xml:635 msgid "Default: memberuid (rfc2307) / member (rfc2307bis)" msgstr "Типове значення: memberuid (rfc2307) / member (rfc2307bis)" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:599 +#: sssd-ldap.5.xml:641 msgid "ldap_group_uuid (string)" msgstr "ldap_group_uuid (рядок)" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:602 +#: sssd-ldap.5.xml:644 msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object." msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:612 +#: sssd-ldap.5.xml:654 msgid "ldap_group_modify_timestamp (string)" msgstr "ldap_group_modify_timestamp (рядок)" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:625 +#: sssd-ldap.5.xml:667 msgid "ldap_group_nesting_level (integer)" msgstr "ldap_group_nesting_level (ціле число)" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:628 +#: sssd-ldap.5.xml:670 msgid "" "If ldap_schema is set to a schema format that supports nested groups (e.g. " "RFC2307bis), then this option controls how many levels of nesting SSSD will " @@ -2505,104 +2603,104 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:635 +#: sssd-ldap.5.xml:677 msgid "Default: 2" msgstr "Типове значення: 2" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:641 +#: sssd-ldap.5.xml:683 msgid "ldap_netgroup_object_class (string)" msgstr "ldap_netgroup_object_class (рядок)" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:644 +#: sssd-ldap.5.xml:686 msgid "The object class of a netgroup entry in LDAP." msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:647 +#: sssd-ldap.5.xml:689 msgid "Default: nisNetgroup" msgstr "Типове значення: nisNetgroup" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:653 +#: sssd-ldap.5.xml:695 msgid "ldap_netgroup_name (string)" msgstr "ldap_netgroup_name (рядок)" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:656 +#: sssd-ldap.5.xml:698 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:666 +#: sssd-ldap.5.xml:708 msgid "ldap_netgroup_member (string)" msgstr "ldap_netgroup_member (рядок)" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:669 +#: sssd-ldap.5.xml:711 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:673 +#: sssd-ldap.5.xml:715 msgid "Default: memberNisNetgroup" msgstr "Типове значення: memberNisNetgroup" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:679 +#: sssd-ldap.5.xml:721 msgid "ldap_netgroup_triple (string)" msgstr "ldap_netgroup_triple (рядок)" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:682 +#: sssd-ldap.5.xml:724 msgid "" "The LDAP attribute that contains the (host, user, domain) netgroup triples." msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:686 +#: sssd-ldap.5.xml:728 msgid "Default: nisNetgroupTriple" msgstr "Типове значення: nisNetgroupTriple" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:692 +#: sssd-ldap.5.xml:734 msgid "ldap_netgroup_uuid (string)" msgstr "ldap_netgroup_uuid (рядок)" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:695 +#: sssd-ldap.5.xml:737 msgid "" "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:705 +#: sssd-ldap.5.xml:747 msgid "ldap_netgroup_modify_timestamp (string)" msgstr "ldap_netgroup_modify_timestamp (рядок)" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:718 +#: sssd-ldap.5.xml:760 msgid "ldap_search_timeout (integer)" msgstr "ldap_search_timeout (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:721 +#: sssd-ldap.5.xml:763 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " @@ -2610,7 +2708,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:727 +#: sssd-ldap.5.xml:769 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " @@ -2619,20 +2717,20 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:733 sssd-ldap.5.xml:775 sssd-ldap.5.xml:790 +#: sssd-ldap.5.xml:775 sssd-ldap.5.xml:817 sssd-ldap.5.xml:832 msgid "Default: 6" msgstr "Типове значення: 6" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:739 +#: sssd-ldap.5.xml:781 #, fuzzy #| msgid "ldap_enumeration_refresh_timeout (integer)" msgid "ldap_enumeration_search_timeout (integer)" msgstr "ldap_enumeration_refresh_timeout (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:742 +#: sssd-ldap.5.xml:784 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " @@ -2641,19 +2739,19 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:749 +#: sssd-ldap.5.xml:791 msgid "Default: 60" msgstr "Типове значення: 60" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:755 +#: sssd-ldap.5.xml:797 msgid "ldap_network_timeout (integer)" msgstr "ldap_network_timeout (ціле число)" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:758 +#: sssd-ldap.5.xml:800 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" @@ -2665,13 +2763,13 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:781 +#: sssd-ldap.5.xml:823 msgid "ldap_opt_timeout (integer)" msgstr "ldap_opt_timeout (ціле число)" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:784 +#: sssd-ldap.5.xml:826 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " @@ -2680,13 +2778,13 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:796 +#: sssd-ldap.5.xml:838 msgid "ldap_tls_reqcert (string)" msgstr "ldap_tls_reqcert (рядок)" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:799 +#: sssd-ldap.5.xml:841 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" @@ -2694,7 +2792,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:805 +#: sssd-ldap.5.xml:847 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." @@ -2702,7 +2800,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:809 +#: sssd-ldap.5.xml:851 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2711,7 +2809,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:816 +#: sssd-ldap.5.xml:858 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2720,7 +2818,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:822 +#: sssd-ldap.5.xml:864 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " @@ -2729,25 +2827,25 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:828 +#: sssd-ldap.5.xml:870 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "<emphasis>hard</emphasis> = те саме, що і <quote>demand</quote>" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:832 +#: sssd-ldap.5.xml:874 msgid "Default: hard" msgstr "Типове значення: hard" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:838 +#: sssd-ldap.5.xml:880 msgid "ldap_tls_cacert (string)" msgstr "ldap_tls_cacert (рядок)" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:841 +#: sssd-ldap.5.xml:883 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." @@ -2755,7 +2853,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:846 sssd-ldap.5.xml:864 +#: sssd-ldap.5.xml:888 sssd-ldap.5.xml:906 sssd-ldap.5.xml:947 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" @@ -2763,13 +2861,13 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:853 +#: sssd-ldap.5.xml:895 msgid "ldap_tls_cacertdir (string)" msgstr "ldap_tls_cacertdir (рядок)" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:856 +#: sssd-ldap.5.xml:898 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " @@ -2779,13 +2877,70 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:871 +#: sssd-ldap.5.xml:913 +#, fuzzy +#| msgid "ldap_tls_cacert (string)" +msgid "ldap_tls_cert (string)" +msgstr "ldap_tls_cacert (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:916 +msgid "Specifies the file that contains the certificate for the client's key." +msgstr "" + +# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:920 sssd-ldap.5.xml:932 sssd-krb5.5.xml:356 +msgid "Default: not set" +msgstr "Типове значення: not set" + +# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:926 +#, fuzzy +#| msgid "ldap_tls_cacert (string)" +msgid "ldap_tls_key (string)" +msgstr "ldap_tls_cacert (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:929 +msgid "Specifies the file that contains the client's key." +msgstr "" + +# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:938 +#, fuzzy +#| msgid "ldap_tls_cacert (string)" +msgid "ldap_tls_cipher_suite (string)" +msgstr "ldap_tls_cacert (рядок)" + +# type: Content of: <reference><refentry><refsect1><para> +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:941 +#, fuzzy +#| msgid "" +#| "Please refer to the <quote>dns_discovery_domain</quote> parameter in the " +#| "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +#| "manvolnum> </citerefentry> manual page for more details." +msgid "" +"Specifies acceptable cipher suites. Typically this is a colon sperated " +"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry> for format." +msgstr "" +"З докладнішими відомостями щодо параметра «dns_discovery_domain» можна " +"ознайомитися на сторінці підручника (man) <citerefentry> <refentrytitle>sssd." +"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." + +# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:954 msgid "ldap_id_use_start_tls (boolean)" msgstr "ldap_id_use_start_tls (булеве значення)" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:874 +#: sssd-ldap.5.xml:957 msgid "" "Specifies that the id_provider connection must also use <systemitem class=" "\"protocol\">tls</systemitem> to protect the channel." @@ -2793,13 +2948,13 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:884 +#: sssd-ldap.5.xml:967 msgid "ldap_sasl_mech (string)" msgstr "ldap_sasl_mech (рядок)" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:887 +#: sssd-ldap.5.xml:970 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI is tested and " "supported." @@ -2807,19 +2962,19 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:891 sssd-ldap.5.xml:1019 +#: sssd-ldap.5.xml:974 sssd-ldap.5.xml:1102 msgid "Default: none" msgstr "Типове значення: none" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:897 +#: sssd-ldap.5.xml:980 msgid "ldap_sasl_authid (string)" msgstr "ldap_sasl_authid (рядок)" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:900 +#: sssd-ldap.5.xml:983 msgid "" "Specify the SASL authorization id to use. When GSSAPI is used, this " "represents the Kerberos principal used for authentication to the directory." @@ -2827,37 +2982,37 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:905 +#: sssd-ldap.5.xml:988 msgid "Default: host/machine.fqdn@REALM" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:911 +#: sssd-ldap.5.xml:994 msgid "ldap_krb5_keytab (string)" msgstr "ldap_krb5_keytab (рядок)" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:914 +#: sssd-ldap.5.xml:997 msgid "Specify the keytab to use when using SASL/GSSAPI." msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:917 +#: sssd-ldap.5.xml:1000 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:923 +#: sssd-ldap.5.xml:1006 msgid "ldap_krb5_init_creds (boolean)" msgstr "ldap_krb5_init_creds (булеве значення)" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:926 +#: sssd-ldap.5.xml:1009 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " @@ -2866,31 +3021,31 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:938 +#: sssd-ldap.5.xml:1021 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "ldap_krb5_ticket_lifetime (ціле число)" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:941 +#: sssd-ldap.5.xml:1024 msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used." msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:945 +#: sssd-ldap.5.xml:1028 msgid "Default: 86400 (24 hours)" msgstr "Типове значення: 86400 (24 години)" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:951 sssd-krb5.5.xml:74 +#: sssd-ldap.5.xml:1034 sssd-krb5.5.xml:74 msgid "krb5_server (string)" msgstr "krb5_server (рядок)" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:954 sssd-krb5.5.xml:77 +#: sssd-ldap.5.xml:1037 sssd-krb5.5.xml:77 msgid "" "Specifies the list of IP addresses or hostnames of the Kerberos servers to " "which SSSD should connect in the order of preference. For more information " @@ -2901,7 +3056,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:966 sssd-krb5.5.xml:89 +#: sssd-ldap.5.xml:1049 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " @@ -2910,7 +3065,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:971 sssd-krb5.5.xml:94 +#: sssd-ldap.5.xml:1054 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " @@ -2919,31 +3074,31 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:980 sssd-krb5.5.xml:103 +#: sssd-ldap.5.xml:1063 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "krb5_realm (рядок)" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:983 +#: sssd-ldap.5.xml:1066 msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)." msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:986 +#: sssd-ldap.5.xml:1069 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:992 +#: sssd-ldap.5.xml:1075 msgid "ldap_pwd_policy (string)" msgstr "ldap_pwd_policy (рядок)" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:995 +#: sssd-ldap.5.xml:1078 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" @@ -2951,7 +3106,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1000 +#: sssd-ldap.5.xml:1083 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." @@ -2959,7 +3114,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1005 +#: sssd-ldap.5.xml:1088 msgid "" "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " @@ -2969,7 +3124,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1013 +#: sssd-ldap.5.xml:1096 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " @@ -2978,19 +3133,19 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1025 +#: sssd-ldap.5.xml:1108 msgid "ldap_referrals (boolean)" msgstr "ldap_referrals (булеве значення)" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1028 +#: sssd-ldap.5.xml:1111 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1032 +#: sssd-ldap.5.xml:1115 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." @@ -2998,49 +3153,49 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1043 +#: sssd-ldap.5.xml:1126 msgid "ldap_dns_service_name (string)" msgstr "ldap_dns_service_name (рядок)" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1046 +#: sssd-ldap.5.xml:1129 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1050 +#: sssd-ldap.5.xml:1133 msgid "Default: ldap" msgstr "Типове значення: ldap" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1056 +#: sssd-ldap.5.xml:1139 msgid "ldap_chpass_dns_service_name (string)" msgstr "ldap_chpass_dns_service_name (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1059 +#: sssd-ldap.5.xml:1142 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1064 +#: sssd-ldap.5.xml:1147 msgid "Default: not set, i.e. service discovery is disabled" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1070 +#: sssd-ldap.5.xml:1153 msgid "ldap_access_filter (string)" msgstr "ldap_access_filter (рядок)" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1073 +#: sssd-ldap.5.xml:1156 msgid "" "If using access_provider = ldap, this option is mandatory. It specifies an " "LDAP search filter criteria that must be met for the user to be granted " @@ -3051,13 +3206,13 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1083 +#: sssd-ldap.5.xml:1166 msgid "Example:" msgstr "Приклад:" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1086 +#: sssd-ldap.5.xml:1169 #, no-wrap msgid "" "access_provider = ldap\n" @@ -3070,7 +3225,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1090 +#: sssd-ldap.5.xml:1173 msgid "" "This example means that access to this host is restricted to members of the " "\"allowedusers\" group in ldap." @@ -3078,7 +3233,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1095 +#: sssd-ldap.5.xml:1178 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " @@ -3088,25 +3243,25 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1103 sssd-ldap.5.xml:1131 +#: sssd-ldap.5.xml:1186 sssd-ldap.5.xml:1227 msgid "Default: Empty" msgstr "Типове значення: порожній рядок" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1109 +#: sssd-ldap.5.xml:1192 msgid "ldap_account_expire_policy (string)" msgstr "ldap_account_expire_policy (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1112 +#: sssd-ldap.5.xml:1195 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1116 +#: sssd-ldap.5.xml:1199 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " @@ -3114,25 +3269,42 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1123 +#: sssd-ldap.5.xml:1206 msgid "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1126 +#: sssd-ldap.5.xml:1209 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1214 +msgid "" +"<emphasis>ad</emphasis>: use the value of the 32bit field " +"ldap_user_ad_user_account_control and allow access if the second bit is not " +"set. If the attribute is missing access is granted. Also the expiration time " +"of the account is checked." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1221 +msgid "" +"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" +"emphasis>: use the value of ldap_ns_account_lock to check if access is " +"allowed or not." +msgstr "" + # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1137 +#: sssd-ldap.5.xml:1233 msgid "ldap_access_order (string)" msgstr "ldap_access_order (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1140 +#: sssd-ldap.5.xml:1236 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" "Список відокремлених комами параметрів керування доступом. Можливі значення " @@ -3140,18 +3312,18 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1144 +#: sssd-ldap.5.xml:1240 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "<emphasis>filter</emphasis>: використовувати ldap_access_filter" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1147 +#: sssd-ldap.5.xml:1243 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "" "<emphasis>expire</emphasis>: використовувати ldap_account_expire_policy" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1151 +#: sssd-ldap.5.xml:1247 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" @@ -3161,12 +3333,12 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1156 +#: sssd-ldap.5.xml:1252 msgid "Default: filter" msgstr "Типове значення: filter" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1159 +#: sssd-ldap.5.xml:1255 msgid "" "Please note that it is a configuration error if a value is used more than " "once." @@ -3174,13 +3346,13 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1166 +#: sssd-ldap.5.xml:1262 msgid "ldap_deref (string)" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1169 +#: sssd-ldap.5.xml:1265 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" @@ -3188,13 +3360,13 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1174 +#: sssd-ldap.5.xml:1270 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1178 +#: sssd-ldap.5.xml:1274 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." @@ -3202,7 +3374,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1183 +#: sssd-ldap.5.xml:1279 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." @@ -3210,7 +3382,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1188 +#: sssd-ldap.5.xml:1284 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." @@ -3218,7 +3390,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1193 +#: sssd-ldap.5.xml:1289 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" @@ -3236,55 +3408,55 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><title> #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1205 +#: sssd-ldap.5.xml:1301 msgid "ADVANCED OPTIONS" msgstr "ДОДАТКОВІ ПАРАМЕТРИ" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1212 +#: sssd-ldap.5.xml:1308 msgid "ldap_netgroup_search_base (string)" msgstr "ldap_netgroup_search_base (рядок)" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1215 +#: sssd-ldap.5.xml:1311 msgid "" "An optional base DN to restrict netgroup searches to a specific subtree." msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1219 sssd-ldap.5.xml:1233 sssd-ldap.5.xml:1247 +#: sssd-ldap.5.xml:1315 sssd-ldap.5.xml:1329 sssd-ldap.5.xml:1343 msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" msgstr "Типове значення: значення <emphasis>ldap_search_base</emphasis>" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1226 +#: sssd-ldap.5.xml:1322 msgid "ldap_user_search_base (string)" msgstr "ldap_user_search_base (рядок)" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1229 +#: sssd-ldap.5.xml:1325 msgid "An optional base DN to restrict user searches to a specific subtree." msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1240 +#: sssd-ldap.5.xml:1336 msgid "ldap_group_search_base (string)" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1243 +#: sssd-ldap.5.xml:1339 msgid "An optional base DN to restrict group searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1207 +#: sssd-ldap.5.xml:1303 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " @@ -3293,7 +3465,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para> #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1263 +#: sssd-ldap.5.xml:1359 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " @@ -3302,7 +3474,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><programlisting> #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1269 +#: sssd-ldap.5.xml:1365 #, no-wrap msgid "" " [domain/LDAP]\n" @@ -3324,20 +3496,20 @@ msgstr "" " enumerate = true\n" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1268 sssd-simple.5.xml:134 sssd-ipa.5.xml:168 +#: sssd-ldap.5.xml:1364 sssd-simple.5.xml:134 sssd-ipa.5.xml:181 #: sssd-krb5.5.xml:414 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" # type: Content of: <reference><refentry><refsect1><title> #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1282 sssd_krb5_locator_plugin.8.xml:61 +#: sssd-ldap.5.xml:1378 sssd_krb5_locator_plugin.8.xml:61 msgid "NOTES" msgstr "ЗАУВАЖЕННЯ" # type: Content of: <reference><refentry><refsect1><para> #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1284 +#: sssd-ldap.5.xml:1380 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " @@ -3347,7 +3519,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para> #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1295 +#: sssd-ldap.5.xml:1391 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -3871,13 +4043,34 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:135 sssd-krb5.5.xml:229 +#: sssd-ipa.5.xml:135 +#, fuzzy +#| msgid "ldap_search_base (string)" +msgid "ipa_hbac_search_base (string)" +msgstr "ldap_search_base (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:138 +msgid "Optional. Use the given string as search base for HBAC related objects." +msgstr "" + +# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:142 +#, fuzzy +#| msgid "Default: Use the KDC" +msgid "Default: Use base DN" +msgstr "Типове значення: використання KDC" + +# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:148 sssd-krb5.5.xml:229 msgid "krb5_validate (boolean)" msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:138 sssd-krb5.5.xml:232 +#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:232 msgid "" "Verify with the help of krb5_keytab that the TGT obtained has not been " "spoofed." @@ -3885,7 +4078,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:145 +#: sssd-ipa.5.xml:158 msgid "" "Note that this default differs from the traditional Kerberos provider back " "end." @@ -3893,7 +4086,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para> #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:162 +#: sssd-ipa.5.xml:175 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -3902,7 +4095,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para><programlisting> #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:169 +#: sssd-ipa.5.xml:182 #, no-wrap msgid "" " [domain/example.com]\n" @@ -3917,7 +4110,7 @@ msgstr "" # type: Content of: <reference><refentry><refsect1><para> #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:180 +#: sssd-ipa.5.xml:193 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</" @@ -4161,14 +4354,13 @@ msgid "" "config file." msgstr "" -# type: Content of: <reference><refentry><refsect1><para> #. type: Content of: <reference><refentry><refsect1><para> #: sss_obfuscate.8.xml:37 msgid "" -"The cleartext password can be specified as an extra argument to the program " -"or read from standard input. The obfuscated password is put into " -"<quote>ldap_default_authtok</quote> parameter of a given SSSD domain and the " -"<quote>ldap_default_authtok_type</quote> parameter is set to " +"The cleartext password can be specified as an argument to the program, read " +"from standard input or entered interactively. The obfuscated password is " +"put into <quote>ldap_default_authtok</quote> parameter of a given SSSD " +"domain and the <quote>ldap_default_authtok_type</quote> parameter is set to " "<quote>obfuscated_password</quote>. Refer to <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" "citerefentry> for more details on these parameters." @@ -4854,12 +5046,6 @@ msgstr "" "Якщо значення для цього параметра встановлено не буде або буде встановлено " "значення 0, автоматичного оновлення не відбуватиметься." -# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-krb5.5.xml:356 -msgid "Default: not set" -msgstr "Типове значення: not set" - # type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-krb5.5.xml:362 |